Intellinet 561105 User Manual
Displayed below is the user manual for 561105 by Intellinet which is a product in the Network Switches category. This manual has pages.
Related Manuals
Version2.0
24‐PORTGIGABITETHERNETPOE+LAYER2+MANAGED
SWITCHWITH10GBEUPLINK
USERMANUAL
Model561105
FCC/CEMarkWarning
PoESwitchUserManual|2
FCCWarning
ThisEquipmenthasbeentestedandfoundtocomplywiththelimitsforaClass‐Adigitaldevice,
pursuanttoPart15oftheFCCrules.Theselimitsaredesignedtoprovidereasonableprotection
againstharmfulinterferenceinaresidentialinstallation.Thisequipmentgenerates,uses,andcan
radiateradiofrequencyenergy.Itmaycauseharmfulinterferencetoradiocommunicationsifthe
equipmentisnotinstalledandusedinaccordancewiththeinstructions.However,thereisno
guaranteethatinterferencewillnotoccurinaparticularinstallation.Ifthisequipmentdoescause
harmfulinterferencetoradioortelevisionreception,whichcanbedeterminedbyturningthe
equipmentoffandon,theuserisencouragedtotrytocorrecttheinterferencebyoneormoreofthe
followingmeasures:
Reorientorrelocatethereceivingantenna.
Increasetheseparationbetweentheequipmentandreceiver.
Connecttheequipmentintoanoutletonacircuitdifferentfromthattowhichthereceiveris
connected.
Consultthedealeroranexperiencedradio/TVtechnicianforhelp.
CEMarkWarning
ThisisaClass‐Aproduct.Inadomesticenvironmentthisproductmaycauseradiointerferencein
whichcasetheusermayberequiredtotakeadequatemeasures.
TableofContents
PoESwitchUserManual|3
Table of Contents
BeforeStarting..............................................................................................................................................10
IntendedReaders......................................................................................................................................11
IconsforNote,Caution,andWarning......................................................................................................11
ProductPackageContents........................................................................................................................12
Chapter1:ProductOverview....................................................................................................................13
1.1.ProductBriefDescription..................................................................................................................14
1.2.ProductSpecification.........................................................................................................................15
1.3.HardwareDescription........................................................................................................................18
1.4.HardwareInstallation........................................................................................................................19
Chapter2:PreparingforManagement.....................................................................................................20
2.1.PreparationforSerialConsole...........................................................................................................21
2.2.PreparationforWebInterface...........................................................................................................23
2.3.PreparationforTelnet/SSHInterface................................................................................................25
Chapter3:WebManagement...................................................................................................................27
3.1.WebManagement‐Configure..........................................................................................................28
3.1.1.Configuration‐System...............................................................................................................30
3.1.1.1.System‐Information...........................................................................................................30
3.1.1.2.System‐IP............................................................................................................................31
3.1.1.3.System‐IPv6........................................................................................................................32
3.1.1.4.System‐NTP........................................................................................................................33
3.1.1.5.System‐Time.......................................................................................................................34
3.1.1.6.System‐Log.........................................................................................................................36
3.1.2.Configuration‐PowerReduction...............................................................................................37
3.1.2.1.PowerReduction‐EEE.........................................................................................................37
3.1.3.Configuration‐Ports...................................................................................................................38
3.1.4.Configuration‐Security..............................................................................................................40
3.1.4.1.Security‐Switch‐Users......................................................................................................40
3.1.4.2.Security‐Switch‐PrivilegeLevel........................................................................................42
3.1.4.3.Security‐Switch‐AuthenticationMethod.........................................................................44
3.1.4.4.Security‐Switch‐SSH.........................................................................................................45
3.1.4.5.Security‐Switch‐HTTPS.....................................................................................................46
3.1.4.6.Security‐Switch‐AccessManagement..............................................................................47
3.1.4.7.Security‐Switch‐SNMP.....................................................................................................48
3.1.4.7.1.Security‐Switch‐SNMP‐System...............................................................................48
TableofContents
PoESwitchUserManual|4
3.1.4.7.2.Security‐Switch‐SNMP‐Community........................................................................52
3.1.4.7.3.Security‐Switch‐SNMP‐User....................................................................................53
3.1.4.7.4.Security‐Switch‐SNMP‐Groups...............................................................................55
3.1.4.7.5.Security‐Switch‐SNMP‐Views.................................................................................56
3.1.4.7.6.Security‐Switch‐SNMP‐Access................................................................................57
3.1.4.8.Security‐Switch‐RMON....................................................................................................57
3.1.4.8.1.Security‐Switch‐RMON‐Statistics............................................................................58
3.1.4.8.2.Security‐Switch‐RMON‐History..............................................................................59
3.1.4.8.3.Security‐Switch‐RMON‐Alarm................................................................................60
3.1.4.8.4.Security‐Switch‐RMON‐Event.................................................................................62
3.1.4.9.Security‐Network‐LimitControl.......................................................................................63
3.1.4.10.Security‐Network‐NAS(NetworkAccessServer)..........................................................66
3.1.4.11.Security‐Network‐ACL....................................................................................................77
3.1.4.11.1.Security‐Network‐ACL‐Ports.................................................................................77
3.1.4.11.2.Security‐Network‐ACL‐RateLimiter......................................................................79
3.1.4.11.3.Security‐Network‐ACL‐AccessControlList...........................................................80
3.1.4.12.Security‐Network‐DHCP.................................................................................................96
3.1.4.12.1.Security‐Network‐DHCP‐Snooping.......................................................................96
3.1.4.12.2.Security‐Network‐DHCP‐Relay..............................................................................97
3.1.4.13.Security‐Network‐IPSourceGuard................................................................................99
3.1.4.13.1.Security‐Network‐IPSourceGuard‐Configuration...............................................99
3.1.4.13.2.Security‐Network‐IPSourceGuard‐StaticTable.................................................100
3.1.4.14.Security‐Network‐ARPInspection...............................................................................101
3.1.4.14.1.Security‐Network‐ARPInspection‐Configuration..............................................101
3.1.4.14.2.Security‐Network‐ARPInspection‐StaticTable..................................................102
3.1.4.15.Security‐AAA..................................................................................................................103
3.1.5.Configuration‐Aggregation.....................................................................................................107
3.1.5.1.Aggregation‐Static............................................................................................................107
3.1.5.2.Aggregation‐LACP............................................................................................................109
3.1.6.Configuration‐LoopProtection...............................................................................................111
3.1.7.Configuration‐SpanningTree..................................................................................................113
3.1.7.1.SpanningTree‐BridgeSettings.........................................................................................113
3.1.7.2.SpanningTree‐MSTIMapping.........................................................................................115
3.1.7.3.SpanningTree‐MSTIPriorities.........................................................................................117
3.1.7.4.SpanningTree‐CISTPorts.................................................................................................118
3.1.7.5.SpanningTree‐MSTIPorts................................................................................................121
TableofContents
PoESwitchUserManual|5
3.1.8.Configuration‐MVR.................................................................................................................123
3.1.9.Configuration‐IPMC.................................................................................................................127
3.1.9.1.IPMC‐IGMPSnooping......................................................................................................127
3.1.9.1.1.IPMC‐IGMPSnooping‐BasicConfiguration............................................................127
3.1.9.1.2.IPMC‐IGMPSnooping‐VLANConfiguration............................................................129
3.1.9.1.3.IPMC‐IGMPSnooping‐PortGroupFiltering...........................................................131
3.1.9.2.IPMC‐MLDSnooping........................................................................................................132
3.1.9.2.1.IPMC‐MLDSnooping‐BasicConfiguration..............................................................132
3.1.9.2.2.IPMC‐MLDSnooping‐VLANConfiguration.............................................................134
3.1.9.2.3.IPMC‐MLDSnooping‐PortGroupFiltering.............................................................136
3.1.10.Configuration‐LLDP...............................................................................................................137
3.1.10.1.LLDP‐LLDP.......................................................................................................................137
3.1.10.2.LLDP‐LLDP‐MED..............................................................................................................140
3.1.11.Configuration‐PoE.................................................................................................................147
3.1.12.Configuration‐MACTable......................................................................................................150
3.1.13.Configuration‐VLANs.............................................................................................................152
3.1.13.1.VLANs‐VLANMembership.............................................................................................152
3.1.13.2.VLANs‐Ports...................................................................................................................154
3.1.14.Configuration‐PrivateVLAN..................................................................................................156
3.1.14.1.PrivateVLAN‐PortIsolation.......................................................................................156
3.1.15.Configuration‐VCL.................................................................................................................157
3.1.15.1.VCL‐MAC‐basedVLAN....................................................................................................157
3.1.15.2.VCL‐Port‐basedVLAN.....................................................................................................159
3.1.15.2.1.VCL‐Port‐basedVLAN‐ProtocoltoGroup.............................................................159
3.1.15.2.2.VCL‐Port‐basedVLAN‐GrouptoVLAN..................................................................161
3.1.15.3.VCL‐IPSubnet‐basedVLAN............................................................................................162
3.1.16.Configuration‐VoiceVLAN....................................................................................................164
3.1.16.1.VoiceVLAN‐Configuration.............................................................................................164
3.1.16.2.VoiceVLAN‐OUI.............................................................................................................166
3.1.17.Configuration‐QoS.................................................................................................................167
3.1.17.1.QoS‐PortClassification..................................................................................................167
3.1.17.2.QoS‐PortPolicing...........................................................................................................169
3.1.17.3.QoS‐PortScheduler........................................................................................................170
3.1.17.4.QoS‐PortShaping...........................................................................................................175
3.1.17.5.QoS‐PortTagRemarking................................................................................................180
3.1.17.6.QoS‐PortDSCP...............................................................................................................183
TableofContents
PoESwitchUserManual|6
3.1.17.7.QoS‐DSCP‐BasedQoS.....................................................................................................185
3.1.17.8.QoS‐DSCPTranslation....................................................................................................186
3.1.17.9.QoS‐DSCPClassification.................................................................................................187
3.1.17.10.QoS‐StormControl.......................................................................................................188
3.1.17.11.QoS‐WRED....................................................................................................................189
3.1.18.Configuration‐Mirroring.......................................................................................................191
3.1.19.Configuration‐UPnP..............................................................................................................193
3.1.20.Configuration‐sFlow..............................................................................................................194
3.2.WebManagement‐Monitor...........................................................................................................197
3.2.1.Monitor‐System......................................................................................................................197
3.2.1.1.System‐Information.........................................................................................................197
3.2.1.2.System‐CPULoad.............................................................................................................199
3.2.1.3.System‐Log.......................................................................................................................200
3.2.1.4.System‐DetailedLog........................................................................................................201
3.2.2.Monitor‐Ports..........................................................................................................................202
3.2.2.1.Ports‐State........................................................................................................................202
3.2.2.2.Ports‐TrafficOverview.....................................................................................................203
3.2.2.3.Ports‐QoSStatistics..........................................................................................................205
3.2.2.4.Ports‐DetailedStatistics...................................................................................................206
3.2.3.Monitor‐Security.....................................................................................................................209
3.2.3.1.Security‐AccessManagementStatistics..........................................................................209
3.2.3.2.Security‐Network.............................................................................................................210
3.2.3.2.1.Security‐Network‐PortSecurity‐Switch................................................................210
3.2.3.2.2.Security‐Network‐PortSecurity‐Port....................................................................213
3.2.3.2.3.Security‐Network‐NAS‐Switch..............................................................................214
3.2.3.2.4.Security‐Network‐NAS‐Port..................................................................................216
3.2.3.2.5.Security‐Network‐ACLStatus..................................................................................221
3.2.3.2.6.Security‐Network‐DHCP‐SnoopingStatistics........................................................223
3.2.3.2.7.Security‐Network‐DHCP‐RelayStatistics..............................................................225
3.2.3.2.8.Security‐Network‐ARPInspection..........................................................................227
3.2.3.3.Security‐Network.............................................................................................................231
3.2.3.3.1.Security‐AAA‐RADIUSOverview.............................................................................231
3.2.3.3.2.Security‐AAA‐RADIUSDetails.................................................................................233
3.2.3.4.Security‐Switch‐RMON..................................................................................................237
3.2.3.4.1.Security‐Switch‐RMON‐Statistics..........................................................................237
3.2.3.4.2.Security‐Switch‐RMON‐History............................................................................240
TableofContents
PoESwitchUserManual|7
3.2.3.4.3.Security‐Switch‐RMON‐Alarm..............................................................................242
3.2.3.4.4.Security‐Switch‐RMON‐Events..............................................................................244
3.2.4.Monitor‐LACP..........................................................................................................................245
3.2.4.1.LACP‐SystemStatus.........................................................................................................245
3.2.4.2.LACP‐PortStatus..............................................................................................................246
3.2.4.3.LACP‐PortStatistics..........................................................................................................247
3.2.5.Monitor‐LoopProtection........................................................................................................248
3.2.6.Monitor‐SpanningTree...........................................................................................................249
3.2.6.1.SpanningTree‐BridgeStatus............................................................................................249
3.2.6.2.SpanningTree‐PortStatus...............................................................................................250
3.2.6.3.SpanningTree‐PortStatistics...........................................................................................251
3.2.7.Monitor‐MVR..........................................................................................................................252
3.2.7.1.MVR‐Statistics..................................................................................................................252
3.2.7.2.MVR‐MVRChannelGroups.............................................................................................253
3.2.7.3.MVR‐MVRSFMInformation............................................................................................254
3.2.8.Monitor‐IPMC.........................................................................................................................256
3.2.8.1.IPMC‐IGMPSnooping......................................................................................................256
3.2.8.1.1.IPMC‐IGMPSnooping‐Status..................................................................................256
3.2.8.1.2.IPMC‐IGMPSnooping‐GroupsInformation............................................................258
3.2.8.1.3.IPMC‐IGMPSnooping‐IPv4SFMInformation.........................................................259
3.2.8.2.IPMC‐MLDSnooping........................................................................................................261
3.2.8.2.1.IPMC‐MLDSnooping‐Status....................................................................................261
3.2.8.2.2.IPMC‐MLDSnooping‐GroupsInformation.............................................................263
3.2.8.2.3.IPMC‐MLDSnooping‐IPv6GroupInformation.......................................................264
3.2.9.Monitor‐LLDP..........................................................................................................................266
3.2.9.1.LLDP‐Neighbours..............................................................................................................266
3.2.9.2.LLDP‐LLDP‐MEDNeighbours............................................................................................268
3.2.9.3.LLDP‐PoE...........................................................................................................................272
3.2.9.4.LLDP‐EEE...........................................................................................................................274
3.2.9.5.LLDP‐PortStatistics..........................................................................................................276
3.2.10.Monitor‐PoE..........................................................................................................................278
3.2.11.Monitor‐MACTable...............................................................................................................280
3.2.12.Monitor‐VLANs.....................................................................................................................283
3.2.12.1.VLANs‐VLANMembership.............................................................................................283
3.2.12.2.VLANs‐VLANPorts.........................................................................................................285
3.2.13.Monitor‐VCL..........................................................................................................................287
TableofContents
PoESwitchUserManual|8
3.2.13.1.VCL‐MAC‐basedVLAN....................................................................................................287
3.2.14.Monitor‐sFlow.......................................................................................................................288
3.3.WebManagement‐Diagnostics.....................................................................................................290
3.3.1.Diagnostics‐Ping......................................................................................................................290
3.3.2.Diagnostics‐Ping6....................................................................................................................292
3.3.3.Diagnostics‐VeriPHY................................................................................................................293
3.4.WebManagement‐Maintenance..................................................................................................295
3.4.1.Maintenance‐RestartDevice..................................................................................................295
3.4.2.Maintenance‐FactoryDefaults...............................................................................................296
3.4.3.Maintenance‐SoftwareUpload..............................................................................................297
3.4.3.Maintenance‐Configuration....................................................................................................298
3.4.3.1.Configuration‐Save...........................................................................................................298
3.4.3.2.Configuration‐Load..........................................................................................................299
Chapter4:CLIManagement....................................................................................................................300
4.1.CLIManagement‐Overview...........................................................................................................301
4.2.CLIManagement‐System...............................................................................................................302
4.3.CLIManagement‐Port....................................................................................................................307
4.4.CLIManagement‐MAC...................................................................................................................310
4.5.CLIManagement‐VLAN..................................................................................................................311
4.6.CLIManagement‐PVLAN(PrivateVLAN).......................................................................................312
4.7.CLIManagement‐Security..............................................................................................................313
4.8.CLIManagement‐STP.....................................................................................................................331
4.9.CLIManagement‐Aggr...................................................................................................................335
4.10.CLIManagement‐LACP.................................................................................................................337
4.11.CLIManagement‐LLDP.................................................................................................................340
4.12.CLIManagement‐LLDPMED.........................................................................................................342
4.13.CLIManagement‐EEE...................................................................................................................346
4.14.CLIManagement‐POE..................................................................................................................347
4.15.CLIManagement‐QoS..................................................................................................................349
4.16.CLIManagement‐Mirror..............................................................................................................353
4.17.CLIManagement‐Config..............................................................................................................354
4.18.CLIManagement‐Firmware.........................................................................................................355
4.19.CLIManagement‐UPnP................................................................................................................356
4.20.CLIManagement‐MVR.................................................................................................................357
4.21.CLIManagement‐VoiceVLAN......................................................................................................359
4.22.CLIManagement‐LoopProtect....................................................................................................361
TableofContents
PoESwitchUserManual|9
4.23.CLIManagement‐IPMC................................................................................................................362
4.24.CLIManagement‐sFlow...............................................................................................................364
4.25.CLIManagement‐VCL...................................................................................................................366
AppendixA:ProductSafety........................................................................................................................368
AppendixB:IPConfigurationforYourPC..................................................................................................369
AppendixC:Glossary..................................................................................................................................373
PoESwitchUserManual|10
BeforeStarting
InBeforeStarting:
Thissectioncontainsintroductoryinformation,whichincludes:
IntendedReaders
IconsforNote,Caution,andWarning
ProductPackageContents
BeforeStarting
PoESwitchUserManual|11
IntendedReaders
Thismanualprovidesinformationregardingtoalltheaspectsandfunctionsneededtoinstall,
configure,use,andmaintaintheproductyou’vepurchased.
Thismanualisintendedfortechnicianswhoarefamiliarwithin‐depthconceptsofnetworking
managementandterminologies.
IconsforNote,Caution,andWarning
Toinstall,configure,use,andmaintainthisproductproperly,pleasepayattentionwhenyousee
theseiconsinthismanual:
ANoteiconindicatesimportantinformationwhichwillguideyoutousethis
productproperly.
ACautioniconindicateseitherapotentialforhardwaredamageordataloss,
includinginformationthatwillguideyoutoavoidthesesituations.
AWarningiconindicatespotentialsforpropertydamageandpersonalinjury.
BeforeStarting
PoESwitchUserManual|12
ProductPackageContents
Beforestartinginstallthisproduct,pleasecheckandverifythecontentsoftheproductpackage,
whichshouldincludethefollowingitems:
OneNetworkSwitch
OnePowerCord
OneUserManualCD
OnepairRack‐mountkit+8Screws
Note:Ifanyitemlistedinthistableaboveismissingordamaged,pleasecontactyourdistributoror
retailerassoonaspossible.
PoESwitchUserManual|13
Chapter1:
ProductOverview
InProductOverview:
Thissectionwillgiveyouanoverviewofthisproduct,includingitsfeaturefunctionsand
hardware/softwarespecifications.
ProductBriefDescription
ProductSpecification
HardwareDescription
HardwareInstallation
Chapter1:ProductOverview
ProductBriefDescription
PoESwitchUserManual|14
1.1.ProductBriefDescription
Introduction
Theswitchis24‐port10/100/1000Base‐T+410GSFP+OpenSlotRack‐mountL2+FullManagement
NetworkSwitchthatisdesignedformediumorlargenetworkenvironmenttostrengthenitsnetwork
connection.Theswitchsupports128Gnon‐blockingswitchfabric,the24gigabitportsand410G
portscantransmitandreceivedatatrafficwithoutanylost.TheEEEfeaturereducesthepower
consumptionwhenthereisnotrafficforwardingevenportisstillconnected.The10Guplinkport
designisavailableandimportantforhighbandwidthuplinkrequestwhencascadedwithotherswitch.
TheswitchalsosupportsLayer2+fullmanagementsoftwarefeatures.Thesefeaturesarepowerfulto
providenetworkcontrol,management,monitorandsecurityfeaturerequests.Includingrack‐mount
brackets,the19"sizefitsintoyourrackenvironment.Itisasuperbchoicetoboostyournetwork
withbetterperformanceandefficiency.
410GigabitSFP+OpenSlots
Theswitchequipswith410GSFP+openslotsastheuplinkports,the10Guplinkdesignprovidesan
excellentsolutionforexpandingyournetworkfrom1Gto10G.By10Gspeed,thisproductprovides
highflexibilityandhighbandwidthconnectivitytoanother10GswitchortheServers,Workstations
andotherattacheddeviceswhichsupport10Ginterface.Theusercanalsoaggregatethe10Gports
asTrunkgrouptoenlargethebandwidth.
FullLayer2ManagementFeatures
TheswitchincludesfullLayer2+Managementfeatures.Thesoftwaresetincludesupto4K802.1Q
VLANandadvancedProtocolVLAN,PrivateVLAN,MVR…features.Thereare8physicalqueues
QualityofService,IPv4/v6Multicastfiltering,RapidSpanningTreeprotocoltoavoidnetworkloop,
MultipleSpanningTreeProtocoltointegrateVLANandSpanningTree,LACP,LLDP;sFlow,port
mirroring,cablediagnosticandadvancedNetworkSecurityfeatures.ItalsoprovidesConsoleCLIfor
outofbandmanagementandSNMP,WebGUIforinbandManagement.
Chapter1:ProductOverview
ProductSpecification
PoESwitchUserManual|15
1.2.ProductSpecification
Interface
10/100/1000BaseRJ45Ports24
10GUplinkSFP+Slot4
ConsolePortforCLIManagement1
SystemPerformance
PacketBuffer32Mb
MACAddressTableSize32K
SwitchingCapacity128Gbps
ForwardingRate95.2Mpps
PoEFeatures
IEEE802.3af/at IEEE802.3af/at
NumberofPSEPorts24
Max.PowerConsumption500W
External/InternalPowerInternalPower
PowerFeedingDetectingCapabilityonPD
PDAliveCheck
PDClassification
PowerManagement
(per‐port)
Enable/DisablePoEPerPort
PrioritySettingPerPort
PowerLevelSettingPerPort
OverloadingProtection
L2Features
Auto‐negotiation
AutoMDI/MDIX
FlowControl(duplex)802.3x(Full)
Back‐Pressure(Half)
SpanningTree
IEEE802.1D(STP)
IEEE802.1w(RSTP)
IEEE802.1s(MSTP)
VLAN
VLANGroup4K
TaggedBased
Port‐based
LinkAggregation
IEEE802.3adwithLACP
StaticTrunk
Max.LACPLinkAggregationGroup12
IGMPSnooping
IGMPSnoopingv1/v2/v3
IPv6MLDSnooping
Querier,ImmediateLeave
StormControl(Broadcast/Multi‐cast/Un‐knownUnicast)
JumboFrameSupport10K
Chapter1:ProductOverview
ProductSpecification
PoESwitchUserManual|16
QoSFeatures
Numberofpriorityqueue8queues/port
RateLimitingIngressYes,1KBps/1pps
EgressYes,1KBps/1pps
DiffServ(RFC2474Remarking)
Scheduling(WRR,Strict,Hybrid)
CoSIEEE802.1p
IPToSprecedence,IPDSCP
Security
ManagementSystemUserName/PasswordProtection
UserPrivilegeSetuserprivilegeupto15Level
PortSecurity(MAC‐based)
IEEE802.1xPort‐basedAccessControl
ACL(L2/L3/L4)
IPSourceGuard
RADIUS(Authentication,Authorization,Accounting)
TACACS+
HTTP&SSL(SecureWeb)
SSHv2.0(SecuredTelnetSession)
MAC/IPFilter
Management
CommandLineInterface(CLI)
WebBasedManagement
Telnet
AccessManagementFilteringSNMP/WEB/SSH/TELNET
FirmwareUpgradeviaHTTP
DualFirmwareImages
ConfigurationDownload/Upload
SNMP(v1/v2c/v3)
RMON(1,2,3,&9groups)
DHCP(Client/Relay/Option82/Snooping)
SystemEvent/ErrorLog
NTP/LLDP
CableDiagnostics
IPv6Configuration
PortMirroringOnetoOneorManytoOne
Mechanical
PowerInput100~240VAC
Dimension(H*W*D)44*440*220mm
LEDPower,10/100/1000M,PoE,SFP
OperatingTemperature0~45°C
OperatingHumidity5~90%(non‐condensing)
Weight3KG
Certification CE,FCCClassA
Chapter1:ProductOverview
ProductSpecification
PoESwitchUserManual|17
Standard
IEEE802.3–10BaseT
IEEE802.3u‐100BaseTX
IEEE802.3ab‐1000BaseT
IEEE802.3z1000BaseSX/LX
IEEE802.3afPoweroverEthernet(PoE)
IEEE802.3atPoweroverEthernet(PoE+)
IEEE802.3az‐EnergyEfficientEthernet(EEE)
IEEE802.3x‐FlowControl
IEEE802.1Q‐VLAN
IEEE802.1v‐ProtocolVLAN
IEEE802.1p‐ClassofService
IEEE802.1D‐SpanningTree
IEEE802.1w‐RapidSpanningTree
IEEE802.1s‐MultipleSpanningTree
IEEE802.3ad‐LinkAggregationControlProtocol(LACP)
IEEE802.1AB‐LLDP(LinkLayerDiscoveryProtocol)
IEEE802.1X‐AccessControl
Chapter1:ProductOverview
HardwareDescription
PoESwitchUserManual|18
1.3.HardwareDescription
ThissectionmainlydescribesthehardwareofFull‐ManagementPoEswitchandgivesaphysicaland
functionaloverviewonthecertainswitch.
FrontPanel
ThefrontpaneloftheFull‐ManagementPoEswitchconsistsof2410/100/1000Base‐TXRJ‐45ports,
2gigabituplinkSFPports,and210GSFP+stackingports.TheLEDIndicatorsarealsolocatedonthe
frontpanel.
LEDIndicators
TheLEDIndicatorspresentreal‐timeinformationofsystematicoperationstatus.Thefollowingtable
providesdescriptionofLEDstatusandtheirmeaning.
LEDColor/Status Description No.ofLEDs
PowerAmberOn Poweron Power
10/100/1000MGreenOnLinkUp24(1~24)
GreenBlinking DataActivating
SFPGreenOn linkedtoPowerDevice 25~26
GreenBlinking DataActivating 25~26
RearPanel
TherearpaneloftheFull‐ManagementPoEswitchcontains2ventilationfans,apowerswitch,and
anIEC60320plugforpowersupply.
Chapter1:ProductOverview
HardwareInstallation
PoESwitchUserManual|19
1.4.HardwareInstallation
ToinstalltheFull‐ManagementPoEswitch,pleaseplaceitonalargeflatsurfacewithapowersocket
closeby.Thissurfaceshouldbeclean,smooth,andlevel.Also,pleasemakesurethatthereisenough
spacearoundtheFull‐ManagementPoEswitchforRJ45cable,powercordandventilation.
Ifyou’reinstallingthisFull‐ManagementPoEswitchona19‐inchrack,pleasemakesuretousethe
rack‐mountkit(Lbrackets)andscrewscomewiththeproductpackage.Allscrewsmustbefastened
sotherack‐mountkitandyourproductaretightlyconjoinedbeforeinstallingitonyour19‐inchrack.
EthernetcableRequest
Thewiringcabletypesareasbelow:
10Base‐T:2‐pairUTP/STPCAT.3,4,5cable,EIA/TIA‐568100‐ohm(Max.100m)
100Base‐TX:2‐pairUTP/STPCAT.5cable,EIA/TIA‐568100‐ohm(Max.100m)
1000Base‐T:4‐pairUTP/STPCAT.5cable,EIA/TIA‐568100‐ohm(Max.100m)
PoE:Todeliverypowerproperly,itisrecommendedtouseCAT5eandCAT6cable.Ethernet
cablesofhigherqualitiescanreducethepowerlostduringtransmission.
SFPInstallation
WhileinstalltheSFPtransceiver,makesuretheSFPtypeofthe2endsisthesameandthe
transmissiondistance,wavelength,fibercablecanmeetyourrequest.Itissuggestedtopurchasethe
SFPtransceiverwiththeswitchprovidertoavoidanyincompatibleissue.
ThewaytoconnecttheSFPtransceiveristoPluginSFPfibertransceiverfist.TheSFPtransceiverhas
2plugforfibercable,oneisTX(transmit),theotherisRX(receive).Cross‐connectthetransmit
channelateachendtothereceivechannelattheoppositeend.
Formoreinformationregardingtotheproductsafetyandmaintenanceguide,pleasereferto
AppendixA:ProductSafety.
PoESwitchUserManual|20
Chapter2:
PreparingforManagement
InPreparingforManagement:
Thissectionwillguideyourhowtomanagethisproductviaserialconsole,management
webpage,andTel net/SSHinterface.
Theswitchprovidesbothout‐of‐bandandin‐bandmanagements.
Out‐of‐bandManagement:YoucanconfiguretheswitchviaRS232consolecable
withouthavingtheswitchoryourPCconnectingtoanetwork.Out‐of‐bandmanagement
providesadedicatedandsecurewayforswitchmanagement.
In‐BandManagement:In‐bandmanagementallowsyoutomanageyourswitchwitha
webbrowser(suchasMicrosoftIE,MozillaFirefox,orGoogleChrome)aslongasyourPC
andtheswitchareconnectedtothesamenetwork.
PreparationforSerialConsole
PreparationforWebInterface
PreparationforTelnet/SSHInterface
Chapter2:PreparingforManagement
PreparationforSerialConsole
PoESwitchUserManual|21
2.1.PreparationforSerialConsole
Insidetheproductpackage,youcanfindanRS‐232consolecable.Beforemanagingyourswitchvia
out‐of‐bandmanagement,pleaseattachthiscable’sRJ45connectortoyourswitch’sconsoleportand
itsRS‐232femaleconnectortoyourPC’sCOMport.
Toaccessthisswitch’sout‐of‐bandmanagementCLI(CommandLineInterface),yourPCmusthave
terminalemulatorsoftwaresuchasHyperTerminalorPuTTYinstalled.Someoperatingsystems(such
asMicrosoftWindowsXP)haveHyperTerminalalreadyinstalled.IfyourPCdoesnothaveany
terminalemulatorsoftwareinstalled,pleasedownloadandinstallaterminalemulatorsoftwareon
yourPC.
ThefollowingsectionwilluseHyperTerminalasanexample.
1. RunHyperTerminalonyourPC.
2. Giveanametothenewconsoleconnection.
3. ChoosetheCOMportthatisconnectedtotheswitch.
Chapter2:PreparingforManagement
PreparationforSerialConsole
PoESwitchUserManual|22
4. Settheserialportsettingsas:BaudRate:115200,DataBit:8,Parity:None,StopBit:1,Row
Control:None.
5. Thesystemwillpromptyoutologintheout‐of‐bandmanagementCLI.Thedefault
username/passwordisadmin/admin.
Chapter2:PreparingforManagement
PreparationforWebInterface
PoESwitchUserManual|23
2.2.PreparationforWebInterface
Themanagementwebpageallowsyoutouseawebbrowser(suchasMicrosoftIE,GoogleChrome,
orMozillaFirefox)toconfigureandmonitortheswitchfromanywhereonthenetwork.
Beforeusingthewebinterfacetomanageyourswitch,pleaseverifythatyourswitchandyourPCare
onthesamenetwork.PleasefollowthestepsdownbelowtoconfigureyourPCproperly:
1. Verifythatthenetworkinterfacecard(NIC)ofyourPCisoperationalandproperlyinstalled,and
thatyouroperatingsystemsupportsTCP/IPprotocol.
2. ConnectyourPCwiththeswitchviaanRJ45cable.
3. ThedefaultIPaddressoftheswitchis192.168.2.1.TheswitchandyourPCshouldlocatewithin
thesameIPSubnet.ChangeyourPC'sIPaddressto192.168.2.X,whereXcanbeanynumber
from2to254.PleasemakesurethattheIPaddressyou’veassignedtoyourPCcannotbethe
samewiththeswitch.
4. Launchthewebbrowser(IE,Firefox,orChrome)onyourPC.
5. Type192.168.2.1(ortheIPaddressoftheswitch)inthewebbrowser’sURLfield,andpress
Enter.
Chapter2:PreparingforManagement
PreparationforWebInterface
PoESwitchUserManual|24
6. Thewebbrowserwillpromptyoutosignin.Thedefaultusername/passwordforthe
configurationwebpageisadmin/admin.
Formoreinformation,pleaserefertoAppendixB:IPConfigurationforYourPC.
Chapter2:PreparingforManagement
PreparationforTelnet/SSH Interface
PoESwitchUserManual|25
2.3.PreparationforTelnet/SSHInterface
BothtelnetandSSH(SecureShell)arenetworkprotocolsthatprovideatext‐basedcommandline
interface(CLI)forin‐bandsystemmanagement.However,onlySSHprovidesasecurechannelover
anun‐securednetwork,wherealltransmitteddataareencrypted.
ThisswitchsupportbothtelnetandSSHmanagementCLI.Inordertoaccesstheswitch’sCLIvia
telnetorSSH,bothyourPCandtheswitchmustbeinthesamenetwork.Beforeusingtheswitch’s
telnet/SSHmanagementCLI,pleasesetyourPC’snetworkenvironmentaccordingtotheprevious
chapter(2.2.PreparationforWebInterface).
Teln et interfacecanbeaccessedviaMicrosoft“CMD”command.However,SSHinterfacecanonlybe
accessedviadedicatedSSHterminalsimulator.ThefollowingsectionwillusePuTTYasanexampleto
demonstratehowtoconnecttotheswitch’sSSHCLI,sincebothtelnetandSSHusesthesameway
(thoughusingdifferentterminalsimulatorsoftware)toaccessin‐bandmanagementCLI.
AccessSSHviaPutty:
A“PuTTYConfiguration”windowwillpopupafteryourunPuTTY.
1. InputtheIPaddressoftheswitchinthe“HostName(orIPaddress)”field.ThedefaultIP
addressoftheswitchif192.168.2.1.
2. Choose“SSH”onthe“Connectiontype”section,thenpress“Enter”.
Chapter2:PreparingforManagement
PreparationforTelnet/SSH Interface
PoESwitchUserManual|26
3. Ifyou’reconnectingtotheswitchviaSSHforthefirsttime,a“PuTTYSecurityAlert”window
willpopup.Pleasepress“Yes”tocontinue.Thiswindowwon’tpopupifyou’reusingtelnetto
connecttothein‐bandmanagementCLI.
4. PuTTYwillpromptyoutologinafterthetelnet/SSHconnectionisestablished.Thedefault
username/passwordisadmin/admin.
PoESwitchUserManual|27
Chapter3:
WebManagement
InWebManagement:
AsmentionedinChapter2.2.PreparationforWebInterface,Thisswitchprovidesa
web‐basedmanagementinterface.Youcanmakeallsettingsandmonitorsystemstatus
withthismanagementwebpage.
Configuration/Monitoroptionsincludedinthemanagementwebpagecanbedivided
intothefollowing4categories,whichwillbediscussedindetailinthischapter:
WebManagement‐Configure
WebManagement‐Monitor
WebManagement‐Diagnostic
WebManagement‐Maintenance
Chapter3:WebManagement
WebManagement‐Configure
PoESwitchUserManual|28
3.1.WebManagement‐Configure
Inhereyoucanaccessalltheconfigurationoptionsoftheswitch.Theconfigurationoptionshere
include:
System:Hereyoucanconfigurebasicsystemsettingssuchassysteminformation,switchIP,NTP,
systemtimeandlog.
PowerReduction:YoucanenableEEE(EnergyEfficientEthernet)functiononeachportto
conserveandsavepowerusedbytheswitch.
Ports:Youcanviewtheconnectionstatusofalltheportsontheswitch,aswellassetport
connectionspeed,flowcontrol,maximumframelength,andpowercontrolmode.
Security:TheSecurityoptionallowsyoutomakesettingsthatsecuresboththeswitchitselfor
yournetwork.
Aggregation:Aggregationallowsyoutocombinemultiplephysicalportsintoalogicalport,thus
allowsthetransmittingspeedexceedingthelimitofasingleport.
LoopProtection:Anetworkloopmightcausebroadcaststormandparalyzeyourentire
network.Youcanenableloopprotectionfunctionheretopreventnetworkloop.
SpanningTree:SpanningTreeProtocolisanetworkdesignedtoensurealoop‐freenetwork
andprovideredundantlinksthatserveasautomaticbackuppathsifanactivelinkfails.This
switchsupportsSTP,RSTP(RapidSTP),andMSTP(MultipleSTP).
MVR:MVRstandsforMultipleVLANRegistration,aprotocolthatallowssharingmulticastVLAN
informationandconfiguringitdynamicallywhenneeded.
IPMC:HereyoucansetIGMPsnooping(forIPv4)orMLDsnooping(forIPv6).Theseprotocols
canreducethenetworkloadingwhilerunningband‐widthdemandingapplicationssuchas
streamingvideosbyeliminatingexcessivedatatransmitting.
LLDP:LLDPstandsforLinkLayerDiscoveryProtocol,aprotocolthatallowstheswitchto
advertiseitsidentity,capabilities,andneighborsonthenetwork.
PoE:Hereyoucanenable/disablethePoEfunctiononeachportorassignthepower(inWatt)
foreachport.
MACTable:Whenanetworkdeviceisconnectedtotheswitch,theswitchwillkeepitsMAC
addressontheMACtable.Thissectionprovidessettingsfortheswitch’sMACaddresstable.
VLANs:VLANstandsforVirtualLAN,whichallowsyoutoseparateportsintodifferentVLAN
groups.OnlymemberofthesameVLANgroupcantransmit/receivepacketsamongeachother,
whileotherportsindifferentVLANgroupcan’t.Hereyoucansetport‐basedVLAN.
PrivateVLANs:Alsoknownasportisolation.OnlythesamememberintheprivateVLANcan
communicatewitheachother.
Chapter3:WebManagement
WebManagement‐Configure
PoESwitchUserManual|29
VCL:HereyoucansetMAC‐basedVLAN,Protocol‐basedVLAN,andIPSubnet‐basedVLAN.
VoiceVLAN:VoiceVLANisaspecificVLANforvoicecommunication(suchasVoIPphones)that
canensurethetransmissionpriorityofvoicetrafficandvoicequality.
QoS:QoSstandsforQualityofService,whichallowsyoutocontrolthenetworkpriority(which
packetgetstopprioritytotransmitandwhichgetslowpriority)viaIEEE802.1porDSCP.
Mirroring:Forpurposessuchasnetworkdiagnostics,youcandirectpackets
transmitted/receivedto/fromaport(ormultipleports)toadesignatedport.
UPnP:UPnPstandsforUniversalPlugandPlay,aprotocolthatallowsallthedevicesonthe
samenetworkcandiscovereachotherandestablishingnetworkservicessuchasdatasharing.
YoucansetUPnPhereinthismanagementpage.
sFlow:sFlowisanindustrystandardtechnologyformonitoringswitchednetworksthrough
randomsamplingofpacketsonswitchportsandtime‐basedsamplingofportcounters.The
sampledpacketswillbesenttothedesignatedsFlowreceiver(host)forsystemadministrator
foranalysis.
Chapter3:WebManagement
System‐Information
PoESwitchUserManual|30
3.1.1.Configuration‐System
3.1.1.1.System‐Information
Theswitchsysteminformationisprovidedhere.
SystemContact
Thetextualidentificationofthecontactpersonforthismanagednode,togetherwithinformationon
howtocontactthisperson.Theallowedstringlengthis0to255,andtheallowedcontentistheASCII
charactersfrom32to126.
SystemName
Youcaninputanassignednameforthisswitch.Byconvention,thisistheswitch'sfully‐qualified
domainname.Adomainnameisatextstringdrawnfromthealphabet(A‐Z&a‐z),digits(0‐9),minus
sign(‐).Nospacecharactersarepermittedaspartofaname.Thefirstcharactermustbeanalpha
character.Andthefirstorlastcharactermustnotbeaminussign.Theallowedstringlengthis0to
255.
SystemLocation
Thephysicallocationofthisnode(e.g.,telephonecloset,3rdfloor).Theallowedstringlengthis0to
255,andtheallowedcontentistheASCIIcharactersfrom32to126.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
System‐IP
PoESwitchUserManual|31
3.1.1.2.System‐IP
Thispageallowsyoutoviewandsetconfigurationsregardingtotheswitch’sIPsetting.Theleftpart
(Configured)isforchangingsettingsandtherightpart(Current)displaysthecurrentsetting.
DHCPClient
EnabletheDHCPclientbycheckingthisbox.IfDHCPfailsandtheconfiguredIPaddressiszero,DHCP
willretry.IfDHCPserverdoesnotrespondaround35secondsandtheconfiguredIPaddressisnot
zero,DHCPwillstopandtheconfiguredIPsettingswillbeused.TheDHCPclientwillannouncethe
configuredSystemNameashostnameforDNSlookup.
IPAddress
ProvidetheIPaddressofthisswitchindotteddecimalnotation.
IPMask
ProvidetheIPmaskofthisswitchdotteddecimalnotation.
IPRouter
ProvidetheIPaddressoftherouterindotteddecimalnotation.
VLANID
ProvidethemanagedVLANID.Theallowedrangeis1to4095.
DNSServer
ProvidetheIPaddressoftheDNSServerindotteddecimalnotation.
DNSProxy
WhenDNSproxyisenabled,DUTwillrelayDNSrequeststothecurrentconfiguredDNSserveron
DUT,andreplyasaDNSresolvertotheclientdeviceonthenetwork.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Renew:ClicktorenewDHCP.ThisbuttonisonlyavailableifDHCPisenabled.
Chapter3:WebManagement
System‐IPv6
PoESwitchUserManual|32
3.1.1.3.System‐IPv6
Thispageallowsyoutoviewandsetconfigurationsregardingtotheswitch’sIPv6setting.Theleft
part(Configured)isforchangingsettingsandtherightpart(Current)displaysthecurrentsetting.
AutoConfiguration
EnableIPv6auto‐configurationbycheckingthisbox.Ifsystemcannotobtainthestatelessaddressin
time,theconfiguredIPv6settingswillbeused.Theroutermaydelayrespondingtoarouter
solicitationforafewseconds,thetotaltimeneededtocompleteauto‐configurationcanbe
significantlylonger.
Address
ProvidetheIPv6addressofthisswitch.IPv6addressisin128‐bitrecordsrepresentedaseightfields
ofuptofourhexadecimaldigitswithacolonseparatingeachfield(:).Forexample,
'fe80::215:c5ff:fe03:4dc7'.Thesymbol'::'isaspecialsyntaxthatcanbeusedasashorthandwayof
representingmultiple16‐bitgroupsofcontiguouszeros;butitcanappearonlyonce.Itcanalso
representalegallyvalidIPv4address.Forexample,'::192.1.2.34'.
Prefix
ProvidetheIPv6Prefixofthisswitch.Theallowedrangeis1to128.
Router
ProvidetheIPv6gatewayaddressofthisswitch.IPv6addressisin128‐bitrecordsrepresentedas
eightfieldsofuptofourhexadecimaldigitswithacolonseparatingeachfield(:).Forexample,
'fe80::215:c5ff:fe03:4dc7'.Thesymbol'::'isaspecialsyntaxthatcanbeusedasashorthandwayof
representingmultiple16‐bitgroupsofcontiguouszeros;butitcanappearonlyonce.Itcanalso
representalegallyvalidIPv4address..Forexample,'::192.1.2.34'.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Renew:ClicktorenewIPv6AUTOCONF.ThisbuttonisonlyavailableifIPv6AUTOCONFis
enabled.
Chapter3:WebManagement
System‐NTP
PoESwitchUserManual|33
3.1.1.4.System‐NTP
NTPstandsforNetworkTimeProtocol,whichallowsswitchtoperformclocksynchronizationwith
theNTPserver.
Mode
YoucanenableordisableNTPfunctiononthisswitch:
Enabled:EnableNTPclientmode.
Disabled:DisableNTPclientmode.
Server1~5
ProvidetheIPv4orIPv6addressofaNTPserver.IPv6addressisin128‐bitrecordsrepresentedas
eightfieldsofuptofourhexadecimaldigitswithacolonseparatingeachfield(:).Forexample,
'fe80::215:c5ff:fe03:4dc7'.Thesymbol'::'isaspecialsyntaxthatcanbeusedasashorthandwayof
representingmultiple16‐bitgroupsofcontiguouszeros;butitcanappearonlyonce.Itcanalso
representalegallyvalidIPv4address.Forexample,'::192.1.2.34'.
Also,youcanjustinputNTPserver’sURLhereaswell.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
System‐Time
PoESwitchUserManual|34
3.1.1.5.System‐Time
ThispageallowsyoutoconfiguretheTimeZoneanddaylightsavingtime.
TimeZoneConfiguration
TimeZone:ListsvariousTimeZonesworldwide.SelectappropriateTimeZonefromthedrop
downandclickSavetoset.
Acronym:Usercansettheacronymofthetimezone.ThisisaUserconfigurableacronymto
identifythetimezone.Youcanuseupto16alphanumericcharactersandpunctuationssuch
as“‐”,“_”,and“.”.
DaylightSavingTimeConfiguration
Whenenabled,theswitchwillsettheclockforwardorbackwardaccordingtotheconfigurationsset
belowforadefinedDaylightSavingTimeduration.
Disable:DisabletheDaylightSavingTimeconfiguration.Thisisthedefaultsetting.
Recurring:Theconfigurationofthedaylightsavingtimedurationwillbeappliedeveryyear.
Non‐Recurring:Theconfigurationofthedaylightsavingtimedurationwillbeappliedonly
once.
Chapter3:WebManagement
System‐Time
PoESwitchUserManual|35
Starttimesettings
Week‐Selectthestartingweeknumber.
Day‐Selectthestartingday.
Month‐Selectthestartingmonth.
Hours‐Selectthestartinghour.
Minutes‐Selectthestartingminute.
Endtimesettings
Week‐Selecttheendingweeknumber.
Day‐Selecttheendingday.
Month‐Selecttheendingmonth.
Hours‐Selecttheendinghour.
Minutes‐Selecttheendingminute.
Offsetsettings
Offset‐EnterthenumberofminutestoaddduringDaylightSavingTime.(Range:1to1440)
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
System‐Log
PoESwitchUserManual|36
3.1.1.6.System‐Log
ConfigureSystemLogonthispage.
ServerMode
Whenenabled,thesystemlogmessagewillbesentouttothesystemlogserveryousethere.The
systemlogprotocolisbasedonUDPcommunicationandreceivedonUDPport514andthesystem
logserverwillnotsendacknowledgmentsbacksendersinceUDPisaconnectionlessprotocolandit
doesnotprovideacknowledgments.Thesystemlogpacketwillalwayssendoutevenifthesystem
logserverdoesnotexist.Possiblemodesare:
Enabled:Enableservermodeoperation.
Disabled:Disableservermodeoperation.
ServerAddress
IndicatestheIPv4hostaddressofsystemlogserver.IftheswitchprovideDNSfeature,italsocanbe
ahostname.
SystemlogLevel
Indicateswhatkindofmessagewillsendtosystemlogserver.Possiblemodesare:
Info:Sendinformation,warningsanderrors.
Warning:Sendwarningsanderrors.
Error:Senderrors.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
PowerReduction‐EEE
PoESwitchUserManual|37
3.1.2.Configuration‐PowerReduction
3.1.2.1.PowerReduction‐EEE
EEE(Energy‐EfficientEthernet)isapowersavingoptionthatreducesthepowerusagewhenthereis
lowornotrafficutilizationbypoweringdowncircuitswhenthereisnotraffic.Whenaportgetsdata
tobetransmittedallcircuitsarepoweredup.Thetimeittakestopowerupthecircuitsisnamed
wakeuptime.Thedefaultwakeuptimeis17usfor1Gbitlinksand30usforotherlinkspeeds.
EEEdevicesmustagreeuponthevalueofthewakeuptimeinordertomakesurethatboththe
receivingandtransmittingdevicehasallcircuitspoweredupwhentrafficistransmitted.Thedevices
canexchangewakeuptimeinformationusingtheLLDPprotocol.
EEEworksforportsinauto‐negotiationmode,wheretheportisnegotiatedtoeither1Gor100Mbit
fullduplexmodes.
PortsthatarenotEEE‐capablearegrayedoutandthusimpossibletoenableEEE.
TheEEEportsettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
TheswitchportnumberofthelogicalEEEport.
Enabled
ControlswhetherEEEisenabledforthisswitchport.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Configuration‐Ports
PoESwitchUserManual|38
3.1.3.Configuration‐Ports
Thispagedisplayscurrentportconfigurations.Portscanalsobeconfiguredhere.
Theportsettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thisisthelogicalportnumberforthisrow.
Link
Thecurrentlinkstateisdisplayedgraphically.Greenindicatesthelinkisupandredthatitisdown.
CurrentLinkSpeed
Thecurrentlinkspeedoftheport.
ConfiguredLinkSpeed
Selectsanyavailablelinkspeedforthegivenswitchport.Onlyspeedssupportedbythespecificport
isshown.Possiblespeedsare:
Disabled‐Disablestheswitchportoperation.
Auto‐Cuportautonegotiatingspeedwiththelinkpartnerandselectsthehighestspeedthat
iscompatiblewiththelinkpartner.
10MbpsHDX‐Forcesthecuportin10Mbpshalfduplexmode.
10MbpsFDX‐Forcesthecuportin10Mbpsfullduplexmode.
100MbpsHDX‐Forcesthecuportin100Mbpshalfduplexmode.
100MbpsFDX‐Forcesthecuportin100Mbpsfullduplexmode.
1GbpsFDX‐Forcesthecuportin1Gbpsfullduplexmode.
FlowControl
WhenAutoSpeedisselectedonaport,thissectionindicatestheflowcontrolcapabilitythatis
advertisedtothelinkpartner.
Whenafixed‐speedsettingisselected,thatiswhatisused.TheCurrentRxcolumnindicateswhether
pauseframesontheportareobeyed,andtheCurrentTxcolumnindicateswhetherpauseframeson
theportaretransmitted.TheRxandTxsettingsaredeterminedbytheresultofthelast
Auto‐Negotiation.
Checktheconfiguredcolumntouseflowcontrol.ThissettingisrelatedtothesettingforConfigured
Chapter3:WebManagement
Configuration‐Ports
PoESwitchUserManual|39
LinkSpeed.
MaximumFrameSize
Enterthemaximumframesizeallowedfortheswitchport,includingFCS.
ExcessiveCollisionMode
Configureporttransmitcollisionbehavior.
Discard:Discardframeafter16collisions(default).
Restart:Restartbackoffalgorithmafter16collisions.
PowerControl
TheUsagecolumnshowsthecurrentpercentageofthepowerconsumptionperport.TheConfigured
columnallowsforchangingthepowersavingsmodeparametersperport.
Disabled:Allpowersavingsmechanismsdisabled.
ActiPHY:Linkdownpowersavingsenabled.
PerfectReach:Linkuppowersavingsenabled.
Enabled:Bothlinkupandlinkdownpowersavingsenabled.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Refresh:Clicktorefreshthepage.Anychangesmadelocallywillbeundone.
