FGSW-2620VM / FGSW-2624SF User’s Manual User's Manual FGSW-2620VM 24-Port 10/100Mbps with 2G TP/SFP Combo Managed Ethernet Switch FGSW-2624SF 24 100Base-FX SFP Slots with 2G TP/SFP Combo Managed Ethernet Switch 1
FGSW-2620VM / FGSW-2624SF User’s Manual Trademarks Copyright © PLANET Technology Corp. 2008. Contents subject to which revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners.
FGSW-2620VM / FGSW-2624SF User’s Manual Table of Contents 1. INTRODUCTION ...........................................................................................................6 1.1 PACKET CONTENTS ................................................................................................................................... 6 1.2 HOW TO USE THIS MANUAL ....................................................................................................................... 6 1.3 PRODUCT FEATURE .....
FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.6 Factory Default ...............................................................................................................................................29 4.1.7 System Reboot ...............................................................................................................................................30 4.2 PORT CONFIGURATION .................................................................................................................
FGSW-2620VM / FGSW-2624SF User’s Manual 5.5 AUTO-NEGOTIATION ................................................................................................................................ 79 6. TROUBLESHOOTING ................................................................................................80 6.1 INCORRECT CONNECTIONS ...................................................................................................................... 80 6.2 DIAGNOSING LED INDICATORS .....................
FGSW-2620VM / FGSW-2624SF User’s Manual 1. INTRODUCTION 1.
FGSW-2620VM / FGSW-2624SF User’s Manual 1.3 Product Feature ¾ Physical Ports FGSW-2620VM ■ 24-Port 10/100Mbps Fast Ethernet ports ■ 2 10/100/1000Mbps TP and SFP shared combo interfaces ■ Reset button for system management FGSW-2624SF ■ 24-Port 100Base-FX SFP Fast Ethernet slots ■ 2 10/100/1000Mbps TP and SFP shared combo interfaces ■ Reset button for system management ¾ Layer 2 Features ■ Complies with the IEEE 802.3, IEEE 802.3u, IEEE 802.3z and IEEE 802.
FGSW-2620VM / FGSW-2624SF User’s Manual ■ 19-inch rack mount size ■ EMI standards comply with FCC, CE class A 1.
FGSW-2620VM / FGSW-2624SF User’s Manual IGMP Snooping Supports v1 and v2 protocol Supports IGMP Querier 4 priority queues per port QoS Configuration IEEE 802.1p CoS on each port Port-Based priority Port counters Display detail traffic counters on each port Rate Limit Inbound Rate Limit and Outbound Traffic shaping; allow per 1Mbits setting Access Control List Supports up to 16 Access Control list groups Standards Conformance Safety Standards Compliance FCC Part 15 Class A, CE IEEE 802.
FGSW-2620VM / FGSW-2624SF User’s Manual 2. INSTALLATION This section describes the functionalities of the FGSW Managed Switch's components and guides how to install it on the desktop or shelf. Basic knowledge of networking is assumed. Please read this chapter completely before continuing. 2.1 Product Description The PLANET FGSW Managed Switch offers 24 10/100Mbps Fast Ethernet ports or 24 100Base-FX SFP slots with 2 Gigabit TP/SFP combo ports (Port-25, 26).
FGSW-2620VM / FGSW-2624SF User’s Manual 2.1.2 Switch Front Panel The unit front panel provides a simple interface monitoring the Switch. Figure 2-1 to 2-2 shows the front panel of the Managed Switches. FGSW-2620VM Front Panel Figure 2-1 FGSW-2620VM front panel. FGSW-2624SF Front Panel Figure 2-2: FGSW-2624SF Switch front panel 2.1.3 LED Indications The front panel LEDs indicates instant status of port links, data activity and system power; helps monitor and troubleshoot when needed.
FGSW-2620VM / FGSW-2624SF User’s Manual FGSW-2624SF LED indication System LED Color PWR Green Function Lights to indicate that the Switch has power. Per 100Base-FX SFP slot LED Color LNK/ACT Green Function Lights to indicate the link through that port is successfully established. Per 10/100/1000Base-T port /SFP interfaces LED Color Function Lit: indicate that the port is operating at 1000Mbps. LNK/ACT 1000 Green Off: indicate that the port is operating at 10Mbps or 100Mbps.
FGSW-2620VM / FGSW-2624SF User’s Manual 2.1.4 Switch Rear Panel The rear panel of the Managed Switch indicates an AC inlet power socket, which accepts input power from 100 to 240V AC, 50-60Hz. Figure 2-3 and Figure 2-4 shows the rear panel of the Switch FGSW-2620VM Rear Panel Figure 2-3 FGSW-2620VM Switch rear panel. FGSW-2624SF Rear Panel Figure 2-4: FGSW-2624SF Switch rear panel Power Notice: 1. The device is a power-required device, it means, it will not work till it is powered.
FGSW-2620VM / FGSW-2624SF User’s Manual 2.2 Install the Switch This section describes how to install the Managed Switch and make connections to it. Please read the following topics and perform the procedures in the order being presented. 2.2.1 Desktop Installation To install the Managed Switch on desktop or shelf, please follows these steps: Step1: Attach the rubber feet to the recessed areas on the bottom of the Managed Switch.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 2-5 Attach brackets to the Managed Switch. You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate the warranty. Step3: Secure the brackets tightly. Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Managed Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-6.
FGSW-2620VM / FGSW-2624SF User’s Manual 2.2.3 Installing the SFP transceiver The sections describe how to insert an SFP transceiver into an SFP slot. The SFP transceivers are hot-pluggable and hot-swappable. You can plug-in and out the transceiver to/from any SFP port without having to power down the Managed Switch. As the Figure 2-7 appears. Figure 2-7 Plug-in the SFP transceiver Approved PLANET SFP Transceivers PLANET Managed Switches supports both single mode and multi mode SFP transceiver.
FGSW-2620VM / FGSW-2624SF User’s Manual It recommends using PLANET SFPs on the Managed Switch. If you insert a SFP transceiver that is not supported, the Managed Switch will not recognize it. Before connect the other switches, workstation or Media Converter. 1. Make sure both side of the SFP transceiver are with the same media type, for example: 1000Base-SX to 1000Base-SX, 1000Bas-LX to 1000Base-LX. 2. Check the fiber-optic cable type match the SFP transceiver model.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 2-8 Pull out the SFP transceiver Never pull out the module without pull the handle or the push bolts on the module. Direct pull out the module with violent could damage the module and SFP module slot of the Managed Switch.
FGSW-2620VM / FGSW-2624SF User’s Manual 3. SWITCH MANAGEMENT This section introduces the configuration and functions of the Web-Based management. The following configuration descriptions are based on the kernel software version 1.07. The following section will base on the Web screens of FGSW-2620VM, for FGSW-2624SF the display will be the same to FGSW-2620VM. 3.1 About Web-based Management Inside the CPU board of the Managed Switch exist an embedded HTML web site residing in flash memory.
FGSW-2620VM / FGSW-2624SF User’s Manual 3.3 Preparing for Web Management The following shows how to start up the Web Management of the Managed Switch. Note the FGSW Managed Switch is configured through an Ethernet connection, please make sure the manager PC must be set on the same IP subnet address. For example, the default IP address of the FGSW Managed Switch is 192.168.0.100, then the manager PC should be set at 192.168.0.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 3-2 Login screen 3. Click "Enter" or "OK", then the home screen of the Web-based management appears.
FGSW-2620VM / FGSW-2624SF User’s Manual 3.5 Online Help You can click button when you have any configuration question during the configuring. 3.6 View the Port Information You can direct click the port on the Switch figure on the top of web page. Then, you will see the port information.
FGSW-2620VM / FGSW-2624SF User’s Manual 4. WEB-BASED MANAGEMENT To modify your PC’s IP domain to the same with Managed Switch then use the default IP address (192.168.0.100) to remote configure Managed Switch through the Web interface. #Notice: The following section will base on the Web screens of FGSW-2620VM, for FGSW-2624SF the display will be the same to FGSW-2620VM. 4.
FGSW-2620VM / FGSW-2624SF User’s Manual Object Description System Name The name of Switch. System Description The description of Switch. System Location The Switch physical location. Kernel Version The kernel software version. Firmware Version The Switch's firmware version. MAC Address The unique hardware address assigned by manufacturer (default). Apply button Press the button to complete the configuration. 4.1.1.