Chapter3:WebManagement
Security‐Switch‐Users
PoESwitchUserManual|40
3.1.4.Configuration‐Security
Thissectionprovidessettingsregardingtotheswitch’ssecurityfunctions.Settingsprovided
herecanbedividedinto3categories:
Switch:Hereyoucanmakesecuritysettingsregardingtotheswitchitself.
Network:Providingsecuritysettingsregardingtothenetwork.
AAA:HereyoucansetRADIUSandTACACS+authenticationsettings.
3.1.4.1.Security‐Switch‐Users
Thispageprovidesanoverviewofthecurrentusers.Currentlytheonlywaytologinasanotheruser
onthewebserveristocloseandreopenthebrowser.
UserName
Thenameoftheuser.Youcanalsoclickonthelinktoconfigureuseraccount.
PrivilegeLevel
Theprivilegeleveloftheuser.Theallowedrangeis1to15.Iftheprivilegelevelvalueis15,itcan
accessallgroups,i.e.thatisgrantedthefullycontrolofthedevice.Butothersvalueneedtoreferto
eachgroupprivilegelevel.User'sprivilegeshouldbesameorgreaterthanthegroupprivilegelevel
tohavetheaccessofthatgroup.Bydefaultsetting,mostgroupsprivilegelevel5hastheread‐only
accessandprivilegelevel10hastheread‐writeaccess.Andthesystemmaintenance(software
upload,factorydefaultsandetc.)needuserprivilegelevel15.Generally,theprivilegelevel15canbe
usedforanadministratoraccount,privilegelevel10forastandarduseraccountandprivilegelevel5
foraguestaccount.
Buttons
AddNewUser:Clicktoaddanewuser.
Chapter3:WebManagement
Security‐Switch‐Users
PoESwitchUserManual|41
Thispageconfiguresauser.
UserName
Astringidentifyingtheusernamethatthisentryshouldbelongto.Theallowedstringlengthis1to
31.Thevalidusernameisacombinationofletters,numbersandunderscores.
Password
Thepasswordoftheuser.Theallowedstringlengthis0to31.
PrivilegeLevel
Theprivilegeleveloftheuser.Theallowedrangeis1to15.Iftheprivilegelevelvalueis15,itcan
accessallgroups,i.e.thatisgrantedthefullycontrolofthedevice.Butothersvalueneedtoreferto
eachgroupprivilegelevel.User'sprivilegeshouldbesameorgreaterthanthegroupprivilegelevel
tohavetheaccessofthatgroup.
Bydefaultsetting,mostgroupsprivilegelevel5hastheread‐onlyaccessandprivilegelevel10has
theread‐writeaccess.Andthesystemmaintenance(softwareupload,factorydefaultsandetc.)need
userprivilegelevel15.Generally,theprivilegelevel15canbeusedforanadministratoraccount,
privilegelevel10forastandarduseraccountandprivilegelevel5foraguestaccount.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:ClicktoundoanychangesmadelocallyandreturntotheUsers.
DeleteUser:Deletethecurrentuser.Pleasenotethatthedefaultuser(admin)cannotbe
deleted.
Chapter3:WebManagement
Security‐Switch‐PrivilegeLevel
PoESwitchUserManual|42
3.1.4.2.Security‐Switch‐PrivilegeLevel
Thispageprovidesanoverviewoftheprivilegelevels.
GroupName
Thenameidentifyingtheprivilegegroup.Inmostcases,aprivilegelevelgroupconsistsofasingle
module(e.g.LACP,RSTPorQoS),butafewofthemcontainsmorethanone.Thefollowing
descriptiondefinestheseprivilegelevelgroupsindetails:
System:Contact,Name,Location,Timezone,DaylightSavingTime,Log.
Security:Authentication,SystemAccessManagement,Port(containsDot1xport,MACbased
andtheMACAddressLimit),ACL,HTTPS,SSH,ARPInspection,IPsourceguard.
IP:Everythingexcept'ping'.
Port:Everythingexcept'VeriPHY'.
Diagnostics:'ping'and'VeriPHY'.
Maintenance:CLI‐SystemReboot,SystemRestoreDefault,SystemPassword,Configuration
Save,ConfigurationLoadandFirmwareLoad.Web‐Users,PrivilegeLevelsandeverythingin
Maintenance.
Debug:OnlypresentinCLI.
Chapter3:WebManagement
Security‐Switch‐PrivilegeLevel
PoESwitchUserManual|43
PrivilegeLevels
EverygrouphasanauthorizationPrivilegelevelforthefollowingsubgroups:configurationread‐only,
configuration/executeread‐write,status/statisticsread‐only,status/statisticsread‐write(e.g.for
clearingofstatistics).UserPrivilegeshouldbesameorgreaterthantheauthorizationPrivilegelevel
tohavetheaccesstothatgroup.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐AuthenticationMethod
PoESwitchUserManual|44
3.1.4.3.Security‐Switch‐AuthenticationMethod
Thispageallowsyoutoconfigurehowauserisauthenticatedwhenhelogsintothestackviaoneof
themanagementclientinterfaces.
Client
Themanagementclientforwhichtheconfigurationbelowapplies.
AuthenticationMethod
AuthenticationMethodcanbesettooneofthefollowingvalues:
None:authenticationisdisabledandloginisnotpossible.
Local:usethelocaluserdatabaseonthestackforauthentication.
RADIUS:usearemoteRADIUSserverforauthentication.
TAC ACS+:usearemoteTACACS+serverforauthentication.
Fallback
Enablefallbacktolocalauthenticationbycheckingthisbox.
Ifnoneoftheconfiguredauthenticationserversarealive,thelocaluserdatabaseisusedfor
authentication.
ThisisonlypossibleiftheAuthenticationMethodissettoavalueotherthan'none'or'local'.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SSH
PoESwitchUserManual|45
3.1.4.4.Security‐Switch‐SSH
ConfigureSSHonthispage.
Mode
IndicatestheSSHmodeoperation.Possiblemodesare:
Enabled:EnableSSHmodeoperation.
Disabled:DisableSSHmodeoperation.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐HTTPS
PoESwitchUserManual|46
3.1.4.5.Security‐Switch‐HTTPS
ConfigureHTTPSonthispage.
Mode
IndicatestheHTTPSmodeoperation.WhenthecurrentconnectionisHTTPS,toapplyHTTPS
disabledmodeoperationwillautomaticallyredirectwebbrowsertoanHTTPconnection.Possible
modesare:
Enabled:EnableHTTPSmodeoperation.
Disabled:DisableHTTPSmodeoperation.
AutomaticRedirect
IndicatestheHTTPSredirectmodeoperation.AutomaticallyredirectswebbrowsertoanHTTPS
connectionwhenbothHTTPSmodeandAutomaticRedirectareenabled.Possiblemodesare:
Enabled:EnableHTTPSredirectmodeoperation.
Disabled:DisableHTTPSredirectmodeoperation.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐AccessManagement
PoESwitchUserManual|47
3.1.4.6.Security‐Switch‐AccessManagement
Configureaccessmanagementtableonthispage.Themaximumnumberofentriesis16.Ifthe
application'stypematchanyoneoftheaccessmanagemententries,itwillallowaccesstothe
switch.
Mode
Indicatestheaccessmanagementmodeoperation.Possiblemodesare:
Enabled:Enableaccessmanagementmodeoperation.
Disabled:Disableaccessmanagementmodeoperation.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
StartIPaddress
IndicatesthestartIPaddressfortheaccessmanagemententry.
EndIPaddress
IndicatestheendIPaddressfortheaccessmanagemententry.
HTTP/HTTPS
IndicatesthatthehostcanaccesstheswitchfromHTTP/HTTPSinterfaceifthehostIPaddress
matchestheIPaddressrangeprovidedintheentry.
SNMP
IndicatesthatthehostcanaccesstheswitchfromSNMPinterfaceifthehostIPaddressmatchesthe
IPaddressrangeprovidedintheentry.
TELNET/SSH
IndicatesthatthehostcanaccesstheswitchfromTELNET/SSHinterfaceifthehostIPaddress
matchestheIPaddressrangeprovidedintheentry.
Buttons
AddNewEntry:Clicktoaddanewaccessmanagemententry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SNMP‐System
PoESwitchUserManual|48
3.1.4.7.Security‐Switch‐SNMP
3.1.4.7.1.Security‐Switch‐SNMP‐System
ConfigureSNMPonthispage.
Mode
IndicatestheSNMPmodeoperation.Possiblemodesare:
Enabled:EnableSNMPmodeoperation.
Disabled:DisableSNMPmodeoperation.
Version
IndicatestheSNMPsupportedversion.Possibleversionsare:
SNMPv1:SetSNMPsupportedversion1.
SNMPv2c:SetSNMPsupportedversion2c.
SNMPv3:SetSNMPsupportedversion3.
ReadCommunity
IndicatesthecommunityreadaccessstringtopermitaccesstoSNMPagent.Theallowedstring
lengthis0to255,andtheallowedcontentistheASCIIcharactersfrom33to126.
ThefieldisapplicableonlywhenSNMPversionisSNMPv1orSNMPv2c.IfSNMPversionis
SNMPv3,thecommunitystringwillbeassociatedwithSNMPv3communitiestable.Itprovides
moreflexibilitytoconfiguresecuritynamethanaSNMPv1orSNMPv2ccommunitystring.In
additiontocommunitystring,aparticularrangeofsourceaddressescanbeusedtorestrictsource
subnet.
WriteCommunity
IndicatesthecommunitywriteaccessstringtopermitaccesstoSNMPagent.Theallowedstring
lengthis0to255,andtheallowedcontentistheASCIIcharactersfrom33to126.
ThefieldisapplicableonlywhenSNMPversionisSNMPv1orSNMPv2c.IfSNMPversionis
SNMPv3,thecommunitystringwillbeassociatedwithSNMPv3communitiestable.Itprovides
moreflexibilitytoconfiguresecuritynamethanaSNMPv1orSNMPv2ccommunitystring.In
additiontocommunitystring,aparticularrangeofsourceaddressescanbeusedtorestrictsource
subnet.
Chapter3:WebManagement
Security‐Switch‐SNMP‐System
PoESwitchUserManual|49
EngineID
IndicatestheSNMPv3engineID.Thestringmustcontainanevennumber(inhexadecimalformat)
withnumberofdigitsbetween10and64,butall‐zerosandall‐'F'sarenotallowed.Changeofthe
EngineIDwillclearalloriginallocalusers.
SNMPTrapConfiguration
ConfigureSNMPtraponthispage.
TrapMode
IndicatestheSNMPtrapmodeoperation.Possiblemodesare:
Enabled:EnableSNMPtrapmodeoperation.
Disabled:DisableSNMPtrapmodeoperation.
TrapVersion
IndicatestheSNMPtrapsupportedversion.Possibleversionsare:
SNMPv1:SetSNMPtrapsupportedversion1.
SNMPv2c:SetSNMPtrapsupportedversion2c.
SNMPv3:SetSNMPtrapsupportedversion3.
TrapCommunity
IndicatesthecommunityaccessstringwhensendingSNMPtrappacket.Theallowedstringlength
is0to255,andtheallowedcontentisASCIIcharactersfrom33to126.
TrapDestinationAddress
IndicatestheSNMPtrapdestinationaddress.ItallowavalidIPaddressindotteddecimalnotation
('x.y.z.w').
Anditalsoallowavalidhostname.Avalidhostnameisastringdrawnfromthealphabet(A‐Za‐z),
digits(0‐9),dot(.),dash(‐).Spacesarenotallowed,thefirstcharactermustbeanalphacharacter,
andthefirstandlastcharactersmustnotbeadotoradash.
Chapter3:WebManagement
Security‐Switch‐SNMP‐System
PoESwitchUserManual|50
TrapDestinationIPv6Address
IndicatestheSNMPtrapdestinationIPv6address.IPv6addressisin128‐bitrecordsrepresentedas
eightfieldsofuptofourhexadecimaldigitswithacolonseparatingeachfield(:).Forexample,
'fe80::215:c5ff:fe03:4dc7'.Thesymbol'::'isaspecialsyntaxthatcanbeusedasashorthandway
ofrepresentingmultiple16‐bitgroupsofcontiguouszeros;butitcanappearonlyonce.Itcanalso
representalegallyvalidIPv4address.Forexample,'::192.1.2.34'.
TrapAuthenticationFailure
IndicatesthattheSNMPentityispermittedtogenerateauthenticationfailuretraps.Possible
modesare:
Enabled:EnableSNMPtrapauthenticationfailure.
Disabled:DisableSNMPtrapauthenticationfailure.
TrapLink‐upandLink‐down
IndicatestheSNMPtraplink‐upandlink‐downmodeoperation.Possiblemodesare:
Enabled:EnableSNMPtraplink‐upandlink‐downmodeoperation.
Disabled:DisableSNMPtraplink‐upandlink‐downmodeoperation.
TrapInformMode
IndicatestheSNMPtrapinformmodeoperation.Possiblemodesare:
Enabled:EnableSNMPtrapinformmodeoperation.
Disabled:DisableSNMPtrapinformmodeoperation.
TrapInformTimeout(seconds)
IndicatestheSNMPtrapinformtimeout.Theallowedrangeis0to2147.
TrapInformRetryTimes
IndicatestheSNMPtrapinformretrytimes.Theallowedrangeis0to255.
TrapProbeSecurityEngineID
IndicatestheSNMPtrapprobesecurityengineIDmodeofoperation.Possiblevaluesare:
Enabled:EnableSNMPtrapprobesecurityengineIDmodeofoperation.
Disabled:DisableSNMPtrapprobesecurityengineIDmodeofoperation.
TrapSecurityEngineID
IndicatestheSNMPtrapsecurityengineID.SNMPv3sendstrapsandinformsusingUSMfor
authenticationandprivacy.AuniqueengineIDforthesetrapsandinformsisneeded.When"Trap
ProbeSecurityEngineID"isenabled,theIDwillbeprobedautomatically.Otherwise,theID
specifiedinthisfieldisused.Thestringmustcontainanevennumber(inhexadecimalformat)with
numberofdigitsbetween10and64,butall‐zerosandall‐'F'sarenotallowed.
TrapSecurityName
Chapter3:WebManagement
Security‐Switch‐SNMP‐System
PoESwitchUserManual|51
IndicatestheSNMPtrapsecurityname.SNMPv3trapsandinformsusingUSMforauthentication
andprivacy.Auniquesecuritynameisneededwhentrapsandinformsareenabled.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SNMP‐Community
PoESwitchUserManual|52
3.1.4.7.2.Security‐Switch‐SNMP‐Community
ConfigureSNMPv3communitytableonthispage.TheentryindexkeyisCommunity.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
Community
IndicatesthecommunityaccessstringtopermitaccesstoSNMPv3agent.Theallowedstring
lengthis1to32,andtheallowedcontentisASCIIcharactersfrom33to126.Thecommunitystring
willbetreatedassecuritynameandmapaSNMPv1orSNMPv2ccommunitystring.
SourceIP
IndicatestheSNMPaccesssourceaddress.Aparticularrangeofsourceaddressescanbeusedto
restrictsourcesubnetwhencombinedwithsourcemask.
SourceMask
IndicatestheSNMPaccesssourceaddressmask.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SNMP‐User
PoESwitchUserManual|53
3.1.4.7.3.Security‐Switch‐SNMP‐User
ConfigureSNMPv3usertableonthispage.TheentryindexkeysareEngineIDandUserName.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
EngineID
AnoctetstringidentifyingtheengineIDthatthisentryshouldbelongto.Thestringmustcontain
anevennumber(inhexadecimalformat)withnumberofdigitsbetween10and64,butall‐zeros
andall‐'F'sarenotallowed.TheSNMPv3architectureusestheUser‐basedSecurityModel(USM)
formessagesecurityandtheView‐basedAccessControlModel(VACM)foraccesscontrol.Forthe
USMentry,theusmUserEngineIDandusmUserNamearetheentry'skeys.Inasimpleagent,
usmUserEngineIDisalwaysthatagent'sownsnmpEngineIDvalue.Thevaluecanalsotakethe
valueofthesnmpEngineIDofaremoteSNMPenginewithwhichthisusercancommunicate.In
otherwords,ifuserengineIDequalsystemengineIDthenitislocaluser;otherwiseit'sremote
user.
UserName
Astringidentifyingtheusernamethatthisentryshouldbelongto.Theallowedstringlengthis1
to32,andtheallowedcontentisASCIIcharactersfrom33to126.
SecurityLevel
Indicatesthesecuritymodelthatthisentryshouldbelongto.Possiblesecuritymodelsare:
NoAuth,NoPriv:Noauthenticationandnoprivacy.
Auth,NoPriv:Authenticationandnoprivacy.
Auth,Priv:Authenticationandprivacy.
Thevalueofsecuritylevelcannotbemodifiedifentryalreadyexists.Thatmeansitmustfirstbe
ensuredthatthevalueissetcorrectly.
Chapter3:WebManagement
Security‐Switch‐SNMP‐User
PoESwitchUserManual|54
AuthenticationProtocol
Indicatestheauthenticationprotocolthatthisentryshouldbelongto.Possibleauthentication
protocolsare:
None:Noauthenticationprotocol.
MD5:AnoptionalflagtoindicatethatthisuserusesMD5authenticationprotocol.
SHA:AnoptionalflagtoindicatethatthisuserusesSHAauthenticationprotocol.
Thevalueofsecuritylevelcannotbemodifiedifentryalreadyexists.Thatmeansmustfirstensure
thatthevalueissetcorrectly.
AuthenticationPassword
Astringidentifyingtheauthenticationpasswordphrase.ForMD5authenticationprotocol,the
allowedstringlengthis8to32.ForSHAauthenticationprotocol,theallowedstringlengthis8to
40.TheallowedcontentisASCIIcharactersfrom33to126.
PrivacyProtocol
Indicatestheprivacyprotocolthatthisentryshouldbelongto.Possibleprivacyprotocolsare:
None:Noprivacyprotocol.
DES:AnoptionalflagtoindicatethatthisuserusesDESauthenticationprotocol.
PrivacyPassword
Astringidentifyingtheprivacypasswordphrase.Theallowedstringlengthis8to32,andthe
allowedcontentisASCIIcharactersfrom33to126.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SNMP‐Groups
PoESwitchUserManual|55
3.1.4.7.4.Security‐Switch‐SNMP‐Groups
ConfigureSNMPv3grouptableonthispage.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
SecurityModel
Indicatesthesecuritymodelthatthisentryshouldbelongto.Possiblesecuritymodelsare:
v1:ReservedforSNMPv1.
v2c:ReservedforSNMPv2c.
usm:User‐basedSecurityModel(USM).
SecurityName
Astringidentifyingthesecuritynamethatthisentryshouldbelongto.Theallowedstringlengthis
1to32,andtheallowedcontentisASCIIcharactersfrom33to126.
GroupName
Astringidentifyingthegroupnamethatthisentryshouldbelongto.Theallowedstringlengthis1
to32,andtheallowedcontentisASCIIcharactersfrom33to126.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SNMP‐Views
PoESwitchUserManual|56
3.1.4.7.5.Security‐Switch‐SNMP‐Views
ConfigureSNMPv3viewtableonthispage.TheentryindexkeysareViewNameandOIDSubtree.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
ViewName
Astringidentifyingtheviewnamethatthisentryshouldbelongto.Theallowedstringlengthis1
to32,andtheallowedcontentisASCIIcharactersfrom33to126.
ViewType
Indicatestheviewtypethatthisentryshouldbelongto.Possibleviewtypesare:
included:Anoptionalflagtoindicatethatthisviewsubtreeshouldbeincluded.
excluded:Anoptionalflagtoindicatethatthisviewsubtreeshouldbeexcluded.
Ingeneral,ifaviewentry'sviewtypeis'excluded',thereshouldbeanotherviewentryexisting
withviewtypeas'included'andit'sOIDsubtreeshouldoverstepthe'excluded'viewentry.
OIDSubtree
TheOIDdefiningtherootofthesubtreetoaddtothenamedview.TheallowedOIDlengthis1to
128.Theallowedstringcontentisdigitalnumberorasterisk(*).
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐SNMP‐Access
PoESwitchUserManual|57
3.1.4.7.6.Security‐Switch‐SNMP‐Access
ConfigureSNMPv3accesstableonthispage.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
GroupName
Astringidentifyingthegroupnamethatthisentryshouldbelongto.Theallowedstringlengthis1
to32,andtheallowedcontentisASCIIcharactersfrom33to126.
SecurityModel
Indicatesthesecuritymodelthatthisentryshouldbelongto.Possiblesecuritymodelsare:
any:Anysecuritymodelaccepted(v1|v2c|usm).
v1:ReservedforSNMPv1.
v2c:ReservedforSNMPv2c.
usm:User‐basedSecurityModel(USM).
SecurityLevel
Indicatesthesecuritymodelthatthisentryshouldbelongto.Possiblesecuritymodelsare:
NoAuth,NoPriv:Noauthenticationandnoprivacy.
Auth,NoPriv:Authenticationandnoprivacy.
Auth,Priv:Authenticationandprivacy.
ReadViewName
ThenameoftheMIBviewdefiningtheMIBobjectsforwhichthisrequestmayrequestthecurrent
values.Theallowedstringlengthis1to32,andtheallowedcontentisASCIIcharactersfrom33to
126.
WriteViewName
ThenameoftheMIBviewdefiningtheMIBobjectsforwhichthisrequestmaypotentiallysetnew
values.Theallowedstringlengthis1to32,andtheallowedcontentisASCIIcharactersfrom33to
126.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
3.1.4.8.Security‐Switch‐RMON
Chapter3:WebManagement
Security‐Switch‐RMON‐Statistics
PoESwitchUserManual|58
3.1.4.8.1.Security‐Switch‐RMON‐Statistics
ConfigureRMONStatisticstableonthispage.TheentryindexkeyisID.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
ID
Indicatestheindexoftheentry.Therangeisfrom1to65535.
DataSource
IndicatestheportIDwhichwantstobemonitored.Ifinstackingswitch,thevaluemustadd
1000*(switchID‐1),forexample,iftheportisswitch3port5,thevalueis2005
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐RMON‐History
PoESwitchUserManual|59
3.1.4.8.2.Security‐Switch‐RMON‐History
ConfigureRMONHistorytableonthispage.TheentryindexkeyisID.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
ID
Indicatestheindexoftheentry.Therangeisfrom1to65535.
DataSource
IndicatestheportIDwhichwantstobemonitored.Ifinstackingswitch,thevaluemustadd
1000*(switchID‐1),forexample,iftheportisswitch3port5,thevalueis2005.
Interval
Indicatestheintervalinsecondsforsamplingthehistorystatisticsdata.Therangeisfrom1to
3600,defaultvalueis1800seconds.
Buckets
IndicatesthemaximumdataentriesassociatedthisHistorycontrolentrystoredinRMON.The
rangeisfrom1to3600,defaultvalueis50.
BucketsGranted
ThenumberofdatashallbesavedintheRMON.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐RMON‐Alarm
PoESwitchUserManual|60
3.1.4.8.3.Security‐Switch‐RMON‐Alarm
ConfigureRMONAlarmtableonthispage.TheentryindexkeyisID.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
ID
Indicatestheindexoftheentry.Therangeisfrom1to65535.
Interval
Indicatestheintervalinsecondsforsamplingandcomparingtherisingandfallingthreshold.The
rangeisfrom1to2^31‐1.
Variable
Indicatestheparticularvariabletobesampled,thepossiblevariablesare:
InOctets:Thetotalnumberofoctetsreceivedontheinterface,includingframingcharacters.
InUcastPkts:Thenumberofuni‐castpacketsdeliveredtoahigher‐layerprotocol.
InNUcastPkts:Thenumberofbroad‐castandmulti‐castpacketsdeliveredtoahigher‐layer
protocol.
InDiscards:Thenumberofinboundpacketsthatarediscardedeventhepacketsarenormal.
InErrors:Thenumberofinboundpacketsthatcontainederrorspreventingthemfrombeing
deliverabletoahigher‐layerprotocol.
InUnknownProtos:thenumberoftheinboundpacketsthatwerediscardedbecauseofthe
unknownorun‐supportprotocol.
OutOctets:Thenumberofoctetstransmittedoutoftheinterface,includingframing
characters.
OutUcastPkts:Thenumberofuni‐castpacketsthatrequesttotransmit.
OutNUcastPkts:Thenumberofbroad‐castandmulti‐castpacketsthatrequesttotransmit.
OutDiscards:Thenumberofoutboundpacketsthatarediscardedeventthepacketsare
normal.
OutErrors:TheThenumberofoutboundpacketsthatcouldnotbetransmittedbecauseof
errors.
OutQLen:Thelengthoftheoutputpacketqueue(inpackets).
SampleType
Themethodofsamplingtheselectedvariableandcalculatingthevaluetobecomparedagainst
thethresholds,possiblesampletypesare:
Chapter3:WebManagement
Security‐Switch‐RMON‐Alarm
PoESwitchUserManual|61
Absolute:Getthesampledirectly.
Delta:Calculatethedifferencebetweensamples(default).
Value
Thevalueofthestatisticduringthelastsamplingperiod.
StartupAlarm
Themethodofsamplingtheselectedvariableandcalculatingthevaluetobecomparedagainst
thethresholds,possiblesampletypesare:
RisingTriggeralarmwhenthefirstvalueislargerthantherisingthreshold.
FallingTriggeralarmwhenthefirstvalueislessthanthefallingthreshold.
RisingOrFallingTriggeralarmwhenthefirstvalueislargerthantherisingthresholdorless
thanthefallingthreshold(default).
RisingThreshold
Risingthresholdvalue(‐2147483648‐2147483647).
RisingIndex
Risingeventindex(1‐65535).
FallingThreshold
Fallingthresholdvalue(‐2147483648‐2147483647)
FallingIndex
Fallingeventindex(1‐65535).
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Switch‐RMON‐Event
PoESwitchUserManual|62
3.1.4.8.4.Security‐Switch‐RMON‐Event
ConfigureRMONEventtableonthispage.TheentryindexkeyisID.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
ID
Indicatestheindexoftheentry.Therangeisfrom1to65535.
Desc
Indicatesthisevent,thestringlengthisfrom0to127,defaultisanullstring.
Type
Indicatesthenotificationoftheevent,thepossibletypesare:
None:Thetotalnumberofoctetsreceivedontheinterface,includingframingcharacters.
Log:Thenumberofuni‐castpacketsdeliveredtoahigher‐layerprotocol.
snmptrap:Thenumberofbroad‐castandmulti‐castpacketsdeliveredtoahigher‐layer
protocol.
logandtrap:Thenumberofinboundpacketsthatarediscardedeventhepacketsarenormal.
Community
Specifythecommunitywhentrapissent,thestringlengthisfrom0to127,defaultis"public".
EventLastTime
IndicatesthevalueofsysUpTimeatthetimethisevententrylastgeneratedanevent.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐LimitControl
PoESwitchUserManual|63
3.1.4.9.Security‐Network‐LimitControl
ThispageallowsyoutoconfigurethePortSecurityLimitControlsystemandportsettings.
LimitControlallowsforlimitingthenumberofusersonagivenport.AuserisidentifiedbyaMAC
addressandVLANID.IfLimitControlisenabledonaport,thelimitspecifiesthemaximumnumber
ofusersontheport.Ifthisnumberisexceeded,anactionistaken.Theactioncanbeoneofthefour
differentactionsasdescribedbelow.
TheLimitControlmoduleutilizesalower‐layermodule,PortSecuritymodule,whichmanagesMAC
addresseslearntontheport.
TheLimitControlconfigurationconsistsoftwosections,asystem‐andaport‐wide.
SystemConfiguration
Mode
IndicatesifLimitControlisgloballyenabledordisabledonthestack.Ifgloballydisabled,other
modulesmaystillusetheunderlyingfunctionality,butlimitchecksandcorrespondingactionsare
disabled.
Chapter3:WebManagement
Security‐Network‐LimitControl
PoESwitchUserManual|64
AgingEnabled
Ifchecked,securedMACaddressesaresubjecttoagingasdiscussedunderAgingPeriod.
AgingPeriod
IfAgingEnabledischecked,thentheagingperiodiscontrolledwiththisinput.Ifothermodulesare
usingtheunderlyingportsecurityforsecuringMACaddresses,theymayhaveotherrequirementsto
theagingperiod.Theunderlyingportsecuritywillusetheshorterrequestedagingperiodofall
modulesthatusethefunctionality.
TheAgingPeriodcanbesettoanumberbetween10and10,000,000seconds.
Tounderstandwhyagingmaybedesired,considerthefollowingscenario:Supposeanend‐hostis
connectedtoa3rdpartyswitchorhub,whichinturnisconnectedtoaportonthisswitchonwhich
LimitControlisenabled.Theend‐hostwillbeallowedtoforwardifthelimitisnotexceeded.Now
supposethattheend‐hostlogsofforpowersdown.Ifitwasn'tforaging,theend‐hostwouldstill
takeupresourcesonthisswitchandwillbeallowedtoforward.To overcomethissituation,enable
aging.Withagingenabled,atimerisstartedoncetheend‐hostgetssecured.Whenthetimerexpires,
theswitchstartslookingforframesfromtheend‐host,andifsuchframesarenotseenwithinthe
nextAgingPeriod,theend‐hostisassumedtobedisconnected,andthecorrespondingresourcesare
freedontheswitch.
PortConfiguration
Thetablehasonerowforeachportontheselectedswitchinthestackandanumberofcolumns,
whichare:
Port
Theportnumbertowhichtheconfigurationbelowapplies.
Mode
ControlswhetherLimitControlisenabledonthisport.BoththisandtheGlobalModemustbesetto
EnabledforLimitControltobeineffect.Noticethatothermodulesmaystillusetheunderlyingport
securityfeatureswithoutenablingLimitControlonagivenport.
Limit
ThemaximumnumberofMACaddressesthatcanbesecuredonthisport.Thisnumbercannot
exceed1024.Ifthelimitisexceeded,thecorrespondingactionistaken.
Thestackis"born"withatotalnumberofMACaddressesfromwhichallportsdrawwheneveranew
MACaddressisseenonaPortSecurity‐enabledport.Sinceallportsdrawfromthesamepool,itmay
happenthataconfiguredmaximumcannotbegranted,iftheremainingportshavealreadyusedall
availableMACaddresses.
Chapter3:WebManagement
Security‐Network‐LimitControl
PoESwitchUserManual|65
Action
IfLimitisreached,theswitchcantakeoneofthefollowingactions:
None:DonotallowmorethanLimitMACaddressesontheport,buttakenofurtheraction.
Trap:IfLimit+1MACaddressesisseenontheport,sendanSNMPtrap.IfAgingisdisabled,
onlyoneSNMPtrapwillbesent,butwithAgingenabled,newSNMPtrapswillbesentevery
timethelimitgetsexceeded.
Shutdown:IfLimit+1MACaddressesisseenontheport,shutdowntheport.Thisimplies
thatallsecuredMACaddresseswillberemovedfromtheport,andnonewaddresswillbe
learned.Evenifthelinkisphysicallydisconnectedandreconnectedontheport(by
disconnectingthecable),theportwillremainshutdown.Therearethreewaystore‐openthe
port:
1. Bootthestackorelectanewmaster,
2. Disableandre‐enableLimitControlontheportorthestack,
3. ClicktheReopenbutton.
Trap&Shutdown:IfLimit+1MACaddressesisseenontheport,boththe"Trap"andthe
"Shutdown"actionsdescribedabovewillbetaken.
State
ThiscolumnshowsthecurrentstateoftheportasseenfromtheLimitControl'spointofview.The
statetakesoneoffourvalues:
Disabled:LimitControliseithergloballydisabledordisabledontheport.
Ready:Thelimitisnotyetreached.Thiscanbeshownforallactions.
LimitReached:Indicatesthatthelimitisreachedonthisport.Thisstatecanonlybeshownif
ActionissettoNoneorTrap.
Shutdown:IndicatesthattheportisshutdownbytheLimitControlmodule.Thisstatecan
onlybeshownifActionissettoShutdownorTrap&Shutdown.
Re‐openButton
Ifaportisshutdownbythismodule,youmayreopenitbyclickingthisbutton,whichwillonlybe
enabledifthisisthecase.Forothermethods,refertoShutdownintheActionsection.
Notethatclickingthereopenbuttoncausesthepagetoberefreshed,sonon‐committedchangeswill
belost.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|66
3.1.4.10.Security‐Network‐NAS(NetworkAccessServer)
ThispageallowsyoutoconfiguretheIEEE802.1XandMAC‐basedauthenticationsystemandport
settings.
TheIEEE802.1Xstandarddefinesaport‐basedaccesscontrolprocedurethatpreventsunauthorized
accesstoanetworkbyrequiringuserstofirstsubmitcredentialsforauthentication.Oneormore
centralservers,thebackendservers,determinewhethertheuserisallowedaccesstothenetwork.
Thesebackend(RADIUS)serversareconfiguredonthe"Configuration→Security→AAA"page.The
IEEE802.1Xstandarddefinesport‐basedoperation,butnon‐standardvariantsovercomesecurity
limitationsasshallbeexploredbelow.
MAC‐basedauthenticationallowsforauthenticationofmorethanoneuseronthesameport,and
doesn'trequiretheusertohavespecial802.1Xsupplicantsoftwareinstalledonhissystem.The
switchusestheuser'sMACaddresstoauthenticateagainstthebackendserver.Intruderscancreate
counterfeitMACaddresses,whichmakesMAC‐basedauthenticationlesssecurethan802.1X
authentication.
TheNASconfigurationconsistsoftwosections,asystem‐andaport‐wide.
SystemConfiguration
Mode
IndicatesifNASisgloballyenabledordisabledonthestack.Ifgloballydisabled,allportsareallowed
forwardingofframes.
Re‐authenticationEnabled
Ifchecked,successfullyauthenticatedsupplicants/clientsarere‐authenticatedaftertheinterval
specifiedbytheRe‐authenticationPeriod.Re‐authenticationfor802.1X‐enabledportscanbeusedto
detectifanewdeviceispluggedintoaswitchportorifasupplicantisnolongerattached.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|67
ForMAC‐basedports,re‐authenticationisonlyusefuliftheRADIUSserverconfigurationhaschanged.
Itdoesnotinvolvecommunicationbetweentheswitchandtheclient,andthereforedoesn'timply
thataclientisstillpresentonaport(seeAgingPeriodbelow).
Re‐authenticationPeriod
Determinestheperiod,inseconds,afterwhichaconnectedclientmustbere‐authenticated.Thisis
onlyactiveiftheRe‐authenticationEnabledcheckboxischecked.Validvaluesareintherange1to
3600seconds.
EAPOLTimeout
DeterminesthetimeforretransmissionofRequestIdentityEAPOLframes.
Validvaluesareintherange1to65535seconds.ThishasnoeffectforMAC‐basedports.
AgingPeriod
Thissettingappliestothefollowingmodes,i.e.modesusingthePortSecurityfunctionalitytosecure
MACaddresses:
Single802.1X
Multi802.1X
MAC‐BasedAuth.
WhentheNASmoduleusesthePortSecuritymoduletosecureMACaddresses,thePortSecurity
moduleneedstocheckforactivityontheMACaddressinquestionatregularintervalsandfree
resourcesifnoactivityisseenwithinagivenperiodoftime.Thisparametercontrolsexactlythis
periodandcanbesettoanumberbetween10and1000000seconds.
Ifre‐authenticationisenabledandtheportisinan802.1X‐basedmode,thisisnotsocritical,since
supplicantsthatarenolongerattachedtotheportwillgetremoveduponthenextre‐authentication,
whichwillfail.Butifre‐authenticationisnotenabled,theonlywaytofreeresourcesisbyagingthe
entries.
ForportsinMAC‐basedAuth.mode,re‐authenticationdoesn'tcausedirectcommunicationbetween
theswitchandtheclient,sothiswillnotdetectwhethertheclientisstillattachedornot,andthe
onlywaytofreeanyresourcesistoagetheentry.
HoldTime
Thissettingappliestothefollowingmodes,i.e.modesusingthePortSecurityfunctionalitytosecure
MACaddresses:
Single802.1X
Multi802.1X
MAC‐BasedAuth.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|68
Ifaclientisdeniedaccess‐eitherbecausetheRADIUSserverdeniestheclientaccessorbecausethe
RADIUSserverrequesttimesout(accordingtothetimeoutspecifiedonthe"Configuration→Security
→AAA"page)‐theclientisputonholdintheUnauthorizedstate.Theholdtimerdoesnotcount
duringanon‐goingauthentication.InMAC‐basedAuth.mode,theswitchwillignorenewframes
comingfromtheclientduringtheholdtime.TheHoldTimecanbesettoanumberbetween10and
1000000seconds.
RADIUS‐AssignedQoSEnabled
RADIUS‐assignedQoSprovidesameanstocentrallycontrolthetrafficclasstowhichtrafficcoming
fromasuccessfullyauthenticatedsupplicantisassignedontheswitch.TheRADIUSservermustbe
configuredtotransmitspecialRADIUSattributestotakeadvantageofthisfeature(see
RADIUS‐AssignedQoSEnabledbelowforadetaileddescription).
The"RADIUS‐AssignedQoSEnabled"checkboxprovidesaquickwaytogloballyenable/disable
RADIUS‐serverassignedQoSClassfunctionality.Whenchecked,theindividualports'dittosetting
determinewhetherRADIUS‐assignedQoSClassisenabledonthatport.Whenunchecked,
RADIUS‐serverassignedQoSClassisdisabledonallports.
RADIUS‐AssignedVLANEnabled
RADIUS‐assignedVLANprovidesameanstocentrallycontroltheVLANonwhichasuccessfully
authenticatedsupplicantisplacedontheswitch.Incomingtrafficwillbeclassifiedtoandswitched
ontheRADIUS‐assignedVLAN.TheRADIUSservermustbeconfiguredtotransmitspecialRADIUS
attributestotakeadvantageofthisfeature(seeRADIUS‐AssignedVLANEnabledbelowforadetailed
description).
The"RADIUS‐AssignedVLANEnabled"checkboxprovidesaquickwaytogloballyenable/disable
RADIUS‐serverassignedVLANfunctionality.Whenchecked,theindividualports'dittosetting
determinewhetherRADIUS‐assignedVLANisenabledonthatport.Whenunchecked,RADIUS‐server
assignedVLANisdisabledonallports.
GuestVLANEnabled
AGuestVLANisaspecialVLAN‐typicallywithlimitednetworkaccess‐onwhich802.1X‐unaware
clientsareplacedafteranetworkadministrator‐definedtimeout.Theswitchfollowsasetofrulesfor
enteringandleavingtheGuestVLANaslistedbelow.
The"GuestVLANEnabled"checkboxprovidesaquickwaytogloballyenable/disableGuestVLAN
functionality.Whenchecked,theindividualports'dittosettingdetermineswhethertheportcanbe
movedintoGuestVLAN.Whenunchecked,theabilitytomovetotheGuestVLANisdisabledonall
ports.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|69
GuestVLANID
Thisisthevaluethataport'sPortVLANIDissettoifaportismovedintotheGuestVLAN.Itisonly
changeableiftheGuestVLANoptionisgloballyenabled.
Validvaluesareintherange[1;4095].
Max.Reauth.Count
ThenumberoftimestheswitchtransmitsanEAPOLRequestIdentityframewithoutresponsebefore
consideringenteringtheGuestVLANisadjustedwiththissetting.Thevaluecanonlybechangedif
theGuestVLANoptionisgloballyenabled.
Validvaluesareintherange[1;255].
AllowGuestVLANifEAPOLSeen
TheswitchremembersifanEAPOLframehasbeenreceivedontheportforthelife‐timeoftheport.
OncetheswitchconsiderswhethertoentertheGuestVLAN,itwillfirstcheckifthisoptionis
enabledordisabled.Ifdisabled(unchecked;default),theswitchwillonlyentertheGuestVLANifan
EAPOLframehasnotbeenreceivedontheportforthelife‐timeoftheport.Ifenabled(checked),the
switchwillconsiderenteringtheGuestVLANevenifanEAPOLframehasbeenreceivedontheport
forthelife‐timeoftheport.
ThevaluecanonlybechangediftheGuestVLANoptionisgloballyenabled.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|70
PortConfiguration
Thetablehasonerowforeachportontheselectedswitchinthestackandanumberofcolumns,
whichare:
Port
Theportnumberforwhichtheconfigurationbelowapplies.
AdminState
IfNASisgloballyenabled,thisselectioncontrolstheport'sauthenticationmode.Thefollowing
modesareavailable:
ForceAuthorized
Inthismode,theswitchwillsendoneEAPOLSuccessframewhentheportlinkcomesup,andany
clientontheportwillbeallowednetworkaccesswithoutauthentication.
ForceUnauthorized
Inthismode,theswitchwillsendoneEAPOLFailureframewhentheportlinkcomesup,andany
clientontheportwillbedisallowednetworkaccess.
Port‐based802.1X
Inthe802.1X‐world,theuseriscalledthesupplicant,theswitchistheauthenticator,andtheRADIUS
serveristheauthenticationserver.Theauthenticatoractsastheman‐in‐the‐middle,forwarding
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|71
requestsandresponsesbetweenthesupplicantandtheauthenticationserver.Framessentbetween
thesupplicantandtheswitcharespecial802.1Xframes,knownasEAPOL(EAPOverLANs)frames.
EAPOLframesencapsulateEAPPDUs(RFC3748).FramessentbetweentheswitchandtheRADIUS
serverareRADIUSpackets.RADIUSpacketsalsoencapsulateEAPPDUstogetherwithother
attributesliketheswitch'sIPaddress,name,andthesupplicant'sportnumberontheswitch.EAPis
veryflexible,inthatitallowsfordifferentauthenticationmethods,likeMD5‐Challenge,PEAP,and
TLS.Theimportantthingisthattheauthenticator(theswitch)doesn'tneedtoknowwhich
authenticationmethodthesupplicantandtheauthenticationserverareusing,orhowmany
informationexchangeframesareneededforaparticularmethod.Theswitchsimplyencapsulates
theEAPpartoftheframeintotherelevanttype(EAPOLorRADIUS)andforwardsit.
Whenauthenticationiscomplete,theRADIUSserversendsaspecialpacketcontainingasuccessor
failureindication.Besidesforwardingthisdecisiontothesupplicant,theswitchusesittoopenupor
blocktrafficontheswitchportconnectedtothesupplicant.
Note:SupposetwobackendserversareenabledandthattheservertimeoutisconfiguredtoX
seconds(usingtheAAAconfigurationpage),andsupposethatthefirstserverinthelistiscurrently
down(butnotconsidereddead).Now,ifthesupplicantretransmitsEAPOLStartframesatarate
fasterthanXseconds,thenitwillnevergetauthenticated,becausetheswitchwillcancelon‐going
backendauthenticationserverrequestswheneveritreceivesanewEAPOLStartframefromthe
supplicant.Andsincetheserverhasn'tyetfailed(becausetheXsecondshaven'texpired),thesame
serverwillbecontacteduponthenextbackendauthenticationserverrequestfromtheswitch.This
scenariowillloopforever.Therefore,theservertimeoutshouldbesmallerthanthesupplicant's
EAPOLStartframeretransmissionrate.
Single802.1X
Inport‐based802.1Xauthentication,onceasupplicantissuccessfullyauthenticatedonaport,the
wholeportisopenedfornetworktraffic.Thisallowsotherclientsconnectedtotheport(forinstance
throughahub)topiggy‐backonthesuccessfullyauthenticatedclientandgetnetworkaccesseven
thoughtheyreallyaren'tauthenticated.Toovercomethissecuritybreach,usetheSingle802.1X
variant.
Single802.1XisreallynotanIEEEstandard,butfeaturesmanyofthesamecharacteristicsasdoes
port‐based802.1X.InSingle802.1X,atmostonesupplicantcangetauthenticatedontheportata
time.NormalEAPOLframesareusedinthecommunicationbetweenthesupplicantandtheswitch.
Ifmorethanonesupplicantisconnectedtoaport,theonethatcomesfirstwhentheport'slink
comesupwillbethefirstoneconsidered.Ifthatsupplicantdoesn'tprovidevalidcredentialswithina
certainamountoftime,anothersupplicantwillgetachance.Onceasupplicantissuccessfully
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|72
authenticated,onlythatsupplicantwillbeallowedaccess.Thisisthemostsecureofallthe
supportedmodes.Inthismode,thePortSecuritymoduleisusedtosecureasupplicant'sMAC
addressoncesuccessfullyauthenticated.
Multi802.1X
Multi802.1Xis‐likeSingle802.1X‐notanIEEEstandard,butavariantthatfeaturesmanyofthe
samecharacteristics.InMulti802.1X,oneormoresupplicantscangetauthenticatedonthesame
portatthesametime.EachsupplicantisauthenticatedindividuallyandsecuredintheMACtable
usingthePortSecuritymodule.
InMulti802.1XitisnotpossibletousethemulticastBPDUMACaddressasdestinationMACaddress
forEAPOLframessentfromtheswitchtowardsthesupplicant,sincethatwouldcauseallsupplicants
attachedtotheporttoreplytorequestssentfromtheswitch.Instead,theswitchusesthe
supplicant'sMACaddress,whichisobtainedfromthefirstEAPOLStartorEAPOLResponseIdentity
framesentbythesupplicant.Anexceptiontothisiswhennosupplicantsareattached.Inthiscase,
theswitchsendsEAPOLRequestIdentityframesusingtheBPDUmulticastMACaddressas
destination‐towakeupanysupplicantsthatmightbeontheport.
ThemaximumnumberofsupplicantsthatcanbeattachedtoaportcanbelimitedusingthePort
SecurityLimitControlfunctionality.
MAC‐basedAuth.
Unlikeport‐based802.1X,MAC‐basedauthenticationisnotastandard,butmerelyabest‐practices
methodadoptedbytheindustry.InMAC‐basedauthentication,usersarecalledclients,andthe
switchactsasthesupplicantonbehalfofclients.Theinitialframe(anykindofframe)sentbyaclient
issnoopedbytheswitch,whichinturnusestheclient'sMACaddressasbothusernameand
passwordinthesubsequentEAPexchangewiththeRADIUSserver.The6‐byteMACaddressis
convertedtoastringonthefollowingform"xx‐xx‐xx‐xx‐xx‐xx",thatis,adash(‐)isusedasseparator
betweenthelower‐casedhexadecimaldigits.TheswitchonlysupportstheMD5‐Challenge
authenticationmethod,sotheRADIUSservermustbeconfiguredaccordingly.
Whenauthenticationiscomplete,theRADIUSserversendsasuccessorfailureindication,whichin
turncausestheswitchtoopenuporblocktrafficforthatparticularclient,usingthePortSecurity
module.Onlythenwillframesfromtheclientbeforwardedontheswitch.TherearenoEAPOL
framesinvolvedinthisauthentication,andtherefore,MAC‐basedAuthenticationhasnothingtodo
withthe802.1Xstandard.
TheadvantageofMAC‐basedauthenticationover802.1X‐basedauthenticationisthattheclients
don'tneedspecialsupplicantsoftwaretoauthenticate.ThedisadvantageisthatMACaddressescan
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|73
bespoofedbymalicioususers‐equipmentwhoseMACaddressisavalidRADIUSusercanbeusedby
anyone.Also,onlytheMD5‐Challengemethodissupported.Themaximumnumberofclientsthat
canbeattachedtoaportcanbelimitedusingthePortSecurityLimitControlfunctionality.
RADIUS‐AssignedQoSEnabled
WhenRADIUS‐AssignedQoSisbothgloballyenabledandenabled(checked)onagivenport,the
switchreactstoQoSClassinformationcarriedintheRADIUSAccess‐Acceptpackettransmittedby
theRADIUSserverwhenasupplicantissuccessfullyauthenticated.Ifpresentandvalid,traffic
receivedonthesupplicant'sportwillbeclassifiedtothegivenQoSClass.If(re‐)authenticationfails
ortheRADIUSAccess‐AcceptpacketnolongercarriesaQoSClassorit'sinvalid,orthesupplicantis
otherwisenolongerpresentontheport,theport'sQoSClassisimmediatelyrevertedtotheoriginal
QoSClass(whichmaybechangedbytheadministratorinthemeanwhilewithoutaffectingthe
RADIUS‐assigned).
Thisoptionisonlyavailableforsingle‐clientmodes,i.e.
Port‐based802.1X
Single802.1X
RADIUSattributesusedinidentifyingaQoSClass:
TheUser‐Priority‐TableattributedefinedinRFC4675formsthebasisforidentifyingtheQoSClassin
anAccess‐Acceptpacket.
Onlythefirstoccurrenceoftheattributeinthepacketwillbeconsidered,andtobevalid,itmust
followthisrule:
All8octetsintheattribute'svaluemustbeidenticalandconsistofASCIIcharactersinthe
range'0'‐'7',whichtranslatesintothedesiredQoSClassintherange[0;7].
RADIUS‐AssignedVLANEnabled
WhenRADIUS‐AssignedVLANisbothgloballyenabledandenabled(checked)foragivenport,the
switchreactstoVLANIDinformationcarriedintheRADIUSAccess‐Acceptpackettransmittedbythe
RADIUSserverwhenasupplicantissuccessfullyauthenticated.Ifpresentandvalid,theport'sPort
VLANIDwillbechangedtothisVLANID,theportwillbesettobeamemberofthatVLANID,and
theportwillbeforcedintoVLANunawaremode.Onceassigned,alltrafficarrivingontheportwillbe
classifiedandswitchedontheRADIUS‐assignedVLANID.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|74
If(re‐)authenticationfailsortheRADIUSAccess‐AcceptpacketnolongercarriesaVLANIDorit's
invalid,orthesupplicantisotherwisenolongerpresentontheport,theport'sVLANIDis
immediatelyrevertedtotheoriginalVLANID(whichmaybechangedbytheadministratorinthe
meanwhilewithoutaffectingtheRADIUS‐assigned).
Thisoptionisonlyavailableforsingle‐clientmodes,i.e.
Port‐based802.1X
Single802.1X
Fortrouble‐shootingVLANassignments,usethe"Monitor→VLANs→VLANMembershipandVLAN
Port"pages.Thesepagesshowwhichmoduleshave(temporarily)overriddenthecurrentPortVLAN
configuration.
RADIUSattributesusedinidentifyingaVLANID:
RFC2868andRFC3580formthebasisfortheattributesusedinidentifyingaVLANIDinan
Access‐Acceptpacket.Thefollowingcriteriaareused:
TheTunnel‐Medium‐Type,Tunnel‐Type,andTunnel‐Private‐Group‐IDattributesmustallbe
presentatleastonceintheAccess‐Acceptpacket.
TheswitchlooksforthefirstsetoftheseattributesthathavethesameTagvalueandfulfilthe
followingrequirements(ifTag==0isused,theTunnel‐Private‐Group‐IDdoesnotneedto
includeaTag):
ValueofTunnel‐Medium‐Typemustbesetto"IEEE‐802"(ordinal6).
ValueofTunnel‐Typemustbesetto"VLAN"(ordinal13).
ValueofTunnel‐Private‐Group‐IDmustbeastringofASCIIcharsintherange'0'‐'9',
whichisinterpretedasadecimalstringrepresentingtheVLANID.Leading'0'sare
discarded.Thefinalvaluemustbeintherange[1;4095].