FGSW-2620VM / FGSW-2624SF User’s Manual Hash Algorithm Provide MAC address table Hashing setting on Switch; available options are CRC Hash and Direct Map. Default mode is CRC-Hash. Save button Press the button to complete the configuration. 4.1.2 IP Configuration User can configure the IP Settings and DHCP client function, the screen in Figure 4-1-3 appears. Figure 4-1-3 IP configuration screenshot Object Description DHCP Client "Enable" is to get IP from DHCP server. "Disable" is opposite.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.3 Account Password You can change web management login user name and password. Figure 4-1-4 Account password screenshot Object Description User name Type the new user name. The default is "admin". New Password Type the new password. The default is "admin". Confirm password Retype the new password. Apply button Press the button for save current User name and Password Setting on the Switch.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.4 SNMP Management The SNMP is a Protocol that governs the transceiver of information between management and agent. The Switch supports SNMP V1. You can define management stations as trap managers and to enter SNMP community strings. You also can define a name, location, and contact person for the Switch. Fill in the system options data, and then click Apply to update the changes. 4.1.4.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.4.2 Trap Configuration Trap Manager A trap manager is a management station that receives traps, the system alerts generated by the switch. If no trap manager is defined, no traps will issue. Create a trap manager by entering the IP address of the station and a community string. Figure 4-1-6 Trap Management screenshot Object Description IP Address Fill in the trap device IP. Community Strings The trap device community strings.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.5 TFTP Upgrade It provides the functions to allow a user to update the Switch firmware. Before updating, make sure you have your TFTP server ready and the firmware image is on the TFTP server. Figure 4-1-7 TFTP Update Firmware screentshot Object Description TFTP Server IP Address Fill in your TFTP server IP. Firmware File Name The name of firmware image. Apply button Press the button for upgrade the Switch firmware. 4.1.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.1.7 System Reboot Reboot the Switch in software reset. Click button to reboot the Switch.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.2 Port Configuration In Port page, it has five parts of setting Port control Port mirror Bandwidth control Port statistics Port trunk. We will describe the configure detail in following. 4.2.1 Port Control This section introduces detail settings of per port on Switch; the screen in Figure 4-2-1 appears and following table descriptions the Port Configuration objects of the Switch.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-2-2 Select the Port Control screenshot For the model FGSw-2624SF, Port-1 to Port-24 is set to 100Full as default setting.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.2.2 Port Mirror The Port mirroring is a method for monitor traffic in switched networks. Traffic through ports can be monitored by one specific port. That is, traffic goes in or out monitored ports will be duplicated into mirror port. Figure 4-2-3 Prot Mirroring screenshot Object Description Port Mirroring Mode Analysis Port Set mirror mode: Disable, RX, TX, Both. Its mean mirror port can be used to see all monitor port traffic.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.2.3 Bandwidth Control This section provides current rate limit and traffic shapping status of each port from the Switch, the screen in Figure 4-2-4 appears. Figure 4-2-4 Bandwidth Control Screenshot Object InRate* Description Input the value of packet rate sent from the connected port to this port must enable the flow control feature of this port for the function to work normally. The available value ranges from 1 to 99 and rate unit: 1Mbps.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.2.4 Port Statistics The following information provides a view of the current port statistic information. Scroll down for more ports statistics. Figure 4-2-5 Port Statistics screenshot Object Description Port Indicate port 1 to port 26. Type Display the Speed duplex mode of each port on the Switch. Link The state of the link, indicating a valid link partner device. "Up" means a device is successful connected to the port. “Down” means no device is connected.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.2.5 Port Trunk The Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs, move the link to that Link Aggregation Group, and enable its transmission and reception functions in an orderly manner.
FGSW-2620VM / FGSW-2624SF User’s Manual Work Ports Allow max four ports can be aggregated at the same time. If LACP static trunk group, the exceed ports are standby and able to aggregate if work ports fail. If it is local static trunk group, the number must be as same as the group member ports. Choose Port Select the ports to join the trunk group. Allow max four ports can be aggregated at the same time. Add button Press the button to add the port.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.2.5.3 Aggregator State Activity When you had setup the LACP aggregator, you can configure port state activity. You can mark or un-mark the port. Figure 4-2-8 Trunking – State Activity interface Object Description Active The port automatically sends LACP protocol packets. Passive The port does not automatically send LACP protocol packets, and responds only if it receives LACP protocol packets from the opposite device.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.3 Switching In Switch page, it has four parts of setting VLAN, Rapid Spanning Tree IGMP snooping Forwarding table. We will describe the configure detail in following. 4.3.1 VLAN Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managing traffic on a network where many different types of data may be transmitted simultaneously.