GuestVLANEnabled
WhenGuestVLANisbothgloballyenabledandenabled(checked)foragivenport,theswitch
considersmovingtheportintotheGuestVLANaccordingtotherulesoutlinedbelow.Thisoptionis
onlyavailableforEAPOL‐basedmodes,i.e.:
Port‐based802.1X
Single802.1X
Multi802.1X
Fortrouble‐shootingVLANassignments,usethe"Monitor→VLANs→VLANMembershipandVLAN
Port"pages.Thesepagesshowwhichmoduleshave(temporarily)overriddenthecurrentPortVLAN
configuration.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|75
GuestVLANOperation:
WhenaGuestVLANenabledport'slinkcomesup,theswitchstartstransmittingEAPOLRequest
Identityframes.IfthenumberoftransmissionsofsuchframesexceedsMax.Reauth.Countandno
EAPOLframeshavebeenreceivedinthemeanwhile,theswitchconsidersenteringtheGuestVLAN.
TheintervalbetweentransmissionofEAPOLRequestIdentityframesisconfiguredwithEAPOL
Timeout.IfAllowGuestVLANifEAPOLSeenisenabled,theportwillnowbeplacedintheGuest
VLAN.Ifdisabled,theswitchwillfirstcheckitshistorytoseeifanEAPOLframehaspreviouslybeen
receivedontheport(thishistoryisclearediftheportlinkgoesdownortheport'sAdminStateis
changed),andifnot,theportwillbeplacedintheGuestVLAN.Otherwiseitwillnotmovetothe
GuestVLAN,butcontinuetransmittingEAPOLRequestIdentityframesattherategivenbyEAPOL
Timeout.
OnceintheGuestVLAN,theportisconsideredauthenticated,andallattachedclientsontheport
areallowedaccessonthisVLAN.TheswitchwillnottransmitanEAPOLSuccessframewhenentering
theGuestVLAN.
WhileintheGuestVLAN,theswitchmonitorsthelinkforEAPOLframes,andifonesuchframeis
received,theswitchimmediatelytakestheportoutoftheGuestVLANandstartsauthenticatingthe
supplicantaccordingtotheportmode.IfanEAPOLframeisreceived,theportwillneverbeableto
gobackintotheGuestVLANifthe"AllowGuestVLANifEAPOLSeen"isdisabled.
PortState
Thecurrentstateoftheport.Itcanundertakeoneofthefollowingvalues:
GloballyDisabled:NASisgloballydisabled.
LinkDown:NASisgloballyenabled,butthereisnolinkontheport.
Authorized:TheportisinForceAuthorizedorasingle‐supplicantmodeandthesupplicantis
authorized.
Unauthorized:TheportisinForceUnauthorizedorasingle‐supplicantmodeandthe
supplicantisnotsuccessfullyauthorizedbytheRADIUSserver.
XAuth/YUnauth:Theportisinamulti‐supplicantmode.CurrentlyXclientsareauthorized
andYareunauthorized.
Restart
Twobuttonsareavailableforeachrow.Thebuttonsareonlyenabledwhenauthenticationisglobally
enabledandtheport'sAdminStateisinanEAPOL‐basedorMAC‐basedmode.
Clickingthesebuttonswillnotcausesettingschangedonthepagetotakeeffect.
Chapter3:WebManagement
Security‐Network‐NAS(NetworkAccessServer)
PoESwitchUserManual|76
Re‐authenticate:Schedulesare‐authenticationwheneverthequiet‐periodoftheportruns
out(EAPOL‐basedauthentication).ForMAC‐basedauthentication,re‐authenticationwillbe
attemptedimmediately.
Thebuttononlyhaseffectforsuccessfullyauthenticatedclientsontheportandwillnotcause
theclientstogettemporarilyunauthorized.
Reinitialize:Forcesareinitializationoftheclientsontheportandtherebyare‐authentication
immediately.Theclientswilltransfertotheunauthorizedstatewhilethere‐authenticationis
inprogress.
Buttons
AddNewEntry:Clicktoaddanewcommunityentry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐ACL‐Ports
PoESwitchUserManual|77
3.1.4.11.Security‐Network‐ACL
3.1.4.11.1.Security‐Network‐ACL‐Ports
ConfiguretheACLparameters(ACE)ofeachswitchport.Theseparameterswillaffectframes
receivedonaportunlesstheframematchesaspecificACE.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thelogicalportforthesettingscontainedinthesamerow.
PolicyID
Selectthepolicytoapplytothisport.Theallowedvaluesare0through255.Thedefaultvalueis0.
Action
Selectwhetherforwardingispermitted("Permit")ordenied("Deny").Thedefaultvalueis
"Permit".
RateLimiterID
Selectwhichratelimitertoapplyonthisport.TheallowedvaluesareDisabledorthevalues1
through16.Thedefaultvalueis"Disabled".
PortRedirect
Selectwhichportframesareredirectedon.TheallowedvaluesareDisabledoraspecificport
numberanditcan'tbesetwhenactionispermitted.Thedefaultvalueis"Disabled".
Chapter3:WebManagement
Security‐Network‐ACL‐Ports
PoESwitchUserManual|78
Logging
Specifytheloggingoperationofthisport.Theallowedvaluesare:
Enabled:FramesreceivedontheportarestoredintheSystemLog.
Disabled:Framesreceivedontheportarenotlogged.
Thedefaultvalueis"Disabled".PleasenotethattheSystemLogmemorysizeandloggingrateis
limited.
Shutdown
Specifytheportshutdownoperationofthisport.Theallowedvaluesare:
Enabled:Ifaframeisreceivedontheport,theportwillbedisabled.
Disabled:Portshutdownisdisabled.
Thedefaultvalueis"Disabled".
State
Specifytheportstateofthisport.Theallowedvaluesare:
Enabled:ToreopenportsbychangingthevolatileportconfigurationoftheACLuser
module.
Disabled:TocloseportsbychangingthevolatileportconfigurationoftheACLusermodule.
Thedefaultvalueis"Enabled".
Counter
CountsthenumberofframesthatmatchthisACE.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Refresh:Clicktorefreshthepage;anychangesmadelocallywillbeundone.
Clear:Clicktoclearthecounters.
Chapter3:WebManagement
Security‐Network‐ACL‐RateLimiter
PoESwitchUserManual|79
3.1.4.11.2.Security‐Network‐ACL‐RateLimiter
ConfiguretheratelimiterfortheACLoftheswitch.
RateLimiterID
TheratelimiterIDforthesettingscontainedinthesamerow.
Rate
Theallowedvaluesare:0‐131071inpps
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|80
3.1.4.11.3.Security‐Network‐ACL‐AccessControlList
ThispageshowstheAccessControlList(ACL),whichismadeupoftheACEsdefinedonthisswitch.
EachrowdescribestheACEthatisdefined.ThemaximumnumberofACEsis512oneachswitch.
ClickonthelowestplussigntoaddanewACEtothelist.ThereservedACEsusedforinternal
protocol,cannotbeeditedordeleted,theordersequencecannotbechangedandthepriorityis
highest.
Notice:theACEwon'tapplytoanystackingornoneexistingport.
IngressPort
IndicatestheingressportoftheACE.Possiblevaluesare:
All:TheACEwillmatchallingressport.
Port:TheACEwillmatchaspecificingressport.
Policy/Bitmask
IndicatesthepolicynumberandbitmaskoftheACE.
FrameType
IndicatestheframetypeoftheACE.Possiblevaluesare:
Any:TheACEwillmatchanyframetype.
EType:TheACEwillmatchEthernetTypeframes.NotethatanEthernetTypebasedACEwill
notgetmatchedbyIPandARPframes.
ARP:TheACEwillmatchARP/RARPframes.
IPv4:TheACEwillmatchallIPv4frames.
IPv4/ICMP:TheACEwillmatchIPv4frameswithICMPprotocol.
IPv4/UDP:TheACEwillmatchIPv4frameswithUDPprotocol.
IPv4/TCP:TheACEwillmatchIPv4frameswithTCPprotocol.
IPv4/Other:TheACEwillmatchIPv4frames,whicharenotICMP/UDP/TCP.
IPv6:TheACEwillmatchallIPv6standardframes.
Action
IndicatestheforwardingactionoftheACE.
Permit:FramesmatchingtheACEmaybeforwardedandlearned.
Deny:FramesmatchingtheACEaredropped.
RateLimiter
IndicatestheratelimiternumberoftheACE.Theallowedrangeis1to16.WhenDisabledis
displayed,theratelimiteroperationisdisabled.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|81
PortRedirect
IndicatestheportredirectoperationoftheACE.FramesmatchingtheACEareredirectedtothe
portnumber.TheallowedvaluesareDisabledoraspecificportnumber.WhenDisabledis
displayed,theportredirectoperationisdisabled.
Counter
ThecounterindicatesthenumberoftimestheACEwashitbyaframe.
ModificationButtons
YoucanmodifyeachACE(AccessControlEntry)inthetableusingthefollowingbuttons:
:InsertsanewACEbeforethecurrentrow.
:EditstheACErow.
:MovestheACEupthelist.
:MovestheACEdownthelist.
:DeletestheACE.
:ThelowestplussignaddsanewentryatthebottomoftheACElistings.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepage;anychangesmadelocallywillbeundone.
Clear:Clicktoclearthecounters.
RemoveAll:ClicktoremoveallACEs.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|82
ConfigureanACE(AccessControlEntry)onthispage.
AnACEconsistsofseveralparameters.Theseparametersvaryaccordingtotheframetypethat
youselect.FirstselecttheingressportfortheACE,andthenselecttheframetype.Different
parameteroptionsaredisplayeddependingontheframetypeselected.
AframethathitsthisACEmatchestheconfigurationthatisdefinedhere.
IngressPort
SelecttheingressportforwhichthisACEapplies.
All:TheACEappliestoallport.
Portn:TheACEappliestothisportnumber,wherenisthenumberoftheswitchport.
PolicyFilter
SpecifythepolicynumberfilterforthisACE.
Any:Nopolicyfilterisspecified.(policyfilterstatusis"don't‐care".)
Specific:IfyouwanttofilteraspecificpolicywiththisACE,choosethisvalue.Twofieldfor
enteringanpolicyvalueandbitmaskappears.
PolicyValue
When"Specific"isselectedforthepolicyfilter,youcanenteraspecificpolicyvalue.Theallowed
rangeis0to255.
PolicyBitmask
When"Specific"isselectedforthepolicyfilter,youcanenteraspecificpolicybitmask.The
allowedrangeis0x0to0xff.
Switch
SelecttheswitchtowhichthisACEapplies.
Any:TheACEappliestoanyport.
Switchn:TheACEappliestothisswitchnumber,wherenisthenumberoftheswitch.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|83
FrameType
SelecttheframetypeforthisACE.Theseframetypesaremutuallyexclusive.
Any:AnyframecanmatchthisACE.
EthernetType:OnlyEthernetTypeframescanmatchthisACE.TheIEEE802.3describesthe
valueofLength/TypeFieldspecificationstobegreaterthanorequalto1536decimal(equal
to0600hexadecimal).
ARP:OnlyARPframescanmatchthisACE.NoticetheARPframeswon'tmatchtheACEwith
ethernettype.
IPv4:OnlyIPv4framescanmatchthisACE.NoticetheIPv4frameswon'tmatchtheACEwith
ethernettype.
IPv6:OnlyIPv6framescanmatchthisACE.NoticetheIPv6frameswon'tmatchtheACEwith
Ethernettype.
Action
SpecifytheactiontotakewithaframethathitsthisACE.
Permit:TheframethathitsthisACEisgrantedpermissionfortheACEoperation.
Deny:TheframethathitsthisACEisdropped.
RateLimiter
Specifytheratelimiterinnumberofbaseunits.Theallowedrangeis1to16.Disabledindicates
thattheratelimiteroperationisdisabled.
PortRedirect
FramesthathittheACEareredirectedtotheportnumberspecifiedhere.Theallowedrangeisthe
sameastheswitchportnumberrange.Disabledindicatesthattheportredirectoperationis
disabledandthespecificportnumberof'PortRedirect'can'tbesetwhenactionispermitted.
Logging
SpecifytheloggingoperationoftheACE.Theallowedvaluesare:
Enabled:FramesmatchingtheACEarestoredintheSystemLog.
Disabled:FramesmatchingtheACEarenotlogged.
PleasenotethattheSystemLogmemorysizeandloggingrateislimited.
Shutdown
SpecifytheportshutdownoperationoftheACE.Theallowedvaluesare:
Enabled:IfaframematchestheACE,theingressportwillbedisabled.
Disabled:PortshutdownisdisabledfortheACE.
Counter
ThecounterindicatesthenumberoftimestheACEwashitbyaframe.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|84
MACParameters
SMACFilter
(OnlydisplayedwhentheframetypeisEthernetTypeorARP.)
SpecifythesourceMACfilterforthisACE.
Any:NoSMACfilterisspecified.(SMACfilterstatusis"don't‐care".)
Specific:IfyouwanttofilteraspecificsourceMACaddresswiththisACE,choosethisvalue.
AfieldforenteringanSMACvalueappears.
SMACValue
When"Specific"isselectedfortheSMACfilter,youcanenteraspecificsourceMACaddress.The
legalformatis"xx‐xx‐xx‐xx‐xx‐xx"or"xx.xx.xx.xx.xx.xx"or"xxxxxxxxxxxx"(xisahexadecimaldigit).
AframethathitsthisACEmatchesthisSMACvalue.
DMACFilter
SpecifythedestinationMACfilterforthisACE.
Any:NoDMACfilterisspecified.(DMACfilterstatusis"don't‐care".)
MC:Framemustbemulticast.
BC:Framemustbebroadcast.
UC:Framemustbeunicast.
Specific:IfyouwanttofilteraspecificdestinationMACaddresswiththisACE,choosethis
value.AfieldforenteringaDMACvalueappears.
DMACValue
When"Specific"isselectedfortheDMACfilter,youcanenteraspecificdestinationMACaddress.
Thelegalformatis"xx‐xx‐xx‐xx‐xx‐xx"or"xx.xx.xx.xx.xx.xx"or"xxxxxxxxxxxx"(xisahexadecimal
digit).AframethathitsthisACEmatchesthisDMACvalue.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|85
VLANParameters
VLANIDFilter
SpecifytheVLANIDfilterforthisACE.
Any:NoVLANIDfilterisspecified.(VLANIDfilterstatusis"don't‐care".)
Specific:IfyouwanttofilteraspecificVLANIDwiththisACE,choosethisvalue.Afieldfor
enteringaVLANIDnumberappears.
VLANID
When"Specific"isselectedfortheVLANIDfilter,youcanenteraspecificVLANIDnumber.The
allowedrangeis1to4095.AframethathitsthisACEmatchesthisVLANIDvalue.
TagPriority
SpecifythetagpriorityforthisACE.AframethathitsthisACEmatchesthistagpriority.The
allowednumberrangeis0to7.ThevalueAnymeansthatnotagpriorityisspecified(tagpriority
is"don't‐care".)
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|86
ARPParameters
TheARPparameterscanbeconfiguredwhenFrameType"ARP"isselected.
ARP/RARP
SpecifytheavailableARP/RARPopcode(OP)flagforthisACE.
Any:NoARP/RARPOPflagisspecified.(OPis"don't‐care".)
ARP:FramemusthaveARPopcodesettoARP.
RARP:FramemusthaveRARPopcodesettoRARP.
Other:FramehasunknownARP/RARPOpcodeflag.
Request/Reply
SpecifytheavailableRequest/Replyopcode(OP)flagforthisACE.
Any:NoRequest/ReplyOPflagisspecified.(OPis"don't‐care".)
Request:FramemusthaveARPRequestorRARPRequestOPflagset.
Reply:FramemusthaveARPReplyorRARPReplyOPflag.
SenderIPFilter
SpecifythesenderIPfilterforthisACE.
Any:NosenderIPfilterisspecified.(SenderIPfilteris"don't‐care".)
Host:SenderIPfilterissettoHost.SpecifythesenderIPaddressintheSIPAddressfield
thatappears.
Network:SenderIPfilterissettoNetwork.SpecifythesenderIPaddressandsenderIP
maskintheSIPAddressandSIPMaskfieldsthatappear.
SenderIPAddress
When"Host"or"Network"isselectedforthesenderIPfilter,youcanenteraspecificsenderIP
addressindotteddecimalnotation.
SenderIPMask
When"Network"isselectedforthesenderIPfilter,youcanenteraspecificsenderIPmaskin
dotteddecimalnotation.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|87
TargetIPFilter
SpecifythetargetIPfilterforthisspecificACE.
Any:NotargetIPfilterisspecified.(TargetIPfilteris"don't‐care".)
Host:TargetIPfilterissettoHost.SpecifythetargetIPaddressintheTargetIPAddressfield
thatappears.Network:TargetIPfilterissettoNetwork.SpecifythetargetIPaddressand
targetIPmaskintheTargetIPAddressandTargetIPMaskfieldsthatappear.
TargetIPAddress
When"Host"or"Network"isselectedforthetargetIPfilter,youcanenteraspecifictargetIP
addressindotteddecimalnotation.
TargetIPMask
When"Network"isselectedforthetargetIPfilter,youcanenteraspecifictargetIPmaskindotted
decimalnotation.
ARPSenderMACMatch
Specifywhetherframescanhittheactionaccordingtotheirsenderhardwareaddressfield(SHA)
settings.
0:ARPframeswhereSHAisnotequaltotheSMACaddress.
1:ARPframeswhereSHAisequaltotheSMACaddress.
Any:Anyvalueisallowed("don't‐care").
RARPTargetMACMatch
Specifywhetherframescanhittheactionaccordingtotheirtargethardwareaddressfield(THA)
settings.
0:RARPframeswhereTHAisnotequaltothetargetMACaddress.
1:RARPframeswhereTHAisequaltothetargetMACaddress.
Any:Anyvalueisallowed("don't‐care").
IP/EthernetLength
SpecifywhetherframescanhittheactionaccordingtotheirARP/RARPhardwareaddresslength
(HLN)andprotocoladdresslength(PLN)settings.
0:ARP/RARPframeswheretheHLNisnotequaltoEthernet(0x06)orthe(PLN)isnotequal
toIPv4(0x04).
1:ARP/RARPframeswheretheHLNisequaltoEthernet(0x06)andthe(PLN)isequalto
IPv4(0x04).
Any:Anyvalueisallowed("don't‐care").
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|88
IP
SpecifywhetherframescanhittheactionaccordingtotheirARP/RARPhardwareaddressspace
(HRD)settings.
0:ARP/RARPframeswheretheHLDisnotequaltoEthernet(1).
1:ARP/RARPframeswheretheHLDisequaltoEthernet(1).
Any:Anyvalueisallowed("don't‐care").
Ethernet
SpecifywhetherframescanhittheactionaccordingtotheirARP/RARPprotocoladdressspace
(PRO)settings.
0:ARP/RARPframeswherethePROisnotequaltoIP(0x800).
1:ARP/RARPframeswherethePROisequaltoIP(0x800).
Any:Anyvalueisallowed("don't‐care").
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|89
IPParameters
TheIPparameterscanbeconfiguredwhenFrameType"IPv4"isselected.
IPProtocolFilter
SpecifytheIPprotocolfilterforthisACE.
Any:NoIPprotocolfilterisspecified("don't‐care").
Specific:IfyouwanttofilteraspecificIPprotocolfilterwiththisACE,choosethisvalue.A
fieldforenteringanIPprotocolfilterappears.
ICMP:SelectICMPtofilterIPv4ICMPprotocolframes.ExtrafieldsfordefiningICMP
parameterswillappear.Thesefieldsareexplainedlaterinthishelpfile.
UDP:SelectUDPtofilterIPv4UDPprotocolframes.ExtrafieldsfordefiningUDPparameters
willappear.Thesefieldsareexplainedlaterinthishelpfile.
TCP:SelectTCPtofilterIPv4TCPprotocolframes.ExtrafieldsfordefiningTCPparameters
willappear.Thesefieldsareexplainedlaterinthishelpfile.
IPProtocolValue
When"Specific"isselectedfortheIPprotocolvalue,youcanenteraspecificvalue.Theallowed
rangeis0to255.AframethathitsthisACEmatchesthisIPprotocolvalue.
IPTTL
SpecifytheTime‐to‐LivesettingsforthisACE.
zero:IPv4frameswithaTime‐to‐Livefieldgreaterthanzeromustnotbeabletomatchthis
entry.
non‐zero:IPv4frameswithaTime‐to‐Livefieldgreaterthanzeromustbeabletomatchthis
entry.
Any:Anyvalueisallowed("don't‐care").
IPFragment
SpecifythefragmentoffsetsettingsforthisACE.ThisinvolvesthesettingsfortheMoreFragments
(MF)bitandtheFragmentOffset(FRAGOFFSET)fieldforanIPv4frame.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|90
No:IPv4frameswheretheMFbitissetortheFRAGOFFSETfieldisgreaterthanzeromustnotbe
abletomatchthisentry.
Yes:IPv4frameswheretheMFbitissetortheFRAGOFFSETfieldisgreaterthanzeromust
beabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
IPOption
SpecifytheoptionsflagsettingforthisACE.
No:IPv4frameswheretheoptionsflagissetmustnotbeabletomatchthisentry.
Yes:IPv4frameswheretheoptionsflagissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
SIPFilter
SpecifythesourceIPfilterforthisACE.
Any:NosourceIPfilterisspecified.(SourceIPfilteris"don't‐care".)
Host:SourceIPfilterissettoHost.SpecifythesourceIPaddressintheSIPAddressfieldthat
appears.
Network:SourceIPfilterissettoNetwork.SpecifythesourceIPaddressandsourceIPmask
intheSIPAddressandSIPMaskfieldsthatappear.
SIPAddress
When"Host"or"Network"isselectedforthesourceIPfilter,youcanenteraspecificSIPaddress
indotteddecimalnotation.
SIPMask
When"Network"isselectedforthesourceIPfilter,youcanenteraspecificSIPmaskindotted
decimalnotation.
DIPFilter
SpecifythedestinationIPfilterforthisACE.
Any:NodestinationIPfilterisspecified.(DestinationIPfilteris"don't‐care".)
Host:DestinationIPfilterissettoHost.SpecifythedestinationIPaddressintheDIPAddress
fieldthatappears.
Network:DestinationIPfilterissettoNetwork.SpecifythedestinationIPaddressand
destinationIPmaskintheDIPAddressandDIPMaskfieldsthatappear.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|91
DIPAddress
When"Host"or"Network"isselectedforthedestinationIPfilter,youcanenteraspecificDIP
addressindotteddecimalnotation.
DIPMask
When"Network"isselectedforthedestinationIPfilter,youcanenteraspecificDIPmaskin
dotteddecimalnotation.
ICMPParameters
ICMPTypeFilter
SpecifytheICMPfilterforthisACE.
Any:NoICMPfilterisspecified(ICMPfilterstatusis
"don't‐care").
Specific:IfyouwanttofilteraspecificICMPfilterwith
thisACE,youcanenteraspecificICMPvalue.Afield
forenteringanICMPvalueappears.
ICMPTypeValue
When"Specific"isselectedfortheICMPfilter,youcanenteraspecificICMPvalue.Theallowed
rangeis0to255.AframethathitsthisACEmatchesthisICMPvalue.
ICMPCodeFilter
SpecifytheICMPcodefilterforthisACE.
Any:NoICMPcodefilterisspecified(ICMPcodefilterstatusis"don't‐care").
Specific:IfyouwanttofilteraspecificICMPcodefilterwiththisACE,youcanentera
specificICMPcodevalue.AfieldforenteringanICMPcodevalueappears.
ICMPCodeValue
When"Specific"isselectedfortheICMPcodefilter,youcanenteraspecificICMPcodevalue.The
allowedrangeis0to255.AframethathitsthisACEmatchesthisICMPcodevalue.
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|92
TCP/UDPParameters
TCP/UDPSourceFilter
SpecifytheTCP/UDPsourcefilterforthisACE.
Any:NoTCP/UDPsourcefilterisspecified(TCP/UDPsourcefilterstatusis"don't‐care").
Specific:IfyouwanttofilteraspecificTCP/UDPsourcefilterwiththisACE,youcanentera
specificTCP/UDPsourcevalue.AfieldforenteringaTCP/UDPsourcevalueappears.
Range:IfyouwanttofilteraspecificTCP/UDPsourcerangefilterwiththisACE,youcan
enteraspecificTCP/UDPsourcerangevalue.AfieldforenteringaTCP/UDPsourcevalue
appears.
TCP/UDPSourceNo.
When"Specific"isselectedfortheTCP/UDPsourcefilter,youcanenteraspecificTCP/UDPsource
value.Theallowedrangeis0to65535.AframethathitsthisACEmatchesthisTCP/UDPsource
value.
TCP/UDPSourceRange
When"Range"isselectedfortheTCP/UDPsourcefilter,youcanenteraspecificTCP/UDPsource
rangevalue.Theallowedrangeis0to65535.AframethathitsthisACEmatchesthisTCP/UDP
sourcevalue.
TCP/UDPDestinationFilter
SpecifytheTCP/UDPdestinationfilterforthisACE.
Any:NoTCP/UDPdestinationfilterisspecified(TCP/UDPdestinationfilterstatusis
"don't‐care").
Specific:IfyouwanttofilteraspecificTCP/UDPdestinationfilterwiththisACE,youcan
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|93
enteraspecificTCP/UDPdestinationvalue.AfieldforenteringaTCP/UDPdestinationvalue
appears.
Range:IfyouwanttofilteraspecificrangeTCP/UDPdestinationfilterwiththisACE,youcan
enteraspecificTCP/UDPdestinationrangevalue.AfieldforenteringaTCP/UDPdestination
valueappears.
TCP/UDPDestinationNumber
When"Specific"isselectedfortheTCP/UDPdestinationfilter,youcanenteraspecificTCP/UDP
destinationvalue.Theallowedrangeis0to65535.AframethathitsthisACEmatchesthis
TCP/UDPdestinationvalue.
TCP/UDPDestinationRange
When"Range"isselectedfortheTCP/UDPdestinationfilter,youcanenteraspecificTCP/UDP
destinationrangevalue.Theallowedrangeis0to65535.AframethathitsthisACEmatchesthis
TCP/UDPdestinationvalue.
TCPFIN
SpecifytheTCP"Nomoredatafromsender"(FIN)valueforthisACE.
0:TCPframeswheretheFINfieldissetmustnotbeabletomatchthisentry.
1:TCPframeswheretheFINfieldissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
TCPSYN
SpecifytheTCP"Synchronizesequencenumbers"(SYN)valueforthisACE.
0:TCPframeswheretheSYNfieldissetmustnotbeabletomatchthisentry.
1:TCPframeswheretheSYNfieldissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
TCPRST
SpecifytheTCP"Resettheconnection"(RST)valueforthisACE.
0:TCPframeswheretheRSTfieldissetmustnotbeabletomatchthisentry.
1:TCPframeswheretheRSTfieldissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
TCPPSH
SpecifytheTCP"PushFunction"(PSH)valueforthisACE.
0:TCPframeswherethePSHfieldissetmustnotbeabletomatchthisentry.
1:TCPframeswherethePSHfieldissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|94
TCPACK
SpecifytheTCP"Acknowledgmentfieldsignificant"(ACK)valueforthisACE.
0:TCPframeswheretheACKfieldissetmustnotbeabletomatchthisentry.
1:TCPframeswheretheACKfieldissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
TCPURG
SpecifytheTCP"UrgentPointerfieldsignificant"(URG)valueforthisACE.
0:TCPframeswheretheURGfieldissetmustnotbeabletomatchthisentry.
1:TCPframeswheretheURGfieldissetmustbeabletomatchthisentry.
Any:Anyvalueisallowed("don't‐care").
Chapter3:WebManagement
Security‐Network‐ACL‐AccessControlList
PoESwitchUserManual|95
EthernetTypeParameters
TheEthernetTypeparameterscanbeconfiguredwhenFrameType"EthernetType"isselected.
EtherTypeFilter
SpecifytheEthernettypefilterforthisACE.
Any:NoEtherTypefilterisspecified(EtherTypefilterstatusis"don't‐care").
Specific:IfyouwanttofilteraspecificEtherTypefilterwiththisACE,youcanenteraspecific
EtherTypevalue.AfieldforenteringaEtherTypevalueappears.
EthernetTypeValue
When"Specific"isselectedfortheEtherTypefilter,youcanenteraspecificEtherTypevalue.The
allowedrangeis0x600to0xFFFFbutexcluding0x800(IPv4),0x806(ARP)and0x86DD(IPv6).A
framethathitsthisACEmatchesthisEtherTypevalue.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:Returntothepreviouspage.
Chapter3:WebManagement
Security‐Network‐DHCP‐Snooping
PoESwitchUserManual|96
3.1.4.12.Security‐Network‐DHCP
3.1.4.12.1.Security‐Network‐DHCP‐Snooping
ConfigureDHCPSnoopingonthispage.
SnoopingMode
IndicatestheDHCPsnoopingmodeoperation.Possiblemodesare:
Enabled:EnableDHCPsnoopingmodeoperation.WhenDHCPsnoopingmodeoperationis
enabled,theDHCPrequestmessageswillbeforwardedtotrustedportsandonlyallowreply
packetsfromtrustedports.
Disabled:DisableDHCPsnoopingmodeoperation.
PortModeConfiguration
IndicatestheDHCPsnoopingportmode.Possibleportmodesare:
Trusted:ConfigurestheportastrustedsourceoftheDHCPmessages.
Untrusted:ConfigurestheportasuntrustedsourceoftheDHCPmessages.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐DHCP‐Relay
PoESwitchUserManual|97
3.1.4.12.2.Security‐Network‐DHCP‐Relay
ConfigureDHCPRelayonthispage.
RelayMode
IndicatestheDHCPrelaymodeoperation.Possiblemodesare:
Enabled:EnableDHCPrelaymodeoperation.WhenDHCPrelaymodeoperationisenabled,
theagentforwardsandtransfersDHCPmessagesbetweentheclientsandtheserverwhen
theyarenotinthesamesubnetdomain.AndtheDHCPbroadcastmessagewon'tbe
floodedforsecurityconsiderations.
Disabled:DisableDHCPrelaymodeoperation.
RelayServer
IndicatestheDHCPrelayserverIPaddress.ADHCPrelayagentisusedtoforwardandtotransfer
DHCPmessagesbetweentheclientsandtheserverwhentheyarenotinthesamesubnetdomain.
RelayInformationMode
IndicatestheDHCPrelayinformationmodeoptionoperation.Theoption82circuitIDformatas
"[vlan_id][module_id][port_no]".ThefirstfourcharactersrepresenttheVLANID,thefifthand
sixthcharactersarethemoduleID(instandalonedeviceitalwaysequal0,instackabledeviceit
meansswitchID).),andthelasttwocharactersaretheportnumber.Forexample,"00030108"
meanstheDHCPmessagereceiveformVLANID3,switchID1,portNo8.Andtheoption82
remoteIDvalueisequaltheswitchMACaddress.
Possiblemodesare:
Enabled:EnableDHCPrelayinformationmodeoperation.WhenDHCPrelayinformation
modeoperationisenabled,theagentinsertsspecificinformation(option82)intoaDHCP
messagewhenforwardingtoDHCPserverandremovesitfromaDHCPmessagewhen
transferringtoDHCPclient.ItonlyworkswhenDHCPrelayoperationmodeisenabled.
Disabled:DisableDHCPrelayinformationmodeoperation.
Chapter3:WebManagement
Security‐Network‐DHCP‐Relay
PoESwitchUserManual|98
RelayInformationPolicy
IndicatestheDHCPrelayinformationoptionpolicy.WhenDHCPrelayinformationmodeoperation
isenabled,ifagentreceivesaDHCPmessagethatalreadycontainsrelayagentinformationitwill
enforcethepolicy.The'Replace'optionisinvalidwhenrelayinformationmodeisdisabled.
Possiblepoliciesare:
Replace:ReplacetheoriginalrelayinformationwhenaDHCPmessagethatalreadycontains
itisreceived.
Keep:KeeptheoriginalrelayinformationwhenaDHCPmessagethatalreadycontainsitis
received.
Drop:DropthepackagewhenaDHCPmessagethatalreadycontainsrelayinformationis
received.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐IPSourceGuard‐Configuration
PoESwitchUserManual|99
3.1.4.13.Security‐Network‐IPSourceGuard
3.1.4.13.1.Security‐Network‐IPSourceGuard‐Configuration
ThispageprovidesIPSourceGuardrelatedconfiguration.
ModeofIPSourceGuardConfiguration
EnabletheGlobalIPSourceGuardordisabletheGlobalIPSourceGuard.AllconfiguredACEswill
belostwhenthemodeisenabled.
PortModeConfiguration
SpecifyIPSourceGuardisenabledonwhichports.OnlywhenbothGlobalModeandPortMode
onagivenportareenabled,IPSourceGuardisenabledonthisgivenport.
MaxDynamicClients
Specifythemaximumnumberofdynamicclientsthatcanbelearnedongivenport.Thisvaluecan
be0,1,2orunlimited.Iftheportmodeisenabledandthevalueofmaxdynamicclientisequalto
0,itmeansonlyallowtheIPpacketsforwardingthatarematchedinstaticentriesonthespecific
port.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
TranslateDynamictoStatic:Clicktotranslatealldynamicentriestostaticentries.
Chapter3:WebManagement
Security‐Network‐IPSourceGuard‐StaticTable
PoESwitchUserManual|100
3.1.4.13.2.Security‐Network‐IPSourceGuard‐StaticTable
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
Port
Thelogicalportforthesettings.
VLANID
Thevlanidforthesettings.
IPAddress
AllowedSourceIPaddress.
IPMask
ItcanbeusedforcalculatingtheallowednetworkwithIPaddress.
Buttons
AddNewEntry:ClicktoaddanewentrytotheStaticIPSourceGuardtable.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐Network‐ARPInspection‐Configuration
PoESwitchUserManual|101
3.1.4.14.Security‐Network‐ARPInspection
3.1.4.14.1.Security‐Network‐ARPInspection‐Configuration
ThispageprovidesARPInspectionrelatedconfiguration.
ModeofARPInspectionConfiguration
EnabletheGlobalARPInspectionordisabletheGlobalARPInspection.
PortModeConfiguration
SpecifyARPInspectionisenabledonwhichports.OnlywhenbothGlobalModeandPortModeon
agivenportareenabled,ARPInspectionisenabledonthisgivenport.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
TranslateDynamictoStatic:Clicktotranslatealldynamicentriestostaticentries.
Chapter3:WebManagement
Security‐Network‐ARPInspection‐StaticTable
PoESwitchUserManual|102
3.1.4.14.2.Security‐Network‐ARPInspection‐StaticTable
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
Port
Thelogicalportforthesettings.
VLANID
Thevlanidforthesettings.
MACAddress
AllowedSourceMACaddressinARPrequestpackets.
IPAddress
AllowedSourceIPaddressinARPrequestpackets.
Buttons
AddNewEntry:ClicktoaddanewentrytotheStaticIPSourceGuardtable.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Security‐AAA
PoESwitchUserManual|103
3.1.4.15.Security‐AAA
CommonServerConfiguration
ThesesettingarecommonforalloftheAuthenticationServers.
Timeout
TheTimeout,whichcanbesettoanumberbetween3and3600seconds,isthemaximumtimeto
waitforareplyfromaserver.
Iftheserverdoesnotreplywithinthistimeframe,wewillconsiderittobedeadandcontinuewith
thenextenabledserver(ifany).
RADIUSserversareusingtheUDPprotocol,whichisunreliablebydesign.Inordertocopewithlost
frames,thetimeoutintervalisdividedinto3subintervalsofequallength.Ifareplyisnotreceived
withinthesubinterval,therequestistransmittedagain.ThisalgorithmcausestheRADIUSserverto
bequeriedupto3timesbeforeitisconsideredtobedead.
DeadTime
TheDeadTime,whichcanbesettoanumberbetween0and3600seconds,istheperiodduring
whichtheswitchwillnotsendnewrequeststoaserverthathasfailedtorespondtoaprevious
request.Thiswillstoptheswitchfromcontinuallytryingtocontactaserverthatithasalready
determinedasdead.
SettingtheDeadTimetoavaluegreaterthan0(zero)willenablethisfeature,butonlyifmorethan
oneserverhasbeenconfigured.
Chapter3:WebManagement
Security‐AAA
PoESwitchUserManual|104
RADIUSAuthenticationServerConfiguration
ThetablehasonerowforeachRADIUSAuthenticationServerandanumberofcolumns,whichare:
#
TheRADIUSAuthenticationServernumberforwhichtheconfigurationbelowapplies.
Enabled
EnabletheRADIUSAuthenticationServerbycheckingthisbox.
IPAddress/Hostname
TheIPaddressorhostnameoftheRADIUSAuthenticationServer.IPaddressisexpressedindotted
decimalnotation.
Port
TheUDPporttouseontheRADIUSAuthenticationServer.Iftheportissetto0(zero),thedefault
port(1812)isusedontheRADIUSAuthenticationServer.
Secret
Thesecret‐upto29characterslong‐sharedbetweentheRADIUSAuthenticationServerandthe
stack.
Chapter3:WebManagement
Security‐AAA
PoESwitchUserManual|105
RADIUSAccountingServerConfiguration
ThetablehasonerowforeachRADIUSAccountingServerandanumberofcolumns,whichare:
#
TheRADIUSAccountingServernumberforwhichtheconfigurationbelowapplies.
Enabled
EnabletheRADIUSAccountingServerbycheckingthisbox.
IPAddress/Hostname
TheIPaddressorhostnameoftheRADIUSAccountingServer.IPaddressisexpressedindotted
decimalnotation.
Port
TheUDPporttouseontheRADIUSAccountingServer.Iftheportissetto0(zero),thedefaultport
(1813)isusedontheRADIUSAccountingServer.
Secret
Thesecret‐upto29characterslong‐sharedbetweentheRADIUSAccountingServerandthestack.
Chapter3:WebManagement
Security‐AAA
PoESwitchUserManual|106
TAC ACS+AuthenticationServerConfiguration
ThetablehasonerowforeachTACACS+AuthenticationServerandanumberofcolumns,whichare:
#
TheTACACS+AuthenticationServernumberforwhichtheconfigurationbelowapplies.
Enabled
EnabletheTACACS+AuthenticationServerbycheckingthisbox.
IPAddress/Hostname
TheIPaddressorhostnameoftheTACACS+AuthenticationServer.IPaddressisexpressedindotted
decimalnotation.
Port
TheTCPporttouseontheTACACS+AuthenticationServer.Iftheportissetto0(zero),thedefault
port(49)isusedontheTAC ACS+AuthenticationServer.
Secret
Thesecret‐upto29characterslong‐sharedbetweentheTACACS+AuthenticationServerandthe
stack.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Aggregation‐Static
PoESwitchUserManual|107
3.1.5.Configuration‐Aggregation
3.1.5.1.Aggregation‐Static
ThispageisusedtoconfiguretheAggregationhashmodeandtheaggregationgroup.
HashCodeContributors
SourceMACAddress
TheSourceMACaddresscanbeusedtocalculatethedestinationportfortheframe.Checktoenable
theuseoftheSourceMACaddress,orunchecktodisable.Bydefault,SourceMACAddressis
enabled.
DestinationMACAddress
TheDestinationMACAddresscanbeusedtocalculatethedestinationportfortheframe.Checkto
enabletheuseoftheDestinationMACAddress,orunchecktodisable.Bydefault,DestinationMAC
Addressisdisabled.
IPAddress
TheIPaddresscanbeusedtocalculatethedestinationportfortheframe.Checktoenabletheuseof
theIPAddress,orunchecktodisable.Bydefault,IPAddressisenabled.
TCP/UDPPortNumber
TheTCP/UDPportnumbercanbeusedtocalculatethedestinationportfortheframe.Checkto
enabletheuseoftheTCP/UDPPortNumber,orunchecktodisable.Bydefault,TCP/UDPPort
Numberisenabled.
Chapter3:WebManagement
Aggregation‐Static
PoESwitchUserManual|108
AggregationGroupConfiguration
Locality
Indicatestheaggregationgrouptype.Thisfieldisonlyvalidforstackableswitches.
Global:Thegroupmembersmayresideondifferentunitsinthestack.Eachglobalaggregation
mayconsistofupto8members.
Local:Thegroupmembersresideonthesameunit.Eachlocalaggregationmayconsistofup
to16members.
GroupID
IndicatesthegroupIDforthesettingscontainedinthesamerow.GroupID"Normal"indicatesthere
isnoaggregation.OnlyonegroupIDisvalidperport.
PortMembers
EachswitchportislistedforeachgroupID.Selectaradiobuttontoincludeaportinanaggregation,
orcleartheradiobuttontoremovetheportfromtheaggregation.Bydefault,noportsbelongtoany
aggregationgroup.Onlyfullduplexportscanjoinanaggregationandportsmustbeinthesame
speedineachgroup.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Aggregation‐LACP
PoESwitchUserManual|109
3.1.5.2.Aggregation‐LACP
ThispageallowstheusertoinspectthecurrentLACPportconfigurations,andpossiblychangethem
aswell.
TheLACPportsettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Theswitchportnumber.
LACPEnabled
ControlswhetherLACPisenabledonthisswitchport.LACPwillformanaggregationwhen2ormore
portsareconnectedtothesamepartner.LACPcanformmax12LLAGsperswitchand2GLAGsper
stack.
Key
TheKeyvalueincurredbytheport,range1‐65535.TheAutosettingwillsetthekeyasappropriate
bythephysicallinkspeed,10Mb=1,100Mb=2,1Gb=3.UsingtheSpecificsetting,auser‐defined
valuecanbeentered.PortswiththesameKeyvaluecanparticipateinthesameaggregationgroup,
whileportswithdifferentkeyscannot.
Role
TheRoleshowstheLACPactivitystatus.TheActivewilltransmitLACPpacketseachsecond,while
PassivewillwaitforaLACPpacketfromapartner(speakifspokento).
Chapter3:WebManagement
Aggregation‐LACP
PoESwitchUserManual|110
Timeout
TheTimeoutcontrolstheperiodbetweenBPDUtransmissions.FastwilltransmitLACPpacketseach
second,whileSlowwillwaitfor30secondsbeforesendingaLACPpacket.
Prio
ThePriocontrolsthepriorityoftheport.IftheLACPpartnerwantstoformalargergroupthanis
supportedbythisdevicethenthisparameterwillcontrolwhichportswillbeactiveandwhichports
willbeinabackuprole.Lowernumbermeansgreaterpriority.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
LoopProtection
PoESwitchUserManual|111
3.1.6.Configuration‐LoopProtection
ThispageallowstheusertoinspectthecurrentLoopProtectionconfigurations,andpossiblychange
themaswell.
GeneralSettings
EnableLoopProtection
Controlswhetherloopprotectionsisenabled(asawhole).
TransmissionTime
TheintervalbetweeneachloopprotectionPDUsentoneachport.validvaluesare1to10seconds.
ShutdownTime
Theperiod(inseconds)forwhichaportwillbekeptdisabledintheeventofaloopisdetected(and
theportactionshutsdowntheport).Validvaluesare0to604800seconds(7days).Avalueofzero
willkeepaportdisabled(untilnextdevicerestart).
Chapter3:WebManagement
LoopProtection
PoESwitchUserManual|112
PortConfiguration
Port
Theswitchportnumberoftheport.
Enable
Controlswhetherloopprotectionisenabledonthisswitchport.
Action
Configurestheactionperformedwhenaloopisdetectedonaport.ValidvaluesareShutdownPort,
ShutdownPortandLogorLogOnly.
TxMode
ControlswhethertheportisactivelygeneratingloopprotectionPDU's,orwhetheritisjustpassively
lookingforloopedPDU's.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
SpanningTree‐BridgeSettings
PoESwitchUserManual|113
3.1.7.Configuration‐SpanningTree
3.1.7.1.SpanningTree‐BridgeSettings
ThispageallowsyoutoconfigureSTPsystemsettings.ThesettingsareusedbyallSTPBridge
instancesintheSwitchStack.
BasicSettings
ProtocolVersion
TheMSTP/RSTP/STPprotocolversionsetting.ValidvaluesareSTP,RSTPandMSTP.
BridgePriority
Controlsthebridgepriority.Lowernumericvalueshavebetterpriority.Thebridgepriorityplusthe
MSTIinstancenumber,concatenatedwiththe6‐byteMACaddressoftheswitchformsaBridge
Identifier.
ForMSTPoperation,thisisthepriorityoftheCIST.Otherwise,thisisthepriorityoftheSTP/RSTP
bridge.
ForwardDelay
ThedelayusedbySTPBridgestotransitRootandDesignatedPortstoForwarding(usedinSTP
compatiblemode).Validvaluesareintherange4to30seconds.
MaxAge
ThemaximumageoftheinformationtransmittedbytheBridgewhenitistheRootBridge.Valid
valuesareintherange6to40seconds,andMaxAgemustbe<=(FwdDelay‐1)*2.
Chapter3:WebManagement
SpanningTree‐BridgeSettings
PoESwitchUserManual|114
MaximumHopCount
ThisdefinestheinitialvalueofremainingHopsforMSTIinformationgeneratedattheboundaryofan
MSTIregion.ItdefineshowmanybridgesarootbridgecandistributeitsBPDUinformationto.Valid
valuesareintherange6to40hops.
TransmitHoldCount
ThenumberofBPDU'sabridgeportcansendpersecond.Whenexceeded,transmissionofthenext
BPDUwillbedelayed.Validvaluesareintherange1to10BPDU'spersecond.
AdvancedSettings
EdgePortBPDUFiltering
ControlwhetheraportexplicitlyconfiguredasEdgewilltransmitandreceiveBPDUs.
EdgePortBPDUGuard
ControlwhetheraportexplicitlyconfiguredasEdgewilldisableitselfuponreceptionofaBPDU.The
portwillentertheerror‐disabledstate,andwillberemovedfromtheactivetopology.
PortErrorRecovery
Controlwhetheraportintheerror‐disabledstateautomaticallywillbeenabledafteracertaintime.
Ifrecoveryisnotenabled,portshavetobedisabledandre‐enabledfornormalSTPoperation.The
conditionisalsoclearedbyasystemreboot.
PortErrorRecoveryTimeout
Thetimetopassbeforeaportintheerror‐disabledstatecanbeenabled.Validvaluesarebetween
30and86400seconds(24hours).
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
SpanningTree‐MSTIMapping
PoESwitchUserManual|115
3.1.7.2.SpanningTree‐MSTIMapping
ThispageallowstheusertoinspectthecurrentSTPMSTIbridgeinstancepriorityconfigurations,and
possiblychangethemaswell.
ConfigurationIdentification
ConfigurationName
ThenameidentifyingtheVLANtoMSTImapping.Bridgesmustsharethenameandrevision(see
below),aswellastheVLAN‐to‐MSTImappingconfigurationinordertosharespanningtreesfor
MSTI's(Intra‐region).Thenameisatmost32characters.
ConfigurationRevision
TherevisionoftheMSTIconfigurationnamedabove.Thismustbeanintegerbetween0and65535.
MSTIMapping
MSTI
Thebridgeinstance.TheCISTisnotavailableforexplicitmapping,asitwillreceivetheVLANsnot
explicitlymapped.
Chapter3:WebManagement
SpanningTree‐MSTIMapping
PoESwitchUserManual|116
VLANsMapped
ThelistofVLANsmappedtotheMSTI.TheVLANscanbegivenasasingle(xx,xxbeingbetween1
and4094)VLAN,orarange(xx‐yy),eachofwhichmustbeseparatedwithcommaand/orspace.A
VLANcanonlybemappedtooneMSTI.AnunusedMSTIshouldjustbeleftempty.(I.e.nothaving
anyVLANsmappedtoit.)Example:2,5,20‐40.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
SpanningTree‐MSTIPriorities
PoESwitchUserManual|117
3.1.7.3.SpanningTree‐MSTIPriorities
ThispageallowstheusertoinspectthecurrentSTPMSTIbridgeinstancepriorityconfigurations,and
possiblychangethemaswell.
MSTI
Thebridgeinstance.TheCISTisthedefaultinstance,whichisalwaysactive.
Priority
Controlsthebridgepriority.Lowernumericvalueshavebetterpriority.Thebridgepriorityplusthe
MSTIinstancenumber,concatenatedwiththe6‐byteMACaddressoftheswitchformsaBridge
Identifier.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
SpanningTree‐CISTPorts
PoESwitchUserManual|118
3.1.7.4.SpanningTree‐CISTPorts
ThispageallowstheusertoinspectthecurrentSTPCISTportconfigurations,andpossiblychange
themaswell.
Thispagecontainssettingsforphysicalandaggregatedports.Theaggregationsettingsarestack
global.
TheSTPportsettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
TheswitchportnumberofthelogicalSTPport.
STPEnabled
ControlswhetherSTPisenabledonthisswitchport.
Chapter3:WebManagement
SpanningTree‐CISTPorts
PoESwitchUserManual|119
PathCost
Controlsthepathcostincurredbytheport.TheAutosettingwillsetthepathcostasappropriateby
thephysicallinkspeed,usingthe802.1Drecommendedvalues.UsingtheSpecificsetting,a
user‐definedvaluecanbeentered.Thepathcostisusedwhenestablishingtheactivetopologyofthe
network.Lowerpathcostportsarechosenasforwardingportsinfavourofhigherpathcostports.
Validvaluesareintherange1to200000000.
Priority
Controlstheportpriority.Thiscanbeusedtocontrolpriorityofportshavingidenticalportcost.(See
above).
operEdge(stateflag)
Operationalflagdescribingwhethertheportisconnectingdirectlytoedgedevices.(NoBridges
attached).Transitiontotheforwardingstateisfasterforedgeports(havingoperEdgetrue)thanfor
otherports.ThevalueofthisflagisbasedonAdminEdgeandAutoEdgefields.Thisflagisdisplayed
asEdgeinMonitor‐>SpanningTree‐>STPDetailedBridgeStatus.
AdminEdge
ControlswhethertheoperEdgeflagshouldstartassetorcleared.(TheinitialoperEdgestatewhena
portisinitialized).
AutoEdge
Controlswhetherthebridgeshouldenableautomaticedgedetectiononthebridgeport.Thisallows
operEdgetobederivedfromwhetherBPDU'sarereceivedontheportornot.
RestrictedRole
Ifenabled,causestheportnottobeselectedasRootPortfortheCISToranyMSTI,evenifithasthe
bestspanningtreepriorityvector.SuchaportwillbeselectedasanAlternatePortaftertheRoot
Porthasbeenselected.Ifset,itcancauselackofspanningtreeconnectivity.Itcanbesetbya
networkadministratortopreventbridgesexternaltoacoreregionofthenetworkinfluencethe
spanningtreeactivetopology,possiblybecausethosebridgesarenotunderthefullcontrolofthe
administrator.ThisfeatureisalsoknownasRootGuard.
RestrictedTCN
Ifenabled,causestheportnottopropagatereceivedtopologychangenotificationsandtopology
changestootherports.Ifsetitcancausetemporarylossofconnectivityafterchangesinaspanning
tree'sactivetopologyasaresultofpersistentlyincorrectlearnedstationlocationinformation.Itis
setbyanetworkadministratortopreventbridgesexternaltoacoreregionofthenetwork,causing
addressflushinginthatregion,possiblybecausethosebridgesarenotunderthefullcontrolofthe
administratororthephysicallinkstateoftheattachedLANstransitsfrequently.
Chapter3:WebManagement
SpanningTree‐CISTPorts
PoESwitchUserManual|120
BPDUGuard
Ifenabled,causestheporttodisableitselfuponreceivingvalidBPDU's.Contrarytothesimilar
bridgesetting,theportEdgestatusdoesnoteffectthissetting.
Aportenteringerror‐disabledstateduetothissettingissubjecttothebridgePortErrorRecovery
settingaswell.
Point‐to‐Point
Controlswhethertheportconnectstoapoint‐to‐pointLANratherthantoasharedmedium.Thiscan
beautomaticallydetermined,orforcedeithertrueorfalse.Transitiontotheforwardingstateis
fasterforpoint‐to‐pointLANsthanforsharedmedia.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
SpanningTree‐MSTIPorts
PoESwitchUserManual|121
3.1.7.5.SpanningTree‐MSTIPorts
ThispageallowstheusertoinspectthecurrentSTPMSTIportconfigurations,andpossiblychange
themaswell.
AnMSTIportisavirtualport,whichisinstantiatedseparatelyforeachactiveCIST(physical)portfor
eachMSTIinstanceconfiguredonandapplicabletotheport.TheMSTIinstancemustbeselected
beforedisplayingactualMSTIportconfigurationoptions.
Chapter3:WebManagement
SpanningTree‐MSTIPorts
PoESwitchUserManual|122
ThispagecontainsMSTIportsettingsforphysicalandaggregatedports.Theaggregationsettingsare
stackglobal.
ApartfromtheselectedMSTI,theSTPMSTIportsettingsalsorelatetothecurrentlyselectedstack
unit,asreflectedbythepageheader.
Port
TheswitchportnumberofthecorrespondingSTPCIST(andMSTI)port.
PathCost
Controlsthepathcostincurredbytheport.TheAutosettingwillsetthepathcostasappropriateby
thephysicallinkspeed,usingthe802.1Drecommendedvalues.UsingtheSpecificsetting,a
user‐definedvaluecanbeentered.Thepathcostisusedwhenestablishingtheactivetopologyofthe
network.Lowerpathcostportsarechosenasforwardingportsinfavourofhigherpathcostports.
Validvaluesareintherange1to200000000.
Priority
Controlstheportpriority.Thiscanbeusedtocontrolpriorityofportshavingidenticalportcost.(See
above).
Buttons
Get:ClicktoretrievesettingsforaspecificMSTI.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
MVR
PoESwitchUserManual|123
3.1.8.Configuration‐MVR
ThispageprovidesMVRrelatedconfigurations.
Mostofthesettingsareglobal,whereastheImmediateLeaveandMVRPort‐Roleconfigurationis
relatedtothecurrentselectingstackunit,asreflectedbythepageheader.
TheMVRfeatureenablesmulticasttrafficforwardingontheMulticastVLANs.Inamulticast
televisionapplication,aPCoranetworktelevisionoraset‐topboxcanreceivethemulticaststream.
Multipleset‐topboxesorPCscanbeconnectedtoonesubscriberport,whichisaswitchport
configuredasanMVRreceiverport.Whenasubscriberselectsachannel,theset‐topboxorPC
sendsanIGMP/MLDreportmessagetoSwitchAtojointheappropriatemulticastgroupaddress.
UplinkportsthatsendandreceivemulticastdatatoandfromthemulticastVLANarecalledMVR
sourceports.Itisallowedtocreateatmaximum8MVRVLANswithcorrespondingchannelsettings
foreachMulticastVLAN.Therewillbetotallyatmaximum256groupaddressesforchannelsettings.
MVRMode
Enable/DisabletheGlobalMVR.
TheUnregisteredFloodingcontroldependsonthecurrentconfigurationinIGMP/MLDSnooping.
ItissuggestedtoenableUnregisteredFloodingcontrolwhentheMVRgrouptableisfull.
Delete
Checktodeletetheentry.Thedesignatedentrywillbedeletedduringthenextsave.
MVRVID
SpecifytheMulticastVLANID.
Note:MVRsourceportsarenotrecommendedtobeoverlappedwithmanagementVLANports.
Chapter3:WebManagement
MVR
PoESwitchUserManual|124
MVRName
MVRNameisanoptionalattributetoindicatethenameofthespecificMVRVLAN.Maximumlength
oftheMVRVLANNamestringis32.MVRVLANNamecanonlycontainalphabetsornumbers.When
theoptionalMVRVLANnameisgiven,itshouldcontainatleastonealphabet.MVRVLANnamecan
beeditedfortheexistingMVRVLANentriesoritcanbeaddedtothenewentries.
Mode
SpecifytheMVRmodeofoperation.InDynamicmode,MVRallowsdynamicMVRmembership
reportsonsourceports.InCompatiblemode,MVRmembershipreportsareforbiddenonsource
ports.ThedefaultisDynamicmode.
Tagging
SpecifywhetherthetraversedIGMP/MLDcontrolframeswillbesentasUntaggedorTaggedwith
MVRVID.ThedefaultisTagged.
Priority
SpecifyhowthetraversedIGMP/MLDcontrolframeswillbesentinprioritizedmanner.Thedefault
Priorityis0.
LLQI
DefinethemaximumtimetowaitforIGMP/MLDreportmembershipsonareceiverportbefore
removingtheportfrommulticastgroupmembership.Thevalueisinunitsoftenthsofaseconds.
Therangeisfrom0to31744.ThedefaultLLQIis5tenthsorone‐halfsecond.
InterfaceChannelSetting
WhentheMVRVLANiscreated,clicktheEditsymboltoexpandthecorrespondingmulticast
channelsettingsforthespecificMVRVLAN.SummaryabouttheInterfaceChannelSetting(ofthe
MVRVLAN)willbeshownbesidestheEditsymbol.
DetailinformationregardingtotheInterfaceChannelSettingwillbecoveredonpage122.
Port
Thelogicalportforthesettings.
PortRole
ConfigureanMVRportofthedesignatedMVRVLANasoneofthefollowingroles.
Inactive(I):ThedesignatedportdoesnotparticipateMVRoperations.
Source(S):Configureuplinkportsthatreceiveandsendmulticastdataassourceports.
Subscriberscannotbedirectlyconnectedtosourceports.
Receiver(R):Configureaportasareceiverportifitisasubscriberportandshouldonly
receivemulticastdata.Itdoesnotreceivedataunlessitbecomesamemberofthemulticast
groupbyissuingIGMP/MLDmessages.
Chapter3:WebManagement
MVR
PoESwitchUserManual|125
Note:MVRsourceportsarenotrecommendedtobeoverlappedwithmanagementVLANports.
SelecttheportrolebyclickingtheRolesymboltoswitchthesetting.
ImmediateLeave
Enablethefastleaveontheport.
Buttons
AddNewNVRVLAN:ClicktoaddnewMVRVLAN.SpecifytheVIDandconfigurethenew
entry.Click"Save".
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
MVR
PoESwitchUserManual|126
ThispageprovidesMVRchannelsettingsforaspecificMVRVLAN.
Delete
Checktodeletetheentry.Thedesignatedentrywillbedeletedduringthenextsave.
VLANID
DisplaythespecificMulticastVLANID.Thisfieldisnoteditable.
VLANName
DisplaythenameofthespecificMulticastVLAN.Thisfieldisnoteditable.
StartAddress
ThestartingIPv4/IPv6MulticastGroupAddressthatwillbeusedasastreamingchannel.
EndAddress
TheendingIPv4/IPv6MulticastGroupAddressthatwillbeusedasastreamingchannel.
ChannelName
IndicatethenameoftheChannelofthespecificMulticastVLAN.MaximumlengthoftheChannel
Namestringis32.ChannelNamecanonlycontainalphabetsornumbers.Channelnameshould
containatleastonealphabet.ChannelnamecanbeeditedfortheexistingChannelentriesoritcan
beaddedtothenewentries.
Buttons
AddNewMVRChannel:ClicktoaddnewChannelforagivenMVRVLAN.SpecifytheAddress
andconfigurethenewentry.Click"Save"
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheMVRChannelConfigurationfora
specificMVRVLAN.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐BasicConfiguration
PoESwitchUserManual|127
3.1.9.Configuration‐IPMC
3.1.9.1.IPMC‐IGMPSnooping
3.1.9.1.1.IPMC‐IGMPSnooping‐BasicConfiguration
ThispageprovidesIGMPSnoopingrelatedconfiguration.
Mostofthesettingsareglobal,whereastheRouterPortconfigurationisrelatedtothecurrently
selectedstackunit,asreflectedbythepageheader.
SnoopingEnabled
EnabletheGlobalIGMPSnooping.
UnregisteredIPMCv4FloodingEnabled
EnableunregisteredIPMCv4trafficflooding.
ThefloodingcontroltakeseffectonlywhenIGMPSnoopingisenabled.
WhenIGMPSnoopingisdisabled,unregisteredIPMCv4trafficfloodingisalwaysactiveinspiteof
thissetting.
IGMPSSMRange
SSM(Source‐SpecificMulticast)RangeallowstheSSM‐awarehostsandroutersruntheSSM
servicemodelforthegroupsintheaddressrange.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐BasicConfiguration
PoESwitchUserManual|128
LeaveProxyEnabled
EnableIGMPLeaveProxy.Thisfeaturecanbeusedtoavoidforwardingunnecessaryleave
messagestotherouterside.
ProxyEnabled
EnableIGMPProxy.Thisfeaturecanbeusedtoavoidforwardingunnecessaryjoinandleave
messagestotherouterside.
RouterPort
Specifywhichportsactasrouterports.ArouterportisaportontheEthernetswitchthatleads
towardstheLayer3multicastdeviceorIGMPquerier.
Ifanaggregationmemberportisselectedasarouterport,thewholeaggregationwillactasa
routerport.
FastLeave
Enablethefastleaveontheport.
Throttling
Enabletolimitthenumberofmulticastgroupstowhichaswitchportcanbelong.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐VLANConfiguration
PoESwitchUserManual|129
3.1.9.1.2.IPMC‐IGMPSnooping‐VLANConfiguration
Eachpageshowsupto99entriesfromtheVLANtable,defaultbeing20,selectedthroughthe
"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entriesfrom
thebeginningoftheVLANTable.ThefirstdisplayedwillbetheonewiththelowestVLANIDfound
intheVLANTable.
The"VLAN"inputfieldsallowtheusertoselectthestartingpointintheVLANTable.Clickingthe
RefreshbuttonwillupdatethedisplayedtablestartingfromthatorthenextclosestVLANTable
match.
The>>|willusethelastentryofthecurrentlydisplayedentryasabasisforthenextlookup.When
theendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe<<buttonto
startover.
IGMPSnoopingVLANTableColumns
Delete
Checktodeletetheentry.Thedesignatedentrywillbedeletedduringthenextsave.
VLANID
TheVLANIDoftheentry.
IGMPSnoopingEnabled
Enabletheper‐VLANIGMPSnooping.Upto32VLANscanbeselectedforIGMPSnooping.
IGMPQuerier
EnabletheIGMPQuerierintheVLAN.
Compatibility
Compatibilityismaintainedbyhostsandrouterstakingappropriateactionsdependingonthe
versionsofIGMPoperatingonhostsandrouterswithinanetwork.Theallowedselectionis
IGMP‐Auto,ForcedIGMPv1,ForcedIGMPv2,ForcedIGMPv3,defaultcompatibilityvalueis
IGMP‐Auto.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐VLANConfiguration
PoESwitchUserManual|130
RV
RobustnessVariable.TheRobustnessVariableallowstuningfortheexpectedpacketlossona
network.Theallowedrangeis1to255,defaultrobustnessvariablevalueis2.
QI
QueryInterval.TheQueryIntervalistheintervalbetweenGeneralQueriessentbytheQuerier.
Theallowedrangeis1to31744seconds,defaultqueryintervalis125seconds.
QRI
QueryResponseInterval.TheMaximumResponseDelayusedtocalculatetheMaximumResponse
CodeinsertedintotheperiodicGeneralQueries.Theallowedrangeis0to31744intenthsof
seconds,defaultqueryresponseintervalis100intenthsofseconds(10seconds).
LLQI(LMQIforIGMP)
LastMemberQueryInterval.TheLastMemberQueryTimeisthetimevaluerepresentedbythe
LastMemberQueryInterval,multipliedbytheLastMemberQueryCount.Theallowedrangeis0
to31744intenthsofseconds,defaultlastmemberqueryintervalis10intenthsofseconds(1
second).
URI
UnsolicitedReportInterval.TheUnsolicitedReportIntervalisthetimebetweenrepetitionsofa
host'sinitialreportofmembershipinagroup.Theallowedrangeis0to31744seconds,default
unsolicitedreportintervalis1second.
Buttons
Refresh:Refreshesthedisplayedtablestartingfromthe"VLAN"inputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheVLANTable,i.e.theentrywiththe
lowestVLANID.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
AddNewIGMPVLAN:ClicktoaddnewIGMPVLAN.SpecifytheVIDandconfigurethenew
entry.Click"Save".ThespecificIGMPVLANstartsworkingafterthecorrespondingstatic
VLANisalsocreated.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐PortGroupFiltering
PoESwitchUserManual|131
3.1.9.1.3.IPMC‐IGMPSnooping‐PortGroupFiltering
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
Port
Thelogicalportforthesettings.
FilteringGroups
TheIPMulticastGroupthatwillbefiltered.
AddNewFilteringGroup
Click“AddNewFilteringGroup”buttontoaddanewentrytotheGroupFilteringtable.Specify
thePort,andFilteringGroupofthenewentry.Click"Save".
Buttons
AddNewFilteringGroup:ClicktoaddanewentrytotheGroupFilteringtable.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
IPMC‐MLDSnooping‐BasicConfiguration
PoESwitchUserManual|132
3.1.9.2.IPMC‐MLDSnooping
3.1.9.2.1.IPMC‐MLDSnooping‐BasicConfiguration
ThispageprovidesMLDSnoopingrelatedconfiguration.
Mostofthesettingsareglobal,whereastheRouterPortconfigurationisrelatedtothecurrently
selectedstackunit,asreflectedbythepageheader.
SnoopingEnabled
EnabletheGlobalMLDSnooping.
UnregisteredIPMCv6FloodingEnabled
EnableunregisteredIPMCv6trafficflooding.
ThefloodingcontroltakeseffectonlywhenMLDSnoopingisenabled.
WhenMLDSnoopingisdisabled,unregisteredIPMCv6trafficfloodingisalwaysactiveinspiteof
thissetting.
MLDSSMRange
SSM(Source‐SpecificMulticast)RangeallowstheSSM‐awarehostsandroutersruntheSSM
servicemodelforthegroupsintheaddressrange.
LeaveProxyEnabled
EnableMLDLeaveProxy.Thisfeaturecanbeusedtoavoidforwardingunnecessaryleavemessages
totherouterside.
ProxyEnabled
EnableMLDProxy.Thisfeaturecanbeusedtoavoidforwardingunnecessaryjoinandleave
Chapter3:WebManagement
IPMC‐MLDSnooping‐BasicConfiguration
PoESwitchUserManual|133
messagestotherouterside.
RouterPort
Specifywhichportsactasrouterports.ArouterportisaportontheEthernetswitchthatleads
towardstheLayer3multicastdeviceorMLDquerier.
Ifanaggregationmemberportisselectedasarouterport,thewholeaggregationwillactasa
routerport.
FastLeave
Enablethefastleaveontheport.
Throttling
Enabletolimitthenumberofmulticastgroupstowhichaswitchportcanbelong.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
IPMC‐MLDSnooping‐VLANConfiguration
PoESwitchUserManual|134
3.1.9.2.2.IPMC‐MLDSnooping‐VLANConfiguration
Eachpageshowsupto99entriesfromtheVLANtable,defaultbeing20,selectedthroughthe
"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entriesfrom
thebeginningoftheVLANTable.ThefirstdisplayedwillbetheonewiththelowestVLANIDfound
intheVLANTable.
The"VLAN"inputfieldsallowtheusertoselectthestartingpointintheVLANTable.Clickingthe
RefreshbuttonwillupdatethedisplayedtablestartingfromthatorthenextclosestVLANTable
match.
The>>|willusethelastentryofthecurrentlydisplayedentryasabasisforthenextlookup.When
theendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe<<buttonto
startover.
MLDSnoopingVLANTableColumns
Delete
Checktodeletetheentry.Thedesignatedentrywillbedeletedduringthenextsave.
VLANID
TheVLANIDoftheentry.
MLDSnoopingEnabled
Enabletheper‐VLANMLDSnooping.Upto32VLANscanbeselectedforMLDSnooping.
MLDQuerier
EnabletheIGMPQuerierintheVLAN.
Compatibility
Compatibilityismaintainedbyhostsandrouterstakingappropriateactionsdependingonthe
versionsofMLDoperatingonhostsandrouterswithinanetwork.Theallowedselectionis
MLD‐Auto,ForcedMLDv1,ForcedMLDv2,defaultcompatibilityvalueisMLD‐Auto.
RV
RobustnessVariable.TheRobustnessVariableallowstuningfortheexpectedpacketlossonalink.
Theallowedrangeis1to255,defaultrobustnessvariablevalueis2.
Chapter3:WebManagement
IPMC‐MLDSnooping‐VLANConfiguration
PoESwitchUserManual|135
QI
QueryInterval.TheQueryIntervalistheintervalbetweenGeneralQueriessentbytheQuerier.
Theallowedrangeis1to31744seconds,defaultqueryintervalis125seconds.
QRI
QueryResponseInterval.TheMaximumResponseDelayusedtocalculatetheMaximumResponse
CodeinsertedintotheperiodicGeneralQueries.Theallowedrangeis0to31744intenthsof
seconds,defaultqueryresponseintervalis100intenthsofseconds(10seconds).
LLQI
LastListenerQueryInterval.TheLastListenerQueryIntervalistheMaximumResponseDelayused
tocalculatetheMaximumResponseCodeinsertedintoMulticastAddressSpecificQueriessentin
responsetoVersion1MulticastListenerDonemessages.ItisalsotheMaximumResponseDelay
usedtocalculatetheMaximumResponseCodeinsertedintoMulticastAddressandSource
SpecificQuerymessages.Theallowedrangeis0to31744intenthsofseconds,defaultlastlistener
queryintervalis10intenthsofseconds(1second).
URI
UnsolicitedReportInterval.TheUnsolicitedReportIntervalisthetimebetweenrepetitionsofa
node'sinitialreportofinterestinamulticastaddress.Theallowedrangeis0to31744seconds,
defaultunsolicitedreportintervalis1second.
Buttons
Refresh:Refreshesthedisplayedtablestartingfromthe"VLAN"inputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheVLANTable,i.e.theentrywiththe
lowestVLANID.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
AddNewMLDVLAN:ClicktoaddnewMLDVLAN.SpecifytheVIDandconfigurethenew
entry.Click"Save".ThespecificMLDVLANstartsworkingafterthecorrespondingstatic
VLANisalsocreated.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
IPMC‐MLDSnooping‐PortGroupFiltering
PoESwitchUserManual|136
3.1.9.2.3.IPMC‐MLDSnooping‐PortGroupFiltering
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
Port
Thelogicalportforthesettings.
FilteringGroups
TheIPMulticastGroupthatwillbefiltered.
AddNewFilteringGroup
Click“AddNewFilteringGroup”buttontoaddanewentrytotheGroupFilteringtable.Specify
thePort,andFilteringGroupofthenewentry.Click"Save".
Buttons
AddNewFilteringGroup:ClicktoaddanewentrytotheGroupFilteringtable.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
LLDP‐LLDP
PoESwitchUserManual|137
3.1.10.Configuration‐LLDP
3.1.10.1.LLDP‐LLDP
ThispageallowstheusertoinspectandconfigurethecurrentLLDPportsettings.
LLDPParameters
TxInterval
TheswitchperiodicallytransmitsLLDPframestoitsneighborsforhavingthenetworkdiscovery
informationup‐to‐date.TheintervalbetweeneachLLDPframeisdeterminedbytheTxIntervalvalue.
Validvaluesarerestrictedto5‐32768seconds.
TxHold
EachLLDPframecontainsinformationabouthowlongtheinformationintheLLDPframeshallbe
consideredvalid.TheLLDPinformationvalidperiodissettoTxHoldmultipliedbyTxIntervalseconds.
Validvaluesarerestrictedto2‐10times.
TxDelay
Ifsomeconfigurationischanged(e.g.theIPaddress)anewLLDPframeistransmitted,butthetime
betweentheLLDPframeswillalwaysbeatleastthevalueofTxDelayseconds.TxDelaycannotbe
largerthan1/4 oftheTxIntervalvalue.Validvaluesarerestrictedto1‐8192seconds.
Chapter3:WebManagement
LLDP‐LLDP
PoESwitchUserManual|138
TxReinit
Whenaportisdisabled,LLDPisdisabledortheswitchisrebooted,anLLDPshutdownframeis
transmittedtotheneighboringunits,SignalingthattheLLDPinformationisn'tvalidanymore.Tx
ReinitcontrolstheamountofsecondsbetweentheshutdownframeandanewLLDPinitialization.
Validvaluesarerestrictedto1‐10seconds.
LLDPPortConfiguration
TheLLDPportsettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
TheswitchportnumberofthelogicalLLDPport.
Mode
SelectLLDPmode.
RxonlyTheswitchwillnotsendoutLLDPinformation,butLLDPinformationfromneighborunitsis
analyzed.
TxonlyTheswitchwilldropLLDPinformationreceivedfromneighbors,butwillsendoutLLDP
information.
DisabledTheswitchwillnotsendoutLLDPinformation,andwilldropLLDPinformationreceived
fromneighbors.
EnabledTheswitchwillsendoutLLDPinformation,andwillanalyzeLLDPinformationreceivedfrom
neighbors.
CDPAware
SelectCDPawareness.
TheCDPoperationisrestrictedtodecodingincomingCDPframes(Theswitchdoesn'ttransmitCDP
frames).CDPframesareonlydecodedifLLDPontheportisenabled.
OnlyCDPTLVsthatcanbemappedtoacorrespondingfieldintheLLDPneighbors'tablearedecoded.
AllotherTLVsarediscarded(UnrecognizedCDPTLVsanddiscardedCDPframesarenotshowninthe
LLDPstatistics.).CDPTLVsaremappedontoLLDPneighbors'tableasshownbelow.
CDPTLV"DeviceID"ismappedtotheLLDP"ChassisID"field.
CDPTLV"Address"ismappedtotheLLDP"ManagementAddress"field.TheCDPaddressTLVcan
containmultipleaddresses,butonlythefirstaddressisshownintheLLDPneighborstable.
CDPTLV"PortID"ismappedtotheLLDP"PortID"field.
Chapter3:WebManagement
LLDP‐LLDP
PoESwitchUserManual|139
CDPTLV"VersionandPlatform"ismappedtotheLLDP"SystemDescription"field.
BoththeCDPandLLDPsupport"systemcapabilities",buttheCDPcapabilitiescovercapabilitiesthat
arenotpartoftheLLDP.Thesecapabilitiesareshownas"others"intheLLDPneighbors'table.
IfallportshaveCDPawarenessdisabledtheswitchforwardsCDPframesreceivedfromneighbor
devices.IfatleastoneporthasCDPawarenessenabledallCDPframesareterminatedbytheswitch.
Note:WhenCDPawarenessonaportisdisabledtheCDPinformationisn'tremovedimmediately,
butgetsremovedwhentheholdtimeisexceeded.
PortDescr
OptionalTLV:Whencheckedthe"portdescription"isincludedinLLDPinformationtransmitted.
SysName
OptionalTLV:Whencheckedthe"systemname"isincludedinLLDPinformationtransmitted.
SysDescr
OptionalTLV:Whencheckedthe"systemdescription"isincludedinLLDPinformationtransmitted.
SysCapa
OptionalTLV:Whencheckedthe"systemcapability"isincludedinLLDPinformationtransmitted.
MgmtAddr
OptionalTLV:Whencheckedthe"managementaddress"isincludedinLLDPinformationtransmitted.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|140
3.1.10.2.LLDP‐LLDP‐MED
ThispageallowsyoutoconfiguretheLLDP‐MED.ThisfunctionappliestoVoIPdeviceswhichsupport
LLDP‐MED.
Faststartrepeatcount
Faststartrepeatcount
RapidstartupandEmergencyCallServiceLocationIdentificationDiscoveryofendpointsisacritically
importantaspectofVoIPsystemsingeneral.Inaddition,itisbesttoadvertiseonlythosepiecesof
informationwhicharespecificallyrelevanttoparticularendpointtypes(forexampleonlyadvertise
thevoicenetworkpolicytopermittedvoice‐capabledevices),bothinordertoconservethelimited
LLDPUspaceandtoreducesecurityandsystemintegrityissuesthatcancomewithinappropriate
knowledgeofthenetworkpolicy.
WiththisinmindLLDP‐MEDdefinesanLLDP‐MEDFastStartinteractionbetweentheprotocoland
theapplicationlayersontopoftheprotocol,inordertoachievetheserelatedproperties.Initially,a
NetworkConnectivityDevicewillonlytransmitLLDPTLVsinanLLDPDU.OnlyafteranLLDP‐MED
EndpointDeviceisdetected,willanLLDP‐MEDcapableNetworkConnectivityDevicestartto
advertiseLLDP‐MEDTLVsinoutgoingLLDPDUsontheassociatedport.TheLLDP‐MEDapplicationwill
temporarilyspeedupthetransmissionoftheLLDPDUtostartwithinasecond,whenanew
LLDP‐MEDneighborhasbeendetectedinordershareLLDP‐MEDinformationasfastaspossibleto
newneighbors.
BecausethereisariskofanLLDPframebeinglostduringtransmissionbetweenneighbors,itis
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|141
recommendedtorepeatthefaststarttransmissionmultipletimestoincreasethepossibilityofthe
neighborsreceivingtheLLDPframe.WithFaststartrepeatcountitispossibletospecifythenumber
oftimesthefaststarttransmissionwouldberepeated.Therecommendedvalueis4times,given
that4LLDPframeswitha1secondintervalwillbetransmitted,whenanLLDPframewithnew
informationisreceived.
ItshouldbenotedthatLLDP‐MEDandtheLLDP‐MEDFastStartmechanismisonlyintendedtorun
onlinksbetweenLLDP‐MEDNetworkConnectivityDevicesandEndpointDevices,andassuchdoes
notapplytolinksbetweenLANinfrastructureelements,includingNetworkConnectivityDevices,or
othertypesoflinks.
CoordinatesLocation
Latitude
LatitudeSHOULDbenormalizedtowithin0‐90degreeswithamaximumof4digits.Itispossibleto
specifythedirectiontoeitherNorthoftheequatororSouthoftheequator.
Longitude
LongitudeSHOULDbenormalizedtowithin0‐180degreeswithamaximumof4digits.Itispossible
tospecifythedirectiontoeitherEastoftheprimemeridianorWestoftheprimemeridian.
Altitude
AltitudeSHOULDbenormalizedtowithin‐32767to32767withamaximumof4digits.
Itispossibletoselectbetweentwoaltitudetypes(floorsormeters).
Meters:RepresentingmetersofAltitudedefinedbytheverticaldatumspecified.
Floors:Representingaltitudeinaformmorerelevantinbuildingswhichhavedifferent
floor‐to‐floordimensions.Analtitude=0.0ismeaningfulevenoutsideabuilding,and
representsgroundlevelatthegivenlatitudeandlongitude.Insideabuilding,0.0represents
thefloorlevelassociatedwithgroundlevelatthemainentrance.
MapDatum
TheMapDatumisusedforthecoordinatesgivenintheseoptions:
WGS84:(Geographical3D)‐WorldGeodesicSystem1984,CRSCode4327,PrimeMeridian
Name:Greenwich.
NAD83/NAVD88:NorthAmericanDatum1983,CRSCode4269,PrimeMeridianName:
Greenwich;TheassociatedverticaldatumistheNorthAmericanVerticalDatumof1988
(NAVD88).Thisdatumpairistobeusedwhenreferencinglocationsonland,notneartidal
water(whichwoulduseDatum=NAD83/MLLW).
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|142
NAD83/MLLW:NorthAmericanDatum1983,CRSCode4269,PrimeMeridianName:
Greenwich;TheassociatedverticaldatumisMeanLowerLowWater(MLLW).Thisdatumpair
istobeusedwhenreferencinglocationsonwater/sea/ocean.
CivicAddressLocation
IETFGeoprivCivicAddressbasedLocationConfigurationInformation(CivicAddressLCI).
Countrycode
Thetwo‐letterISO3166countrycodeincapitalASCIIletters‐Example:DK,DEorUS.
State
Nationalsubdivisions(state,canton,region,province,prefecture).
County
County,parish,gun(Japan),district.
City
City,township,shi(Japan)‐Example:Copenhagen.
Citydistrict
Citydivision,borough,citydistrict,ward,chou(Japan).
Block(Neighborhood)
Neighborhood,block.
Street
Street‐Example:Poppelvej.
Leadingstreetdirection
Leadingstreetdirection‐Example:N.
Trailingstreetsuffix
Trailingstreetsuffix‐Example:SW.
Streetsuffix
Streetsuffix‐Example:Ave,Platz.
Houseno.
Housenumber‐Example:21.
Houseno.suffix
Housenumbersuffix‐Example:A,1/2 .
Landmark
Landmarkorvanityaddress‐Example:ColumbiaUniversity.
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|143
Additionallocationinfo
Additionallocationinfo‐Example:SouthWing.
Name
Name(residenceandofficeoccupant)‐Example:FlemmingJahn.
Zipcode
Postal/zipcode‐Example:2791.
Building
Building(structure)‐Example:LowLibrary.
Apartment
Unit(Apartment,suite)‐Example:Apt42.
Floor
Floor‐Example:4.
Roomno.
Roomnumber‐Example:450F.
Placetype
Placetype‐Example:Office.
Postalcommunityname
Postalcommunityname‐Example:Leonia.
P.O.Box
Postofficebox(P.O.BOX)‐Example:12345.
Additionalcode
Additionalcode‐Example:1320300003.
EmergencyCallService
EmergencyCallService(e.g.E911andothers),suchasdefinedbyTIAorNENA.
EmergencyCallService
EmergencyCallServiceELINidentifierdataformatisdefinedtocarrytheELINidentifierasused
duringemergencycallsetuptoatraditionalCAMAorISDNtrunk‐basedPSAP.Thisformatconsistsof
anumericaldigitstring,correspondingtotheELINtobeusedforemergencycalling.
Policies
NetworkPolicyDiscoveryenablestheefficientdiscoveryanddiagnosisofmismatchissueswiththe
VLANconfiguration,alongwiththeassociatedLayer2andLayer3attributes,whichapplyforasetof
specificprotocolapplicationsonthatport.Impropernetworkpolicyconfigurationsareavery
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|144
significantissueinVoIPenvironmentsthatfrequentlyresultinvoicequalitydegradationorlossof
service.
Policiesareonlyintendedforusewithapplicationsthathavespecific'real‐time'networkpolicy
requirements,suchasinteractivevoiceand/orvideoservices.
Thenetworkpolicyattributesadvertisedare:
1. Layer2VLANID(IEEE802.1Q‐2003)
2. Layer2priorityvalue(IEEE802.1D‐2004)
3. Layer3Diffservcodepoint(DSCP)value(IETFRFC2474)
Thisnetworkpolicyispotentiallyadvertisedandassociatedwithmultiplesetsofapplicationtypes
supportedonagivenport.Theapplicationtypesspecificallyaddressedare:
1. Voice
2. GuestVoice
3. SoftphoneVoice
4. VideoConferencing
5. StreamingVideo
6. Control/Signaling(conditionallysupportaseparatenetworkpolicyforthemediatypesabove)
AlargenetworkmaysupportmultipleVoIPpoliciesacrosstheentireorganization,anddifferent
policiesperapplicationtype.LLDP‐MEDallowsmultiplepoliciestobeadvertisedperport,each
correspondingtoadifferentapplicationtype.DifferentportsonthesameNetworkConnectivity
Devicemayadvertisedifferentsetsofpolicies,basedontheauthenticateduseridentityorport
configuration.
ItshouldbenotedthatLLDP‐MEDisnotintendedtorunonlinksotherthanbetweenNetwork
ConnectivityDevicesandEndpoints,andthereforedoesnotneedtoadvertisethemultitudeof
networkpoliciesthatfrequentlyrunonanaggregatedlinkinteriortotheLAN.
Delete
Checktodeletethepolicy.Itwillbedeletedduringthenextsave.
PolicyID
IDforthepolicy.Thisisautogeneratedandshallbeusedwhenselectingthepolicesthatshallbe
mappedtothespecificports.
ApplicationType
Intendeduseoftheapplicationtypes:
1. Voice‐forusebydedicatedIPTelephonyhandsetsandothersimilarappliancessupporting
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|145
interactivevoiceservices.ThesedevicesaretypicallydeployedonaseparateVLANforeaseof
deploymentandenhancedsecuritybyisolationfromdataapplications.
2. VoiceSignaling(conditional)‐foruseinnetworktopologiesthatrequireadifferentpolicyforthe
voiceSignalingthanforthevoicemedia.Thisapplicationtypeshouldnotbeadvertisedifallthe
samenetworkpoliciesapplyasthoseadvertisedintheVoiceapplicationpolicy.
3. GuestVoice‐supportaseparate'limitedfeature‐set'voiceserviceforguestusersandvisitors
withtheirownIPTelephonyhandsetsandothersimilarappliancessupportinginteractivevoice
services.
4. GuestVoiceSignaling(conditional)‐foruseinnetworktopologiesthatrequireadifferentpolicy
fortheguestvoiceSignalingthanfortheguestvoicemedia.Thisapplicationtypeshouldnotbe
advertisedifallthesamenetworkpoliciesapplyasthoseadvertisedintheGuestVoice
applicationpolicy.
5. SoftphoneVoice‐forusebysoftphoneapplicationsontypicaldatacentricdevices,suchasPCs
orlaptops.ThisclassofendpointsfrequentlydoesnotsupportmultipleVLANs,ifatall,andare
typicallyconfiguredtousean'untagged'VLANorasingle'tagged'dataspecificVLAN.Whena
networkpolicyisdefinedforusewithan'untagged'VLAN(seeTaggedflagbelow),thentheL2
priorityfieldisignoredandonlytheDSCPvaluehasrelevance.
6. VideoConferencing‐forusebydedicatedVideoConferencingequipmentandothersimilar
appliancessupportingreal‐timeinteractivevideo/audioservices.
7. StreamingVideo‐forusebybroadcastormulticastbasedvideocontentdistributionandother
similarapplicationssupportingstreamingvideoservicesthatrequirespecificnetworkpolicy
treatment.VideoapplicationsrelyingonTCPwithbufferingwouldnotbeanintendeduseofthis
applicationtype.
8. VideoSignaling(conditional)‐foruseinnetworktopologiesthatrequireaseparatepolicyforthe
videoSignalingthanforthevideomedia.Thisapplicationtypeshouldnotbeadvertisedifallthe
samenetworkpoliciesapplyasthoseadvertisedintheVideoConferencingapplicationpolicy.
Tag
Tagindicatingwhetherthespecifiedapplicationtypeisusinga'tagged'oran'untagged'VLAN.
Untaggedindicatesthatthedeviceisusinganuntaggedframeformatandassuchdoesnotincludea
tagheaderasdefinedbyIEEE802.1Q‐2003.Inthiscase,boththeVLANIDandtheLayer2priority
fieldsareignoredandonlytheDSCPvaluehasrelevance.
Tag gedindicatesthatthedeviceisusingtheIEEE802.1Qtaggedframeformat,andthatboththe
VLANIDandtheLayer2priorityvaluesarebeingused,aswellastheDSCPvalue.Thetaggedformat
includesanadditionalfield,knownasthetagheader.Thetaggedframeformatalsoincludespriority
taggedframesasdefinedbyIEEE802.1Q‐2003.
Chapter3:WebManagement
LLDP‐LLDP‐MED
PoESwitchUserManual|146
VLANID
VLANidentifier(VID)fortheportasdefinedinIEEE802.1Q‐2003.
L2Priority
L2PriorityistheLayer2prioritytobeusedforthespecifiedapplicationtype.L2Prioritymayspecify
oneofeightprioritylevels(0through7),asdefinedbyIEEE802.1D‐2004.Avalueof0representsuse
ofthedefaultpriorityasdefinedinIEEE802.1D‐2004.
DSCP
DSCPvaluetobeusedtoprovideDiffservnodebehaviourforthespecifiedapplicationtypeas
definedinIETFRFC2474.DSCPmaycontainoneof64codepointvalues(0through63).Avalueof0
representsuseofthedefaultDSCPvalueasdefinedinRFC2475.
Addinganewpolicy
Click“AddNewPolicy”toaddanewpolicy.SpecifytheApplicationtype,Tag,VLANID,L2Priority
andDSCPforthenewpolicy.Click"Save".
Thenumberofpoliciessupportedis32
PortPoliciesConfiguration
Everyportmayadvertiseauniquesetofnetworkpoliciesordifferentattributesforthesame
networkpolicies,basedontheauthenticateduseridentityorportconfiguration.
Port
Theportnumbertowhichtheconfigurationapplies.
PolicyId
Thesetofpoliciesthatshallapplytoagivenport.Thesetofpoliciesisselectedbycheckmarkingthe
checkboxesthatcorrespondstothepolicies.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
PoE
PoESwitchUserManual|147
3.1.11.Configuration‐PoE
ThispageallowstheusertoinspectandconfigurethecurrentPoEportsettings.
PoweroverEthernetConfiguration
ReservedPowerdeterminedby
Therearethreemodesforconfiguringhowtheports/PDsmayreservepower.
1. Allocatedmode:Inthismodetheuserallocatestheamountofpowerthateachportmayreserve.
Theallocated/reservedpowerforeachport/PDisspecifiedintheMaximumPowerfields.
2. Classmode:Inthismodeeachportautomaticallydetermineshowmuchpowertoreserve
accordingtotheclasstheconnectedPDbelongsto,andreservesthepoweraccordingly.Four
differentportclassesexistandonefor4,7,15.4or30Watts.InthismodetheMaximumPower
fieldshavenoeffect.
3. LLDP‐MEDmode:ThismodeissimilartotheClassmodeexpectthateachportdeterminethe
amountpoweritreservesbyexchangingPoEinformationusingtheLLDPprotocolandreserves
poweraccordingly.IfnoLLDPinformationisavailableforaport,theportwillreservepower
usingtheclassmode.InthismodetheMaximumPowerfieldshavenoeffect
Forallmodes:Ifaportusesmorepowerthanthereservedpowerfortheport,theportisshutdown.
Chapter3:WebManagement
PoE
PoESwitchUserManual|148
PowerManagementMode
Thereare2modesforconfiguringwhentoshutdowntheports:
1. ActualConsumption:Inthismodetheportsareshutdownwhentheactualpowerconsumption
forallportsexceedstheamountofpowerthatthepowersupplycandeliveroriftheactual
powerconsumptionforagivenportexceedsthereservedpowerforthatport.Theportsareshut
downaccordingtotheportspriority.Iftwoportshavethesameprioritytheportwiththe
highestportnumberisshutdown.
2. ReservedPower:Inthismodetheportsareshutdownwhentotalreservedpoweredexceedsthe
amountofpowerthatthepowersupplycandeliver.Inthismodetheportpowerisnotturned
onifthePDrequestsmorepowerthanavailablefromthepowersupply.
PowerSupplyConfiguration
PrimaryandBackupPowerSource
SomeswitchessupporthavingtwoPoEpowersupplies.Oneisusedasprimarypowersource,and
oneasbackuppowersource.Iftheswitchdoesn'tsupportbackuppowersupplyonlytheprimary
powersupplysettingswillbeshown.Incasethattheprimarypowersourcefailsthebackuppower
sourcewilltakeover.ForbeingabletodeterminetheamountofpowerthePDmayuse,itmustbe
definedwhatamountofpowertheprimaryandbackuppowersourcescandeliver.
Validvaluesareintherange0to2000Watts.
PortConfiguration
Port
Thisisthelogicalportnumberforthisrow.
PortsthatarenotPoE‐capablearegrayedoutandthusimpossibletoconfigurePoEfor.
PoEMode
ThePoEModerepresentsthePoEoperatingmodefortheport.
Disabled:PoEdisabledfortheport.
PoE:EnablesPoEIEEE802.3af(Class4PDslimitedto15.4W)
PoE+:EnablesPoE+IEEE802.3at(Class4PDslimitedto30W)
Chapter3:WebManagement
PoE
PoESwitchUserManual|149
Priority
ThePriorityrepresentstheportspriority.TherearethreelevelsofpowerprioritynamedLow,High
andCritical.
Thepriorityisusedinthecasewheretheremotedevicesrequiresmorepowerthanthepower
supplycandeliver.Inthiscasetheportwiththelowestprioritywillbeturnoffstartingfromtheport
withthehighestportnumber.
MaximumPower
TheMaximumPowervaluecontainsanumericalvaluethatindicatesthemaximumpowerinwatts
thatcanbedeliveredtoaremotedevice.
Themaximumallowedvalueis30W.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
MACTable
PoESwitchUserManual|150
3.1.12.Configuration‐MACTable
TheMACAddressTableisconfiguredonthispage.SettimeoutsforentriesinthedynamicMACTable
andconfigurethestaticMACtablehere.
AgingConfiguration
Bydefault,dynamicentriesareremovedfromtheMACtableafter300seconds.Thisremovalisalso
calledaging.
Configureagingtimebyenteringavaluehereinseconds.Theallowedrangeis10to1000000
seconds.
Disabletheautomaticagingofdynamicentriesbycheckingthe“Disableautomaticaging”
checkbox..
MACTableLearning
Ifthelearningmodeforagivenportisgreyedout,anothermoduleisincontrolofthemode,sothat
itcannotbechangedbytheuser.AnexampleofsuchamoduleistheMAC‐BasedAuthentication
under802.1X.
Eachportcandolearningbaseduponthefollowingsettings:
Auto
LearningisdoneautomaticallyassoonasaframewithunknownSMACisreceived.
Disable
Nolearningisdone.
Chapter3:WebManagement
MACTable
PoESwitchUserManual|151
Secure
OnlystaticMACentriesarelearned,allotherframesaredropped.
Note:MakesurethatthelinkusedformanagingtheswitchisaddedtotheStaticMacTablebefore
changingtosecurelearningmode,otherwisethemanagementlinkislostandcanonlyberestored
byusinganothernon‐secureportorbyconnectingtotheswitchviatheserialinterface.
StaticMACTableConfiguration
ThestaticentriesintheMACtableareshowninthistable.ThestaticMACtablecancontain64
entries.
Themaximumof64entriesisforthewholestack,andnotperswitch.
TheMACtableissortedfirstbyVLANIDandthenbyMACaddress.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
VLANID
TheVLANIDoftheentry.
MACAddress
TheMACaddressoftheentry.
PortMembers
Checkmarksindicatewhichportsaremembersoftheentry.Checkoruncheckasneededtomodify
theentry.
AddingaNewStaticEntry
Click“AddNewStaticEntry”toaddanewentrytothestaticMACtable.SpecifytheVLANID,MAC
address,andportmembersforthenewentry.Click"Save".
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
VLANs‐VLANMembership
PoESwitchUserManual|152
3.1.13.Configuration‐VLANs
3.1.13.1.VLANs‐VLANMembership
TheVLANmembershipconfigurationfortheselectedstackswitchunitcanbemonitoredand
modifiedhere.Upto4096VLANsaresupported.ThispageallowsforaddinganddeletingVLANsas
wellasaddinganddeletingportmembersofeachVLAN.
NavigatingtheVLANTable
Eachpageshowsupto99entriesfromtheVLANtable,defaultbeing20,selectedthroughthe
"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entriesfromthe
beginningoftheVLANTable.ThefirstdisplayedwillbetheonewiththelowestVLANIDfoundinthe
VLANTable.
The"VLAN"inputfieldsallowtheusertoselectthestartingpointintheVLANTable.Clickingthe
“Refresh”buttonwillupdatethedisplayedtablestartingfromthatortheclosestnextVLANTable
match.The“>>”willusethelastentryofthecurrentlydisplayedVLANentryasabasisforthenext
lookup.Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe
“|<<”buttontostartover.
Delete
TodeleteaVLANentry,checkthisbox.Theentrywillbedeletedontheselectedswitchinthestack.
IfnoneoftheportsofthisswitcharemembersofaVLANthenthedeletecheckboxwillbegreyed
out(youcannotdeletethatentry.duringthenextSave.
VLANID
IndicatestheIDofthisparticularVLAN.
VLANName
IndicatesthenameoftheVLAN.MaximumlengthoftheVLANNameStringis32.VLANNamecanbe
null.Ifitisnotnull,itmustcontainalphabetsornumbers.Atleastonealphabetmustbepresentina
non‐nullVLANname.VLANnamecanbeeditedfortheexistingVLANentriesoritcanbeaddedto
thenewentries.
Chapter3:WebManagement
VLANs‐VLANMembership
PoESwitchUserManual|153
PortMembers
ArowofcheckboxesforeachportisdisplayedforeachVLANID.
ToincludeaportinaVLAN,checktheboxasport.
Toincludeaportinaforbiddenportlist,checktheboxasshownforbid.
ToremoveorexcludetheportfromtheVLAN,makesuretheboxisuncheckedasshownmenu_o.
Bydefault,noportsaremembers,andforeverynewVLANentryallboxesareunchecked.
AddingaNewVLAN
Click“AddNewVLAN”toaddanewVLANID.Anemptyrowisaddedtothetable,andtheVLANcan
beconfiguredasneeded.LegalvaluesforaVLANIDare1through4095.
TheVLANisenabledontheselectedstackswitchunitwhenyouclickon"Save".TheVLANis
thereafterpresentontheotherstackswitchunits,butwithnoportmembers.Thecheckboxis
greyedoutwhenVLANisdisplayedonotherstackedswitches,butusercanaddmemberportstoit.
The“Delete”buttoncanbeusedtoundotheadditionofnewVLANs.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Refresh:Refreshesthedisplayedtablestartingfromthe"VLANID"inputfields.
>>|:UpdatesthetablestartingfromthefirstentryintheVLANTable,i.e.theentrywiththe
lowestVLANID.
<<:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
VLANs‐Ports
PoESwitchUserManual|154
3.1.13.2.VLANs‐Ports
ThispageisusedforconfiguringtheselectedstackswitchunitportVLAN.
EthertypeforCustomS‐ports
ThisfieldspecifiestheethertypeusedforCustomS‐ports.ThisisaglobalsettingforalltheCustom
S‐ports.
Port
Thisisthelogicalportnumberofthisrow.
PortType
Portcanbeoneofthefollowingtypes:Unaware,Customerport(C‐port),Serviceport(S‐port),
CustomServiceport(S‐custom‐port)
IfPortTypeisUnaware,allframesareclassifiedtothePortVLANIDandtagsarenotremoved.
IngressFiltering
Enableingressfilteringonaportbycheckingthebox.ThisparameteraffectsVLANingressprocessing.
IfingressfilteringisenabledandtheingressportisnotamemberoftheclassifiedVLANoftheframe,
theframeisdiscarded.Bydefault,ingressfilteringisdisabled(nocheckmark).
FrameType
Determineswhethertheportacceptsallframesoronlytagged/untaggedframes.Thisparameter
affectsVLANingressprocessing.Iftheportonlyacceptstaggedframes,untaggedframesreceivedon
theportarediscarded.Bydefault,thefieldissettoAll.
PortVLANMode
ConfiguresthePortVLANMode.TheallowedvaluesareNoneorSpecific.Thisparameteraffects
VLANingressandegressprocessing.
IfNoneisselected,aVLANtagwiththeclassifiedVLANIDisinsertedinframestransmittedonthe
port.ThismodeisnormallyusedforportsconnectedtoVLANawareswitches.Txtagshouldbesetto
Chapter3:WebManagement
VLANs‐Ports
PoESwitchUserManual|155
Untag_pvidwhenthismodeisused.
IfSpecific(thedefaultvalue)isselected,aPortVLANIDcanbeconfigured(seebelow).Untagged
framesreceivedontheportareclassifiedtothePortVLANID.IfVLANawarenessisdisabled,all
framesreceivedontheportareclassifiedtothePortVLANID.IftheclassifiedVLANIDofaframe
transmittedontheportisdifferentfromthePortVLANID,aVLANtagwiththeclassifiedVLANIDis
insertedintheframe.
PortVLANID
ConfigurestheVLANidentifierfortheport.Theallowedvaluesarefrom1through4095.Thedefault
valueis1.
Note:TheportmustbeamemberofthesameVLANasthePortVLANID.
TxTag
Determinesegresstaggingofaport.Untag_pvid‐AllVLANsexcepttheconfiguredPVIDwillbe
tagged.Tag_all‐AllVLANsaretagged.Untag_all‐AllVLANsareuntagged.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
PrivateVLAN‐PortIsolation
PoESwitchUserManual|156
3.1.14.Configuration‐PrivateVLAN
3.1.14.1.PrivateVLAN‐PortIsolation
Overview
ThispageisusedforenablingordisablingportisolationonportsinaPrivateVLAN.
AportmemberofaVLANcanbeisolatedtootherisolatedportsonthesameVLAN.
Theportsettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Thisfeatureworksacrossthestack.
Configuration
PortMembers
AcheckboxisprovidedforeachportofaprivateVLAN.
Whenchecked,portisolationisenabledonthatport.
Whenunchecked,portisolationisdisabledonthatport.
Bydefault,portisolationisdisabledonallports.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
VCL‐MAC‐basedVLAN
PoESwitchUserManual|157
3.1.15.Configuration‐VCL
3.1.15.1.VCL‐MAC‐basedVLAN
TheMAC‐basedVLANentriescanbeconfiguredhere.Thispageallowsforaddinganddeleting
MAC‐basedVLANentriesandassigningtheentriestodifferentports.Thispageshowsonlystatic
entries.
Delete
TodeleteaMAC‐basedVLANentry,checkthisboxandpresssave.Theentrywillbedeletedonthe
selectedswitchinthestack.
MACAddress
IndicatestheMACaddress.
VLANID
IndicatestheVLANID.
PortMembers
ArowofcheckboxesforeachportisdisplayedforeachMAC‐basedVLANentry.Toincludeaportin
aMAC‐basedVLAN,checkthebox.To removeorexcludetheportfromtheMAC‐basedVLAN,make
suretheboxisunchecked.Bydefault,noportsaremembers,andallboxesareunchecked.
AddingaNewMAC‐basedVLAN
Click“AddingNewEntry”toaddanewMAC‐basedVLANentry.Anemptyrowisaddedtothetable,
andtheMAC‐basedVLANentrycanbeconfiguredasneeded.AnyunicastMACaddresscanbe
configuredfortheMAC‐basedVLANentry.NobroadcastormulticastMACaddressesareallowed.
LegalvaluesforaVLANIDare1through4095.
TheMAC‐basedVLANentryisenabledontheselectedstackswitchunitwhenyouclickon"Save".A
MAC‐basedVLANwithoutanyportmembersonanystackunitwillbedeletedwhenyouclick"Save".
The“Delete”buttoncanbeusedtoundotheadditionofnewMAC‐basedVLANs.Themaximum
possibleMAC‐basedVLANentriesarelimitedto256.
Chapter3:WebManagement
VCL‐MAC‐basedVLAN
PoESwitchUserManual|158
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
|<<:UpdatesthetablestartingfromthefirstentryintheMAC‐basedVLANTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
VCL‐Port‐basedVLAN‐ProtocoltoGroup
PoESwitchUserManual|159
3.1.15.2.VCL‐Port‐basedVLAN
3.1.15.2.1.VCL‐Port‐basedVLAN‐ProtocoltoGroup
ThispageallowsyoutoaddnewprotocolstoGroupName(uniqueforeachGroup)mapping
entriesaswellasallowyoutoseeanddeletealreadymappedentriesfortheselectedstackswitch
unit.