FGSW-2620VM / FGSW-2624SF User’s Manual VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN. VLAN also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN.
FGSW-2620VM / FGSW-2624SF User’s Manual Some relevant terms: Tagging - The act of putting 802.1Q VLAN information into the header of a packet. Untagging - The act of stripping 802.1Q VLAN information out of the packet header. 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the Ether Type field.
FGSW-2620VM / FGSW-2624SF User’s Manual Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch. If no VLAN are defined on the switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as VLAN are concerned. Tagged packets are forwarded according to the VID contained within the tag.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.3.1.1.1 Port-based VLAN Packets can go among only members of the same VLAN group. Note all unselected ports are treated as belonging to another single VLAN. If the port-based VLAN enabled, the VLAN-tagging is ignored.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-3-2 VLAN – PortBase choose interface 7. If there are many groups that over the limit of one page, you can click 8. Use button to delete unwanted VLAN. 9. Use button to modify existing VLAN group. to view other VLAN groups. If the trunk groups exist, you can see it (ex: Trunk1, Trunk2…) in select menu of ports, and you can configure it is the member of the VLAN or not. 4.3.1.1.2 802.1Q VLAN Tagged-based VLAN is an IEEE 802.1Q specification standard.
FGSW-2620VM / FGSW-2624SF User’s Manual thus keeping the VLAN information intact. The VLAN information in the tag can then be used by other 802.1Q compliant devices on the network to make packet-forwarding decisions. 。 Untagging: Ports with untagging enabled will strip the 802.1Q tag from all packets that flow into those ports. If the packet doesn't have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an untagging port will have no 802.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-3-4 802.1Q VLAN Setting Web Page screen Object Description You can configure the ID number of the VLAN by this item. This field is used to add VLANs one at a time. The VLAN group ID and available range is 2-4094 Indicate port 1 to port 26. Port ---------- Forbidden ports are not included in the VLAN Untagged Packets forwarded by the interface are untagged VLAN Type Defines the interface as a tagged member of a VLAN.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.3.1.2 802.1Q Ingress Filter This section provides 802.1Q Ingress Filter of each port from the Switch, the screen in Figure 4-3-5 appears. Figure 4-3-5 802.
FGSW-2620VM / FGSW-2624SF User’s Manual Object Ingress Filter Description Ingress filtering lets frames belonging to a specific VLAN to be forwarded if the port belongs to that VLAN. Enable: Forward only packets with VID matching this port's configured VID. Disable: Disable Ingress filter function. Acceptable Frame type ALL: Acceptable all Packet. Tag Only: Only packet with match VLAN ID can be permission to go through the port.
FGSW-2620VM / FGSW-2624SF User’s Manual Bridge Protocol Data Units For STP to arrive at a stable network topology, the following information is used: 。 The unique switch identifier 。 The path cost to the root associated with each switch port 。 The por tidentifier STP communicates between switches on the network using Bridge Protocol Data Units (BPDUs).
FGSW-2620VM / FGSW-2624SF User’s Manual 。 Listening – the port is waiting to receive BPDU packets that may tell the port to go back to the blocking state 。 Learning – the port is adding addresses to its forwarding database, but not yet forwarding packets 。 Forwarding – the port is forwarding packets 。 Disabled – the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows: 。 From initialization (switch bo
FGSW-2620VM / FGSW-2624SF User’s Manual On the switch level, STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges. On the port level, STP sets the Root Port and the Designated Ports. The following are the user-configurable STP parameters for the switch level: Parameter Description Default Value Bridge Identifier(Not user A combination of the User-set priority and the 32768 + MAC configurable switch’s MAC address.
FGSW-2620VM / FGSW-2624SF User’s Manual User-Changeable STA Parameters The Switch’s factory default setting should cover the majority of installations. However, it is advisable to keep the default settings as set at the factory; unless, it is absolutely necessary. The user changeable parameters in the Switch are as follows: Priority – A Priority for the switch can be set from 0 to 65535. 0 is equal to the highest Priority. Hello Time – The Hello Time can be from 1 to 10 seconds.
FGSW-2620VM / FGSW-2624SF User’s Manual Priority setting, or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is, however, relatively straight forward.