Delete
TodeleteaProtocoltoGroupNamemapentry,checkthisbox.Theentrywillbedeletedonthe
switchduringthenextSave.
FrameType
FrameTypecanhaveoneofthefollowingvalues:
1. Ethernet
2. LLC
3. SNAP
Note:OnchangingtheFrametypefield,validvalueofthefollowingtextfieldwillvarydepending
onthenewframetypeyouselected.
Value
Validvaluethatcanbeenteredinthistextfielddependsontheoptionselectedfromthethe
precedingFrameTypeselectionmenu.
BelowisthecriteriaforthreedifferentFrameTypes:
1. ForEthernet:ValuesinthetextfieldwhenEthernetisselectedasaFrameTypeiscalled
etype.Validvaluesforetyperangesfrom0x0600‐0xffff
2. ForLLC:Validvalueinthiscaseiscomprisedoftwodifferentsub‐values.
a. DSAP:1‐bytelongstring(0x00‐0xff)
b. SSAP:1‐bytelongstring(0x00‐0xff)
3. ForSNAP:Validvalueinthiscasealsoiscomprisedoftwodifferentsub‐values.
a. OUI:OUI(OrganizationallyUniqueIdentifier)isvalueinformatofxx‐xx‐xxwhereeachpair
(xx)instringisahexadecimalvaluerangesfrom0x00‐0xff.
b. PID:IftheOUIishexadecimal000000,theprotocolIDistheEthernettype(EtherType)field
Chapter3:WebManagement
VCL‐Port‐basedVLAN‐ProtocoltoGroup
PoESwitchUserManual|160
valuefortheprotocolrunningontopofSNAP;iftheOUIisanOUIforaparticular
organization,theprotocolIDisavalueassignedbythatorganizationtotheprotocol
runningontopofSNAP.
Inotherwords,ifvalueofOUIfieldis00‐00‐00thenvalueofPIDwillbeetype(0x0600‐0xffff)and
ifvalueofOUIisotherthan00‐00‐00thenvalidvalueofPIDwillbeanyvaluefrom0x0000to
0xffff.
GroupName
AvalidGroupNameisaunique16‐characterlongstringforeveryentrywhichconsistsofa
combinationofalphabets(a‐zorA‐Z)andintegers(0‐9).
Note:specialcharacterandunderscore(_)arenotallowed.
AddingaNewGrouptoVLANmappingentry
Click“AddNewEntry”toaddanewentryinmappingtable.Anemptyrowisaddedtothetable;
FrameType,ValueandtheGroupNamecanbeconfiguredasneeded.
The“Delete”buttoncanbeusedtoundotheadditionofnewentry.Themaximumpossible
ProtocoltoGroupmappingsarelimitedto128.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
VCL‐Port‐basedVLAN‐GrouptoVLAN
PoESwitchUserManual|161
3.1.15.2.2.VCL‐Port‐basedVLAN‐GrouptoVLAN
ThispageallowsyoutomapanalreadyconfiguredGroupNametoaVLANfortheselectedstack
switchunit.
Delete
TodeleteaGroupNametoVLANmapentry,checkthisbox.Theentrywillbedeletedonthe
switchduringthenextSave
GroupName
AvalidGroupNameisastringatthemost16characterswhichconsistsofacombinationof
alphabets(a‐zorA‐Z)andintegers(0‐9),nospecialcharacterisallowed.WhicheverGroupname
youtrymaptoaVLANmustbepresentinProtocoltoGroupmappingtableandmustnotbe
pre‐usedbyanyotherexistingmappingentryonthispage.
VLANID
IndicatestheIDtowhichGroupNamewillbemapped.AvalidVLANIDrangesfrom1‐4095.
PortMembers
ArowofcheckboxesforeachportisdisplayedforeachGroupNametoVLANIDmapping.To
includeaportinamapping,checkthebox.Toremoveorexcludetheportfromthemapping,
makesuretheboxisunchecked.Bydefault,noportsaremembers,andallboxesareunchecked.
AddingaNewGrouptoVLANmappingentry
Click“AddNewEntry”toaddanewentryinmappingtable.Anemptyrowisaddedtothetable,
theGroupName,VLANIDandportmemberscanbeconfiguredasneeded.Legalvaluesfora
VLANIDare1through4095.
The“Delete”buttoncanbeusedtoundotheadditionofnewentry.ThemaximumpossibleGroup
toVLANmappingsarelimitedto64.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
VCL‐IPSubnet‐basedVLAN
PoESwitchUserManual|162
3.1.15.3.VCL‐IPSubnet‐basedVLAN
TheIPsubnet‐basedVLANentriescanbeconfiguredhere.Thispageallowsforadding,updatingand
deletingIPsubnet‐basedVLANentriesandassigningtheentriestodifferentports.Thispageshows
onlystaticentries.
Delete
TodeleteaIPsubnet‐basedVLANentry,checkthisboxandpresssave.Theentrywillbedeletedon
theselectedswitchinthestack.
VCEID
Indicatestheindexoftheentry.Itisuserconfigurable.It'svaluerangesfrom0‐128.IfaVCEIDis0,
applicationwillauto‐generatetheVCEIDforthatentry.DeletionandlookupofIPsubnet‐based
VLANarebasedonVCEID.
IPAddress
IndicatestheIPaddress.
MaskLength
Indicatesthenetworkmasklength.
VLANID
IndicatestheVLANID.VLANIDcanbechangedfortheexistingentries.
PortMembers
ArowofcheckboxesforeachportisdisplayedforeachIPsubnet‐basedVLANentry.Toincludea
portinaIPsubnet‐basedVLAN,checkthebox.ToremoveorexcludetheportfromtheIP
subnet‐basedVLAN,makesuretheboxisunchecked.Bydefault,noportsaremembers,andall
boxesareunchecked.
AddingaNewIPsubnet‐basedVLAN
Click“AddNewEntry”toaddanewIPsubnet‐basedVLANentry.Anemptyrowisaddedtothetable,
andtheIPsubnet‐basedVLANentrycanbeconfiguredasneeded.AnyIPaddress/maskcanbe
configuredfortheIPsubnet‐basedVLANentry.LegalvaluesforaVLANIDare1through4095.
TheIPsubnet‐basedVLANentryisenabledontheselectedstackswitchunitwhenyouclickon
"Save".The“Delete”buttoncanbeusedtoundotheadditionofnewIPsubnet‐basedVLANs.The
maximumpossibleIPsubnet‐basedVLANentriesarelimitedto128.
Chapter3:WebManagement
VCL‐IPSubnet‐basedVLAN
PoESwitchUserManual|163
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Refreshesthedisplayedtable.
Chapter3:WebManagement
VoiceVLAN‐Configuration
PoESwitchUserManual|164
3.1.16.Configuration‐VoiceVLAN
3.1.16.1.VoiceVLAN‐Configuration
TheVoiceVLANfeatureenablesvoicetrafficforwardingontheVoiceVLAN,thentheswitchcanclassifyand
schedulenetworktraffic.ItisrecommendedthattherebetwoVLANsonaport‐oneforvoice,onefordata.
BeforeconnectingtheIPdevicetotheswitch,theIPphoneshouldconfigurethevoiceVLANIDcorrectly.It
shouldbeconfiguredthroughitsownGUI.
Mode
IndicatestheVoiceVLANmodeoperation.WemustdisableMSTPfeaturebeforeweenableVoice
VLAN.Itcanavoidtheconflictofingressfiltering.Possiblemodesare:
Enabled:EnableVoiceVLANmodeoperation.
Disabled:DisableVoiceVLANmodeoperation.
VLANID
IndicatestheVoiceVLANID.ItshouldbeauniqueVLANIDinthesystemandcannotequaleachportPVID.Itis
aconflictinconfigurationifthevalueequalsmanagementVID,MVRVID,PVIDetc.Theallowedrangeis1to
4095.
AgingTime
IndicatestheVoiceVLANsecurelearningagingtime.Theallowedrangeis10to10000000seconds.Itisused
whensecuritymodeorautodetectmodeisenabled.Inothercases,itwillbebasedonhardwareagingtime.
Theactualagingtimewillbesituatedbetweenthe[age_time;2*age_time]interval.
TrafficClass
IndicatestheVoiceVLANtrafficclass.AlltrafficontheVoiceVLANwillapplythisclass.
Chapter3:WebManagement
VoiceVLAN‐Configuration
PoESwitchUserManual|165
PortMode
IndicatestheVoiceVLANportmode.
Possibleportmodesare:
Disabled:DisjoinfromVoiceVLAN.
Auto:Enableautodetectmode.ItdetectswhetherthereisVoIPphoneattachedtothe
specificportandconfigurestheVoiceVLANmembersautomatically.
Forced:ForcejointoVoiceVLAN.
PortSecurity
IndicatestheVoiceVLANportsecuritymode.Whenthefunctionisenabled,allnon‐telephonicMAC
addressesintheVoiceVLANwillbeblockedfor10seconds.Possibleportmodesare:
Enabled:EnableVoiceVLANsecuritymodeoperation.
Disabled:DisableVoiceVLANsecuritymodeoperation.
PortDiscoveryProtocol
IndicatestheVoiceVLANportdiscoveryprotocol.Itwillonlyworkwhenautodetectmodeisenabled.
WeshouldenableLLDPfeaturebeforeconfiguringdiscoveryprotocolto"LLDP"or"Both".Changing
thediscoveryprotocolto"OUI"or"LLDP"willrestartautodetectprocess.Possiblediscovery
protocolsare:
OUI:DetecttelephonydevicebyOUIaddress.
LLDP:DetecttelephonydevicebyLLDP.
Both:BothOUIandLLDP.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
VoiceVLAN‐OUI
PoESwitchUserManual|166
3.1.16.2.VoiceVLAN‐OUI
ConfigureVOICEVLANOUItableonthispage.Themaximumnumberofentriesis16.Modifyingthe
OUItablewillrestartautodetectionofOUIprocess.
Delete
Checktodeletetheentry.Itwillbedeletedduringthenextsave.
Tel ephonyOUI
AtelephonyOUIaddressisagloballyuniqueidentifierassignedtoavendorbyIEEE.Itmustbe6
characterslongandtheinputformatis"xx‐xx‐xx"(xisahexadecimaldigit).
Description
ThedescriptionofOUIaddress.Normally,itdescribeswhichvendortelephonydeviceitbelongsto.
Theallowedstringlengthis0to32.
Buttons
AddNewEntry:Clicktoaddanewaccessmanagemententry.
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐PortClassification
PoESwitchUserManual|167
3.1.17.Configuration‐QoS
3.1.17.1.QoS‐PortClassification
ThispageallowsyoutoconfigurethebasicQoSIngressClassificationsettingsforallswitchports.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Theportnumberforwhichtheconfigurationbelowapplies.
QoSclass
ControlsthedefaultQoSclass.
AllframesareclassifiedtoaQoSclass.ThereisaonetoonemappingbetweenQoSclass,queueand
priority.AQoSclassof0(zero)hasthelowestpriority.
IftheportisVLANawareandtheframeistagged,thentheframeisclassifiedtoaQoSclassthatis
basedonthePCPvalueinthetagasshownbelow.Otherwisetheframeisclassifiedtothedefault
QoSclass.
PCPvalue:01234567
QoSclass:10234567
TheclassifiedQoSclasscanbeoverruledbyaQCLentry.
Note:IfthedefaultQoSclasshasbeendynamicallychanged,thentheactualdefaultQoSclassis
showninparenthesesaftertheconfigureddefaultQoSclass.
Chapter3:WebManagement
QoS‐PortClassification
PoESwitchUserManual|168
DPlevel
ControlsthedefaultDropPrecedenceLevel.
AllframesareclassifiedtoaDPlevel.
IftheportisVLANawareandtheframeistagged,thentheframeisclassifiedtoaDPlevelthatis
equaltotheDEIvalueinthetag.OtherwisetheframeisclassifiedtothedefaultDPlevel.
TheclassifiedDPlevelcanbeoverruledbyaQCLentry.
DSCPBased
ClicktoEnableDSCPBasedQoSIngressPortClassification.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐PortPolicing
PoESwitchUserManual|169
3.1.17.2.QoS‐PortPolicing
ThispageallowsyoutoconfigurethePolicersettingsforallswitchports.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Theportnumberforwhichtheconfigurationbelowapplies.
Enabled
Controlswhetherthepolicerisenabledonthisswitchport.
Rate
Controlstherateforthepolicer.Thedefaultvalueis500.Thisvalueisrestrictedto100‐1000000
whenthe"Unit"is"kbps"or"fps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps"or
"kfps".
Unit
Controlstheunitofmeasureforthepolicerrateaskbps,Mbps,fpsorkfps.Thedefaultvalueis
"kbps".
FlowControl
Ifflowcontrolisenabledandtheportisinflowcontrolmode,thenpauseframesaresentinsteadof
discardingframes.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐PortScheduler
PoESwitchUserManual|170
3.1.17.3.QoS‐PortScheduler
ThispageprovidesanoverviewofQoSEgressPortSchedulersforallswitchports.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Clickontheportnumberinordertoconfiguretheschedulers.
Mode
Showstheschedulingmodeforthisport.
Qn
Showstheweightforthisqueueandport.
Chapter3:WebManagement
QoS‐PortScheduler
PoESwitchUserManual|171
ThispageallowsyoutoconfiguretheSchedulerandShapersforaspecificport.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
SchedulerMode
Controlswhethertheschedulermodeis"StrictPriority"or"Weighted"onthisswitchport.
QueueShaperEnable
Controlswhetherthequeueshaperisenabledforthisqueueonthisswitchport.
QueueShaperRate
Controlstherateforthequeueshaper.Thedefaultvalueis500.Thisvalueisrestrictedto
100‐1000000whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
QueueShaperUnit
Controlstheunitofmeasureforthequeueshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
QueueShaperExcess
Controlswhetherthequeueisallowedtouseexcessbandwidth.
QueueSchedulerWeight
Controlstheweightforthisqueue.Thedefaultvalueis"17".Thisvalueisrestrictedto1‐100.This
parameterisonlyshownif"SchedulerMode"issetto"Weighted".
Chapter3:WebManagement
QoS‐PortScheduler
PoESwitchUserManual|172
QueueSchedulerPercent
Showstheweightinpercentforthisqueue.Thisparameterisonlyshownif"SchedulerMode"isset
to"Weighted".
PortShaperEnable
Controlswhethertheportshaperisenabledforthisswitchport.
PortShaperRate
Controlstheratefortheportshaper.Thedefaultvalueis500.Thisvalueisrestrictedto100‐1000000
whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
PortShaperUnit
Controlstheunitofmeasurefortheportshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:Clicktoundoanychangesmadelocallyandreturntothepreviouspage.
Chapter3:WebManagement
QoS‐PortScheduler
PoESwitchUserManual|173
ThispageallowsyoutoconfiguretheSchedulerandShapersforaspecificport.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
SchedulerMode
Controlswhethertheschedulermodeis"StrictPriority"or"Weighted"onthisswitchport.
QueueShaperEnable
Controlswhetherthequeueshaperisenabledforthisqueueonthisswitchport.
QueueShaperRate
Controlstherateforthequeueshaper.Thedefaultvalueis500.Thisvalueisrestrictedto
100‐1000000whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
QueueShaperUnit
Controlstheunitofmeasureforthequeueshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
QueueShaperExcess
Controlswhetherthequeueisallowedtouseexcessbandwidth.
QueueSchedulerWeight
Controlstheweightforthisqueue.Thedefaultvalueis"17".Thisvalueisrestrictedto1‐100.This
parameterisonlyshownif"SchedulerMode"issetto"Weighted".
Chapter3:WebManagement
QoS‐PortScheduler
PoESwitchUserManual|174
QueueSchedulerPercent
Showstheweightinpercentforthisqueue.Thisparameterisonlyshownif"SchedulerMode"isset
to"Weighted".
PortShaperEnable
Controlswhethertheportshaperisenabledforthisswitchport.
PortShaperRate
Controlstheratefortheportshaper.Thedefaultvalueis500.Thisvalueisrestrictedto100‐1000000
whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
PortShaperUnit
Controlstheunitofmeasurefortheportshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:Clicktoundoanychangesmadelocallyandreturntothepreviouspage.
Chapter3:WebManagement
QoS‐PortShaping
PoESwitchUserManual|175
3.1.17.4.QoS‐PortShaping
ThispageprovidesanoverviewofQoSEgressPortShapersforallswitchports.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Clickontheportnumberinordertoconfiguretheshapers.
Qn
Shows"disabled"oractualqueueshaperrate‐e.g."800Mbps".
Port
Shows"disabled"oractualportshaperrate‐e.g."800Mbps".
Chapter3:WebManagement
QoS‐PortShaping
PoESwitchUserManual|176
ThispageallowsyoutoconfiguretheSchedulerandShapersforaspecificport.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
SchedulerMode
Controlswhethertheschedulermodeis"StrictPriority"or"Weighted"onthisswitchport.
QueueShaperEnable
Controlswhetherthequeueshaperisenabledforthisqueueonthisswitchport.
QueueShaperRate
Controlstherateforthequeueshaper.Thedefaultvalueis500.Thisvalueisrestrictedto
100‐1000000whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
QueueShaperUnit
Controlstheunitofmeasureforthequeueshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
QueueShaperExcess
Controlswhetherthequeueisallowedtouseexcessbandwidth.
QueueSchedulerWeight
Controlstheweightforthisqueue.Thedefaultvalueis"17".Thisvalueisrestrictedto1‐100.This
parameterisonlyshownif"SchedulerMode"issetto"Weighted".
Chapter3:WebManagement
QoS‐PortShaping
PoESwitchUserManual|177
QueueSchedulerPercent
Showstheweightinpercentforthisqueue.Thisparameterisonlyshownif"SchedulerMode"isset
to"Weighted".
PortShaperEnable
Controlswhethertheportshaperisenabledforthisswitchport.
PortShaperRate
Controlstheratefortheportshaper.Thedefaultvalueis500.Thisvalueisrestrictedto100‐1000000
whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
PortShaperUnit
Controlstheunitofmeasurefortheportshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:Clicktoundoanychangesmadelocallyandreturntothepreviouspage.
Chapter3:WebManagement
QoS‐PortShaping
PoESwitchUserManual|178
ThispageallowsyoutoconfiguretheSchedulerandShapersforaspecificport.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
SchedulerMode
Controlswhethertheschedulermodeis"StrictPriority"or"Weighted"onthisswitchport.
QueueShaperEnable
Controlswhetherthequeueshaperisenabledforthisqueueonthisswitchport.
QueueShaperRate
Controlstherateforthequeueshaper.Thedefaultvalueis500.Thisvalueisrestrictedto
100‐1000000whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
QueueShaperUnit
Controlstheunitofmeasureforthequeueshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
QueueShaperExcess
Controlswhetherthequeueisallowedtouseexcessbandwidth.
QueueSchedulerWeight
Controlstheweightforthisqueue.Thedefaultvalueis"17".Thisvalueisrestrictedto1‐100.This
parameterisonlyshownif"SchedulerMode"issetto"Weighted".
Chapter3:WebManagement
QoS‐PortShaping
PoESwitchUserManual|179
QueueSchedulerPercent
Showstheweightinpercentforthisqueue.Thisparameterisonlyshownif"SchedulerMode"isset
to"Weighted".
PortShaperEnable
Controlswhethertheportshaperisenabledforthisswitchport.
PortShaperRate
Controlstheratefortheportshaper.Thedefaultvalueis500.Thisvalueisrestrictedto100‐1000000
whenthe"Unit"is"kbps",anditisrestrictedto1‐13200whenthe"Unit"is"Mbps".
PortShaperUnit
Controlstheunitofmeasurefortheportshaperrateas"kbps"or"Mbps".Thedefaultvalueis
"kbps".
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:Clicktoundoanychangesmadelocallyandreturntothepreviouspage.
Chapter3:WebManagement
QoS‐PortTagRemarking
PoESwitchUserManual|180
3.1.17.5.QoS‐PortTagRemarking
ThispageprovidesanoverviewofQoSEgressPortTagRemarkingforallswitchports.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Clickontheportnumberinordertoconfiguretagremarking.
Mode
Showsthetagremarkingmodeforthisport.
Classified:UseclassifiedPCP/DEIvalues.
Default:UsedefaultPCP/DEIvalues.
Mapped:UsemappedversionsofQoSclassandDPlevel.
Chapter3:WebManagement
QoS‐PortTagRemarking
PoESwitchUserManual|181
TheQoSEgressPortTagRemarkingforaspecificportareconfiguredonthispage.
Mode
Controlsthetagremarkingmodeforthisport.
Classified:UseclassifiedPCP/DEIvalues.
Default:UsedefaultPCP/DEIvalues.
Mapped:UsemappedversionsofQoSclassandDPlevel.
PCP/DEIConfiguration
ControlsthedefaultPCPandDEIvaluesusedwhenthemodeissettoDefault.
Chapter3:WebManagement
QoS‐PortTagRemarking
PoESwitchUserManual|182
DPlevelConfiguration
ControlstheDropPrecedenceleveltranslationtablewhenthemodeissettoMapped.
Thepurposeofthistableistoreducethe2bitclassifiedDPleveltoa1bitDPlevelusedinthe(QoS
class,DPlevel)to(PCP,DEI)mappingprocess.
(QoSclass,DPlevel)to(PCP,DEI)Mapping
Controlsthemappingoftheclassified(QoSclass,DPlevel)to(PCP,DEI)valueswhenthemodeisset
toMapped.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Cancel:Clicktoundoanychangesmadelocallyandreturntothepreviouspage.
Chapter3:WebManagement
QoS‐PortDSCP
PoESwitchUserManual|183
3.1.17.6.QoS‐PortDSCP
ThispageallowsyoutoconfigurethebasicQoSPortDSCPConfigurationsettingsforallswitchports.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
ThePortcolumnshowsthelistofportsforwhichyoucanconfiguredscpingressandegresssettings.
Ingress
InIngresssettingsyoucanchangeingresstranslationandclassificationsettingsforindividualports.
TherearetwoconfigurationparametersavailableinIngress:
1. Translate
2. Classify
1.Translate
ToEnabletheIngressTranslationclickthecheckbox.
2.Classify
Classificationforaporthave4differentvalues.
Disable:NoIngressDSCPClassification.
DSCP=0:Classifyifincoming(ortranslatedifenabled)DSCPis0.
Selected:ClassifyonlyselectedDSCPforwhichclassificationisenabledasspecifiedinDSCP
TranslationwindowforthespecificDSCP.
All:ClassifyallDSCP.
Chapter3:WebManagement
QoS‐PortDSCP
PoESwitchUserManual|184
Egress
PortEgressRewritingcanbeoneof‐
Disable:NoEgressrewrite.
Enable:Rewriteenabledwithoutremapping.
Remap:DSCPfromanalyzerisremappedandframeisremarkedwithremappedDSCPvalue.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐DSCP‐BasedQoS
PoESwitchUserManual|185
3.1.17.7.QoS‐DSCP‐BasedQoS
ThispageallowsyoutoconfigurethebasicQoSDSCPbasedQoSIngressClassificationsettingsforall
switches.
DSCP
MaximumnumberofsupportedDSCPvaluesare64.
Trust
ControlswhetheraspecificDSCPvalueistrusted.OnlyframeswithtrustedDSCPvaluesaremapped
toaspecificQoSclassandDropPrecedenceLevel.FrameswithuntrustedDSCPvaluesaretreatedas
anon‐IPframe.
QoSClass
QoSclassvaluecanbeanyof(0‐7)
DPL
DropPrecedenceLevel(0‐3)
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐DSCPTranslation
PoESwitchUserManual|186
3.1.17.8.QoS‐DSCPTranslation
ThispageallowsyoutoconfigurethebasicQoSDSCPTranslationsettingsforallswitches.DSCP
translationcanbedoneinIngressorEgress.
DSCP
MaximumnumberofsupportedDSCPvaluesare64andvalidDSCPvaluerangesfrom0to63.
Ingress
IngresssideDSCPcanbefirsttranslatedtonewDSCPbeforeusingtheDSCPforQoSclassandDPL
map.
TherearetwoconfigurationparametersforDSCPTranslation‐
1. Translate
2. Classify
1.Translate
DSCPatIngresssidecanbetranslatedtoanyof(0‐63)DSCPvalues.
2.Classify
ClicktoenableClassificationatIngressside.
Egress
ThereisthefollowingconfigurableparameterforEgressside‐
Remap
Remap
SelecttheDSCPvaluefromselectmenutowhichyouwanttoremap.DSCPvaluerangesform0to
63.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐DSCPClassification
PoESwitchUserManual|187
3.1.17.9.QoS‐DSCPClassification
ThispageallowsyoutoconfigurethemappingofQoSclasstoDSCPvalue.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
QoSClass
ActualQoSclass.
DSCP
SelecttheclassifiedDSCPvalue(0‐63).
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐StormControl
PoESwitchUserManual|188
3.1.17.10.QoS‐StormControl
Thispageallowsyoutoconfigurethestormcontrolsettingsforallswitchports.
Thereisastormratecontrolforunicastframes,broadcastframesandunknown(flooded)frames.
Thesettingsrelatetothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Theportnumberforwhichtheconfigurationbelowapplies.
Enabled
Controlswhetherthestormcontrolisenabledonthisswitchport.
Rate
Controlstherateforthestormcontrol.Thedefaultvalueis500.Thisvalueisrestrictedto
100‐1000000whenthe"Unit"is"kbps"or"fps",anditisrestrictedto1‐13200whenthe"Unit"is
"Mbps"or"kfps".
Unit
Controlstheunitofmeasureforthestormcontrolrateaskbps,Mbps,fpsorkfps.Thedefaultvalue
is"kbps".
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
QoS‐WRED
PoESwitchUserManual|189
3.1.17.11.QoS‐WRED
ThispageallowsyoutoconfiguretheRandomEarlyDetection(RED)settingsforqueue0to5.
REDcannotbeappliedtoqueue6and7.
ThroughdifferentREDconfigurationforthequeues(QoSclasses)itispossibletoobtainWeighted
RandomEarlyDetection(WRED)operationbetweenqueues.
Thesettingsareglobalforallportsinthestack.
Queue
Thequeuenumber(QoSclass)forwhichtheconfigurationbelowapplies.
Enable
ControlswhetherREDisenabledforthisqueue.
Min.Threshold
ControlsthelowerREDthreshold.Iftheaveragequeuefillinglevelisbelowthisthreshold,thedrop
probabilityiszero.Thisvalueisrestrictedto0‐100.
Max.DP1
ControlsthedropprobabilityforframesmarkedwithDropPrecedenceLevel1whentheaverage
queuefillinglevelis100%.Thisvalueisrestrictedto0‐100.
Max.DP2
ControlsthedropprobabilityforframesmarkedwithDropPrecedenceLevel2whentheaverage
queuefillinglevelis100%.Thisvalueisrestrictedto0‐100.
Max.DP3
ControlsthedropprobabilityforframesmarkedwithDropPrecedenceLevel3whentheaverage
queuefillinglevelis100%.Thisvalueisrestrictedto0‐100.
Chapter3:WebManagement
QoS‐WRED
PoESwitchUserManual|190
REDDropProbabilityFunction
Thefollowingillustrationshowsthedropprobabilityfunctionwithassociatedparameters.
REDDropProbabilityFunction
Max.DP1‐3isthedropprobabilitywhentheaveragequeuefillinglevelis100%.Framesmarkedwith
DropPrecedenceLevel0areneverdropped.Min.Thresholdistheaveragequeuefillinglevelwhere
thequeuesrandomlystartdroppingframes.ThedropprobabilityforframesmarkedwithDrop
PrecedenceLevelnincreaseslinearlyfromzero(atMin.Thresholdaveragequeuefillinglevel)toMax.
DPn(at100%averagequeuefillinglevel).
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Configuration‐Mirroring
PoESwitchUserManual|191
3.1.18.Configuration‐Mirroring
ConfigureportMirroringonthispage.
Todebugnetworkproblems,selectedtrafficcanbecopied,ormirrored,onamirrorportwherea
frameanalyzercanbeattachedtoanalyzetheframeflow.
Thetraffictobecopiedonthemirrorportisselectedasfollows:
Allframesreceivedonagivenport(alsoknownasingressorsourcemirroring).
Allframestransmittedonagivenport(alsoknownasegressordestinationmirroring).
Porttomirrorto
Porttomirroralsoknownasthemirrorport.Framesfromportsthathaveeithersource(rx)or
destination(tx)mirroringenabledaremirroredonthisport.Disableddisablesmirroring.
Switchtomirrorto
Framesfromportsthathaveeithersource(rx)ordestination(tx)mirroringenabledaremirroredto
thisswitch.
MirrorPortConfiguration
ThefollowingtableisusedforRxandTxenabling.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Chapter3:WebManagement
Configuration‐Mirroring
PoESwitchUserManual|192
Mode
Selectmirrormode.
Rxonly:Framesreceivedonthisportaremirroredonthemirrorport.Framestransmittedare
notmirrored.
Txonly:Framestransmittedonthisportaremirroredonthemirrorport.Framesreceivedare
notmirrored.
Disabled:Neitherframestransmittednorframesreceivedaremirrored.
Enabled:Framesreceivedandframestransmittedaremirroredonthemirrorport.
Note:Foragivenport,aframeisonlytransmittedonce.Itisthereforenotpossibletomirrormirror
portTxframes.Becauseofthis,modefortheselectedmirrorportislimitedtoDisabledorRxonly.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Configuration‐UPnP
PoESwitchUserManual|193
3.1.19.Configuration‐UPnP
ConfigureUPnPonthispage.
Mode
IndicatestheUPnPoperationmode.Possiblemodesare:
Enabled:EnableUPnPmodeoperation.
Disabled:DisableUPnPmodeoperation.
Whenthemodeisenabled,twoACEsareaddedautomaticallytotrapUPNPrelatedpacketstoCPU.
TheACEsareautomaticallyremovedwhenthemodeisdisabled.
TTL
TheTTLvalueisusedbyUPnPtosendSSDPadvertisementmessages.Validvaluesareintherange1
to255.
AdvertisingDuration
Theduration,carriedinSSDPpackets,isusedtoinformacontrolpointorcontrolpointshowoftenit
ortheyshouldreceiveanSSDPadvertisementmessagefromthisswitch.Ifacontrolpointdoesnot
receiveanymessagewithintheduration,itwillthinkthattheswitchnolongerexists.Duetothe
unreliablenatureofUDP,inthestandarditisrecommendedthatsuchrefreshingofadvertisements
tobedoneatlessthanone‐halfoftheadvertisingduration.Intheimplementation,theswitchsends
SSDPmessagesperiodicallyattheintervalone‐halfoftheadvertisingdurationminus30seconds.
Validvaluesareintherange100to86400.
Buttons
Save:Clicktosavechanges.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
Configuration‐sFlow
PoESwitchUserManual|194
3.1.20.Configuration‐sFlow
ThispageallowsforconfiguringsFlow.Theconfigurationisdividedintotwoparts:Configurationof
thesFlowreceiver(a.k.a.sFlowcollector)andconfigurationofper‐portflowandcountersamplers.
sFlowconfigurationisnotpersistedtonon‐volatilememory,whichmeansthatarebootormaster
changewilldisablesFlowsampling.
ReceiverConfiguration
Owner
Basically,sFlowcanbeconfiguredintwoways:ThroughlocalmanagementusingtheWeborCLI
interfaceorthroughSNMP.Thisread‐onlyfieldshowstheownerofthecurrentsFlowconfiguration
andassumesvaluesasfollows:
IfsFlowiscurrentlyunconfigured/unclaimed,Ownercontains<none>.
IfsFlowiscurrentlyconfiguredthroughWeborCLI,Ownercontains<Configuredthroughlocal
management>.
IfsFlowiscurrentlyconfiguredthroughSNMP,OwnercontainsastringidentifyingthesFlow
receiver.
IfsFlowisconfiguredthroughSNMP,allcontrols‐exceptfortheRelease‐button‐aredisabledto
avoidinadvertentreconfiguration.
The“Release”buttonallowsforreleasingthecurrentowneranddisablesFlowsampling.Thebutton
isdisabledifsFlowiscurrentlyunclaimed.IfconfiguredthroughSNMP,thereleasemustbe
Chapter3:WebManagement
Configuration‐sFlow
PoESwitchUserManual|195
confirmed(aconfirmationrequestwillappear).
IPAddress/Hostname
TheIPaddressorhostnameofthesFlowreceiver.BothIPv4andIPv6addressesaresupported.
UDPPort
TheUDPportonwhichthesFlowreceiverlistenstosFlowdatagrams.Ifsetto0(zero),thedefault
port(6343)isused.
Timeout
ThenumberofsecondsremainingbeforesamplingstopsandthecurrentsFlowownerisreleased.
Whileactive,thecurrenttimeleftcanbeupdatedwithaclickontheRefresh‐button.Iflocally
managed,thetimeoutcanbechangedontheflywithoutaffectinganyothersettings.
Max.DatagramSize
Themaximumnumberofdatabytesthatcanbesentinasinglesampledatagram.Thisshouldbeset
toavaluethatavoidsfragmentationofthesFlowdatagrams.Validrangeis200to1468byteswith
defaultbeing1400bytes.
PortConfiguration
Port
Theportnumberforwhichtheconfigurationbelowapplies.
FlowSamplerEnabled
Enables/disablesflowsamplingonthisport.
FlowSamplerSamplingRate
Thestatisticalsamplingrateforpacketsampling.SettoNtosampleonaverage1/ N t h ofthepackets
transmitted/receivedontheport.
Notallsamplingratesareachievable.Ifanunsupportedsamplingrateisrequested,theswitchwill
automaticallyadjustittotheclosestachievable.Thiswillbereportedbackinthisfield.
FlowSamplerMax.Header
ThemaximumnumberofbytesthatshouldbecopiedfromasampledpackettothesFlowdatagram.
Validrangeis14to200byteswithdefaultbeing128bytes.
Ifthemaximumdatagramsizedoesnottakeintoaccountthemaximumheadersize,samplesmaybe
dropped.
CounterPollerEnabled
Enables/disablescounterpollingonthisport.
CounterPollerInterval
Chapter3:WebManagement
Configuration‐sFlow
PoESwitchUserManual|196
Withcounterpollingenabled,thisspecifiestheinterval‐inseconds‐betweencounterpoller
samples.
Buttons
Release:SeedescriptionunderOwner.
Refresh:Clicktorefreshthepage.Notethatunsavedchangeswillbelost.
Save:Clicktosavechanges.NotethatsFlowconfigurationisnotpersistedtonon‐volatile
memory.
Reset:Clicktoundoanychangesmadelocallyandreverttopreviouslysavedvalues.
Chapter3:WebManagement
System‐Information
PoESwitchUserManual|197
3.2.WebManagement‐Monitor
Youcanmonitorandviewsystemstatushere.Also,allthesettingsyou’vemadeintheConfiguration
sectionofthemanagementwebpagecanbeviewedhereaswell.
3.2.1.Monitor‐System
3.2.1.1.System‐Information
Theswitchsysteminformationisprovidedhere.
Contact
ThesystemcontactconfiguredinConfiguration|System|Information|SystemContact.
Name
ThesystemnameconfiguredinConfiguration|System|Information|SystemName.
Location
ThesystemlocationconfiguredinConfiguration|System|Information|SystemLocation.
MACAddress
TheMACAddressofthisswitch.
SystemDate
Thecurrent(GMT)systemtimeanddate.ThesystemtimeisobtainedthroughtheTimingserver
runningontheswitch,ifany.
SystemUptime
Theperiodoftimethedevicehasbeenoperational.
SwitchID
TheswitchID.
ChipID
TheChipIDofthisswitch.
SoftwareVersion
Chapter3:WebManagement
System‐Information
PoESwitchUserManual|198
Thesoftwareversionofthisswitch.
SoftwareDate
Thedatewhentheswitchsoftwarewasproduced.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
System‐CPULoad
PoESwitchUserManual|199
3.2.1.2.System‐CPULoad
ThispagedisplaystheCPUload,usinganSVGgraph.
Theloadismeasuredasaveragedoverthelast100ms,1secand10secondsintervals.Thelast120
samplesaregraphed,andthelastnumbersaredisplayedastextaswell.
InordertodisplaytheSVGgraph,yourbrowsermustsupporttheSVGformat.ConsulttheSVGWiki
formoreinformationonbrowsersupport.Specifically,atthetimeofwriting,MicrosoftInternet
ExplorerwillneedtohaveaplugininstalledtosupportSVG.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Chapter3:WebManagement
System‐Log
PoESwitchUserManual|200
3.2.1.3.System‐Log
Theswitchsystemloginformationisprovidedhere.
ID
TheID(>=1)ofthesystemlogentry.
Level
Thelevelofthesystemlogentry.Thefollowingleveltypesaresupported:
Info:Informationlevelofthesystemlog.
Warning:Warninglevelofthesystemlog.
Error:Errorlevelofthesystemlog.
All:Alllevels.
Time
Thetimeofthesystemlogentry.
Message
Themessageofthesystemlogentry.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Updatesthesystemlogentries,startingfromthecurrententryID.
Clear:Flushestheselectedlogentries.
|<<:Updatesthesystemlogentries,startingfromthefirstavailableentryID.
<<:Updatesthesystemlogentries,endingatthelastentrycurrentlydisplayed.
>>:Updatesthesystemlogentries,startingfromthelastentrycurrentlydisplayed.
>>|:Updatesthesystemlogentries,endingatthelastavailableentryID.
Chapter3:WebManagement
System‐DetailedLog
PoESwitchUserManual|201
3.2.1.4.System‐DetailedLog
Theswitchsystemdetailedloginformationisprovidedhere.
ID
TheID(>=1)ofthesystemlogentry.
Message
Thedetailedmessageofthesystemlogentry.
Buttons
Refresh:UpdatesthesystemlogentrytothecurrententryID.
|<<:UpdatesthesystemlogentrytothefirstavailableentryID.
<<:UpdatesthesystemlogentrytothepreviousavailableentryID.
>>:UpdatesthesystemlogentrytothenextavailableentryID.
>>|:UpdatesthesystemlogentrytothelastavailableentryID.
Chapter3:WebManagement
Ports‐State
PoESwitchUserManual|202
3.2.2.Monitor‐Ports
3.2.2.1.Ports‐State
Thispageprovidesanoverviewofthecurrentswitchportstates.
Theportstatesareillustratedasfollows:
StatusDisabledDownLink
RJ45ports
SFPports
X2ports
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
Ports‐TrafficOverview
PoESwitchUserManual|203
3.2.2.2.Ports‐TrafficOverview
Thispageprovidesanoverviewofgeneraltrafficstatisticsforallswitchports.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Packets
Thenumberofreceivedandtransmittedpacketsperport.
Bytes
Thenumberofreceivedandtransmittedbytesperport.
Errors
Thenumberofframesreceivedinerrorandthenumberofincompletetransmissionsperport.
Drops
Thenumberofframesdiscardedduetoingressoregresscongestion.
Filtered
Thenumberofreceivedframesfilteredbytheforwardingprocess.
Buttons
Refresh:Clicktorefreshthepageimmediately.
Clear:Clearsthecountersforallports.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Chapter3:WebManagement
Ports‐TrafficOverview
PoESwitchUserManual|204
Chapter3:WebManagement
Ports‐QoSStatistics
PoESwitchUserManual|205
3.2.2.3.Ports‐QoSStatistics
Thispageprovidesstatisticsforthedifferentqueuesforallswitchports.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Qn
Thereare8QoSqueuesperport.Q0isthelowestpriorityqueue.
Rx/Tx
Thenumberofreceivedandtransmittedpacketsperqueue.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:Clearsthecountersforallports.
Chapter3:WebManagement
Ports‐DetailedStatistics
PoESwitchUserManual|206
3.2.2.4.Ports‐DetailedStatistics
Thispageprovidesdetailedtrafficstatisticsforaspecificswitchport.Usetheportselectboxtoselect
whichswitchportdetailstodisplay.
Theselectedportbelongstothecurrentlyselectedstackunit,asreflectedbythepageheader.
Thedisplayedcountersarethetotalsforreceiveandtransmit,thesizecountersforreceiveand
transmit,andtheerrorcountersforreceiveandtransmit.
ReceiveTotal andTransmitTota l
RxandTxPackets
Thenumberofreceivedandtransmitted(goodandbad)packets.
RxandTxOctets
Thenumberofreceivedandtransmitted(goodandbad)bytes.IncludesFCS,butexcludesframing
bits.
RxandTxUnicast
Thenumberofreceivedandtransmitted(goodandbad)unicastpackets.
RxandTxMulticast
Thenumberofreceivedandtransmitted(goodandbad)multicastpackets.
RxandTxBroadcast
Thenumberofreceivedandtransmitted(goodandbad)broadcastpackets.
Chapter3:WebManagement
Ports‐DetailedStatistics
PoESwitchUserManual|207
RxandTxPause
AcountoftheMACControlframesreceivedortransmittedonthisportthathaveanopcode
indicatingaPAUSEoperation.
ReceiveandTransmitSizeCounters
Thenumberofreceivedandtransmitted(goodandbad)packetssplitintocategoriesbasedontheir
respectiveframesizes.
ReceiveandTransmitQueueCounters
Thenumberofreceivedandtransmittedpacketsperinputandoutputqueue.
ReceiveErrorCounters
RxDrops
Thenumberofframesdroppedduetolackofreceivebuffersoregresscongestion.
RxCRC/Alignment
ThenumberofframesreceivedwithCRCoralignmenterrors.
RxUndersize
Thenumberofshort1framesreceivedwithvalidCRC.
RxOversize
Thenumberoflong2framesreceivedwithvalidCRC.
RxFragments
Thenumberofshort1framesreceivedwithinvalidCRC.
RxJabber
Thenumberoflong2framesreceivedwithinvalidCRC.
RxFiltered
Thenumberofreceivedframesfilteredbytheforwardingprocess.
Note1:Shortframesareframesthataresmallerthan64bytes.
Note2:Longframesareframesthatarelongerthantheconfiguredmaximumframelengthforthisport.
TransmitErrorCounters
TxDrops
Thenumberofframesdroppedduetooutputbuffercongestion.
TxLate/Exc.Coll.
Thenumberofframesdroppedduetoexcessiveorlatecollisions.
Chapter3:WebManagement
Ports‐DetailedStatistics
PoESwitchUserManual|208
Buttons
Refresh:Clicktorefreshthepageimmediately.
Clear:Clearsthecountersfortheselectedport.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Note:Theportselectboxdetermineswhichportisaffectedbyclickingthebuttons.
Chapter3:WebManagement
Security‐AccessManagementStatistics
PoESwitchUserManual|209
3.2.3.Monitor‐Security
3.2.3.1.Security‐AccessManagementStatistics
Thispageprovidesstatisticsforaccessmanagement.
Interface
Theinterfacetypethroughwhichtheremotehostcanaccesstheswitch.
ReceivedPackets
Numberofreceivedpacketsfromtheinterfacewhenaccessmanagementmodeisenabled.
AllowedPackets
Numberofallowedpacketsfromtheinterfacewhenaccessmanagementmodeisenabled.
DiscardedPackets
Numberofdiscardedpacketsfromtheinterfacewhenaccessmanagementmodeisenabled.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:Clearallstatistics.
Chapter3:WebManagement
Security‐Network‐PortSecurity‐Switch
PoESwitchUserManual|210
3.2.3.2.Security‐Network
3.2.3.2.1.Security‐Network‐PortSecurity‐Switch
ThispageshowsthePortSecuritystatus.PortSecurityisamodulewithnodirectconfiguration.
Configurationcomesindirectlyfromothermodules‐theusermodules.Whenausermodulehas
enabledportsecurityonaport,theportisset‐upforsoftware‐basedlearning.Inthismode,
framesfromunknownMACaddressesarepassedontotheportsecuritymodule,whichinturn
asksallusermoduleswhethertoallowthisnewMACaddresstoforwardorblockit.ForaMAC
addresstobesetintheforwardingstate,allenabledusermodulesmustunanimouslyagreeon
allowingtheMACaddresstoforward.Ifonlyonechoosestoblockit,itwillbeblockeduntilthat
usermoduledecidesotherwise.
Thestatuspageisdividedintotwosections‐onewithalegendofusermodulesandonewiththe
actualportstatus.
UserModuleLegend
ThelegendshowsallusermodulesthatmayrequestPortSecurityservices.
UserModuleName
ThefullnameofamodulethatmayrequestPortSecurityservices.
Chapter3:WebManagement
Security‐Network‐PortSecurity‐Switch
PoESwitchUserManual|211
Abbr
Aone‐letterabbreviationoftheusermodule.ThisisusedintheUserscolumnintheportstatus
table.
PortStatus
Thetablehasonerowforeachportontheselectedswitchinthestackandanumberofcolumns.
Port
Theportnumberforwhichthestatusapplies.Clicktheportnumbertoseethestatusforthis
particularport.
Users
EachoftheusermoduleshasacolumnthatshowswhetherthatmodulehasenabledPortSecurity
ornot.A'‐'meansthatthecorrespondingusermoduleisnotenabled,whereasaletterindicates
thattheusermoduleabbreviatedbythatletter(seeAbbr)hasenabledportsecurity.
State
Showsthecurrentstateoftheport.Itcantakeoneoffourvalues:
Disabled:NousermodulesarecurrentlyusingthePortSecurityservice.
Ready:ThePortSecurityserviceisinusebyatleastoneusermodule,andisawaiting
framesfromunknownMACaddressestoarrive.
LimitReached:ThePortSecurityserviceisenabledbyatleasttheLimitControlusermodule,
andthatmodulehasindicatedthatthelimitisreachedandnomoreMACaddressesshould
betakenin.
Shutdown:ThePortSecurityserviceisenabledbyatleasttheLimitControlusermodule,
andthatmodulehasindicatedthatthelimitisexceeded.NoMACaddressescanbelearned
ontheportuntilitisadministrativelyre‐openedontheLimitControlconfiguration
Web‐page.
MACCount(Current,Limit)
ThetwocolumnsindicatethenumberofcurrentlylearnedMACaddresses(forwardingaswellas
blocked)andthemaximumnumberofMACaddressesthatcanbelearnedontheport,
respectively.
Ifnousermodulesareenabledontheport,theCurrentcolumnwillshowadash(‐).
IftheLimitControlusermoduleisnotenabledontheport,theLimitcolumnwillshowadash(‐).
Chapter3:WebManagement
Security‐Network‐PortSecurity‐Switch
PoESwitchUserManual|212
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
Security‐Network‐PortSecurity‐Port
PoESwitchUserManual|213
3.2.3.2.2.Security‐Network‐PortSecurity‐Port
ThispageshowstheMACaddressessecuredbythePortSecuritymodule.PortSecurityisa
modulewithnodirectconfiguration.Configurationcomesindirectlyfromothermodules‐theuser
modules.Whenausermodulehasenabledportsecurityonaport,theportisset‐upfor
software‐basedlearning.Inthismode,framesfromunknownMACaddressesarepassedontothe
portsecuritymodule,whichinturnasksallusermoduleswhethertoallowthisnewMACaddress
toforwardorblockit.ForaMACaddresstobesetintheforwardingstate,allenableduser
modulesmustunanimouslyagreeonallowingtheMACaddresstoforward.Ifonlyonechoosesto
blockit,itwillbeblockeduntilthatusermoduledecidesotherwise.
MACAddress&VLANID
TheMACaddressandVLANIDthatisseenonthisport.IfnoMACaddressesarelearned,asingle
rowstating"NoMACaddressesattached"isdisplayed.
State
IndicateswhetherthecorrespondingMACaddressisblockedorforwarding.Intheblockedstate,it
willnotbeallowedtotransmitorreceivetraffic.
TimeofAddition
ShowsthedateandtimewhenthisMACaddresswasfirstseenontheport.
Age/Hold
IfatleastoneusermodulehasdecidedtoblockthisMACaddress,itwillstayintheblockedstate
untiltheholdtime(measuredinseconds)expires.Ifallusermoduleshavedecidedtoallowthis
MACaddresstoforward,andagingisenabled,thePortSecuritymodulewillperiodicallycheck
thatthisMACaddressstillforwardstraffic.Iftheageperiod(measuredinseconds)expiresandno
frameshavebeenseen,theMACaddresswillberemovedfromtheMACtable.Otherwiseanew
ageperiodwillbegin.
IfagingisdisabledorausermodulehasdecidedtoholdtheMACaddressindefinitely,adash(‐)
willbeshown.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
Security‐Network‐NAS‐Switch
PoESwitchUserManual|214
3.2.3.2.3.Security‐Network‐NAS‐Switch
ThispageprovidesanoverviewofthecurrentNASportstatesfortheselectedswitch.
Port
Theswitchportnumber.ClicktonavigatetodetailedNASstatisticsforthisport.
AdminState
Theport'scurrentadministrativestate.RefertoNASAdminStateforadescriptionofpossible
values.
PortState
Thecurrentstateoftheport.RefertoNASPortStateforadescriptionoftheindividualstates.
LastSource
ThesourceMACaddresscarriedinthemostrecentlyreceivedEAPOLframeforEAPOL‐based
authentication,andthemostrecentlyreceivedframefromanewclientforMAC‐based
authentication.
LastID
Theusername(supplicantidentity)carriedinthemostrecentlyreceivedResponseIdentityEAPOL
frameforEAPOL‐basedauthentication,andthesourceMACaddressfromthemostrecently
receivedframefromanewclientforMAC‐basedauthentication.
Chapter3:WebManagement
Security‐Network‐NAS‐Switch
PoESwitchUserManual|215
QoSClass
QoSClassassignedtotheportbytheRADIUSserverifenabled.
PortVLANID
TheVLANIDthatNAShasputtheportin.Thefieldisblank,ifthePortVLANIDisnotoverridden
byNAS.
IftheVLANIDisassignedbytheRADIUSserver,"(RADIUS‐assigned)"isappendedtotheVLANID.
ReadmoreaboutRADIUS‐assignedVLANshere.
IftheportismovedtotheGuestVLAN,"(Guest)"isappendedtotheVLANID.Readmoreabout
GuestVLANshere.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
Security‐Network‐NAS‐Port
PoESwitchUserManual|216
3.2.3.2.4.Security‐Network‐NAS‐Port
ThispageprovidesdetailedNASstatisticsforaspecificswitchportrunningEAPOL‐basedIEEE
802.1Xauthentication.ForMAC‐basedports,itshowsselectedbackendserver(RADIUS
AuthenticationServer)statisticsonly.
Usetheportselectboxtoselectwhichportdetailstobedisplayed.Theselectedportbelongsto
thecurrentlyselectedstackunitasreflectedbythetableheader.
PortState
AdminState
Theport'scurrentadministrativestate.RefertoNASAdminStateforadescriptionofpossible
values.
PortState
Thecurrentstateoftheport.RefertoNASPortStateforadescriptionoftheindividualstates.
QoSClass
TheQoSclassassignedbytheRADIUSserver.ThefieldisblankifnoQoSclassisassigned.
PortVLANID
TheVLANIDthatNAShasputtheportin.Thefieldisblank,ifthePortVLANIDisnotoverridden
byNAS.
IftheVLANIDisassignedbytheRADIUSserver,"(RADIUS‐assigned)"isappendedtotheVLANID.
ReadmoreaboutRADIUS‐assignedVLANshere.
IftheportismovedtotheGuestVLAN,"(Guest)"isappendedtotheVLANID.Readmoreabout
GuestVLANshere.
Chapter3:WebManagement
Security‐Network‐NAS‐Port
PoESwitchUserManual|217
PortCounters
EAPOLCounters
Thesesupplicantframecountersareavailableforthefollowingadministrativestates:
ForceAuthorized
ForceUnauthorized
Port‐based802.1X
Single802.1X
Multi802.1X
Chapter3:WebManagement
Security‐Network‐NAS‐Port
PoESwitchUserManual|218
BackendServerCounters
Thesebackend(RADIUS)framecountersareavailableforthefollowingadministrativestates:
Port‐based802.1X
Single802.1X
Multi802.1X
MAC‐basedAuth.
Chapter3:WebManagement
Security‐Network‐NAS‐Port
PoESwitchUserManual|219
LastSupplicant/ClientInfo
Informationaboutthelastsupplicant/clientthatattemptedtoauthenticate.Thisinformationis
availableforthefollowingadministrativestates:
Port‐based802.1X
Single802.1X
Multi802.1X
MAC‐basedAuth.
SelectedCounters
SelectedCounters
TheSelectedCounterstableisvisiblewhentheportisinoneofthefollowingadministrative
states:
Multi802.1X
MAC‐basedAuth.
ThetableisidenticaltoandisplacednexttothePortCounterstable,andwillbeemptyifnoMAC
addressiscurrentlyselected.Topopulatethetable,selectoneoftheattachedMACAddresses
fromthetablebelow.
AttachedMACAddresses
Identity
Showstheidentityofthesupplicant,asreceivedintheResponseIdentityEAPOLframe.
Clickingthelinkcausesthesupplicant'sEAPOLandBackendServercounterstobeshowninthe
SelectedCounterstable.Ifnosupplicantsareattached,itshowsNosupplicantsattached.
ThiscolumnisnotavailableforMAC‐basedAuth.
Chapter3:WebManagement
Security‐Network‐NAS‐Port
PoESwitchUserManual|220
MACAddress
ForMulti802.1X,thiscolumnholdstheMACaddressoftheattachedsupplicant.
ForMAC‐basedAuth.,thiscolumnholdstheMACaddressoftheattachedclient.
Clickingthelinkcausestheclient'sBackendServercounterstobeshownintheSelectedCounters
table.Ifnoclientsareattached,itshowsNoclientsattached.
VLANID
ThiscolumnholdstheVLANIDthatthecorrespondingclientiscurrentlysecuredthroughthePort
Securitymodule.
State
Theclientcaneitherbeauthenticatedorunauthenticated.Intheauthenticatedstate,itisallowed
toforwardframesontheport,andintheunauthenticatedstate,itisblocked.Aslongasthe
backendserverhasn'tsuccessfullyauthenticatedtheclient,itisunauthenticated.Ifan
authenticationfailsforoneortheotherreason,theclientwillremainintheunauthenticatedstate
forHoldTimeseconds.
LastAuthentication
Showsthedateandtimeofthelastauthenticationoftheclient(successfulaswellas
unsuccessful).
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:Thisbuttonisavailableinthefollowingmodes:
ForceAuthorized
ForceUnauthorized
Port‐based802.1X
Single802.1X
Clear:Clicktoclearthecountersfortheselectedport.
ClearAll:Thisbuttonisavailableinthefollowingmodes:
Multi802.1X
MAC‐basedAuth.X
ClearThis:Clicktoclearboththeportcountersandalloftheattachedclient'scounters.The
"LastClient"willnotbecleared,however.Thisbuttonisavailableinthefollowingmodes:
Multi802.1X
MAC‐basedAuth.X
Chapter3:WebManagement
Security‐Network‐ACLStatus
PoESwitchUserManual|221
3.2.3.2.5.Security‐Network‐ACLStatus
ThispageshowstheACLstatusbydifferentACLusers.EachrowdescribestheACEthatisdefined.
ItisaconflictifaspecificACEisnotappliedtothehardwareduetohardwarelimitations.The
maximumnumberofACEsis512oneachswitch.
User
IndicatestheACLuser.
IngressPort
IndicatestheingressportoftheACE.Possiblevaluesare:
All:TheACEwillmatchallingressport.
Port:TheACEwillmatchaspecificingressport.
FrameType
IndicatestheframetypeoftheACE.Possiblevaluesare:
Any:TheACEwillmatchanyframetype.
EType:TheACEwillmatchEthernetTypeframes.NotethatanEthernetTypebasedACEwill
notgetmatchedbyIPandARPframes.
ARP:TheACEwillmatchARP/RARPframes.
IPv4:TheACEwillmatchallIPv4frames.
IPv4/ICMP:TheACEwillmatchIPv4frameswithICMPprotocol.
IPv4/UDP:TheACEwillmatchIPv4frameswithUDPprotocol.
IPv4/TCP:TheACEwillmatchIPv4frameswithTCPprotocol.
IPv4/Other:TheACEwillmatchIPv4frames,whicharenotICMP/UDP/TCP.
IPv6:TheACEwillmatchallIPv6standardframes.
Action
IndicatestheforwardingactionoftheACE.
Permit:FramesmatchingtheACEmaybeforwardedandlearned.
Deny:FramesmatchingtheACEaredropped.
RateLimiter
IndicatestheratelimiternumberoftheACE.Theallowedrangeis1to16.WhenDisabledis
displayed,theratelimiteroperationisdisabled.
Chapter3:WebManagement
Security‐Network‐ACLStatus
PoESwitchUserManual|222
CPU
ForwardpacketthatmatchedthespecificACEtoCPU.
CPUOnce
ForwardfirstpacketthatmatchedthespecificACEtoCPU.
Counter
ThecounterindicatesthenumberoftimestheACEwashitbyaframe.
Conflict
IndicatesthehardwarestatusofthespecificACE.ThespecificACEisnotappliedtothehardware
duetohardwarelimitations.
Buttons
TheselectboxdetermineswhichACLuserisaffectedbyclickingthebuttons.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
Security‐Network‐DHCP‐SnoopingStatistics
PoESwitchUserManual|223
3.2.3.2.6.Security‐Network‐DHCP‐SnoopingStatistics
ThispageprovidesstatisticsforDHCPsnooping.Thestatisticsdoesn'tcounttheDHCPpacketsfor
systemDHCPclientorDHCPrelaymodeisenabled.
ReceiveandTransmitPackets
RxandTxDiscover
Thenumberofdiscover(option53withvalue1)packetsreceivedandtransmitted.
RxandTxOffer
Thenumberofoffer(option53withvalue2)packetsreceivedandtransmitted.
RxandTxRequest
Thenumberofrequest(option53withvalue3)packetsreceivedandtransmitted.
RxandTxDecline
Thenumberofdecline(option53withvalue4)packetsreceivedandtransmitted.
RxandTxACK
ThenumberofACK(option53withvalue5)packetsreceivedandtransmitted.
RxandTxNAK
ThenumberofNAK(option53withvalue6)packetsreceivedandtransmitted.
RxandTxRelease
Thenumberofrelease(option53withvalue7)packetsreceivedandtransmitted.
RxandTxInform
Thenumberofinform(option53withvalue8)packetsreceivedandtransmitted.
RxandTxLeaseQuery
Thenumberofleasequery(option53withvalue10)packetsreceivedandtransmitted.
RxandTxLeaseUnassigned
Thenumberofleaseunassigned(option53withvalue11)packetsreceivedandtransmitted.
Chapter3:WebManagement
Security‐Network‐DHCP‐SnoopingStatistics
PoESwitchUserManual|224
RxandTxLeaseUnknown
Thenumberofleaseunknown(option53withvalue12)packetsreceivedandtransmitted.
RxandTxLeaseActive
Thenumberofleaseactive(option53withvalue13)packetsreceivedandtransmitted.
Buttons
Theportselectboxdetermineswhichportisaffectedbyclickingthebuttons.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepage.
Clear:Clearsthecountersfortheselectedport.
Chapter3:WebManagement
Security‐Network‐DHCP‐RelayStatistics
PoESwitchUserManual|225
3.2.3.2.7.Security‐Network‐DHCP‐RelayStatistics
ThispageprovidesstatisticsforDHCPrelay.
ServerStatistics
TransmittoServer
Thenumberofpacketsthatarerelayedfromclienttoserver.
TransmitError
Thenumberofpacketsthatresultedinerrorswhilebeingsenttoclients.
ReceivefromServer
Thenumberofpacketsreceivedfromserver.
ReceiveMissingAgentOption
Thenumberofpacketsreceivedwithoutagentinformationoptions.
ReceiveMissingCircuitID
ThenumberofpacketsreceivedwiththeCircuitIDoptionmissing.
ReceiveMissingRemoteID
ThenumberofpacketsreceivedwiththeRemoteIDoptionmissing.
ReceiveBadCircuitID
ThenumberofpacketswhoseCircuitIDoptiondidnotmatchknowncircuitID.
ReceiveBadRemoteID
ThenumberofpacketswhoseRemoteIDoptiondidnotmatchknownRemoteID.
ClientStatistics
TransmittoClient
Thenumberofrelayedpacketsfromservertoclient.
TransmitError
Thenumberofpacketsthatresultedinerrorwhilebeingsenttoservers.
ReceivefromClient
Thenumberofreceivedpacketsfromserver.
Chapter3:WebManagement
Security‐Network‐DHCP‐RelayStatistics
PoESwitchUserManual|226
ReceiveAgentOption
Thenumberofreceivedpacketswithrelayagentinformationoption.
ReplaceAgentOption
Thenumberofpacketswhichwerereplacedwithrelayagentinformationoption.
KeepAgentOption
Thenumberofpacketswhoserelayagentinformationwasretained.
DropAgentOption
Thenumberofpacketsthatweredroppedwhichwerereceivedwithrelayagentinformation.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepage.
Clear:Clearallstatistics.
Chapter3:WebManagement
Security‐Network‐ARPInspection
PoESwitchUserManual|227
3.2.3.2.8.Security‐Network‐ARPInspection
EntriesintheDynamicARPInspectionTableareshownonthispage.TheDynamicARPInspection
Tablecontainsupto1024entries,andissortedfirstbyport,thenbyVLANID,thenbyMAC
address,andthenbyIPaddress.
NavigatingtheARPInspectionTable
Eachpageshowsupto99entriesfromtheDynamicARPInspectiontable,defaultbeing20,
selectedthroughthe"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthe
first20entriesfromthebeginningoftheDynamicARPInspectionTable.
The"Startfromportaddress","VLAN","MACaddress"and"IPaddress"inputfieldsallowtheuser
toselectthestartingpointintheDynamicARPInspectionTable.ClickingtheRefreshbuttonwill
updatethedisplayedtablestartingfromthatortheclosestnextDynamicARPInspectionTable
match.Inaddition,thetwoinputfieldswill‐uponaRefreshbuttonclick‐assumethevalueofthe
firstdisplayedentry,allowingforcontinuousrefreshwiththesamestartaddress.
The“<<”buttonwillusethelastentryofthecurrentlydisplayedtableasabasisforthenext
lookup.Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Use
the“>>|”buttontostartover.
ARPInspectionTableColumns
Port
SwitchPortNumberforwhichtheentriesaredisplayed.
VLANID
VLAN‐IDinwhichtheARPtrafficispermitted.
MACAddress
UserMACaddressoftheentry.
IPAddress
UserIPaddressoftheentry.
Chapter3:WebManagement
Security‐Network‐ARPInspection
PoESwitchUserManual|228
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
Clear:Flushesalldynamicentries.
|<<:UpdatesthetablestartingfromthefirstentryintheDynamicARPInspectionTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
Security‐Network‐IPSourceGuard
PoESwitchUserManual|229
3.2.3.2.9.Security‐Network‐IPSourceGuard
EntriesintheDynamicIPSourceGuardTable areshownonthispage.TheDynamicIPSource
GuardTableissortedfirstbyport,thenbyVLANID,thenbyIPaddress,andthenbyMACaddress.
NavigatingtheIPSourceGuardTabl e
Eachpageshowsupto99entriesfromtheDynamicIPSourceGuardtable,defaultbeing20,
selectedthroughthe"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthe
first20entriesfromthebeginningoftheDynamicIPSourceGuardTable.
The"Startfromportaddress","VLAN"and"IPaddress"inputfieldsallowtheusertoselectthe
startingpointintheDynamicIPSourceGuardTable.ClickingtheRefreshbuttonwillupdatethe
displayedtablestartingfromthatortheclosestnextDynamicIPSourceGuardTablematch.In
addition,thetwoinputfieldswill‐uponaRefreshbuttonclick‐assumethevalueofthefirst
displayedentry,allowingforcontinuousrefreshwiththesamestartaddress.
The>>willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.When
theendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe|<<button
tostartover.
IPSourceGuardTableColumns
Port
SwitchPortNumberforwhichtheentriesaredisplayed.
VLANID
VLAN‐IDinwhichtheIPtrafficispermitted.
IPAddress
UserIPaddressoftheentry.
MACAddress
SourceMACaddress.
Chapter3:WebManagement
Security‐Network‐IPSourceGuard
PoESwitchUserManual|230
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
Clear:Flushesalldynamicentries.
|<<:UpdatesthetablestartingfromthefirstentryintheDynamicIPSourceGuardTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
Security‐AAA‐RADIUSOverview
PoESwitchUserManual|231
3.2.3.3.Security‐Network
3.2.3.3.1.Security‐AAA‐RADIUSOverview
ThispageprovidesanoverviewofthestatusoftheRADIUSserversconfigurableonthe
Authenticationconfigurationpage.
RADIUSAuthenticationServers
#
TheRADIUSservernumber.Clicktonavigatetodetailedstatisticsforthisserver.
IPAddress
TheIPaddressandUDPportnumber(in<IPAddress>:<UDPPort>notation)ofthisserver.
Status
Thecurrentstatusoftheserver.Thisfieldtakesoneofthefollowingvalues:
Disabled:Theserverisdisabled.
NotReady:Theserverisenabled,butIPcommunicationisnotyetupandrunning.
Ready:Theserverisenabled,IPcommunicationisupandrunning,andtheRADIUSmodule
isreadytoacceptaccessattempts.
Dead(Xsecondsleft):Accessattemptsweremadetothisserver,butitdidnotreplywithin
theconfiguredtimeout.Theserverhastemporarilybeendisabled,butwillgetre‐enabled
whenthedead‐timeexpires.Thenumberofsecondsleftbeforethisoccursisdisplayedin
parentheses.Thisstateisonlyreachablewhenmorethanoneserverisenabled.
Chapter3:WebManagement
Security‐AAA‐RADIUSOverview
PoESwitchUserManual|232
RADIUSAccountingServers
#
TheRADIUSservernumber.Clicktonavigatetodetailedstatisticsforthisserver.
IPAddress
TheIPaddressandUDPportnumber(in<IPAddress>:<UDPPort>notation)ofthisserver.
Status
Thecurrentstatusoftheserver.Thisfieldtakesoneofthefollowingvalues:
Disabled:Theserverisdisabled.
NotReady:Theserverisenabled,butIPcommunicationisnotyetupandrunning.
Ready:Theserverisenabled,IPcommunicationisupandrunning,andtheRADIUSmodule
isreadytoacceptaccountingattempts.
Dead(Xsecondsleft):Accountingattemptsweremadetothisserver,butitdidnotreply
withintheconfiguredtimeout.Theserverhastemporarilybeendisabled,butwillget
re‐enabledwhenthedead‐timeexpires.Thenumberofsecondsleftbeforethisoccursis
displayedinparentheses.Thisstateisonlyreachablewhenmorethanoneserverisenabled.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
Security‐AAA‐RADIUSDetails
PoESwitchUserManual|233
3.2.3.3.2.Security‐AAA‐RADIUSDetails
ThispageprovidesdetailedstatisticsforaparticularRADIUSserver.
RADIUSAuthenticationStatistics
ThestatisticsmapcloselytothosespecifiedinRFC4668‐RADIUSAuthenticationClientMIB.
Usetheserverselectboxtoswitchbetweenthebackendserverstoshowdetailsfor.
PacketCounters
RADIUSauthenticationserverpacketcounter.Therearesevenreceiveandfourtransmitcounters.
Chapter3:WebManagement
Security‐AAA‐RADIUSDetails
PoESwitchUserManual|234
Chapter3:WebManagement
Security‐AAA‐RADIUSDetails
PoESwitchUserManual|235
OtherInfo
Thissectioncontainsinformationaboutthestateoftheserverandthelatestround‐triptime.
RADIUSAccountingStatistics
ThestatisticsmapcloselytothosespecifiedinRFC4670‐RADIUSAccountingClientMIB.
Usetheserverselectboxtoswitchbetweenthebackendserverstoshowdetailsfor.
PacketCounters
RADIUSaccountingserverpacketcounter.Therearefivereceiveandfourtransmitcounters.
Chapter3:WebManagement
Security‐AAA‐RADIUSDetails
PoESwitchUserManual|236
OtherInfo
Thissectioncontainsinformationaboutthestateoftheserverandthelatestround‐triptime.
Buttons
Theserverselectboxdetermineswhichserverisaffectedbyclickingthebuttons.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:Clearsthecountersfortheselectedserver.The"PendingRequests"counterwillnot
beclearedbythisoperation.
Chapter3:WebManagement
Security‐Switch‐RMON‐Statistics
PoESwitchUserManual|237
3.2.3.4.Security‐Switch‐RMON
3.2.3.4.1.Security‐Switch‐RMON‐Statistics
ThispageprovidesanoverviewofRMONStatisticsentries.Eachpageshowsupto99entriesfrom
theStatisticstable,defaultbeing20,selectedthroughthe"entriesperpage"inputfield.When
firstvisited,thewebpagewillshowthefirst20entriesfromthebeginningoftheStatisticstable.
ThefirstdisplayedwillbetheonewiththelowestIDfoundintheStatisticstable.
The"StartfromControlIndex"allowstheusertoselectthestartingpointintheStatisticstable.
ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthatorthenextclosest
Statisticstablematch.
The>>buttonwillusethelastentryofthecurrentlydisplayedentryasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe|<<
buttontostartover.
ID
IndicatestheindexofStatisticsentry.
DataSource(ifIndex)
TheportIDwhichwantstobemonitored.
Drop
Thetotalnumberofeventsinwhichpacketsweredroppedbytheprobeduetolackofresources.
Octets
Thetotalnumberofoctetsofdata(includingthoseinbadpackets)receivedonthenetwork.
Pkts
Thetotalnumberofpackets(includingbadpackets,broadcastpackets,andmulticastpackets)
received.
Broad‐cast
Thetotalnumberofgoodpacketsreceivedthatweredirectedtothebroadcastaddress.
Multi‐cast
Thetotalnumberofgoodpacketsreceivedthatweredirectedtoamulticastaddress.
Chapter3:WebManagement
Security‐Switch‐RMON‐Statistics
PoESwitchUserManual|238
CRCErrors
Thetotalnumberofpacketsreceivedthathadalength(excludingframingbits,butincludingFCS
octets)ofbetween64and1518octets,inclusive,buthadeitherabadFrameCheckSequence(FCS)
withanintegralnumberofoctets(FCSError)orabadFCSwithanon‐integralnumberofoctets
(AlignmentError).
Under‐size
Thetotalnumberofpacketsreceivedthatwerelessthan64octets.
Over‐size
Thetotalnumberofpacketsreceivedthatwerelongerthan1518octets.
Frag.
Thenumberofframeswhichsizeislessthan64octetsreceivedwithinvalidCRC.
Jabb.
Thenumberofframeswhichsizeislargerthan64octetsreceivedwithinvalidCRC.
Coll.
ThebestestimateofthetotalnumberofcollisionsonthisEthernetsegment.
64
Thetotalnumberofpackets(includingbadpackets)receivedthatwere64octetsinlength.
65~127
Thetotalnumberofpackets(includingbadpackets)receivedthatwerebetween65to127octets
inlength.
128~255
Thetotalnumberofpackets(includingbadpackets)receivedthatwerebetween128to255octets
inlength.
256~511
Thetotalnumberofpackets(includingbadpackets)receivedthatwerebetween256to511octets
inlength.
512~1023
Thetotalnumberofpackets(includingbadpackets)receivedthatwerebetween512to1023
octetsinlength.
1024~1588
Thetotalnumberofpackets(includingbadpackets)receivedthatwerebetween1024to1588
octetsinlength.
Chapter3:WebManagement
Security‐Switch‐RMON‐Statistics
PoESwitchUserManual|239
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
|<<:UpdatesthetablestartingfromthefirstentryintheStatisticstable,i.e.theentrywith
thelowestID.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
Security‐Switch‐RMON‐History
PoESwitchUserManual|240
3.2.3.4.2.Security‐Switch‐RMON‐History
ThispageprovidesanoverviewofRMONHistoryentries.Eachpageshowsupto99entriesfrom
theHistorytable,defaultbeing20,selectedthroughthe"entriesperpage"inputfield.Whenfirst
visited,thewebpagewillshowthefirst20entriesfromthebeginningoftheHistorytable.The
firstdisplayedwillbetheonewiththelowestHistoryIndexandSampleIndexfoundintheHistory
table.
The"StartfromHistoryIndexandSampleIndex"allowstheusertoselectthestartingpointinthe
Historytable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthatorthe
nextclosestHistorytablematch.
The“>>”willusethelastentryofthecurrentlydisplayedentryasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”
buttontostartover.
HistoryIndex
IndicatestheindexofHistorycontrolentry.
SampleIndex
Indicatestheindexofthedataentryassociatedwiththecontrolentry.
SampleStart
ThevalueofsysUpTimeatthestartoftheintervaloverwhichthissamplewasmeasured.
Drop
Thetotalnumberofeventsinwhichpacketsweredroppedbytheprobeduetolackofresources.
Octets
Thetotalnumberofoctetsofdata(includingthoseinbadpackets)receivedonthenetwork.
Pkts
Thetotalnumberofpackets(includingbadpackets,broadcastpackets,andmulticastpackets)
received.
Broadcast
Thetotalnumberofgoodpacketsreceivedthatweredirectedtothebroadcastaddress.
Multicast
Thetotalnumberofgoodpacketsreceivedthatweredirectedtoamulticastaddress.
Chapter3:WebManagement
Security‐Switch‐RMON‐History
PoESwitchUserManual|241
CRCErrors
Thetotalnumberofpacketsreceivedthathadalength(excludingframingbits,butincludingFCS
octets)ofbetween64and1518octets,inclusive,buthadeitherabadFrameCheckSequence(FCS)
withanintegralnumberofoctets(FCSError)orabadFCSwithanon‐integralnumberofoctets
(AlignmentError).
Undersize
Thetotalnumberofpacketsreceivedthatwerelessthan64octets.
Oversize
Thetotalnumberofpacketsreceivedthatwerelongerthan1518octets.
Frag.
Thenumberofframeswhichsizeislessthan64octetsreceivedwithinvalidCRC.
Jabb.
Thenumberofframeswhichsizeislargerthan64octetsreceivedwithinvalidCRC.
Coll.
ThebestestimateofthetotalnumberofcollisionsonthisEthernetsegment.
Utilization
Thebestestimateofthemeanphysicallayernetworkutilizationonthisinterfaceduringthis
samplinginterval,inhundredthsofapercent.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
|<<:UpdatesthetablestartingfromthefirstentryintheHistorytable,i.e.,theentrywith
thelowestHistoryIndexandSampleIndex
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
Security‐Switch‐RMON‐Alarm
PoESwitchUserManual|242
3.2.3.4.3.Security‐Switch‐RMON‐Alarm
ThispageprovidesanoverviewofRMONAlarmentries.Eachpageshowsupto99entriesfrom
theAlarmtable,defaultbeing20,selectedthroughthe"entriesperpage"inputfield.Whenfirst
visited,thewebpagewillshowthefirst20entriesfromthebeginningoftheAlarmtable.Thefirst
displayedwillbetheonewiththelowestIDfoundintheAlarmtable.
The"StartfromControlIndex"allowstheusertoselectthestartingpointintheAlarmtable.
ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthatorthenextclosest
Alarmtablematch.
The“>>”willusethelastentryofthecurrentlydisplayedentryasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”
buttontostartover.
ID
IndicatestheindexofAlarmcontrolentry.
Interval
Indicatestheintervalinsecondsforsamplingandcomparingtherisingandfallingthreshold.
Variable
Indicatestheparticularvariabletobesampled
SampleType
Themethodofsamplingtheselectedvariableandcalculatingthevaluetobecomparedagainst
thethresholds.
Value
Thevalueofthestatisticduringthelastsamplingperiod.
StartupAlarm
Thealarmthatmaybesentwhenthisentryisfirstsettovalid.
RisingThreshold
Risingthresholdvalue.
RisingIndex
Risingeventindex.
Chapter3:WebManagement
Security‐Switch‐RMON‐Alarm
PoESwitchUserManual|243
FallingThreshold
Fallingthresholdvalue.
FallingIndex
Fallingeventindex.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
|<<:UpdatesthetablestartingfromthefirstentryintheAlarmTable,i.e.theentrywiththe
lowestID.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
Security‐Switch‐RMON‐Events
PoESwitchUserManual|244
3.2.3.4.4.Security‐Switch‐RMON‐Events
ThispageprovidesanoverviewofRMONEventtableentries.Eachpageshowsupto99entries
fromtheEventtable,defaultbeing20,selectedthroughthe"entriesperpage"inputfield.When
firstvisited,thewebpagewillshowthefirst20entriesfromthebeginningoftheEventtable.The
firstdisplayedwillbetheonewiththelowestEventIndexandLogIndexfoundintheEventtable
table.
The"StartfromEventIndexandLogIndex"allowstheusertoselectthestartingpointintheEvent
table.ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthatorthenext
closestEventtablematch.
The“>>”willusethelastentryofthecurrentlydisplayedentryasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”
buttontostartover.
EventIndex
Indicatestheindexoftheevententry.
LogIndex
Indicatestheindexofthelogentry.
LogTIme
IndicatesEventlogtime
LogDescription
IndicatestheEventdescription.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccurs
every3seconds.
Refresh:Clicktorefreshthepageimmediately.
|<<:UpdatesthetablestartingfromthefirstentryintheEventTable,i.e.theentrywiththe
lowestEventIndexandLogIndex.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
LACP‐SystemStatus
PoESwitchUserManual|245
3.2.4.Monitor‐LACP
3.2.4.1.LACP‐SystemStatus
ThispageprovidesastatusoverviewforallLACPinstances.
AggrID
TheAggregationIDassociatedwiththisaggregationinstance.ForLLAGtheidisshownas
'isid:aggr‐id'andforGLAGsas'aggr‐id'
PartnerSystemID
ThesystemID(MACaddress)oftheaggregationpartner.
PartnerKey
TheKeythatthepartnerhasassignedtothisaggregationID.
Lastchanged
Thetimesincethisaggregationchanged.
LocalPorts
Showswhichportsareapartofthisaggregationforthisswitch/stack.Theformatis:"SwitchID:Port".
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
LACP‐PortStatus
PoESwitchUserManual|246
3.2.4.2.LACP‐PortStatus
ThispageprovidesastatusoverviewforLACPstatusforallports.
Port
Theswitchportnumber.
LACP
'Yes'meansthatLACPisenabledandtheportlinkisup.'No'meansthatLACPisnotenabledorthat
theportlinkisdown.'Backup'meansthattheportcouldnotjointheaggregationgroupbutwilljoin
ifotherportleaves.Meanwhileit'sLACPstatusisdisabled.
Key
Thekeyassignedtothisport.Onlyportswiththesamekeycanaggregatetogether.
AggrID
TheAggregationIDassignedtothisaggregationgroup.IDs1and2areGLAGswhileIDs3‐14are
LLAGs.
PartnerSystemID
Thepartner'sSystemID(MACaddress).
PartnerPort
Thepartner'sportnumberconnectedtothisport.
PartnerPrio
Thepartner'sportpriority.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
LACP‐PortStatistics
PoESwitchUserManual|247
3.2.4.3.LACP‐PortStatistics
ThispageprovidesanoverviewforLACPstatisticsforallports.
Port
Theswitchportnumber.
LACPReceived
ShowshowmanyLACPframeshavebeenreceivedateachport.
LACPTransmitted
ShowshowmanyLACPframeshavebeensentfromeachport.
Discarded
ShowshowmanyunknownorillegalLACPframeshavebeendiscardedateachport.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:Clearsthecountersforallports.
Chapter3:WebManagement
Monitor‐LoopProtection
PoESwitchUserManual|248
3.2.5.Monitor‐LoopProtection
Thispagedisplaystheloopprotectionportstatustheportsofthecurrentlyselectedswitch.
Port
Theswitchportnumberofthelogicalport.
Action
Thecurrentlyconfiguredportaction.
Transmit
Thecurrentlyconfiguredporttransmitmode.
Loops
Thenumberofloopsdetectedonthisport.
Status
Thecurrentloopprotectionstatusoftheport.
Loop
Whetheraloopiscurrentlydetectedontheport.
TimeofLastLoop
Thetimeofthelastloopeventdetected.
Buttons
Refresh:Clicktorefreshthepageimmediately.
Auto‐refresh:Checkthisboxtoenableanautomaticrefreshofthepageatregularintervals.
Chapter3:WebManagement
SpanningTree‐BridgeStatus
PoESwitchUserManual|249
3.2.6.Monitor‐SpanningTree
3.2.6.1.SpanningTree‐BridgeStatus
ThispageprovidesastatusoverviewofallSTPbridgeinstances.
ThedisplayedtablecontainsarowforeachSTPbridgeinstance,wherethecolumndisplaysthe
followinginformation:
MSTI
TheBridgeInstance.ThisisalsoalinktotheSTPDetailedBridgeStatus.
BridgeID
TheBridgeIDofthisBridgeinstance.
RootID
TheBridgeIDofthecurrentlyelectedrootbridge.
RootPort
Theswitchportcurrentlyassignedtherootportrole.
RootCost
RootPathCost.FortheRootBridgeitiszero.ForallotherBridges,itisthesumofthePortPathCosts
ontheleastcostpathtotheRootBridge.
Top ol og yFlag
ThecurrentstateoftheTopolo gyChangeFlagofthisBridgeinstance.
Top ol og yChangeLast
ThetimesincelastTop ologyChangeoccurred.
Buttons
Refresh:Clicktorefreshthepageimmediately.
Auto‐refresh:Checkthisboxtoenableanautomaticrefreshofthepageatregularintervals.
Chapter3:WebManagement
SpanningTree‐PortStatus
PoESwitchUserManual|250
3.2.6.2.SpanningTree‐PortStatus
ThispagedisplaystheSTPportstatisticscountersofbridgeportsinthecurrentlyselectedswitch.
Port
TheswitchportnumberofthelogicalSTPport.
MSTP
ThenumberofMSTPBPDU'sreceived/transmittedontheport.
RSTP
ThenumberofRSTPBPDU'sreceived/transmittedontheport.
STP
ThenumberoflegacySTPConfigurationBPDU'sreceived/transmittedontheport.
TCN
Thenumberof(legacy)Topo logyChangeNotificationBPDU'sreceived/transmittedontheport.
DiscardedUnknown
ThenumberofunknownSpanningTreeBPDU'sreceived(anddiscarded)ontheport.
DiscardedIllegal
ThenumberofillegalSpanningTreeBPDU'sreceived(anddiscarded)ontheport.
Buttons
Refresh:Clicktorefreshthepageimmediately.
Clear:Clicktoresetthecounters.
Auto‐refresh:Checkthisboxtoenableanautomaticrefreshofthepageatregularintervals.
Chapter3:WebManagement
SpanningTree‐PortStatistics
PoESwitchUserManual|251
3.2.6.3.SpanningTree‐PortStatistics
ThispagedisplaystheSTPportstatisticscountersofbridgeportsinthecurrentlyselectedswitch.
Port
TheswitchportnumberofthelogicalSTPport.
MSTP
ThenumberofMSTPBPDU'sreceived/transmittedontheport.
RSTP
ThenumberofRSTPBPDU'sreceived/transmittedontheport.
STP
ThenumberoflegacySTPConfigurationBPDU'sreceived/transmittedontheport.
TCN
Thenumberof(legacy)Topo logyChangeNotificationBPDU'sreceived/transmittedontheport.
DiscardedUnknown
ThenumberofunknownSpanningTreeBPDU'sreceived(anddiscarded)ontheport.
DiscardedIllegal
ThenumberofillegalSpanningTreeBPDU'sreceived(anddiscarded)ontheport.
Buttons
Refresh:Clicktorefreshthepageimmediately.
Clear:Clicktoresetthecounters.
Auto‐refresh:Checkthisboxtoenableanautomaticrefreshofthepageatregularintervals.
Chapter3:WebManagement
MVR‐Statistics
PoESwitchUserManual|252
3.2.7.Monitor‐MVR
3.2.7.1.MVR‐Statistics
ThispageprovidesMVRStatisticsinformation.
Thestatisticsisrelatedtothecurrentlyselectingstackunit,asreflectedbythepageheader.
VLANID
TheMulticastVLANID.
IGMP/MLDQueriesReceived
ThenumberofReceivedQueriesforIGMPandMLD,respectively.
IGMP/MLDQueriesTransmitted
ThenumberofTransmittedQueriesforIGMPandMLD,respectively.
IGMPv1JoinsReceived
ThenumberofReceivedIGMPv1Join's.
IGMPv2/MLDv1Report'sReceived
ThenumberofReceivedIGMPv2Join'sandMLDv1Report's,respectively.
IGMPv3/MLDv2Report'sReceived
ThenumberofReceivedIGMPv1Join'sandMLDv2Report's,respectively.
IGMPv2/MLDv1Leave'sReceived
ThenumberofReceivedIGMPv2Leave'sandMLDv1Done's,respectively.
Buttons
Auto‐refresh:Checkthisboxtoenableanautomaticrefreshofthepageatregularintervals.
Refresh:Clicktorefreshthepageimmediately.
Clear:ClearsallStatisticscounters.
Chapter3:WebManagement
MVR‐MVRChannelGroups
PoESwitchUserManual|253
3.2.7.2.MVR‐MVRChannelGroups
EntriesintheMVRChannels(Groups)InformationTableareshownonthispage.TheMVRChannels
(Groups)InformationTableissortedfirstbyVLANID,andthenbygroup.
NavigatingtheMVRChannels(Groups)InformationTable
Eachpageshowsupto99entriesfromtheMVRGrouptable,defaultbeing20,selectedthroughthe
"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entriesfromthe
beginningoftheMVRChannels(Groups)InformationTable.The"StartfromVLAN",and"Group
Address"inputfieldsallowtheusertoselectthestartingpointintheMVRChannels(Groups)
InformationTable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthator
theclosestnextMVRChannels(Groups)InformationTablematch.Inaddition,thetwoinputfields
will‐uponaRefreshbuttonclick‐assumethevalueofthefirstdisplayedentry,allowingfor
continuousrefreshwiththesamestartaddress.
The“>>”willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.When
theendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”button
tostartover.
MVRChannels(Groups)InformationTableColumns
VLANID
VLANIDofthegroup.
Groups
GroupIDofthegroupdisplayed.
PortMembers
Portsunderthisgroup.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheMVRChannels(Groups)Information
Table.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
MVR‐MVRSFMInformation
PoESwitchUserManual|254
3.2.7.3.MVR‐MVRSFMInformation
EntriesintheMVRSFMInformationTableareshownonthispage.TheMVRSFM(Source‐Filtered
Multicast)InformationTablealsocontainstheSSM(Source‐SpecificMulticast)information.Thistable
issortedfirstbyVLANID,thenbygroup,andthenbyPort.Differentsourceaddressesbelongtothe
samegrouparetreatedassingleentry.
NavigatingtheMVRSFMInformationTable
Eachpageshowsupto99entriesfromtheMVRSFMInformationTable,defaultbeing20,selected
throughthe"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20
entriesfromthebeginningoftheMVRSFMInformationTable.
The"StartfromVLAN",and"GroupAddress"inputfieldsallowtheusertoselectthestartingpointin
theMVRSFMInformationTable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestarting
fromthatortheclosestnextMVRSFMInformationTablematch.Inaddition,thetwoinputfieldswill
‐uponaRefreshbuttonclick‐assumethevalueofthefirstdisplayedentry,allowingforcontinuous
refreshwiththesamestartaddress.
The“>>”willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.When
theendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”button
tostartover.
MVRSFMInformationTableColumns
VLANID
VLANIDofthegroup.
Group
Groupaddressofthegroupdisplayed.
Port
Switchportnumber.
Mode
Indicatesthefilteringmodemaintainedper(VLANID,portnumber,GroupAddress)basis.Itcanbe
eitherIncludeorExclude.
SourceAddress
Chapter3:WebManagement
MVR‐MVRSFMInformation
PoESwitchUserManual|255
IPAddressofthesource.Currently,systemlimitsthetotalnumberofIPsourceaddressesforfiltering
tobe128.Whenthereisnoanysourcefilteringaddress,thetext"None"isshownintheSource
Addressfield.
Type
IndicatestheType.ItcanbeeitherAlloworDeny.
HardwareFilter/Switch
IndicateswhetherdataplanedestinedtothespecificgroupaddressfromthesourceIPv4/IPv6
addresscouldbehandledbychipornot.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheMVRSFMInformationTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed
Chapter3:WebManagement
IPMC‐IGMPSnooping‐Status
PoESwitchUserManual|256
3.2.8.Monitor‐IPMC
3.2.8.1.IPMC‐IGMPSnooping
3.2.8.1.1.IPMC‐IGMPSnooping‐Status
ThispageprovidesIGMPSnoopingstatus.
Thestatusrelatedtothecurrentlyselectedstackunit,asreflectedbythepageheader.
VLANID
TheVLANIDoftheentry.
QuerierVersion
WorkingQuerierVersioncurrently.
HostVersion
WorkingHostVersioncurrently.
QuerierStatus
ShowstheQuerierstatusis"ACTIVE"or"IDLE".
"DISABLE"denotesthespecificinterfaceisadministrativelydisabled.
QueriesTransmitted
ThenumberofTransmittedQueries.
QueriesReceived
ThenumberofReceivedQueries.
V1ReportsReceived
ThenumberofReceivedV1Reports.
V2ReportsReceived
ThenumberofReceivedV2Reports.
V3ReportsReceived
ThenumberofReceivedV3Reports.
V2LeavesReceived
ThenumberofReceivedV2Leaves.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐Status
PoESwitchUserManual|257
RouterPort
Displaywhichportsactasrouterports.ArouterportisaportontheEthernetswitchthatleads
towardstheLayer3multicastdeviceorIGMPquerier.
Staticdenotesthespecificportisconfiguredtobearouterport.
Dynamicdenotesthespecificportislearnttobearouterport.
Bothdenotethespecificportisconfiguredorlearnttobearouterport.
Port
Switchportnumber.
Status
Indicatewhetherspecificportisarouterportornot.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:ClearsallStatisticscounters.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐GroupsInformation
PoESwitchUserManual|258
3.2.8.1.2.IPMC‐IGMPSnooping‐GroupsInformation
EntriesintheIGMPGroupTableareshownonthispage.TheIGMPGroupTableissortedfirstby
VLANID,andthenbygroup.
NavigatingtheIGMPGroupTable
Eachpageshowsupto99entriesfromtheIGMPGrouptable,defaultbeing20,selectedthrough
the"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entries
fromthebeginningoftheIGMPGroupTable.The"StartfromVLAN",and"group"inputfields
allowtheusertoselectthestartingpointintheIGMPGroupTable.ClickingtheRefreshbuttonwill
updatethedisplayedtablestartingfromthatortheclosestnextIGMPGroupTablematch.In
addition,thetwoinputfieldswill‐uponaRefreshbuttonclick‐assumethevalueofthefirst
displayedentry,allowingforcontinuousrefreshwiththesamestartaddress.
The>>willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.When
theendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe|<<button
tostartover.
IGMPGroupTableColumns
VLANID
VLANIDofthegroup.
Groups
Groupaddressofthegroupdisplayed.
PortMembers
Portsunderthisgroup.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:Updatesthetable,startingwiththefirstentryintheIGMPGroupTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
IPMC‐IGMPSnooping‐IPv4SFMInformation
PoESwitchUserManual|259
3.2.8.1.3.IPMC‐IGMPSnooping‐IPv4SFMInformation
EntriesintheIGMPSFMInformationTableareshownonthispage.TheIGMPSFM
(Source‐FilteredMulticast)InformationTablealsocontainstheSSM(Source‐SpecificMulticast)
information.ThistableissortedfirstbyVLANID,thenbygroup,andthenbyPort.Differentsource
addressesbelongtothesamegrouparetreatedassingleentry.
NavigatingtheIGMPSFMInformationTable
Eachpageshowsupto99entriesfromtheIGMPSFMInformationtable,defaultbeing20,selected
throughthe"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20
entriesfromthebeginningoftheIGMPSFMInformationTable.
The"StartfromVLAN",and"group"inputfieldsallowtheusertoselectthestartingpointinthe
IGMPSFMInformationTable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestarting
fromthatortheclosestnextIGMPSFMInformationTablematch.Inaddition,thetwoinputfields
will‐uponaRefreshbuttonclick‐assumethevalueofthefirstdisplayedentry,allowingfor
continuousrefreshwiththesamestartaddress.
The“>>”willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”
buttontostartover.
IGMPSFMInformationTableColumns
VLANID
VLANIDofthegroup.
Group
Groupaddressofthegroupdisplayed.
Port
Switchportnumber.
Mode
Indicatesthefilteringmodemaintainedper(VLANID,portnumber,GroupAddress)basis.Itcanbe
eitherIncludeorExclude.
SourceAddress
IPAddressofthesource.Currently,systemlimitsthetotalnumberofIPsourceaddressesfor
Chapter3:WebManagement
IPMC‐IGMPSnooping‐IPv4SFMInformation
PoESwitchUserManual|260
filteringtobe128.
Type
IndicatestheType.ItcanbeeitherAlloworDeny.
HardwareFilter/Switch
IndicateswhetherdataplanedestinedtothespecificgroupaddressfromthesourceIPv4address
couldbehandledbychipornot.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheIGMPSFMInformationTable
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
IPMC‐MLDSnooping‐Status
PoESwitchUserManual|261
3.2.8.2.IPMC‐MLDSnooping
3.2.8.2.1.IPMC‐MLDSnooping‐Status
ThispageprovidesMLDSnoopingstatus.
Thestatusrelatedtothecurrentlyselectedstackunit,asreflectedbythepageheader.
VLANID
TheVLANIDoftheentry.
QuerierVersion
WorkingQuerierVersioncurrently.
HostVersion
WorkingHostVersioncurrently.
QuerierStatus
ShowstheQuerierstatusis"ACTIVE"or"IDLE".
"DISABLE"denotesthespecificinterfaceisadministrativelydisabled.
QueriesTransmitted
ThenumberofTransmittedQueries.
QueriesReceived
ThenumberofReceivedQueries.
V1ReportsReceived
ThenumberofReceivedV1Reports.
V2ReportsReceived
ThenumberofReceivedV2Reports.
V1LeavesReceived
ThenumberofReceivedV1Leaves.
RouterPort
Displaywhichportsactasrouterports.ArouterportisaportontheEthernetswitchthatleads
towardstheLayer3multicastdeviceorIGMPquerier.
Chapter3:WebManagement
IPMC‐MLDSnooping‐Status
PoESwitchUserManual|262
Staticdenotesthespecificportisconfiguredtobearouterport.
Dynamicdenotesthespecificportislearnttobearouterport.
Bothdenotethespecificportisconfiguredorlearnttobearouterport.
Port
Switchportnumber.
Status
Indicatewhetherspecificportisarouterportornot.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Clicktorefreshthepageimmediately.
Clear:ClearsallStatisticscounters.
Chapter3:WebManagement
IPMC‐MLDSnooping‐GroupsInformation
PoESwitchUserManual|263
3.2.8.2.2.IPMC‐MLDSnooping‐GroupsInformation
EntriesintheMLDGroupTableareshownonthispage.TheMLDGroupTableissortedfirstby
VLANID,andthenbygroup.
NavigatingtheMLDGroupTable
Eachpageshowsupto99entriesfromtheMLDGrouptable,defaultbeing20,selectedthrough
the"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entries
fromthebeginningoftheMLDGroupTable.
The"StartfromVLAN",and"group"inputfieldsallowtheusertoselectthestartingpointinthe
MLDGroupTable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthator
theclosestnextMLDGroupTablematch.Inaddition,thetwoinputfieldswill‐uponaRefresh
buttonclick‐assumethevalueofthefirstdisplayedentry,allowingforcontinuousrefreshwith
thesamestartaddress.
The“>>”willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”
buttontostartover.
MLDGroupTableColumns
VLANID
VLANIDofthegroup.
Groups
Groupaddressofthegroupdisplayed.
PortMembers
Portsunderthisgroup.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:Updatesthetable,startingwiththefirstentryintheMLDGroupTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
IPMC‐MLDSnooping‐IPv6GroupInformation
PoESwitchUserManual|264
3.2.8.2.3.IPMC‐MLDSnooping‐IPv6GroupInformation
EntriesintheMLDSFMInformationTableareshownonthispage.TheMLDSFM(Source‐Filtered
Multicast)InformationTablealsocontainstheSSM(Source‐SpecificMulticast)information.This
tableissortedfirstbyVLANID,thenbygroup,andthenbyPort.Differentsourceaddressesbelong
tothesamegrouparetreatedassingleentry.
NavigatingtheMLDSFMInformationTable
Eachpageshowsupto99entriesfromtheMLDSFMInformationtable,defaultbeing20,selected
throughthe"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20
entriesfromthebeginningoftheMLDSFMInformationTable.
The"StartfromVLAN",and"group"inputfieldsallowtheusertoselectthestartingpointinthe
MLDSFMInformationTable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestarting
fromthatortheclosestnextMLDSFMInformationTablematch.Inaddition,thetwoinputfields
will‐uponaRefreshbuttonclick‐assumethevalueofthefirstdisplayedentry,allowingfor
continuousrefreshwiththesamestartaddress.
The“<<”willusethelastentryofthecurrentlydisplayedtableasabasisforthenextlookup.
Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Usethe“|<<”
buttontostartover.
MLDSFMInformationTableColumns
VLANID
VLANIDofthegroup.
Group
Groupaddressofthegroupdisplayed.
Port
Switchportnumber.
Mode
Indicatesthefilteringmodemaintainedper(VLANID,portnumber,GroupAddress)basis.Itcanbe
eitherIncludeorExclude.
Chapter3:WebManagement
IPMC‐MLDSnooping‐IPv6GroupInformation
PoESwitchUserManual|265
SourceAddress
IPAddressofthesource.Currently,systemlimitsthetotalnumberofIPsourceaddressesfor
filteringtobe128.
Type
IndicatestheType.ItcanbeeitherAlloworDeny.
HardwareFilter/Switch
IndicateswhetherdataplanedestinedtothespecificgroupaddressfromthesourceIPv6address
couldbehandledbychipornot.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromtheinputfields.
|<<:UpdatesthetablestartingfromthefirstentryintheMLDSFMInformationTable.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
LLDP‐Neighbours
PoESwitchUserManual|266
3.2.9.Monitor‐LLDP
3.2.9.1.LLDP‐Neighbours
ThispageprovidesastatusoverviewforallLLDPneighbours.Thedisplayedtablecontainsarowfor
eachportonwhichanLLDPneighbourisdetected.Thecolumnsholdthefollowinginformation:
LocalPort
TheportonwhichtheLLDPframewasreceived.
ChassisID
TheChassisIDistheidentificationoftheneighbour'sLLDPframes.
PortID
ThePortIDistheidentificationoftheneighbourport.
PortDescription
PortDescriptionistheportdescriptionadvertisedbytheneighbourunit.
SystemName
SystemNameisthenameadvertisedbytheneighbourunit.
SystemCapabilities
SystemCapabilitiesdescribestheneighbourunit'scapabilities.Thepossiblecapabilitiesare:
1. Other
2. Repeater
3. Bridge
4. WLANAccessPoint
5. Router
6. Tel ephone
7. DOCSIScabledevice
8. Stationonly
9. Reserved
Whenacapabilityisenabled,thecapabilityisfollowedby(+).Ifthecapabilityisdisabled,the
capabilityisfollowedby(‐).
Chapter3:WebManagement
LLDP‐Neighbours
PoESwitchUserManual|267
ManagementAddress
ManagementAddressistheneighbourunit'saddressthatisusedforhigherlayerentitiestoassist
discoverybythenetworkmanagement.Thiscouldforinstanceholdtheneighbour'sIPaddress.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
LLDP‐LLDP‐MEDNeighbours
PoESwitchUserManual|268
3.2.9.2.LLDP‐LLDP‐MEDNeighbours
ThispageprovidesastatusoverviewofallLLDP‐MEDneighbours.Thedisplayedtablecontainsarow
foreachportonwhichanLLDPneighbourisdetected.ThisfunctionappliestoVoIPdeviceswhich
supportLLDP‐MED.Thecolumnsholdthefollowinginformation:
Port
TheportonwhichtheLLDPframewasreceived.
DeviceType
LLDP‐MEDDevicesarecomprisedoftwoprimaryDeviceTypes:NetworkConnectivityDevicesand
EndpointDevices.
LLDP‐MEDNetworkConnectivityDeviceDefinition
LLDP‐MEDNetworkConnectivityDevices,asdefinedinTIA‐1057,provideaccesstotheIEEE802
basedLANinfrastructureforLLDP‐MEDEndpointDevices.AnLLDP‐MEDNetworkConnectivity
DeviceisaLANaccessdevicebasedonanyofthefollowingtechnologies:
1. LANSwitch/Router
2. IEEE802.1Bridge
3. IEEE802.3Repeater(includedforhistoricalreasons)
4. IEEE802.11WirelessAccessPoint
5. AnydevicethatsupportstheIEEE802.1ABandMEDextensionsdefinedbyTIA‐1057and
canrelayIEEE802framesviaanymethod.
LLDP‐MEDEndpointDeviceDefinition
LLDP‐MEDEndpointDevices,asdefinedinTIA‐1057,arelocatedattheIEEE802LANnetworkedge,
andparticipateinIPcommunicationserviceusingtheLLDP‐MEDframework.
WithintheLLDP‐MEDEndpointDevicecategory,theLLDP‐MEDschemeisbrokenintofurther
EndpointDeviceClasses,asdefinedinthefollowing.
EachLLDP‐MEDEndpointDeviceClassisdefinedtobuilduponthecapabilitiesdefinedforthe
previousEndpointDeviceClass.For‐examplewillanyLLDP‐MEDEndpointDeviceclaiming
complianceasaMediaEndpoint(ClassII)alsosupportallaspectsofTIA‐1057applicabletoGeneric
Endpoints(ClassI),andanyLLDP‐MEDEndpointDeviceclaimingcomplianceasaCommunication
Device(ClassIII)willalsosupportallaspectsofTIA‐1057applicabletobothMediaEndpoints(ClassII)
andGenericEndpoints(ClassI).
Chapter3:WebManagement
LLDP‐LLDP‐MEDNeighbours
PoESwitchUserManual|269
LLDP‐MEDGenericEndpoint(ClassI)
TheLLDP‐MEDGenericEndpoint(ClassI)definitionisapplicabletoallendpointproductsthatrequire
thebaseLLDPdiscoveryservicesdefinedinTIA‐1057,howeverdonotsupportIPmediaoractasan
end‐usercommunicationappliance.Suchdevicesmayinclude(butarenotlimitedto)IP
CommunicationControllers,othercommunicationrelatedservers,oranydevicerequiringbasic
servicesasdefinedinTIA‐1057.