FGSW-2620VM / FGSW-2624SF User’s Manual one (optional) Gigabit port on both switch B and C. The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link (default port cost = 19). Gigabit ports could be used, but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link. The Spanning-Tree Protocol (STP) is a standardized method (IEEE 802.1d) for avoiding loops in switched networks.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.3.2.2 Per Port Configuration You can configure path cost and priority of every port. Figure 4-3-7 SPT - Per Port Configuration interface Object Description Port Path cost The cost of the path to the other bridge from this transmitting bridge at the specified port. Enter a number 1 through 200000000. Priority Decide which port should be blocked by priority in LAN. Enter a number 0 through 240 in steps of 16.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.3.3 IGMP Snooping About the Internet Group Management Protocol (IGMP) Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group. The Internet Group Management Protocol (IGMP) is used to communicate this information. IGMP is also used to periodically check the multicast group for members that are no longer active.
FGSW-2620VM / FGSW-2624SF User’s Manual members exist on their sub networks. If there is no response from a particular group, the router assumes that there are no group members on the network. The Time-to-Live (TTL) field of query messages is set to 1 so that the queries will not be forwarded to other sub networks. IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN, an explicit leave message, and query messages that are specific to a given group.
FGSW-2620VM / FGSW-2624SF User’s Manual Message Description A message sent from the querier (IGMP router or switch) asking for a response from Query each host belonging to the multicast group. A message sent by a host to the querier to indicate that the host wants to be or is a Report member of a given group indicated in the report message. Leave Group A message sent by a host to the querier to indicate that the host has quit to be a member of a specific multicast group.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.3.4 Forwarding Table You can configure forwarding table of every port, the screen in Figure 4-3-9. Figure 4-3-9 Forwarding Table screen Object Description Port No Indicate port 1 to port 26. Current MAC Address List the source MAC addresses those be learned on the specify port.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.4 QoS Quality of Service (QoS) is an advanced traffic prioritization feature that allows you to establish control over network traffic. QoS enables you to assign various grades of network service to different types of traffic, such as multi-media, video, protocol-specific, time critical, and file-backup traffic. QoS reduces bandwidth limitations, delay, loss, and jitter.
FGSW-2620VM / FGSW-2624SF User’s Manual Figure 4-4-1 QoS Configuration Web Page screen 61
FGSW-2620VM / FGSW-2624SF User’s Manual Object Description Provide different modes for QoS Configuration, the available options are shown as below: QoS Mode Disable QoS Priority, High Empty Then Low, Highest:secHigh:SecLow:Lowest=8:4:2:1 Highest:secHigh:SecLow:Lowest=15:7:3:1 Highest:secHigh:SecLow:Lowest=15:10:5:1 Default mode is Highest:secHigh:SecLow:Lowest=8:4:2:1 Static Port Ingress Allow to assign Ingress priority on each port of the Switch, the available options are OFF and Priority 0-7.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.5.1 802.1x/Radius Understanding IEEE 802.1X Port-Based Authentication The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN. Until the client is authenticated, 802.
FGSW-2620VM / FGSW-2624SF User’s Manual z Switch (802.1X device)—controls the physical access to the network based on the authentication status of the client. The switch acts as an intermediary (proxy) between the client and the authentication server, requesting identity information from the client, verifying that information with the authentication server, and relaying a response to the client.
FGSW-2620VM / FGSW-2624SF User’s Manual Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.
FGSW-2620VM / FGSW-2624SF User’s Manual If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. 4.5.1.1 System Configuration The section provides 802.1x -System Configuration, the screen in Figure 4-5-1 Figure 4-5-1 802.1x Configuration - System Configuration interface Radius Server — In this situation, need a Radius server in the network, the normal topologies as below 1. Select the “Radius Server” mode. 2.
FGSW-2620VM / FGSW-2624SF User’s Manual Object Description 802.1x Protocol Disable or enable 802.1x Protocol. Radius Server IP Set the Radius Server IP address. Server Port Set the UDP destination port for authentication requests to the specified Radius Server. Accounting Port Set the UDP destination port for accounting requests to the specified Radius Server. Shared Key Set an encryption key for use during authentication sessions with the specified radius server.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.5.1.2 Per port Configuration You can see the every port Authorization information list in table. Figure 4-5-2 802.1x Configuration - Per Port Configuration Object Description Port Choose the port to set port Authorization. State Reject: the specified port is required to be held in the Unauthorized state. Accept: the specified port is required to be held in the Authorized state.