DiscoveryservicesdefinedinthisclassincludeLANconfiguration,devicelocation,networkpolicy,
powermanagement,andinventorymanagement.
LLDP‐MEDMediaEndpoint(ClassII)
TheLLDP‐MEDMediaEndpoint(ClassII)definitionisapplicabletoallendpointproductsthathaveIP
mediacapabilitieshowevermayormaynotbeassociatedwithaparticularenduser.Capabilities
includeallofthecapabilitiesdefinedforthepreviousGenericEndpointClass(ClassI),andare
extendedtoincludeaspectsrelatedtomediastreaming.Exampleproductcategoriesexpectedto
adheretothisclassinclude(butarenotlimitedto)Voice/MediaGateways,ConferenceBridges,
MediaServers,andsimilar.
Discoveryservicesdefinedinthisclassincludemedia‐type‐specificnetworklayerpolicydiscovery.
LLDP‐MEDCommunicationEndpoint(ClassIII)
TheLLDP‐MEDCommunicationEndpoint(ClassIII)definitionisapplicabletoallendpointproducts
thatactasendusercommunicationappliancessupportingIPmedia.Capabilitiesincludeallofthe
capabilitiesdefinedforthepreviousGenericEndpoint(ClassI)andMediaEndpoint(ClassII)classes,
andareextendedtoincludeaspectsrelatedtoenduserdevices.Exampleproductcategories
expectedtoadheretothisclassinclude(butarenotlimitedto)endusercommunicationappliances,
suchasIPPhones,PC‐basedsoftphones,orothercommunicationappliancesthatdirectlysupport
theenduser.
Discoveryservicesdefinedinthisclassincludeprovisionoflocationidentifier(includingECS/E911
information),embeddedL2switchsupport,inventorymanagement.
LLDP‐MEDCapabilities
LLDP‐MEDCapabilitiesdescribestheneighbourunit'sLLDP‐MEDcapabilities.Thepossible
capabilitiesare:
1. LLDP‐MEDcapabilities
2. NetworkPolicy
3. LocationIdentification
4. ExtendedPowerviaMDI‐PSE
Chapter3:WebManagement
LLDP‐LLDP‐MEDNeighbours
PoESwitchUserManual|270
5. ExtendedPowerviaMDI‐PD
6. Inventory
7. Reserved
ApplicationType
ApplicationTypeindicatingtheprimaryfunctionoftheapplication(s)definedforthisnetworkpolicy,
advertisedbyanEndpointorNetworkConnectivityDevice.Thepossibleapplicationtypesareshown
below.
1. Voice‐forusebydedicatedIPTelephonyhandsetsandothersimilarappliances
supportinginteractivevoiceservices.Thesedevicesaretypicallydeployedonaseparate
VLANforeaseofdeploymentandenhancedsecuritybyisolationfromdataapplications.
2. VoiceSignaling‐foruseinnetworktopologiesthatrequireadifferentpolicyforthevoice
Signalingthanforthevoicemedia.
3. GuestVoice‐tosupportaseparatelimitedfeature‐setvoiceserviceforguestusersand
visitorswiththeirownIPTelephonyhandsetsandothersimilarappliancessupporting
interactivevoiceservices.
4. GuestVoiceSignaling‐foruseinnetworktopologiesthatrequireadifferentpolicyforthe
guestvoiceSignalingthanfortheguestvoicemedia.
5. SoftphoneVoice‐forusebysoftphoneapplicationsontypicaldatacentricdevices,such
asPCsorlaptops.
6. VideoConferencing‐forusebydedicatedVideoConferencingequipmentandother
similarappliancessupportingreal‐timeinteractivevideo/audioservices.
7. StreamingVideo‐forusebybroadcastormulticastbasedvideocontentdistributionand
othersimilarapplicationssupportingstreamingvideoservicesthatrequirespecific
networkpolicytreatment.VideoapplicationsrelyingonTCPwithbufferingwouldnotbe
anintendeduseofthisapplicationtype.
8. VideoSignaling‐foruseinnetworktopologiesthatrequireaseparatepolicyforthevideo
Signalingthanforthevideomedia.
Policy
PolicyindicatesthatanEndpointDevicewantstoexplicitlyadvertisethatthepolicyisrequiredby
thedevice.CanbeeitherDefinedorUnknown
Unknown:Thenetworkpolicyforthespecifiedapplicationtypeiscurrentlyunknown.
Defined:Thenetworkpolicyisdefined.
Chapter3:WebManagement
LLDP‐LLDP‐MEDNeighbours
PoESwitchUserManual|271
TAG
TAGisindicativeofwhetherthespecifiedapplicationtypeisusingataggedoranuntaggedVLAN.
CanbeTaggedorUntagged.
Untagged:Thedeviceisusinganuntaggedframeformatandassuchdoesnotincludeatag
headerasdefinedbyIEEE802.1Q‐2003.
Tagged:ThedeviceisusingtheIEEE802.1Qtaggedframeformat.
VLANID
VLANIDistheVLANidentifier(VID)fortheportasdefinedinIEEE802.1Q‐2003.Avalueof1through
4094isusedtodefineavalidVLANID.Avalueof0(PriorityTagged)isusedifthedeviceisusing
prioritytaggedframesasdefinedbyIEEE802.1Q‐2003,meaningthatonlytheIEEE802.1Dpriority
levelissignificantandthedefaultPVIDoftheingressportisusedinstead.
Priority
PriorityistheLayer2prioritytobeusedforthespecifiedapplicationtype.Oneoftheeightpriority
levels(0through7).
DSCP
DSCPistheDSCPvaluetobeusedtoprovideDiffservnodebehaviorforthespecifiedapplication
typeasdefinedinIETFRFC2474.Containoneof64codepointvalues(0through63).
Auto‐negotiation
Auto‐negotiationidentifiesifMAC/PHYauto‐negotiationissupportedbythelinkpartner.
Auto‐negotiationstatus
Auto‐negotiationstatusidentifiesifauto‐negotiationiscurrentlyenabledatthelinkpartner.If
Auto‐negotiationissupportedandAuto‐negotiationstatusisdisabled,the802.3PMDoperating
modewillbedeterminedtheoperationalMAUtypefieldvalueratherthanbyauto‐negotiation.
Auto‐negotiationCapabilities
Auto‐negotiationCapabilitiesshowsthelinkpartnersMAC/PHYcapabilities.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
LLDP‐PoE
PoESwitchUserManual|272
3.2.9.3.LLDP‐PoE
ThispageprovidesastatusoverviewforallLLDPPoEneighbours.Thedisplayedtablecontainsarow
foreachportonwhichanLLDPPoEneighbourisdetected.Thecolumnsholdthefollowing
information:
LocalPort
TheportforthisswitchonwhichtheLLDPframewasreceived.
PowerType
ThePowerTyperepresentswhetherthedeviceisaPowerSourcingEntity(PSE)orPowerDevice
(PD).
IfthePowerTypeisunknownitisrepresentedas"Reserved".
PowerSource
ThePowerSourcerepresentsthepowersourcebeingutilizedbyaPSEorPDdevice.
IfthedeviceisaPSEdeviceitcaneitherrunonitsPrimaryPowerSourceoritsBackupPowerSource.
IfitisunknownwhetherthePSEdeviceisusingitsPrimaryPowerSourceoritsBackupPowerSource
itisindicatedas"Unknown"
IfthedeviceisaPDdeviceitcaneitherrunonitslocalpowersupplyoritcanusethePSEaspower
source.ItcanalsousebothitslocalpowersupplyandthePSE.
IfitisunknownwhatpowersupplythePDdeviceisusingitisindicatedas"Unknown"
PowerPriority
PowerPriorityrepresentsthepriorityofthePDdevice,orthepowerpriorityassociatedwiththePSE
typedevice'sportthatissourcingthepower.Therearethreelevelsofpowerpriority.Thethree
levelsare:Critical,HighandLow.
Ifthepowerpriorityisunknownitisindicatedas"Unknown"
Chapter3:WebManagement
LLDP‐PoE
PoESwitchUserManual|273
MaximumPower
TheMaximumPowerValuecontainsanumericalvaluethatindicatesthemaximumpowerinwatts
requiredbyaPDdevicefromaPSEdevice,ortheminimumpoweraPSEdeviceiscapableof
sourcingoveramaximumlengthcablebasedonitscurrentconfiguration.
Themaximumallowedvalueis102.3W.Ifthedeviceindicatesvaluehigherthan102.3W,itis
representedas"reserved"
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
LLDP‐EEE
PoESwitchUserManual|274
3.2.9.4.LLDP‐EEE
ByusingEEEpowersavingscanbeachievedattheexpenseoftrafficlatency.Thislatencyoccursdue
tothatthecircuitsEEEturnofftosavepower,needtimetobootupbeforesendingtrafficoverthe
link.Thistimeiscalled"wakeuptime".Toachieveminimallatency,devicescanuseLLDPtoexchange
informationabouttheirrespectivetxandrx"wakeuptime",asawaytoagreeupontheminimum
wakeuptimetheyneed.
ThispageprovidesanoverviewofEEEinformationexchangedbyLLDP.
LLDPNeighborsEEEInformation
Thedisplayedtablecontainsarowforeachport.Thecolumnsholdthefollowinginformation:
LocalPort
TheportonwhichLLDPframesarereceivedortransmitted.
TxTw
Thelinkpartner'smaximumtimethattransmitpathcanhold‐offsendingdataafterdeassertionof
LPI.
RxTw
Thelinkpartner'stimethatreceiverwouldlikethetransmittertohold‐offtoallowtimeforthe
receivertowakefromsleep.
FallbackReceiveTw
Thelinkpartner'sfallbackreceiveTw.
AreceivinglinkpartnermayinformthetransmitterofanalternatedesiredTw_sys_tx.Sincea
receivinglinkpartnerislikelytohavediscretelevelsforsavings,thisprovidesthetransmitterwith
additionalinformationthatitmayuseforamoreefficientallocation.Systemsthatdonotimplement
thisoptiondefaultthevaluetobethesameasthatoftheReceiveTw_sys_tx.
EchoTxTw
Thelinkpartner'sEchoTxTwvalue.
Therespectiveechovaluesshallbedefinedasthelocallinkpartnersreflection(echo)oftheremote
linkpartnersrespectivevalues.Whenalocallinkpartnerreceivesitsechoedvaluesfromtheremote
linkpartneritcandeterminewhetherornottheremotelinkpartnerhasreceived,registeredand
processeditsmostrecentvalues.Forexample,ifthelocallinkpartnerreceivesechoedparameters
thatdonotmatchthevaluesinitslocalMIB,thenthelocallinkpartnerinfersthattheremotelink
partnersrequestwasbasedonstaleinformation.
Chapter3:WebManagement
LLDP‐EEE
PoESwitchUserManual|275
EchoRxTw
Thelinkpartner'sEchoRxTwvalue.
ResolvedTxTw
TheresolvedTxTwforthislink.Note:NOTthelinkpartner
Theresolvedvaluethatistheactual"txwakeuptime"usedforthislink(basedonEEEinformation
exchangedviaLLDP).
ResolvedRxTw
TheresolvedRxTwforthislink.Note:NOTthelinkpartner
Theresolvedvaluethatistheactual"txwakeuptime"usedforthislink(basedonEEEinformation
exchangedviaLLDP).
EEEinSync
Showswhethertheswitchandthelinkpartnerhaveagreedonwaketimes.
Red‐Switchandlinkpartnerhavenotagreedonwakeuptimes.
Green‐Switchandlinkpartnerhaveagreedonwakeuptimes.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
LLDP‐PortStatistic
PoESwitchUserManual|276
3.2.9.5.LLDP‐PortStatistics
ThispageprovidesanoverviewofallLLDPtraffic.
Twotypesofcountersareshown.Globalcountersarecountersthatrefertothewholestack,while
localcountersrefertoperportcountersforthecurrentlyselectedswitch.
GlobalCounters
Neighbourentrieswerelastchanged
Showsthetimewhenthelastentrywaslastdeletedoradded.Italsoshowsthetimeelapsedsince
thelastchangewasdetected.
TotalNeighboursEntriesAdded
Showsthenumberofnewentriesaddedsinceswitchreboot.
TotalNeighboursEntriesDeleted
Showsthenumberofnewentriesdeletedsinceswitchreboot.
TotalNeighboursEntriesDropped
ShowsthenumberofLLDPframesdroppedduetotheentrytablebeingfull.
TotalNeighboursEntriesAgedOut
ShowsthenumberofentriesdeletedduetoTime‐To‐Liveexpiring.
LocalCounters
Thedisplayedtablecontainsarowforeachport.Thecolumnsholdthefollowinginformation:
LocalPort
TheportonwhichLLDPframesarereceivedortransmitted.
TxFrames
ThenumberofLLDPframestransmittedontheport.
RxFrames
ThenumberofLLDPframesreceivedontheport.
Chapter3:WebManagement
LLDP‐PortStatistic
PoESwitchUserManual|277
RxErrors
ThenumberofreceivedLLDPframescontainingsomekindoferror.
FramesDiscarded
IfanLLDPframeisreceivedonaport,andtheswitch'sinternaltablehasrunfull,theLLDPframeis
countedanddiscarded.Thissituationisknownas"TooManyNeighbours"intheLLDPstandard.LLDP
framesrequireanewentryinthetablewhentheChassisIDorRemotePortIDisnotalready
containedwithinthetable.Entriesareremovedfromthetablewhenagivenport'slinkisdown,an
LLDPshutdownframeisreceived,orwhentheentryagesout.
TLVsDiscarded
EachLLDPframecancontainmultiplepiecesofinformation,knownasTLVs(TLVisshortfor"Type
LengthValue").IfaTLVismalformed,itiscountedanddiscarded.
TLVsUnrecognized
Thenumberofwell‐formedTLVs,butwithanunknowntypevalue.
Org.Discarded
ThenumberoforganizationallyreceivedTLVs.
Age‐Outs
EachLLDPframecontainsinformationabouthowlongtimetheLLDPinformationisvalid(age‐out
time).IfnonewLLDPframeisreceivedwithintheageouttime,theLLDPinformationisremoved,
andtheAge‐Outcounterisincremented.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Clear:Clearsthelocalcounters.Allcounters(includingglobalcounters)areclearedupon
reboot.
Chapter3:WebManagement
Monitor‐PoE
PoESwitchUserManual|278
3.2.10.Monitor‐PoE
ThispageallowstheusertoinspectthecurrentstatusforallPoEports.
LocalPort
Thisisthelogicalportnumberforthisrow.
PDClass
EachPDisclassifiedaccordingtoaclassthatdefinesthemaximumpowerthePDwilluse.ThePD
ClassshowsthePDsclass.
FiveClassesaredefined:
Class0:Max.power15.4W
Class1:Max.power4.0W
Class2:Max.power7.0W
Class3:Max.power15.4W
Class4:Max.power30.0W
PowerRequested
ThePowerRequestedshowstherequestedamountofpowerthePDwantstobereserved.
PowerAllocated
ThePowerAllocatedshowstheamountofpowertheswitchhasallocatedforthePD.
PowerUsed
ThePowerUsedshowshowmuchpowerthePDcurrentlyisusing.
CurrentUsed
ThePowerUsedshowshowmuchcurrentthePDcurrentlyisusing.
Chapter3:WebManagement
Monitor‐PoE
PoESwitchUserManual|279
Priority
ThePriorityshowstheport'spriorityconfiguredbytheuser.
PortStatus
ThePortStatusshowstheport'sstatus.Thestatuscanbeoneofthefollowingvalues:
PoEnotavailable‐NoPoEchipfound‐PoEnotsupportedfortheport.
PoEturnedOFF‐PoEdisabled:PoEisdisabledbyuser.
PoEturnedOFF‐Powerbudgetexceeded‐ThetotalrequestedorusedpowerbythePDs
exceedsthemaximumpowerthePowerSupplycandeliver,andport(s)withthelowest
priorityis/arepowereddown.
NoPDdetected‐NoPDdetectedfortheport.
PoEturnedOFF‐PDoverload‐ThePDhasrequestedorusedmorepowerthantheportcan
deliver,andispowereddown.
PoEturnedOFF‐PDisoff.
InvalidPD‐PDdetected,butisnotworkingcorrectly.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepage.
Chapter3:WebManagement
Monitor‐MACTable
PoESwitchUserManual|280
3.2.11.Monitor‐MACTable
EntriesintheMACTableareshownonthispage.TheMACTablecontainsupto8192entries,andis
sortedfirstbyVLANID,thenbyMACaddress.
NavigatingtheMACTable
Eachpageshowsupto999entriesfromtheMACtable,defaultbeing20,selectedthroughthe
"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entriesfromthe
beginningoftheMACTable.ThefirstdisplayedwillbetheonewiththelowestVLANIDandthe
lowestMACaddressfoundintheMACTable.
The"StartfromMACaddress"and"VLAN"inputfieldsallowtheusertoselectthestartingpointin
theMACTable.ClickingtheRefreshbuttonwillupdatethedisplayedtablestartingfromthatorthe
closestnextMACTablematch.Inaddition,thetwoinputfieldswill‐uponaRefreshbuttonclick‐
assumethevalueofthefirstdisplayedentry,allowingforcontinuousrefreshwiththesamestart
address.
The>>willusethelastentryofthecurrentlydisplayedVLAN/MACaddresspairsasabasisforthe
nextlookup.Whentheendisreachedthetext"Nomoreentries"isshowninthedisplayedtable.Use
the|<<buttontostartover.
MACTableColumns
Switch(stackonly)
Thestackunitwheretheentryislearned.
Type
Indicateswhethertheentryisastaticoradynamicentry.
MACaddress
TheMACaddressoftheentry.
VLAN
Chapter3:WebManagement
Monitor‐MACTable
PoESwitchUserManual|281
TheVLANIDoftheentry.
Chapter3:WebManagement
Monitor‐MACTable
PoESwitchUserManual|282
PortMembers
Theportsthataremembersoftheentry.
Buttons
Auto‐refresh:Automaticrefreshoccursevery3seconds.
Refresh:Refreshesthedisplayedtablestartingfromthe"StartfromMACaddress"and
"VLAN"inputfields.
Clear:Flushesalldynamicentries.
|<<:UpdatesthetablestartingfromthefirstentryintheMACTable,i.e.theentrywiththe
lowestVLANIDandMACaddress.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
VLANs‐VLANMembership
PoESwitchUserManual|283
3.2.12.Monitor‐VLANs
3.2.12.1.VLANs‐VLANMembership
ThispageprovidesanoverviewofmembershipstatusofVLANusers.
VLANUser
VariousinternalsoftwaremodulesmayuseVLANservicestoconfigureVLANmembershipsonthefly.
Thedrop‐downlistontherightallowsforselectingbetweenshowingVLANmembershipsas
configuredbyanadministrator(Admin)orasconfiguredbyoneoftheseinternalsoftwaremodules.
The"Combined"entrywillshowacombinationoftheadministratorandinternalsoftwaremodules
configuration,andbasicallyreflectswhatisactuallyconfiguredinhardware.
VLANID
VLANIDforwhichthePortmembersaredisplayed.
PortMembers
ArowofcheckboxesforeachportisdisplayedforeachVLANID.
IfaportisincludedinaVLAN,thefollowingimagewillbedisplayed:
Ifaportisintheforbiddenportlist,thefollowingimagewillbedisplayed:
IfaportisintheforbiddenportlistandatthesametimeattemptedincludedintheVLAN,the
followingimagewillbedisplayed.TheportwillnotbeamemberoftheVLANinthiscase.
NavigatingtheVLANMembershipStatuspage
Eachpageshowsupto99entriesfromtheVLANtable(defaultbeing20),selectedthroughthe
"entriesperpage"inputfield.Whenfirstvisited,thewebpagewillshowthefirst20entriesfromthe
beginningoftheVLANTable.ThefirstdisplayedwillbetheonewiththelowestVLANIDfoundinthe
VLANTable.
The"VLAN"inputfieldallowstheusertoselectthestartingpointintheVLANTable.
Clickingthe“Refresh”buttonwillupdatethedisplayedtablestartingfromthatortheclosestnext
VLANTablematch.
The“>>”buttonwillusethelastentryofthecurrentlydisplayedVLANentryasabasisforthenext
lookup.Whentheendisreached,thetext"Nodataexistsfortheselecteduser"isshowninthetable.
Usethe“|<<”buttontostartover.
Chapter3:WebManagement
VLANs‐VLANMembership
PoESwitchUserManual|284
Buttons
:SelectVLANUsersfromthisdropdownlist.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
Chapter3:WebManagement
VLANs‐VLANPorts
PoESwitchUserManual|285
3.2.12.2.VLANs‐VLANPorts
ThispageprovidesVLANPortStatus.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
VLANUSER
VLANUsermoduleusesservicesoftheVLANmanagementfunctionalitytoconfigureVLAN
membershipsandVLANportconfigurationsuchasPVID,UVID.CurrentlywesupportfollowingVLAN
Usertypes:
CLI/Web/SNMP:Thesearereferredtoasstatic.
NAS:NASprovidesport‐basedauthentication,whichinvolvescommunicationsbetweena
Supplicant,Authenticator,andanAuthenticationServer.
VoiceVLAN:VoiceVLANisaVLANconfiguredspeciallyforvoicetraffictypicallyoriginating
fromIPphones.
MVR:MVRisusedtoeliminatetheneedtoduplicatemulticasttrafficforsubscribersineach
VLAN.Multicasttrafficforallchannelsissentonlyonasingle(multicast)VLAN.
MSTP:The802.1sMultipleSpanningTreeprotocol(MSTP)usesVLANstocreatemultiple
spanningtreesinanetwork,whichsignificantlyimprovesnetworkresourceutilizationwhile
maintainingaloop‐freeenvironment.
Port
Thelogicalportforthesettingscontainedinthesamerow.
Chapter3:WebManagement
VLANs‐VLANPorts
PoESwitchUserManual|286
PVID
ShowstheVLANidentifierforthatport.Theallowedvaluesare1through4095.Thedefaultvalueis
1.
PortType
ShowsthePortType.PorttypecanbeanyofUnaware,C‐port,S‐port,CustomS‐port.
IfPortTypeisUnaware,allframesareclassifiedtothePortVLANIDandtagsarenotremoved.
C‐portisCustomerPort.S‐portisServiceport.CustomS‐portisS‐portwithCustomTPID.
IngressFiltering
Showstheingressfilteringonaport.ThisparameteraffectsVLANingressprocessing.Ifingress
filteringisenabledandtheingressportisnotamemberoftheclassifiedVLAN,theframeis
discarded.
FrameType
Showswhethertheportacceptsallframesoronlytaggedframes.ThisparameteraffectsVLAN
ingressprocessing.Iftheportonlyacceptstaggedframes,untaggedframesreceivedonthatportare
discarded.
TxTag
Showsegressfilteringframestatuswhethertaggedoruntagged.
UVID
ShowsUVID(untaggedVLANID).Port'sUVIDdeterminesthepacket'sbehaviourattheegressside.
Conflicts
ShowsstatusofConflictswhetherexistsornot.WhenaVolatileVLANUserrequeststosetVLAN
membershiporVLANportconfiguration,thefollowingconflictscanoccur:
FunctionalConflictsbetweenfeatures.
Conflictsduetohardwarelimitation.
Directconflictbetweenusermodules.
Buttons
:SelectVLANUsersfromthisdropdownlist.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds.
Refresh:Clicktorefreshthepageimmediately.
>>:Updatesthetable,startingwiththeentryafterthelastentrycurrentlydisplayed.
Chapter3:WebManagement
VCL‐MAC‐basedVLAN
PoESwitchUserManual|287
3.2.13.Monitor‐VCL
3.2.13.1.VCL‐MAC‐basedVLAN
ThispageshowsMAC‐basedVLANentriesconfiguredbyvariousMAC‐basedVLANusers.Currently
wesupportfollowingVLANUsertypes:
CLI/Web/SNMP:Thesearereferredtoasstatic.
NAS:NASprovidesport‐basedauthentication,whichinvolvescommunicationsbetweena
Supplicant,Authenticator,andanAuthenticationServer.
MACAddress
IndicatestheMACaddress.
VLANID
IndicatestheVLANID.
PortMembers
PortmembersoftheMAC‐basedVLANentry.
Buttons
Refresh:Refreshesthedisplayedtable.
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds(onlypresentifstackingisenabled).
Chapter3:WebManagement
Monitor‐sFlow
PoESwitchUserManual|288
3.2.14.Monitor‐sFlow
Thispageshowsreceiverandper‐portsFlowstatistics.
ReceiverStatistics
Owner
ThisfieldshowsthecurrentownerofthesFlowconfiguration.Itassumesoneofthreevaluesas
follows:
IfsFlowiscurrentlyunconfigured/unclaimed,Ownercontains<none>.
IfsFlowiscurrentlyconfiguredthroughWeborCLI,Ownercontains<Configuredthroughlocal
management>.
IfsFlowiscurrentlyconfiguredthroughSNMP,OwnercontainsastringidentifyingthesFlow
receiver.
IPAddress/Hostname
TheIPaddressorhostnameofthesFlowreceiver.
Timeout
ThenumberofsecondsremainingbeforesamplingstopsandthecurrentsFlowownerisreleased.
TxSuccesses
ThenumberofUDPdatagramssuccessfullysenttothesFlowreceiver.
TxErrors
ThenumberofUDPdatagramsthathasfailedtransmission.
ThemostcommonsourceoferrorsisinvalidsFlowreceiverIP/hostnameconfiguration.To diagnose,
pastethereceiver'sIPaddress/hostnameintothePingWebpage(Diagnostics→Ping/Ping6).
Chapter3:WebManagement
Monitor‐sFlow
PoESwitchUserManual|289
FlowSamples
ThetotalnumberofflowsamplessenttothesFlowreceiver.
CounterSamples
ThetotalnumberofcountersamplessenttothesFlowreceiver.
PortStatistics
Port
Theportnumberforwhichthefollowingstatisticsapplies.
RxandTxFlowSamples
ThenumberofflowsamplessenttothesFlowreceiveroriginatingfromthisport.Here,flowsamples
aredividedintoRxandTxflowsamples,whereRxflowsamplescontainsthenumberofpacketsthat
weresampleduponreception(ingress)ontheportandTxflowsamplescontainsthenumberof
packetsthatweresampledupontransmission(egress)ontheport.
CounterSamples
ThetotalnumberofcountersamplessenttothesFlowreceiveroriginatingfromthisport.
Buttons
Auto‐refresh:Checkthisboxtorefreshthepageautomatically.Automaticrefreshoccursevery
3seconds(onlypresentifstackingisenabled).
Refresh:Clicktorefreshthepage.
ClearReceiver:ClearsthesFlowreceivercounters.
ClearPort:Clearstheper‐portcounters.
Chapter3:WebManagement
Diagnostics‐Ping
PoESwitchUserManual|290
3.3.WebManagement‐Diagnostics
Thissectionofthemanagementwebpageprovidesyoutoolsfordiagnosingyournetwork.
3.3.1.Diagnostics‐Ping
ThispageallowsyoutoissueICMPPINGpacketstotroubleshootIPconnectivityissues.
Afteryoupressthe“Start”button,ICMPpacketsaretransmitted,andthesequencenumberand
roundtriptimearedisplayeduponreceptionofareply.TheamountofdatareceivedinsideofanIP
packetoftypeICMPECHO_REPLYwillalwaysbe8bytesmorethantherequesteddataspace(the
ICMPheader).Thepagerefreshesautomaticallyuntilresponsestoallpacketsarereceived,oruntila
timeoutoccurs.
PINGserver10.10.132.20,56bytesofdata.
64bytesfrom10.10.132.20:icmp_seq=0,time=0ms
64bytesfrom10.10.132.20:icmp_seq=1,time=0ms
64bytesfrom10.10.132.20:icmp_seq=2,time=0ms
64bytesfrom10.10.132.20:icmp_seq=3,time=0ms
64bytesfrom10.10.132.20:icmp_seq=4,time=0ms
Sent5packets,received5OK,0bad
YoucanconfigurethefollowingpropertiesoftheissuedICMPpackets:
IPAddress
ThedestinationIPAddress.
PingLength
ThepayloadsizeoftheICMPpacket.Valuesrangefrom2bytesto1452bytes.
PingCount
ThecountoftheICMPpacket.Valuesrangefrom1timeto60times.
PingInterval
TheintervaloftheICMPpacket.Valuesrangefrom0secondto30seconds.
Chapter3:WebManagement
Diagnostics‐Ping
PoESwitchUserManual|291
Buttons
Start:ClicktostarttransmittingICMPpackets.
NewPing:Clicktore‐startdiagnosticswithPING.
Chapter3:WebManagement
Diagnostics‐Ping6
PoESwitchUserManual|292
3.3.2.Diagnostics‐Ping6
ThispageallowsyoutoissueICMPv6PINGpacketstotroubleshootIPv6connectivityissues.
Afteryoupressthe“Start”button,ICMPv6packetsaretransmitted,andthesequencenumberand
roundtriptimearedisplayeduponreceptionofareply.Thepagerefreshesautomaticallyuntil
responsestoallpacketsarereceived,oruntilatimeoutoccurs.
PING6server::10.10.132.20,56bytesofdata.
64bytesfrom::10.10.132.20:icmp_seq=0,time=0ms
64bytesfrom::10.10.132.20:icmp_seq=1,time=0ms
64bytesfrom::10.10.132.20:icmp_seq=2,time=0ms
64bytesfrom::10.10.132.20:icmp_seq=3,time=0ms
64bytesfrom::10.10.132.20:icmp_seq=4,time=0ms
Sent5packets,received5OK,0bad
YoucanconfigurethefollowingpropertiesoftheissuedICMPpackets:
IPAddress
ThedestinationIPAddress.
PingLength
ThepayloadsizeoftheICMPpacket.Valuesrangefrom2bytesto1452bytes.
PingCount
ThecountoftheICMPpacket.Valuesrangefrom1timeto60times.
PingInterval
TheintervaloftheICMPpacket.Valuesrangefrom0secondto30seconds.
Buttons
Start:ClicktostarttransmittingICMPpackets.
NewPing:Clicktore‐startdiagnosticswithPING.
Chapter3:WebManagement
Diagnostics‐VeriPHY
PoESwitchUserManual|293
3.3.3.Diagnostics‐VeriPHY
ThispageisusedforrunningtheVeriPHYCableDiagnosticsfor10/100and1Gcopperports.
Pressthe“Start”buttontorunthediagnostics.Thiswilltakeapproximately5seconds.Ifallportsare
selected,thiscantakeapproximately15seconds.Whencompleted,thepagerefreshesautomatically,
andyoucanviewthecablediagnosticsresultsinthecablestatustable.NotethatVeriPHYisonly
accurateforcablesoflength7‐140meters.
10and100MbpsportswillbelinkeddownwhilerunningVeriPHY.Therefore,runningVeriPHYona
10or100MbpsmanagementportwillcausetheswitchtostoprespondinguntilVeriPHYis
complete.
Theportsbelongtothecurrentlyselectedstackunit,asreflectedbythepageheader.
Port
TheportwhereyouarerequestingVeriPHYCableDiagnostics.
CableStatus
Port:
Portnumber
Pair:Thestatusofthecablepair.
OK‐Correctlyterminatedpair
Open‐Openpair
Short‐Shortedpair
ShortA‐Cross‐pairshorttopairA
ShortB‐Cross‐pairshorttopairB
ShortC‐Cross‐pairshorttopairC
ShortD‐Cross‐pairshorttopairD
CrossA‐Abnormalcross‐paircouplingwithpairA
CrossB‐Abnormalcross‐paircouplingwithpairB
CrossC‐Abnormalcross‐paircouplingwithpairC
Chapter3:WebManagement
Diagnostics‐VeriPHY
PoESwitchUserManual|294
CrossD‐Abnormalcross‐paircouplingwithpairD
Length:
Thelength(inmeters)ofthecablepair.Theresolutionis3meters
Chapter3:WebManagement
Maintenance‐RestartDevice
PoESwitchUserManual|295
3.4.WebManagement‐Maintenance
HereyoucanmakesystemmaintenancesuchrebootingthePoEswitch,resetallsettings(except
Switch’sIPaddress)backtodefaultvalue,updatingswitchfirmware,orupload/downloadallsystem
settings.
3.4.1.Maintenance‐RestartDevice
Youcanrestartthestackonthispage.Afterrestart,thestackwillbootnormally.
Buttons
Yes:Clicktorestartdevice.
No:ClicktoreturntothePortStatepagewithoutrestarting.
Chapter3:WebManagement
Maintenance‐FactoryDefaults
PoESwitchUserManual|296
3.4.2.Maintenance‐FactoryDefaults
Youcanresettheconfigurationofthestackonthispage.OnlytheIPconfigurationisretained.
Thenewconfigurationisavailableimmediately,whichmeansthatnorestartisnecessary.
Buttons
Yes:ClicktoresettheconfigurationtoFactoryDefaults.
No:ClicktoreturntothePortStatepagewithoutresettingtheconfiguration.
Note:Restoringfactorydefaultcanalsobeperformedbymakingaphysicalloopbackbetweenport1
andport2withinthefirstminutefromswitchreboot.Inthefirstminuteafterboot,'loopback'
packetswillbetransmittedatport1.Ifa'loopback'packetisreceivedatport2theswitchwilldoa
restoretodefault
Chapter3:WebManagement
Maintenance‐SoftwareUpload
PoESwitchUserManual|297
3.4.3.Maintenance‐SoftwareUpload
Youcanupdatetheswitch’sfirmwarehere.
Buttons
ChooseFile:Clickthisbuttontochoosethefirmwarefile.
Update:Clickthisbuttontostartuploadthefirmware.
Thesystemwillinformyouwhenthenewfirmwareisuploadedtotheswitch.Afterupdatingthe
firmware,theswitchwillreboot.
Warning:Themanagementwebpagewillstopfunctioningduringthefirmwareupdatingprocess.Do
notrestartorpoweroffthedeviceatthistimeortheswitchmaymalfunction.
Chapter3:WebManagement
Configuration‐Save
PoESwitchUserManual|298
3.4.3.Maintenance‐Configuration
3.4.3.1.Configuration‐Save
YoucansaveallthecurrentsettingvaluesasafileinXMLformat.
Buttons
SaveConfiguration:Clicktosavetheconfigurationfile.
Chapter3:WebManagement
Configuration‐Load
PoESwitchUserManual|299
3.4.3.2.Configuration‐Load
Buttons
ChooseFile:Clickthisbuttontochoosetheconfigurationfilethatyou’vesaved..
Upload:Clicktouploadtheconfigurationfile.
PoESwitchUserManual|300
Chapter4:
CLIManagement
InCLIManagement:
AsmentionedinChapter2.1.PreparationforSerialConsoleandChapter2.3.Preparation
forTelnet/SSHInterface,ThisswitchprovidesaCLI(CommandLineInterface)
managementinterface.Youcanmakeallsettingsandmonitorsystemstatuswiththis
managementCLI.
YoucanaccesstheCLIviaserialconsole,telnet,orSSH.Allthecommandsforthese
threedifferentconnectiontypesarethesameandcanberelated.Pleaseseethefollow
sectionfordetaileddescriptionsaboutthecommands.
Chapter4:CLIManagement
CLIManagement‐Overview
PoESwitchUserManual|301
4.1.CLIManagement‐Overview
TheCLI(CommandLineInterface)isauserinterfacethat’sembeddedintheswitch.Youcanview
systeminformation,status,andconfiguretheswitchviacommandinputting.
Asshowninthefigureabove,acommandprompt“>”willavailable,promptingyoutoinputthe
command.
Youcaninputpartofthecommandhereaswell.Forexample,insteadof“portconfiguration”,you
caninput“porco”instead.
Thefollowingsectionwilllistingallthecommandsavailableintheswitch.
Chapter4:CLIManagement
CLIManagement‐System
PoESwitchUserManual|302
4.2.CLIManagement‐System
FeatureCommandLine
SystemInformation
SystemGroupEntertheSystemConfigurationGrouptodofurtherconfiguration.
>system
Type'up'tomoveuponelevelor'/'togotorootlevel
System>
SystemContactSyntax:
SystemName[<name>]
Parameters:
<name>:Systemnamestring.(1‐255)
Example:ContactName=Orwell
System>contactOrwell
SystemNameSyntax:
SystemName[<name>]
Parameters:
<name>:Systemnamestring.(1‐255)
Example:ContactName=switch
System>nameswitch
switch:/>
(Aftergivensystemname,thepromptcharacterwillbechanged
automatically.)
SystemLocationSyntax:
SystemLocation[<location>]
Parameters:
<location>:Systemlocationstring.(1‐255)
Example:LocationName
switch:/System>locafll_01
TimeZoneOffsetSyntax:
SystemTimezone[<offset>]
Parameters:
Chapter4:CLIManagement
CLIManagement‐System
PoESwitchUserManual|303
<offset>:Timezoneoffsetinminutes(‐720to720)relativetoUTC
Example:TimeZone=100
switch:/System>time100
IPConfiguration
IPGroupEntertheIPConfigurationGroup
switch:/>ip
Type'up'tomoveuponelevelor'/'togotorootlevel
switch:/IP>
DHCPClientSyntax:
IPDHCP[enable|disable]
switch:/IP>dhcpen
IPSetting(Address,
Mask,Gateway,
ManagedVID)
Syntax:
IPSetup[<ip_addr>][<ip_mask>][<ip_router>][<vid>]
Example:IP=192.168.2.2,Mask=255.255.255.0,Gateway:192.168.2.254,
VID=1
switch:/IP>setup192.168.2.2255.255.255.0192.168.2.2541
NTPEnableNTPModebybelowcommand:
switch:/IP>ntpmodeen
TypetheNTPServeraddresssettingsbybelowcommand:
Syntax:
IPNTPServerAdd<server_index><ip_addr_string>
IPNTPServerIpv6Add<server_index><server_ipv6>
IPNTPServerDelete<server_index>
Example:
switch:/IP>ntpseradd1192.168.100.1
switch:/IP>ntpseradd2168.95.1.1
ChecktheNTPServersettingsbybelowcommand:
switch:/IP>ntpconf
IPNTPConfiguration:
=====================
NTPMode:Enabled
IdxServerIPhostaddress(a.b.c.d)orahostnamestring
‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1192.168.100.1
Chapter4:CLIManagement
CLIManagement‐System
PoESwitchUserManual|304
2168.95.1.1
3
4
5
DNSServerSyntax:
IPDNS[<ip_addr>]
Parameters:
<ip_addr>:IPaddress(a.b.c.d),default:ShowIPaddress
Example:
switch:/IP>dns168.95.1.1
DNSProxySyntax:IPDNS_Proxy[enable|disable]
switch:/IP>dns_proxyen
IPv6Configuration
IPv6CommandsSyntax:
IPIPv6AUTOCONFIG[enable|disable]
IPIPv6Setup[<ipv6_addr>][<ipv6_prefix>][<ipv6_router>]
IPIPv6State<ipv6_addr>[enable|disable]
IPIPv6Ping6<ipv6_addr>[(Length<ping_length>)][(Count
<ping_count>)][(Interval<ping_interval>)]
AutoConfigurationSyntax:
IPIPv6AUTOCONFIG[enable|disable]
Example:
switch:/IP>ipv6autoen
IPv6AddressSetting
(Address,Prefix,
Router)
Syntax:
IPIPv6Setup[<ipv6_addr>][<ipv6_prefix>][<ipv6_router>]
Example:
switch:/IP>ipv6setup2001:DB8::250:8bff:fee8:f80048
2001:DB8::250:8bff:fee8:f8ff
IPv6PingTestSyntax:
IPIPv6Ping6<ipv6_addr>[(Length<ping_length>)][(Count
<ping_count>)][(Interval<ping_interval>)]
Example:
switch:/IP>ipv6ping62001:DB8::250:8bff:fee8:f800
NTP
NTPModeEnableNTPModebybelowcommand:
switch:/IP>ntpmodeen
Chapter4:CLIManagement
CLIManagement‐System
PoESwitchUserManual|305
NTPServerAddress
Setting
Syntax:
TypetheNTPServeraddresssettingsbybelowcommand:
IPNTPServerAdd<server_index><ip_addr_string>
IPNTPServerIpv6Add<server_index><server_ipv6>
IPNTPServerDelete<server_index>
Example:
switch:/IP>ntpseradd1192.168.100.1
switch:/IP>ntpseradd2168.95.1.1
NTPSettingStatusChecktheNTPServersettingsbybelowcommand:
switch:/IP>ntpconf
IPNTPConfiguration:
=====================
NTPMode:Enabled
IdxServerIPhostaddress(a.b.c.d)orahostnamestring
‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1192.168.100.1
2168.95.1.1
3
4
5
SystemLog
ServerModeSyntax:
SystemLogServerMode[enable|disable]
Example:
switch:/System>logservermodeen
ServerAddressSyntax:
SystemLogServerAddress[<ip_addr_string>]
Example:
switch:/System>logserveradd192.168.2.100
SyslogLevelSyntax:
SystemLogLevel[info|warning|error]
Information:
switch:/System>loglevelinf
Warning:
Chapter4:CLIManagement
CLIManagement‐System
PoESwitchUserManual|306
switch:/System>loglevelwar
Error:
switch:/System>loglevelerr
ClearSyslogSyntax:
SystemLogClear[all|info|warning|error]
switch:/System>logclearall
SystemLog
Configuration
switch:/System>logconf
SystemLogConfiguration:
=========================
SystemLogServerMode:Enabled
SystemLogServerAddress:192.168.2.100
SystemLogLevel:Error
Chapter4:CLIManagement
CLIManagement‐Port
PoESwitchUserManual|307
4.3.CLIManagement‐Port
FeatureCommandLine
PortConfiguration
PortGroupswitch:/>port
Type'up'tomoveuponelevelor'/'togotorootlevel
switch:/Port>
LinkStateSyntax:
PortState[<port_list>][enable|disable]
Example:Enable/DisablePort1State.Afterport1disabled,the
portcan'taccesstheswitch.
Port>state1en
Port>state1dis
LinkSpeedandDuplexSyntax:
PortMode[<port_list>]
[auto|10hdx|10fdx|100hdx|100fdx|1000fdx|sfp_auto_ams|100
0x_ams|100fx_ams|1000x|100fx]
Example:
Port>mode21000fdx(Configureport2to1000FullDuplex)
Port>mode1‐41000fdx(Configureport1‐4to1000FullDuplex)
FlowControlSyntax:
PortFlowControl[<port_list>][enable|disable]
Example:
Port>flowcont1en(EnableFlowControlonPort1)
Port>flowcont1dis(DisableFlowControlonPort2)
MaximumFrameSizeSyntax:
PortMaxFrame[<port_list>][<max_frame>]
Example:Setport1‐24'smaximumframesizeto9Kjumboframe
Chapter4:CLIManagement
CLIManagement‐Port
PoESwitchUserManual|308
Port>maxf1‐249600
PortStatus
PortStatusPort>conf1‐2
PortConfiguration:
===================
PortStateModeFlowControlMaxFramePowerExcessiveLink
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐
1EnabledAutoDisabled9600DisabledDiscardDown
2EnabledAutoDisabled9600DisabledDiscard1Gfdx
.............
PortModePort>mode2
PortModeLink
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐
2Auto1Gfdx
PortStatus‐All
Information
switch:/Port>config
PortConfiguration:
===================
PortStateModeFlowControlMaxFramePowerExcessiveLink
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐
1EnabledAutoDisabled9600DisabledDiscardDown
2EnabledAutoDisabled9600DisabledDiscard1Gfdx
3EnabledAutoDisabled9600DisabledDiscardDown
..............
StatusofLinkUPportsswitch:/Port>confallup
PortConfiguration:
===================
PortStateModeFlowControlMaxFramePowerExcessiveLink
Chapter4:CLIManagement
CLIManagement‐Port
PoESwitchUserManual|309
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐ ‐‐‐‐
2EnabledAutoDisabled9600DisabledDiscard1Gfdx
PortStatisticswitch:/Port>statistic1
Port1Statistics:
RxPackets:0TxPackets:0
RxOctets:0TxOctets:0
RxUnicast:0TxUnicast:0
...................
Chapter4:CLIManagement
CLIManagement‐MAC
PoESwitchUserManual|310
4.4.CLIManagement‐MAC
FeatureCommandLine
MACAddressTableConfiguration
AgingTime
Configuration
Syntax:
MACAgetime[<age_time>]
Parameters:
<age_time>:MACaddressagetime(0,10‐1000000)0=disable
Example:
MAC>age100(changeagingtimeto100seconds,theagingtime
rangeis10‐1000000)
MAC>age0(0=DisableAgingtime)
MACLearning
Configuration
Syntax:
MACLearning[<port_list>][auto|disable|secure]
Example:
MAC>lear1‐8sec
MAC>lear9‐12dis
MAC>learn1‐12auto
StaticMACTableSyntax:
MACAdd<mac_addr><port_list>[<vid>]
Example:
MAC>add0b16212c37421‐51(Thistypewillbechangedto
hexadecimalautomatically.)
MAC>add0b‐16‐21‐2c‐37‐421‐101(Thistypeishexadecimal,itwill
notbechanged.)
Result:
Non‐volatilestatic:
VIDMACAddressPorts
‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
100‐10‐15‐02‐25‐2a1‐5
10b‐16‐21‐2c‐37‐421‐10
Chapter4:CLIManagement
CLIManagement‐VLAN
PoESwitchUserManual|311
4.5.CLIManagement‐VLAN
FeatureCommandLine
VLANConfiguration
VLANMembershipSyntax:
VLANAdd<vid>|<name>[<ports_list>]
VLANNameAdd<name><vid>
Example:
VLAN>add35‐8(Addport5‐8toVLAN3)
VLAN>nameaddvlan33(vlan3isthenameofVLAN3)
PortConfigurationSyntax:
VLANFrameType[<port_list>][all|tagged|untagged]
VLANIngressFilter[<port_list>][enable|disable]
VLANtx_tag[<port_list>][untag_pvid|untag_all|tag_all]
VLANPortType[<port_list>]
[unaware|c‐port|s‐port|s‐custom‐port]
Example:
VLAN>framety1‐3all
VLAN>ingr1‐3en
VLAN>tx_t1‐3untag_pvid
VLAN>portty1‐3un
Chapter4:CLIManagement
CLIManagement‐PVLAN(PrivateVLAN)
PoESwitchUserManual|312
4.6.CLIManagement‐PVLAN(PrivateVLAN)
FeatureCommandLine
PVLANConfiguration
PVLANConfigurationSyntax:
PVLANConfiguration[<port_list>]
PVLANAdd<pvlan_id>[<port_list>]
PVLANDelete<pvlan_id>
PVLANLookup[<pvlan_id>]
PVLANIsolate[<port_list>][enable|disable]
Example:
PVLAN>add109‐12
PVLAN>add101‐2
PVLAN>add201‐2
PVLAN>add2013‐18
PVLAN>iso9‐18en(EnableIsolatedPorts)
Result:
PVLANIDPorts
‐‐‐‐‐‐‐‐ ‐‐‐‐‐
11‐8,17‐26
101,2
2013‐18
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|313
4.7.CLIManagement‐Security
FeatureCommandLine
Security‐SwitchConfiguration
Security‐SwitchGroup>securiswi
Type'up'tomoveuponelevelor'/'togotorootlevel
Security/Switch>?
CommandGroups:
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
SecuritySwitchUsers:Usermanagement
SecuritySwitchPrivilege:Privilegelevel
SecuritySwitchAuth:Authentication
SecuritySwitchSSH:SecureShell
SecuritySwitchHTTPS:HypertextTransferProtocoloverSecureSocketLayer
SecuritySwitchAccess:Accessmanagement
SecuritySwitchSNMP:SimpleNetworkManagementProtocol
SecuritySwitchRMON:RemoteNetworkMonitoring
UserConfigurationSecurity/Switch>user?
AvailableCommands:
SecuritySwitchUsersConfiguration
SecuritySwitchUsersAdd<user_name><password>
<privilege_level>
SecuritySwitchUsersDelete<user_name>
AddNewUserSyntax:
SecuritySwitchUsersAdd<user_name><password>
<privilege_level>
Example:AddNewUserName,Passwordwithhighestprivilege,
Name:Orwell,Password:possword,Privilege:15
Security/Switch>usersaddOrwellpassword15
DeletetheUserSyntax:
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|314
SecuritySwitchUsersDelete<user_name>
Example:DeletetheUser,OrwellfromUserNamedatabase
Security/Switch>usersdelOrwell
UserNameDatabaseSecurity/Switch>usersconf
UsersConfiguration:
====================
UserNamePrivilegeLevel
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
admin15
Orwell15
PrivilegeLevelSyntax:
SecuritySwitchPrivilegeLevelGroup<group_name>
[<cro>][<crw>][<sro>][<srw>]
(cro=ConfigurationRead‐Only,crw=Configuration/Excute
Read/Write,sro=Status/StatisticsRead‐Only,srw=Status/Statistics
Read/Write)
Example:SetPrivilegelevelofVLANGroup
Security/Switch/Privilege>levelgroupVLANs10101010
(cro=10,crw=10,sro=10,srw=10)
PrivilegeLevel
ConfigurationTable
Security/Switch>prilevelconf
PrivilegeLevelConfiguration:
==============================
PrivilegeCurrentLevel:15
GroupNamePrivilegeLevel
CROCRWSROSRW
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|315
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Aggregation510510
Debug15151515
Diagnostics510510
AuthenticationMethodSyntax:
SecuritySwitchAuthMethod[console|telnet|ssh|web]
[none|local|radius|tacacs+][enable|disable]
Example:ConfigureTelnetAuthenticationmethodtoRadiusEnable
Security/Switch>authmethodtelnetradiusen
Authentication
Configuration
Security/Switch>authconf
AuthConfiguration:
===================
ClientAuthenticationMethodLocalAuthenticationFallback
‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
consolelocalDisabled
telnetlocalDisabled
sshlocalDisabled
weblocalDisabled
SSHSyntax:
SecuritySwitchSSHMode[enable|disable]
Example:
Security/Switch>sshmodeen
Security/Switch>sshmodedis
HTTPSSyntax:
SecuritySwitchHTTPSMode[enable|disable]
Security/Switch>httpsmodeen
Security/Switch>httpsmodedis
SecuritySwitchHTTPSRedirect[enable|disable]
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|316
Security/Switch>httpsmodeen(MustenabledHTTPS)
Security/Switch>httpsredien
Result:
Security/Switch>httpsconf
HTTPSConfiguration:
====================
HTTPSMode:Enabled
HTTPSRedirectMode:Enabled
AccessManagementSyntax:
SecuritySwitchAccessAdd<access_id><start_ip_addr>
<end_ip_addr>[web][snmp
][telnet]
Example:LimittheIPrangefromthe192.168.2.1to192.168.2.10
canaccessthewebUI.