FGSW-2620VM / FGSW-2624SF User’s Manual 5. Create user data. That step is different of “Local Authenticate”, the establishment of the user data needs to be created on the Radius Server PC. For example, the Radius Server founded on Win2000 Server, and then: 6.
FGSW-2620VM / FGSW-2624SF User’s Manual 7. The last, run your 802.1X Client 4.5.1.3 802.1X Client Configuration Windows XP is originally 802.1X support. As to other operating systems (windows 98SE, ME, 2000), an 802.1X client utility is needed. The following procedures show how to configure 802.1X Authentication in Windows XP. Please note that if you want to change the 802.1x authentication type of a wireless client, i.e.
FGSW-2620VM / FGSW-2624SF User’s Manual 4. Select “Authentication” tab. 5. Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication. 6. Select “MD-5 Challenge” from the drop-down list box for EAP type. 7. Click “OK”. 8. When client has associated with the switch, a user authentication notice appears in system tray. Click on the notice to continue.
FGSW-2620VM / FGSW-2624SF User’s Manual 9. Enter the user name, password and the logon domain that your account belongs. 10. Click “OK” to complete the validation process.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.5.1.4 Misc Configuration The section provides 802.1x Misc Configuration, the screen in Figure 4-5-3 Figure 4-5-3 802.1x Configuration - Misc Configuration interface Object Description Quiet Period Set the period during which the port doesn't try to acquire a supplicant. Tx Period Set the period the port waits to retransmit next EAPOL PDU during an authentication session.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.5.2 Access Control List The Access Control List (ACL) is a concept in computer security used to enforce privilege separation. It is a means of determining the appropriate access rights to a given object depending on certain aspects of the process that is making the request, principally the process's user identifier.
FGSW-2620VM / FGSW-2624SF User’s Manual 4.5.3 Static MAC Address When you add a static MAC address, it remains in the switch's address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re-learn a device's MAC address when the disconnected or powered-off device is active on the network again. To bind the MAC Address, click on the Security/ Static MAC Address menu button, the main web page then shows the Static MAC Address function table. 1.
FGSW-2620VM / FGSW-2624SF User’s Manual Object MAC Address Description Enter the MAC address to and from which the port should permanently forward traffic, regardless of the device network activity. Port Select a port number. VLAN ID If tag-based (IEEE 802.1Q) VLANs are set up on the switch, static addresses are associated with individual VLANs. Type the VID (tag-based VLANs) to associate with the MAC address. Add Press this button for add Static MAC Address on the Switch.
FGSW-2620VM / FGSW-2624SF User’s Manual Object Description MAC Address Enter the MAC address that wants to filter. VLAN ID If tag-based (802.1Q) VLAN are set up on the switch, in the VLAN ID box, type the VID to associate with the MAC address. Add Press this button for add MAC filtering on the Switch. Delete Press this button for delete MAC filtering on theSwitch. 4.5.
FGSW-2620VM / FGSW-2624SF User’s Manual 5. SWITCH OPERATION 5.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc. This information comes from the learning process of Ethernet Switch. 5.2 Learning When one packet comes in from any port. The Switch will record the source address, port no.
FGSW-2620VM / FGSW-2624SF User’s Manual Due to the learning function of the Ethernet switching, the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table. This information is subsequently used to filter packets whose destination address is on the same segment as the source address. This confines network traffic to its respective domain, reducing the overall load on the network.
FGSW-2620VM / FGSW-2624SF User’s Manual 6. TROUBLESHOOTING This section is intended to help you solve the most common problems on the managed switch. 6.1 Incorrect connections The switch port can auto detect straight or crossover cable when you link switch with other Ethernet device. For the RJ-45 connector should use correct UTP or STP cable, 10/100Mbps port use 2 pairs twisted cable. If the RJ-45 connector is not correct pin on right position then the link will fail.
FGSW-2620VM / FGSW-2624SF User’s Manual APPENDIX A: CABLE PIN ASSIGNMENT 7.1 Cable Cable Types and Specifications Cable Type Max. Length Connector 10BASE-T Cat. 3, 4, 5100-ohm UTP 100 m (328 ft) RJ-45 100BASE-TX Cat. 5 100-ohm UTP 100 m (328 ft) RJ-45 100BASE-FX 50/125 or 62.5/125 micron core multimode fiber (MMF) 2 km (1.24 miles) SC or ST 7.
FGSW-2620VM / FGSW-2624SF User’s Manual 7.3 RJ-45 cable pin assignment 6 32 1 6 321 6 3 21 The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded.
FGSW-2620VM / FGSW-2624SF User’s Manual Appendix B : Access Control List Application Guide Introduction: What is Access Control List An Access Control List (ACL) consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
FGSW-2620VM / FGSW-2624SF User’s Manual Before the ACL Configure … Notice – It is important to set the VLAN mode to “Port-Based” or “802.1Q” VLAN before you start the ACL configure. Due to the ACL will check the VLAN ID if necessary, the VLAN mode must be set to Port-Based or 802.1Q mode. And once the VLAN mode is changed, the system has to reboot to apply the new settings. To set up the VLAN mode, click the “VLAN Configuration” at the Function Menu tree.
FGSW-2620VM / FGSW-2624SF User’s Manual Deny Policy Sample Case 1: Deny specific Source IP Address – Host Purpose: Verify positive and negative matches to a specific host IP address with a 32 bit mask, no matter the rule defined as permit or deny. Check for Class A,B, and C address. 1. To set a Host as the target at this case. 2. Once the deny policy be applied, all IP packets from the target Host IP Address will be dropped. 3.
FGSW-2620VM / FGSW-2624SF User’s Manual Stream Target Host Protocol ID Source Address Destination Address 1 192.168.1.
FGSW-2620VM / FGSW-2624SF User’s Manual Case 2: Deny specific Source IP Address – Class C Purpose: Verify a positive and negative matches to network IP address with a Class C (24 bit mask), no matter the rule defined as permit or deny. 1. Set Hosts within the same Class C Network domain, as the targets at this case. 2. Once the deny policy be applied, all IP packets from the targets’ IP Addresses will be dropped. 3.
FGSW-2620VM / FGSW-2624SF User’s Manual Stream Target Class C Protocol ID Source Address Destination Address 2 192.168.1.0 / 255.255.255.
FGSW-2620VM / FGSW-2624SF User’s Manual Case 3: Deny specific VLAN packets Purpose: Verify a positive and negative matches to network IP address with a specific VLAN ID , no matter the rule defined as permit or deny. 1. Packets with VLAN ID= specific ACL VLAN ID will be dropped. 2. Packets with VLAN ID not match the specific ACL VLAN ID will be forwarded.
FGSW-2620VM / FGSW-2624SF User’s Manual ACL Policy Configuration: 90
FGSW-2620VM / FGSW-2624SF User’s Manual Case 4: Deny Specify Protocol – HTTP / WWW Purpose: Verify positive and negative matches to network IP address with a specific protocol or TCP/UDP Port number, no matter the rule defined as permit or deny. 1. Packets with Layer 4 protocol match the specific ACL protocol will be dropped. 2. Packets with Layer 4 protocol not match the specific ACL protocol will be forwarded.
FGSW-2620VM / FGSW-2624SF User’s Manual Stream Target Protocol ID Source Address Destination Address 192.168.1.1 / Host 5 HTTP ANY 255.255.255.
FGSW-2620VM / FGSW-2624SF User’s Manual Case 5: Deny Specify Protocol – SMTP Purpose: 1. SMTP packets from specific Host IP Address will be dropped. 2. Other packets from specific Host IP Address will be forwarded.
FGSW-2620VM / FGSW-2624SF User’s Manual ACL Policy Configuration: ACL Policy Entry: 94
EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 10/100 + 2 Gigabit TP/SFP Combo Layer 2 Managed Ethernet Switch *Model Number: FGSW-2620VM * Produced by: Manufacturer‘s Name : Planet Technology Corp. Manufacturer‘s Address : 11F, No. 96, Min Chuan Road, Hsin Tien Taipei, Taiwan, R.O.C.
EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 100Mbps SFP + 2 Gigabit TP/SFP Combo Web Smart Ethernet Switch *Model Number: FGSW-2624SF * Produced by: Manufacturer‘s Name : Manufacturer‘s Address: Planet Technology Corp. 11F, No 96, Min Chuan Road Hsin Tien, Taipei, Taiwan , R. O.C.