Security/Switch>accessadd1192.168.2.1192.168.2.10web
SNMPSystem
Configuration
(Mode,Version,Read
/WriteCommunity)
Syntax:
SecuritySwitchSNMPMode[enable|disable]
SecuritySwitchSNMPVersion[1|2c|3]
SecuritySwitchSNMPReadCommunity[<community>]
SecuritySwitchSNMPWriteCommunity[<community>]
Example:
Security/Switch>snmpmodeen
Security/Switch>snmpver2c
Security/Switch/SNMP>readcomabc
Security/Switch/SNMP>writecomorwell
Result:
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|317
SNMPConfiguration:
===================
SNMPMode:Enabled
SNMPVersion:2c
ReadCommunity:abc
WriteCommunity:orwell
SNMPCommunitySyntax:
SecuritySwitchSNMPCommunityAdd<community>[<ip_addr>]
[<ip_mask>]
SecuritySwitchSNMPCommunityDelete<index>
SecuritySwitchSNMPCommunityLookup[<index>]
Example:
Security/Switch>snmpcommuaddabc
Security/Switch>snmpcommuaddtest192.168.2.100
255.255.255.0
SNMPTrapServer
Setting
EntertheSNMPTrapConfigurationGroup
Security/Switch/SNMP>trap
Type'up'tomoveuponelevelor'/'togotorootlevel
Security/Switch/SNMP/Trap>
Syntax:
SecuritySwitchSNMPTrapMode[enable|disable]
SecuritySwitchSNMPTrapVersion[1|2c|3]
SecuritySwitchSNMPTrapCommunity[<community>]
SecuritySwitchSNMPTrapDestination[<ip_addr_string>]
SecuritySwitchSNMPTrapIPv6Destination[<ipv6_addr>]
Example:
Security/Switch/SNMP/Trap>modeena
Security/Switch/SNMP/Trap>version2c
Security/Switch/SNMP/Trap>communitypublic
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|318
Security/Switch/SNMP/Trap>destination192.168.2.100
Result:
TrapMode:Enabled
TrapVersion:2c
TrapCommunity:public
TrapDestination:192.168.2.100
TrapIPv6Destination:::
SNMPTrapEvent
Setting
Syntax:
SecuritySwitchSNMPTrapAuthenticationFailure[enable|disable]
SecuritySwitchSNMPTrapLink‐up[enable|disable]
SecuritySwitchSNMPTrapInformMode[enable|disable]
SecuritySwitchSNMPTrapInformTimeout[<timeout>]
SecuritySwitchSNMPTrapInformRetryTimes[<retries>]
Example:
Security/Switch/SNMP>trapauthfaien
Security/Switch/SNMP>traplink‐upen
Security/Switch/SNMP>trapinfomodeen
Security/Switch/SNMP>trapinfotime5
Security/Switch/SNMP>trapinforettimes5
Result:
TrapAuthenticationFailure:Enabled
TrapLink‐upandLink‐down:Enabled
TrapInformMode:Enabled
TrapInformTimeout(seconds):5
TrapInformRetryTimes:5
SNMPv3UserSyntax:
SecuritySwitchSNMPUserAdd<engineid><user_name>
[MD5|SHA][<auth_password>][DES][<priv_password>]
Example:
Security/Switch/SNMP>useradd800007e5017f000001orwell
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|319
Security/Switch/SNMP>useradd800007e5017f000001andymd5
andy123
Result:
SNMPv3UsersTable:
IdxEngineIDUserNameLevelAuthPriv
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1Localdefault_userNoAuth,NoPrivNone
2LocalorwellNoAuth,NoPrivNone
3LocalandyAuth,NoPrivMD5None
Numberofentries:3
RMONInSecurity/SwitchGroup,thesystemsupports4typesRMON
groups,pleasefollowtheRMONSyntaxtoaddtheentries.
Syntax:
Security/Switch>rmon?
Statistics:
SecuritySwitchRMONStatisticsAdd<stats_id><data_source>
SecuritySwitchRMONStatisticsDelete<stats_id>
SecuritySwitchRMONStatisticsLookup[<stats_id>]
Histroy:
SecuritySwitchRMONHistoryAdd<history_id><data_source>
[<interval>][<buckets>]
SecuritySwitchRMONHistoryDelete<history_id>
SecuritySwitchRMONHistoryLookup[<history_id>]
Alarm:
SecuritySwitchRMONAlarmAdd<alarm_id><interval>
<alarm_vairable>[absolute|delta]<rising_threshold>
<rising_event_index><falling_threshold>
<falling_event_index>[rising|falling|both]
SecuritySwitchRMONAlarmDelete<alarm_id>
SecuritySwitchRMONAlarmLookup[<alarm_id>]
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|320
Event:
SecuritySwitchRMONEventAdd<event_id>
[none|log|trap|log_trap][<community>][<description>]
SecuritySwitchRMONEventDelete<event_id>
SecuritySwitchRMONEventLookup[<event_id>]
Security‐NetworkConfiguration
LimitControl
LimitControl‐System
Configuration
Syntax:
SecurityNetworkLimitConfiguration[<port_list>]
SecurityNetworkLimitMode[enable|disable]
SecurityNetworkLimitAging[enable|disable]
SecurityNetworkLimitAgetime[<age_time>]
Example:
Security/Network>limitmodeenable
Security/Network>limitaginenable
Security/Network>limitagetim1000
Result:
PortSecurityLimitControlConfiguration:
==========================================
Mode:Enabled
Aging:Disabled
AgePeriod:3600
LimitControl‐Port
Configuration
Syntax:
SecurityNetworkLimitPort[<port_list>][enable|disable]
SecurityNetworkLimit[<port_list>][<limit>]
SecurityNetworkLimitAction[<port_list>]
[none|trap|shut|trap_shut]
SecurityNetworkLimitReopen[<port_list>]
Example:
Security/Network>limitport1enabl
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|321
Security/Network>limit15
Security/Network>limitaction1trap
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|322
NetworkAccessServerConfiguration(alsoknownasIEEE802.1X)
NASSystem
Configuration
Syntax:
Mode:
SecurityNetworkNASMode[enable|disable]
SecurityNetworkNASRe‐authentication[enable|disable]
TimeSettings
SecurityNetworkNASReauthPeriod[<reauth_period>]
SecurityNetworkNASEapolTimeout[<eapol_timeout>]
SecurityNetworkNASAgetime[<age_time>]
SecurityNetworkNASHoldtime[<hold_time>]
Radius‐Assigned
SecurityNetworkNASRADIUS_QoS[global|<port_list>]
[enable|disable]
SecurityNetworkNASRADIUS_VLAN[global|<port_list>]
[enable|disable]
GuestVLAN
SecurityNetworkNASGuest_VLAN[global|<port_list>]
[enable|disable][<vid>][<reauth_max>][<allow_if_eapol_seen>]
Example:
Guest_VLANGlobalEnabled,GuestVLANID=100,
Max.Re‐AuthenticationCount=10,
AllowGuestVLANifEAPOLSee=Enable
Security/Network>nasguesgloben10010en
NASPortConfigurationSyntax:
SecurityNetworkNASState[<port_list>]
[auto|authorized|unauthorized|single|multi|macbased]
auto=Port‐based802.1X
authorized=ForceAuthorized
unauthorized=ForceUnauthorized
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|323
single=Single802.1X
multi=Multi802.1X
macbased=MAC_BasedAuthentication
Example:
Security/Network>nasstate2auto
ACL(AccessControlList)
ACLPortConfigurationSyntax:
SecurityNetworkACLAction[<port_list>][permit|deny]
[<rate_limiter>][<port_redirect>][<mirror>][<logging>]
[<shutdown>]
Parameters:
<port_list>:Portlistor'all',default:Allports
permit:Permitforwarding(default)
deny:Denyforwarding
<rate_limiter>:Ratelimiternumber(1‐15)or'disable'
<port_redirect>:Portlistforcopyofframesor'disable'
<mirror>:Mirrorofframes:enable|disable
<logging>:Systemloggingofframes:log|log_disable
<shutdown>:Shutdowningressport:shut|shut_disable
Example:
Security/Network/ACL>Action1permit10disenlogshut
Result:
ACLConfiguration:
==================
PortPolicyActionRateL.PortC.MirrorLoggingShutdownCounter
‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐
10Permit10DisabledEnabledEnabledEnabled0
RateLimiterSyntax:
SecurityNetworkACLRate[<rate_limiter_list>][<rate_unit>]
[<rate>]
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|324
Parameters:
<rate_limiter_list>:Ratelimiterlist(1‐16),default:Allratelimiters
<rate_unit>:IPflags:pps|kbps,default:pss
<rate>:Rateinpps(0‐100)orkbps(0,100,2*100,3*100,...,
1000000)
Example:RateLimiterID=10,Rate=300kbps
Security/Network/ACL>rate10kbps300
Result:
RateLimiterRate
‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐
..........
91PPS
10300KBPS
.......
ACLPolicySyntax:
SecurityNetworkACLPolicy[<port_list>][<policy>]
Example:
Security/Network/ACL>policy12
AccessControlListSyntax:
SecurityNetworkACLAdd[<ace_id>][<ace_id_next>][(port
<port_list>)][(policy<policy><policy_bitmask>)]
[<tagged>][<vid>][<tag_prio>][<dmac_type>][(etype[<etype>]
[<smac>][<dmac>])|
(arp[<sip>][<dip>][<smac>][<arp_opcode>][<arp_flags>])|
(ip[<sip>][<dip>][<protocol>][<ip_flags>])|
(icmp[<sip>][<dip>][<icmp_type>][<icmp_code>][<ip_flags>])|
(udp[<sip>][<dip>][<sport>][<dport>][<ip_flags>])|
(tcp[<sip>][<dip>][<sport>][<dport>][<ip_flags>]
[<tcp_flags>])]
[permit|deny][<rate_limiter>][<port_redirect>][<mirror>]
[<logging>][<shutdown>]
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|325
Parameters:
<ace_id>:ACEID(1‐256),default:NextavailableID
<ace_id_next>:NextACEID(1‐256),default:AddACElast
port:PortACEkeyword
<port_list>:Portlistor'all',default:Allports
policy:PolicyACEkeyword
<policy>:Policynumber(0‐255)
<policy_bitmask>:Policynumberbitmask(0x0‐0xFF)
<tagged>:Taggedofframes:any|enable|disable
<vid>:VLANID(1‐4095)or'any'
<tag_prio>:VLANtagpriority(0‐7)or'any'
<dmac_type>:DMACtype:any|unicast|multicast|broadcast
etype:EthernetTypekeyword
<etype>:EthernetType:0x600‐0xFFFFor'any'but
excluding0x800(IPv4)0x806(ARP)and0x86DD(IPv6)
<smac>:SourceMACaddress('xx‐xx‐xx‐xx‐xx‐xx'or
'xx.xx.xx.xx.xx.xx'or'xxxxxxxxxxxx',xisahexadecimaldigit)or'any'
<dmac>:DestinationMACaddress('xx‐xx‐xx‐xx‐xx‐xx'or
'xx.xx.xx.xx.xx.xx'or'xxxxxxxxxxxx',xisahexadecimaldigit)or'any'
arp:ARPkeyword
<sip>:SourceIPaddress(a.b.c.d/n)or'any'
<dip>:DestinationIPaddress(a.b.c.d/n)or'any'
<arp_opcode>:ARPoperationcode:any|arp|rarp|other
<arp_flags>:ARPflags:request|smac|tmac|len|ip|ether
[0|1|any]
ip:IPkeyword
<protocol>:IPprotocolnumber(0‐255)or'any'
<ip_flags>:IPflags:ttl|options|fragment[0|1|any]
icmp:ICMPkeyword
<icmp_type>:ICMPtypenumber(0‐255)or'any'
<icmp_code>:ICMPcodenumber(0‐255)or'any'
udp:UDPkeyword
<sport>:SourceUDP/TCPportrange(0‐65535)or'any'
<dport>:DestinationUDP/TCPportrange(0‐65535)or
'any'
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|326
tcp:TCPkeyword
<tcp_flags>:TCPflags:fin|syn|rst|psh|ack|urg[0|1|any]
permit:Permitforwarding(default)
deny:Denyforwarding
<rate_limiter>:Ratelimiternumber(1‐15)or'disable'
<port_redirect>:Portlistforcopyofframesor'disable'
<mirror>:Mirrorofframes:enable|disable
<logging>:Systemloggingofframes:log|log_disable
<shutdown>:Shutdowningressport:shut|shut_disable
Example:
AddoneACE:
Security/Network/ACL>add2port6‐10policy38ip
ACEID2addedlast
EditoneACE:
Security/Network/ACL>add1port1‐5policy28any
ACEID1modifiedlast
Result:
IDTypePortPolicyFrameActionRateL.PortC.MirrorCounter
‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1User1‐52/0 x 8 AnyPermitDisabledDisabledDisabled0
2User6‐103/0 x 8 IPPermitDisabledDisabledDisabled0
DHCP
DHCPSnoopingSyntax:
SecurityNetworkDHCPSnoopingMode[enable|disable]
SecurityNetworkDHCPSnoopingPortMode[<port_list>]
[trusted|untrusted]
SecurityNetworkDHCPSnoopingStatistics[<port_list>][clear]
Example:
Security/Network>dhcpsnoopingmodeen
Security/Network>dhcpsnoopingportmode1tru(Port1)
Security/Network>dhcpsnoopingportmode1‐10tru(Port1‐10)
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|327
DHCPRelaySyntax:
SecurityNetworkDHCPRelayMode[enable|disable]
SecurityNetworkDHCPRelayServer[<ip_addr>]
SecurityNetworkDHCPRelayInformationMode[enable|disable]
SecurityNetworkDHCPRelayInformationPolicy
[replace|keep|drop]
Example:
Security/Network>dhcprelayserver192.168.2.100
Security/Network>dhcprelaymodeen
(AssignoneServerIPbeforeenabletheRelaymode)
Security/Network>dhcprelinfomodeen
Security/Network>dhcprelinfopolicykeep
IPSourceGuard
IPSourceGuard
Configuration
Syntax:
SecurityNetworkIPSourceGuardConfiguration
SecurityNetworkIPSourceGuardMode[enable|disable]
SecurityNetworkIPSourceGuardPortMode[<port_list>]
[enable|disable]
SecurityNetworkIPSourceGuardlimit[<port_list>]
[<dynamic_entry_limit>|unlimited]
SecurityNetworkIPSourceGuardEntry[<port_list>]add|delete
<vid><allowed_ip><allowed_mac>
SecurityNetworkIPSourceGuardStatus[<port_list>]
SecurityNetworkIPSourceGuardTranslation
Example:
Security/Network>ipsourceguardmodeen
Security/Network>ipsourceguardportmode1‐10en(Port1‐10)
Security/Network>ipsourceguardlimit1‐102(limit2MAC
Address)
IPSourceGuardStaticSyntax:
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|328
TableSecurityNetworkIPSourceGuardEntry[<port_list>]add|delete
<vid><allowed_ip><allowed_mac>
Example:
Security/Network>ipsourceguardentry5add2192.168.2.101
001122334455
Result:
IPSourceGuardEntryTable:
TypePortVLANIPAddressMACAddress
‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Static11192.168.2.1011‐22‐33‐44‐55‐66
Static52192.168.2.10100‐0b‐16‐21‐2c‐37
ARPInspection
ARPInspectionSyntax:
SecurityNetworkARPInspectionConfiguration
SecurityNetworkARPInspectionMode[enable|disable]
SecurityNetworkARPInspectionPortMode[<port_list>]
[enable|disable]
SecurityNetworkARPInspectionEntry[<port_list>]add|delete
<vid><allowed_mac><allowed_ip>
SecurityNetworkARPInspectionStatus[<port_list>]
SecurityNetworkARPInspectionTranslation
Example:
Security/Network>arpinspectionmodeen
Security/Network>arpinspectionportmode1‐10en
Security/Network>arpinspectionentry1add10112233445566
192.168.2.10
Security/Network>arpinspectionstatus
ARPInspectionEntryTable:
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|329
TypePortVLANMACAddressIPAddress
‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
Static1100b‐16‐21‐2c‐37‐42192.168.2.10
Security‐AAAConfiguration
CommonServer
Configuration
Syntax:
SecurityAAATimeout[<timeout>]
SecurityAAADeadtime[<dead_time>]
RADIUSAuthentication
Server
Syntax:
SecurityAAARADIUS[<server_index>][enable|disable]
[<ip_addr_string>][<secret>][<server_port>]
Example:
Security>aaaradi1en192.168.2.200password1812
RADIUSAccounting
Server
Syntax:
SecurityAAAACCT_RADIUS[<server_index>][enable|disable]
[<ip_addr_string>][<secret>][<server_port>]
Example:
Security>aaaACCT_radi1en192.168.2.200password1813
TACACS+
AuthenticationServer
Syntax:
SecurityAAATACACS+[<server_index>][enable|disable]
[<ip_addr_string>][<secret>][<server_port>]
Example:
Security>aaatacacs+1en192.168.2.200password49
AAAConfigurationSecurity>aaacon
AAAConfiguration:
==================
ServerTimeout:15seconds
ServerDeadTime:300seconds
Chapter4:CLIManagement
CLIManagement‐Security
PoESwitchUserManual|330
RADIUSAuthenticationServerConfiguration:
===========================================
ServerModeIPAddressSecretPort
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
1Enabled192.168.2.200********1812
2Disabled1812
3Disabled1812
4Disabled1812
5Disabled1812
RADIUSAccountingServerConfiguration:
=======================================
ServerModeIPAddressSecretPort
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
1Enabled192.168.2.200********1813
2Disabled1813
3Disabled1813
4Disabled1813
5Disabled1813
TACACS+ AuthenticationServerConfiguration:
============================================
ServerModeIPAddressSecretPort
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐
1Enabled192.168.2.200********49
2Disabled49
3Disabled49
4Disabled49
5Disabled49
Security>
Chapter4:CLIManagement
CLIManagement‐STP
PoESwitchUserManual|331
4.8.CLIManagement‐STP
FeatureCommandLine
BridgeConfiguration
ProtocolVersionSyntax:
STPVersion[<stp_version>]
Parameters:
<stp_version>:mstp|rstp|stp
Example:
STP>verrstp
BridgePrioritySyntax:
STPMstiPriority[<msti>][<priority>]
Example:
STP>mstipri
MSTI#BridgePriority
‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
CIST32768
STP>mstipri4096
(Theavailablepriorityparameterincludes:0,4096,8192,12288,
16384,20480,24576,28672,32768,36864,40960,45056,49152,
53248,57344,61440)
ForwardDelaySyntax:
STPFwdDelay[<delay>]
(Validvaluesareintherange4to30seconds)
Max.AgeSyntax:
STPMaxAge[<max_age>]
(Validvaluesareintherange6to40seconds,andMaxAgemustbe<=
(FwdDelay‐1)*2.)
MaximumHopCountSyntax:
STPMaxHops[<maxhops>]
Chapter4:CLIManagement
CLIManagement‐STP
PoESwitchUserManual|332
(Validvaluesareintherange6to40hops)
TransmitHoldCountSyntax:
STPTxhold[<holdcount>]
(Validvaluesareintherange1to10BPDU'spersecond.)
AdvancedSettingSyntax:
STPbpduFilter[enable|disable]
STPbpduGuard[enable|disable]
STPrecovery[<timeout>]
(Afterrecoverytimeouttimeisset,therecoveryisenabled
automatically.)
MSTIMapping
MSTI/VLANMappingSyntax:
STPMstiAdd<msti><vid‐range>
Example:
STP>mstadd1100
AddVLAN100toMSTI1
STP>mstmap
MSTIVLANsmappedtoMSTI
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
MSTI1100
MSTI2NoVLANsmapped
MSTI3NoVLANsmapped
MSTI4NoVLANsmapped
MSTI5NoVLANsmapped
MSTI6NoVLANsmapped
MSTI7NoVLANsmapped
PortSetting
STPPortModeSyntax:
STPPortMode[<port_list>][enable|disable]
STPPortEdge[<port_list>][enable|disable]
STPPortAutoEdge[<port_list>][enable|disable]
STPPortP2P[<port_list>][enable|disable|auto]
STPPortRestrictedRole[<port_list>][enable|disable]
Chapter4:CLIManagement
CLIManagement‐STP
PoESwitchUserManual|333
STPPortRestrictedTcn[<port_list>][enable|disable]
STPPortbpduGuard[<port_list>][enable|disable]
STPPortStatistics[<port_list>][clear]
Example:
STP>portmode1‐24dis(DisableSTPonport1‐24)
STP>portedge1‐24en(EnableEdgeportonport1‐24)
STP>portautoedge1‐24en(EnableAutoEdgeonP1‐24)
STP>portp2p1‐24en(EnableP2PmodeonP1‐24)
STP>portp2p1‐24auto(EnableAutomaticP2Pdetection)
STP>portbpdu1‐24en(EnableBPDUGuardonP1‐24)
PortPathCost Syntax:
STPMstiPortCost[<msti>][<port_list>][<path_cost>]
Parameters:
<msti>:STPbridgeinstanceno(0‐7,CIST=0,MSTI1=1,...)
<port_list>:Portlistor'all'.Portzeromeansaggregations.
<path_cost>:STPportpathcost(1‐200000000)or'auto'
Example:ConfigureCIST0PortPathCost
STP>mstiportcost0allauto(Pathcost=auto)
STP>mstiportcost0all100000(Pathcost=100000)
PortPrioritySyntax:
STPMstiPortPriority[<msti>][<port_list>][<priority>]
Parameters:
<msti>:STPbridgeinstanceno(0‐7,CIST=0,MSTI1=1,...)
<port_list>:Portlistor'all'.Portzeromeansaggregations.
<priority>:STPportpriority(0/16/32/48/.../224/240)
Example:ConfigureCIST0PortPriority
STPMstiPortPriority[<msti>][<port_list>][<priority>]
STP>mstiportpriority05240(Port5Priority=240)
STP>mstiportpriority0all128(AllPorts'priority=128)
Chapter4:CLIManagement
CLIManagement‐STP
PoESwitchUserManual|334
Example:ConfigureMSTI1PortPriority
STP>mstiportpriority15240(MSTI1port5priority=240)
Chapter4:CLIManagement
CLIManagement‐Aggr
PoESwitchUserManual|335
4.9.CLIManagement‐Aggr
FeatureCommandLine
StaticAggregationConfiguration
AggregationGroup
Configuration
Syntax:
AggrAdd<port_list>[<aggr_id>]
Example:Addport5‐8toGroup1
>aggradd5‐81
>aggrdel1(Deletethegroup1)
HashCode
Contributors
Syntax:
AggrMode[smac|dmac|ip|port][enable|disable]
smac=SourceMACAddress
dmac=DestinationMACAddress
ip=IPAddress
port=TCP/UDPPortNumber
Example:OnlytheSourceMACHashisenabled.Therestmodeare
disabled.
>aggmodesmacen
>aggmodedmacdis
>aggmodeipdis
>aggmodeportdis
LACP
LACPPort
Configuration
Syntax:
LACPConfiguration[<port_list>]
LACPMode[<port_list>][enable|disable]
LACPKey[<port_list>][<key>]
LACPRole[<port_list>][active|passive]
LACPStatus[<port_list>]
LACPStatistics[<port_list>][clear]
Chapter4:CLIManagement
CLIManagement‐Aggr
PoESwitchUserManual|336
Example:Configureport5‐8toaLACPgroup
>lacpmode5‐8en(Mode=Enable)
>lacpkey5‐8100(Key=100)
>lacprole5‐8act(Role=Enable)
Chapter4:CLIManagement
CLIManagement‐LACP
PoESwitchUserManual|337
4.10.CLIManagement‐LACP
FeatureCommandLine
LACPFunctions
ConfigurationDescription:
ShowLACPconfiguration.
Syntax:
LACPConfiguration[<port_list>]
Parameters:
<port_list>:Portlistor'all',default:Allports
Mode Description:
SetorshowLACPmode.
Syntax:
LACPMode[<port_list>][enable|disable]
Parameters:
<port_list>:Portlistor'all',default:Allports
enable:EnableLACPprotocol
disable:DisableLACPprotocol
(default:ShowLACPmode)
Key Description:
SetorshowtheLACPkey.
Syntax:
LACPKey[<port_list>][<key>]
Parameters:
<port_list>:Portlistor'all',default:Allports
<key>:LACPkey(1‐65535)or'auto'
PrioDescription:
SetorshowtheLACPprio.
Syntax:
Chapter4:CLIManagement
CLIManagement‐LACP
PoESwitchUserManual|338
LACPPrio[<port_list>][<prio>]
Parameters:
<port_list>:Portlistor'all',default:Allports
<prio>:LACPPrio(0‐65535)
SystemPrioDescription:
SetorshowtheLACPSystemprio.
Syntax:
LACPSystemPrio[<sysprio>]
Parameters:
<sysprio>:LACPSystemPrio(0‐65535)
Role Description:
SetorshowtheLACProle.
Syntax:
LACPRole[<port_list>][active|passive]
Parameters:
<port_list>:Portlistor'all',default:Allports
active:InitiateLACPnegotiation
passive:ListenforLACPpackets
(default:ShowLACProle)
Status Description:
ShowLACPStatus.
Syntax:
LACPStatus[<port_list>]
Parameters:
<port_list>:Portlistor'all',default:Allports
Statistics Description:
ShowLACPStatistics.
Syntax:
LACPStatistics[<port_list>][clear]
Chapter4:CLIManagement
CLIManagement‐LACP
PoESwitchUserManual|339
Parameters:
<port_list>:Portlistor'all',default:Allports
clear:ClearLACPstatistics
Timeout Description:
SetorshowtheLACPtimeout.
Syntax:
LACPTimeout[<port_list>][fast|slow]
Parameters:
<port_list>:Portlistor'all',default:Allports
fast:FastPDUtransmissions(fasttimeout)
slow:SlowPDUtransmissions(slowtimeout)
(default:ShowLACPtimeout)
Chapter4:CLIManagement
CLIManagement‐LLDP
PoESwitchUserManual|340
4.11.CLIManagement‐LLDP
FeatureCommandLine
LLDPParameters
LLDPTimersSyntax:
LLDPInterval[<interval>]
LLDPHold[<hold>]
LLDPDelay[<delay>]
LLDPReinit[<reinit>]
Example:
LLDP>interval30
LLDP>hold4
LLDP>delay2
LLDP>reini2
LLDPModeSyntax:
LLDPMode[<port_list>][enable|disable|rx|tx]
(rx=RXOnly,tx=TXOnly)
Example:EnableLLDPonPorts
LLDP>mode1‐10en(Port1‐10areenabled)
LLDP>mode1‐26en(Port1‐26areenabled)
CDPawareSyntax:
LLDPcdp_aware[<port_list>][enable|disable]
Example:EnableCDPonPort1‐5
LLDP>cdp_a1‐5en(CDPonPort1‐5areenabled)
LLDPOptional_TLV
Parameters
Syntax:
LLDPoptional_TLV[<port_list>]
[port_descr|sys_name|sys_descr|sys_capa|mgmt_addr]
[enable|disable]
Example:
LLDP>option1‐3porten
LLDP>option1‐3sys_nameen
LLDP>option1‐3sys_descen
LLDP>option1‐3sys_capaen
Chapter4:CLIManagement
CLIManagement‐LLDP
PoESwitchUserManual|341
LLDP>option1‐3mgmt_adden
Chapter4:CLIManagement
CLIManagement‐LLDPMED
PoESwitchUserManual|342
4.12.CLIManagement‐LLDPMED
FeatureCommandLine
LLDPMEDParameters
ConfigurationDescription:
ShowLLDP‐MEDconfiguration.
Syntax:
LLDPMEDConfiguration[<port_list>]
Parameters:
<port_list>:Portlistor'all',default:Allports
LLDPMED>config?
Description:
ShowLLDP‐MEDconfiguration.
Syntax:
LLDPMEDConfiguration[<port_list>]
Parameters:
<port_list>:Portlistor'all',default:Allports
Civic Description:
SetorshowLLDP‐MEDCivicAddressLocation.
Syntax:
LLDPMEDCivic
[country|state|county|city|district|block|street|leading_street_di
rection|trailing_street_suffix|str_suf|house_no|house_no_suffix|l
andmark|additio
nal_info|name|zip_code|building|apartment|floor|room_number
|place_type|postal_co
m_name|p_o_box|additional_code][<civic_value>]
Parameters:
country:Country
Chapter4:CLIManagement
CLIManagement‐LLDPMED
PoESwitchUserManual|343
state:Nationalsubdivisions(state,caton,region,province,
prefecture)
county:County,parish,gun(JP),district(IN)
city:City,townchip,shi(JP)
district:Citydivision,borough,city,district,ward,chou(JP)
block:Neighborhood,block
street:Street
leading_street_direction:Leadingstreetdirection
trailing_street_suffix:Trailingstreetsuffix
str_suf:StreetSuffix
house_no:HouseNumber
house_no_suffix:Housenumbersuffix
landmark:Landmarkorvanityaddress
additional_info:Additionallocationinformationname:
Name(residenceandofficeoccupant)
zip_code:Postal/zipcode
building:Building(structure)
apartment:Unit(apartment,suite)
floor:Floor
room_number:Roomnumber
place_type:Placetype
postal_com_name:Postalcommunityname
p_o_box:Postofficebox(P.O.Box)
additional_code:Additionalcode
(default:ShowCivicAddressLocationconfiguration)
<civic_value>:lldpmedThevaluefortheCivicAddressLocation
entry.
ecsDescription:
SetorshowLLDP‐MEDEmergencyCallService.
Syntax:
LLDPMEDecs[<ecs_value>]
Parameters:
<ecs_value>:lldpmedThevaluefortheEmergencyCallService
Chapter4:CLIManagement
CLIManagement‐LLDPMED
PoESwitchUserManual|344
Policy
Delete Description:
Deletetheselectedpolicy.
Syntax:
LLDPMEDpolicydelete<policy_list>
Parameters:
<policy_list>:Listofpoliciestodelete
Add Description:
Addsapolicytothelistofpolices.
Syntax:
LLDPMEDpolicyadd<policy_type>[tagged|untagged][<vlan_id>]
[<l2_priority>][<dscp>]
Parameters:
<policy_type>:Thepolicy_typeparametertakesthefollowing
values:
voice:VoiceforusebydedicatedIPTelephonyhandsetsandother
similarappliancessupportinginteractivevoiceservices.These
devicesaretypicallydeployedonaseparateVLANforeaseof
deploymentandenhancedsecuritybyisolationfromdata
applications
voice_signaling:VoiceSignaling(conditional)foruseinnetwork
topologiesthatrequireadifferentpolicyforthevoicesignaling
thanforthevoicemedia.
guest_voice:GuestVoicetosupportaseparatelimitedfeature‐set
voiceserviceforguestusersandvisitorswiththeirownIP
Telephonyhandsetsandothersimilarappliancessupporting
interactivevoiceservices.
guest_voice_signaling:GuestVoiceSignaling(conditional)foruse
Chapter4:CLIManagement
CLIManagement‐LLDPMED
PoESwitchUserManual|345
innetworktopologiesthatrequireadifferentpolicyfortheguest
voicesignalingthanfortheguestvoicemedia.
softphone_voice:SoftphoneVoiceforusebysoftphone
applicationsontypicaldatacentricdevices,suchasPCsorlaptops.
ThisclassofendpointsfrequentlydoesnotsupportmultipleVLANs,
ifatall,andaretypicallyconfiguredtouseanuntaggedVLANora
singletaggeddataspecificVLAN.
video_conferencing:VideoConferencingforusebydedicated
VideoConferencingequipmentandothersimilarappliances
supportingreal‐timeinteractivevideo/audioservices.
streaming_video:StreamingVideoforusebybroadcastor
multicastbasedvideocontentdistributionandothersimilar
applicationssupportingstreamingvideoservicesthatrequire
specificnetworkpolicytreatment.Videoapplicationsrelyingon
TCPwithbufferingwouldnotbeanintendeduseofthisapplication
type.
video_signaling:VideoSignaling(conditional)foruseinnetwork
topologiesthatrequireaseparatepolicyforthevideosignaling
thanforthevideomedia.
tagged:Thedeviceisusingtaggedframesunragged:Thedeviceis
usinguntaggedframes
<vlan_id>:VLANid
<l2_priority>:Thisfieldmayspecifyoneofeightprioritylevels(0
through7),asdefinedbyIEEE802.1D‐2004[3].
<dscp>:ThisfieldshallcontaintheDSCPvaluetobeusedtoprovide
Diffservnodebehaviorforthespecifiedapplicationtypeasdefined
inIETFRFC2474[5].This6bitfieldmaycontainoneof64code
pointvalues(0through63).Avalueof0representsuseofthe
defaultDSCPvalueasdefinedinRFC2475.
Chapter4:CLIManagement
CLIManagement‐EEE
PoESwitchUserManual|346
4.13.CLIManagement‐EEE
FeatureCommandLine
EEEConfiguration
EEEPortConfigurationSyntax:
EEEMode[<port_list>][enable|disable]
Parameters:
<port_list>:Portlistor'all',default:Allports
enable:EnableEEE
disable:DisableEEE
Example:EnablePort1‐5
EEE>mode1‐5en
UrgentQueueofPortSyntax:
EEEUrgent_queues[<port_list>][<queue_list>]
Parameters:
<port_list>:Portlistor'all',default:Allports
<queue_list>:Listofqueuestoconfigureasurgentqueues(1‐8or
none)
Example:EnableUrgent_QueueonPort1‐5
EEE>urge1‐52
Chapter4:CLIManagement
CLIManagement‐POE
PoESwitchUserManual|347
4.14.CLIManagement‐POE
FeatureCommandLine
PoEConfiguration
PoEConfigurationSyntax:
PoEMgmt_mode
[class_con|class_res|al_con|al_res|lldp_res|lldp_con]
Parameters:
class_con:Class+ActualConsumption
class_res:Class+ReservedPower
al_con:Allocation+ActualConsumption
al_res:Allocation+ReservedPower
lldp_con:LLDP‐MED+ActualConsumption
lldp_res:LLDP‐MED+ReservedPower
Example:
PoE>mgmtclass_con
PoEPowerSupply
Configuration
(Warning:Thedefault
valueisforreference
only.Ifthevalueisnot
comforttoyour
productspecification,
pleasegivethecorrect
valuebeforeyoustart
usingPoEfunction.)
Syntax:
PoEMaximum_Power[<port_list>][<port_power>]
Parameters:
<port_list>:Portlistor'all',default:Allports
<port_power>:PoEmaximumpowerfortheport(0‐15.4Wattfor
PoEmode,0‐30.0WattforPoE+mode)
Example:
PoE>max1‐2410(Max.powerofPort1‐24to10Watt)
PoE>max1‐2415.4(Max.powerofPort1‐24to15.4Watt)
PoEPortConfigurationSyntax:
PoEMode[<port_list>][disabled|poe|poe+]
Parameters:
<port_list>:Portlistor'all',default:Allports
disables:DisablePoE
Chapter4:CLIManagement
CLIManagement‐POE
PoESwitchUserManual|348
poe:EnablesPoEIEEE802.3af(Class4limitedto15.4W)
poe+:EnablesPoE+IEEE802.3at(Class4limitedto30W)
(default:ShowPoE'smode)
Example:SetPort1‐24roPoE+mode
PoE>mode1‐24poe+
PoEStatusPrimaryPowerSupply
PoE>prim
PrimaryPowerSupply
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
200[W]
PortStatus
PoE>sta
PortPDClassPortStatusPowerUsed[W]CurrentUsed[mA]
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐
1‐NoPDdetected0.00
2‐NoPDdetected0.00
Chapter4:CLIManagement
CLIManagement‐QoS
PoESwitchUserManual|349
4.15.CLIManagement‐QoS
FeatureCommandLine
QoSConfiguration
PortClassificationSyntax:
QoSPortClassificationClass[<port_list>][<class>]
QoSPortClassificationDPL[<port_list>][<dpl>]
QoSPortClassificationPCP[<port_list>][<pcp>]
QoSPortClassificationDEI[<port_list>][<dei>]
QoSPortClassificationTag[<port_list>][enable|disable]
QoSPortClassificationMap[<port_list>][<pcp_list>][<dei_list>]
[<class>][<dpl>]
QoSPortClassificationDSCP[<port_list>][enable|disable]
RangeoftheValue:
<class>:QoSclass(0‐7)
<dpl>:DropPrecedenceLevel(0‐1)
<pcp>:PriorityCodePoint(0‐7)
<dei>:DropEligibleIndicator(0‐1)
Example:
QoS/Port/Classification>clas1‐27
QoS/Port/Classification>dpl1‐21
QoS/Port/Classification>pcp1‐27
QoS/Port/Classification>dei1‐21
QoS/Port/Classification>tag1‐2en
QoS/Port/Classification>dscp1‐2en
QoSIngressPort
TagClassification
Syntax:
QoSPortClassificationMap[<port_list>][<pcp_list>][<dei_list>]
[<class>][<dpl>]
PortPolicingSyntax:
QoSPortPolicerMode[<port_list>][enable|disable]
QoSPortPolicerRate[<port_list>][<rate>]
QoSPortPolicerUnit[<port_list>][kbps|fps]
QoSPortPolicerFlowControl[<port_list>][enable|disable]
Chapter4:CLIManagement
CLIManagement‐QoS
PoESwitchUserManual|350
<rate>:Rateinkbpsorfps(100‐3300000)
Example:
QoS/Port/Policer>mode1‐2en
QoS/Port/Policer>rate1‐2300
QoS/Port/Policer>unit1‐2kbps
QoS/Port/Policer>flow1‐2en
PortSchedulerSyntax:
Syntax:
QoSPortSchedulerMode[<port_list>][strict|weighted]
Example:
QoS/Port/Scheduler>mode1‐2stric(StrictPriority)
QoS/Port/Scheduler>mode1‐2wei(Weighted)
QoSEgressPortSchedulerandShapers
QoS/Port/Scheduler>wei1‐2130(Port1‐2,Q1=30)
QoS/Port/Scheduler>wei1‐2230(Port1‐2,Q2=30)
PortShapingSyntax:
PortShaper:
QoSPortShaperMode[<port_list>][enable|disable]
QoSPortShaperRate[<port_list>][<bit_rate>]
Chapter4:CLIManagement
CLIManagement‐QoS
PoESwitchUserManual|351
QueueShaper:
QoSPortQueueShaperMode[<port_list>][<queue_list>]
[enable|disable]
QoSPortQueueShaperRate[<port_list>][<queue_list>][<bit_rate>]
QoSPortQueueShaperExcess[<port_list>][<queue_list>]
[enable|disable]
Parameters:
<port_list>:Portlistor'all',default:Allports
<bit_rate>:Rateinkilobitspersecond(100‐3300000)
Example:
QoS/Port/Shaper>rate1‐21000
QoS/Port/QueueShaper>mode1‐2allen(QueueShaper)
QoS/Port/QueueShaper>rate1‐2all600(QueueShaper)
DSCP
Configuration
Syntax:
QoSPortDSCPTranslation[<port_list>][enable|disable]
QoSPortDSCPClassification[<port_list>][none|zero|selected|all]
QoSPortDSCPEgressRemark[<port_list>]
[disable|enable|remap_dp_unaware|remap_dp_aware]
Note:DSCPisanadvancedQoSsetting,pleasefollowtheDSCPtableof
upperaccess/coreswitchtoconfigurethetable.Thetableofthewhole
networkmustbeunified.
StormConfiguration
StromControlSyntax:
QoSStormUnicast[enable|disable][<packet_rate>]
QoSStormMulticast[enable|disable][<packet_rate>]
QoSStormBroadcast[enable|disable][<packet_rate>]
<packet_rate>:Rateinfps(1,2,4,8,16,32,64,128,256,512,1k,2k,4k,
8k,16k,32k,64k,128k,256k,512k,1024k,2048k,4096k,8192k,
16384k,32768k)
Example:
QoS/Storm>unicen32768k
Chapter4:CLIManagement
CLIManagement‐QoS
PoESwitchUserManual|352
QoS/Storm>multien4096k
QoS/Storm>broaden4k
Chapter4:CLIManagement
CLIManagement‐Mirror
PoESwitchUserManual|353
4.16.CLIManagement‐Mirror
FeatureCommandLine
MirroringConfiguration
MirrorConfigurationSyntax:
MirrorPort[<port>|disable]
MirrorMode[<port_cpu_list>][enable|disable|rx|tx]
Example:
Mirror>port5
Mirror>mode6‐8en
Result:
MirrorConfiguration:
=====================
MirrorPort:5
PortMode
‐‐‐‐ ‐‐‐‐‐‐‐‐
1Disabled
2Disabled
3Disabled
4Disabled
5Disabled
6Enabled
7Enabled
8Enabled
Chapter4:CLIManagement
CLIManagement‐Config
PoESwitchUserManual|354
4.17.CLIManagement‐Config
FeatureCommandLine
Config
SaveDescription:
SaveconfigurationtoTFTPserver.
Syntax:
ConfigSave<ip_server><file_name>
Parameters:
<ip_server>:TFTPserverIPv4address(a.b.c.d)
<file_name>:Configurationfilename
Load Description:
LoadconfigurationfromTFTPserver.
Syntax:
ConfigLoad<ip_server><file_name>[check]
Parameters:
<ip_server>:TFTPserverIPv4address(a.b.c.d)
<file_name>:Configurationfilename
check:Checkconfigurationfileonly,default:Checkandapplyfile
Chapter4:CLIManagement
CLIManagement‐Firmware
PoESwitchUserManual|355
4.18.CLIManagement‐Firmware
FeatureCommandLine
Firmware
Load Description:
LoadnewfirmwarefromTFTPserver.
Syntax:
FirmwareLoad<ip_addr_string><file_name>
Parameters:
<ip_addr_string>:IPhostaddress(a.b.c.d)orahostnamestring
<file_name>:Firmwarefilename
IPv6LoadDescription:
LoadnewfirmwarefromIPv6TFTPserver.
Syntax:
FirmwareIPv6Load<ipv6_server><file_name>
Parameters:
<ipv6_server>:TFTPserverIPv6address
<file_name>:Firmwarefilename
InformationDescription:
Displayinformationaboutactiveandalternatefirmwareimages.
Syntax:
FirmwareInformation
Chapter4:CLIManagement
CLIManagement‐UPnP
PoESwitchUserManual|356
4.19.CLIManagement‐UPnP
FeatureCommandLine
UPnPConfiguration
UPnpConfigurationSyntax:
UPnPConfiguration
UPnPMode[enable|disable]
UPnPTTL[<ttl>]
UPnPAdvertisingDuration[<duration>]
Example:
UPnP>modeen
UPnP>ttl5(Default=4)
UPnP>adver200(Default=100)
Result:
UPnPConfiguration:
===================
UPnPMode:Enabled
UPnPTTL:5
UPnPAdvertisingDuration:200
Chapter4:CLIManagement
CLIManagement‐MVR
PoESwitchUserManual|357
4.20.CLIManagement‐MVR
FeatureCommandLine
MVRConfiguration
MVRModeSyntax:
MVRMode[enable|disable]
MVR‐VLANInterface
Setting
Syntax:
MVRVLANSetup[<mvid>][add|del|upd][(Name<mvr_name>)]
Example:MVRVLAN2,MVRName=Source2
MVR>vlansetup2addNameSource2
MVR‐PortRoleSyntax:
MVRVLANPort[<vid>|<mvr_name>][<port_list>]
[source|receiver|inactive]
Example:Port2=SourcePort,Port6‐7=ReceiverPort
MVR>vlanport22source
MVR>vlanport26‐7rec
ImmediatelyLeaveSyntax:
MVRImmediateLeave[<port_list>][enable|disable]
Example:
MVR>immedileave1‐10en
MVRConfigurationMVR>conf(Viewthesettingsofaboveconfiguration)
MVRConfiguration:
==================
MVRMode:Enabled
MVRInterfaceSetting
VIDNameModeTaggin gPriorityLLQI
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐
2Source2DynamicTag ged 05
[PortSettingofSource2(VID‐2)]
SourcePort:2
ReceiverPort:6,7
InactivePort:1,3‐5,8‐26
[ChannelSettingofSource2(VID‐2)]
<EmptyChannelTable >
Chapter4:CLIManagement
CLIManagement‐MVR
PoESwitchUserManual|358
MVRImmediateLeaveSetting
PortImmediateLeave
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1Enabled
2Enabled
3Enabled
4Enabled
5Enabled
6Enabled
7Enabled
8Enabled
9Enabled
10Enabled
11Disabled
12Disabled
Chapter4:CLIManagement
CLIManagement‐VoiceVLAN
PoESwitchUserManual|359
4.21.CLIManagement‐VoiceVLAN
FeatureCommandLine
VoiceVLANConfiguration
VoiceVLAN
Configuration
Syntax:
VoiceVLANMode[enable|disable]
VoiceVLANID[<vid>]
VoiceVLANAgetime[<age_time>]
VoiceVLANTrafficClass[<class>]
Example:
Voice>vlanmodeen
Voice>vlanid100
Voice>vlanage86400
Voice>vlantraffclass7
Result:
VoiceVLANConfiguration:
=========================
VoiceVLANMode:Enabled
VoiceVLANVLANID:100
VoiceVLANAgeTime(seconds):86400
VoiceVLANTrafficClass:7
PortConfigurationSyntax:
VoiceVLANPortMode[<port_list>][disable|auto|force]
VoiceVLANSecurity[<port_list>][enable|disable]
VoiceVLANDiscoveryProtocol[<port_list>][oui|lldp|both]
Example:
Voice/VLAN>portmode1‐4auto
Voice/VLAN>security1‐4en
Voice/VLAN>discopro1‐4both
Result:
VoiceVLANPortConfiguration:
==============================
PortModeSecurityDiscoveryProtocol
‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Chapter4:CLIManagement
CLIManagement‐VoiceVLAN
PoESwitchUserManual|360
1AutoEnabledBoth
2AutoEnabledBoth
3AutoEnabledBoth
4AutoEnabledBoth
OUIConfigurationSyntax:
VoiceVLANOUIAdd<oui_addr>[<description>]
VoiceVLANOUIDelete<oui_addr>
VoiceVLANOUIClear
VoiceVLANOUILookup[<oui_addr>]
Example:
Voice/VLAN>ouiadd00‐12‐08hello
Result:
Voice/VLAN>ouilookup
VoiceVLANOUITable:
=====================
TelephonyOUIDescription
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
00‐01‐E3SiemensAGphones
00‐03‐6BCiscophones
00‐0F‐E2H3Cphones
00‐60‐B9PhilipsandNECAGphones
00‐D0‐1EPingtelphones
00‐E0‐75Polycomphones
00‐E0‐BB3Comphones
00‐12‐77e10
00‐12‐08hello
Chapter4:CLIManagement
CLIManagement‐LoopProtect
PoESwitchUserManual|361
4.22.CLIManagement‐LoopProtect
FeatureCommandLine
GeneralSettings
EnableLoopProtectionSyntax:
LoopProtectMode[enable|disable]
LoopProtectTransmit[<transmit‐time>]
LoopProtectShutdown[<shutdown‐time>]
Example:
>loopprotectmodeen
TransmissionTime>loopprotecttrans10(10seconds)
ShutdownTime>loopprotectshut200(200seconds)
PortConfiguration
LoopProtection‐Port
Configuration
Syntax:
LoopProtectPortMode[<port_list>][enable|disable]
LoopProtectPortAction[<port_list>][shutdown|shut_log|log]
LoopProtectPortTransmit[<port_list>][enable|disable]
Example:
Loop/Protect>portmode1en
Loop/Protect>portaction1shut_log(ShutdownPortandLog)
Loop/Protect>porttransmit1en
Chapter4:CLIManagement
CLIManagement‐IPMC
PoESwitchUserManual|362
4.23.CLIManagement‐IPMC
FeatureCommandLine
IGMPSnoopingConfiguration
IGMPSnoopingEnableSyntax:
IPMCMode[mld|igmp][enable|disable]
Example:
IPMC>modeigmpen
UnregisteredIPMCv4
FloodingEnabled
Syntax:
IPMCFlooding[mld|igmp][enable|disable]
Example:
IPMC>floodigmpen
IGMPSSMRange
(Source‐Specific
Multicast)
Syntax:
IPMCSSM[mld|igmp][(Range<prefix><mask_len>)]Example:
IPMC>ssmigmprange239.0.0.08
(Rangefrom239.0.0.0,masklength=8)
LeaveProxyEnableSyntax:
IPMCLeaveProxy[mld|igmp][enable|disable]
Example:
IPMC>leaveproxyigmpen(Enable)
IPMC>leaveproxyigmpdis(Disable)
ProxyEnableSyntax:
IPMCProxy[mld|igmp][enable|disable]
Example:
IPMC>proxyigmpen(Enable)
IPMC>proxyigmpdis(Disable)
PortRelated
Configuration
(RouterPort,Fast
Leave,Throttling)
Syntax:
IPMCRouter[mld|igmp][<port_list>][enable|disable]
IPMCFastleave[mld|igmp][<port_list>][enable|disable]
IPMCThrottling[mld|igmp][<port_list>][limit_group_number]
Example:
IPMC>routerigmp25‐26en(Port25‐26arerouterports)
IPMC>Fastigmp1‐24en(EnableIGMPFastLeaveonP1‐24)
IPMC>throigmp1‐25(ThrottingofPort1,2is5groups.)
VLANConfigurationSyntax:
IPMCState[mld|igmp][<vid>][enable|disable]
Chapter4:CLIManagement
CLIManagement‐IPMC
PoESwitchUserManual|363
IPMCQuerier[mld|igmp][<vid>][enable|disable]
IPMCCompatibility[mld|igmp][<vid>][auto|v1|v2|v3]
IPMCParameterRV[mld|igmp][<vid>][ipmc_param_rv]
IPMCParameterQI[mld|igmp][<vid>][ipmc_param_qi]
IPMCParameterQRI[mld|igmp][<vid>][ipmc_param_qri]
IPMCParameterLLQI[mld|igmp][<vid>][ipmc_param_llqi]
IPMCParameterURI[mld|igmp][<vid>][ipmc_param_uri]
Example:
IPMC>stateigmp2en(EnableIGMPSnoopingonVLAN2)
IPMC>querigmp2en(EnableIGMPQuerieronVLAN2)
IPMC>compaigmp2v2(EnableIGMPv2onVLAN2)
MLDSnooping
MLDSnoopingNote:TheMLDSnoopingisappliedtoIPv6Multicast.The
commandsarethesameasaboveIGMPSnooping(IPv4)
Commands.Justchoosesmldinsteadofigmpwhenseeing
[mld|igmp]inthesyntax.TheIPAddressshouldbeIPv6formatfor
sure.
Chapter4:CLIManagement
CLIManagement‐sFlow
PoESwitchUserManual|364
4.24.CLIManagement‐sFlow
FeatureCommandLine
sFlowConfiguration
ReceiverConfigurationSyntax:
sFlowReceiver[release][<timeout>][<ip_addr_host>]
[<udp_port>][<datagram_size>]
Example:
sFlow>receiver10192.168.2.10063431400
Result:
ReceiverConfiguration:
=======================
Owner:<none>
Receiver:192.168.2.100
UDPPort:6343
Max.Datagram:1400bytes
Timeleft:0seconds
ReceiverReleasesFlow>receiver
PortConfigurationSyntax:
sFlowReceiver[release][<timeout>][<ip_addr_host>]
[<udp_port>][<datagram_size>]
sFlowFlowSampler[<port_list>][<sampling_rate>]
[<max_hdr_size>]
sFlowCounterPoller[<port_list>][<interval>]
sFlowStatisticsReceiver[clear]
sFlowStatisticsSamplers[<port_list>][clear]
Example:
sFlow>flow1‐210128(EnableFlowSampleonport1‐2,rate=10,
max.size=128)
sFlow>coun1‐25(EnableCounterPollerofport1‐2,andset
intervalto5)
Chapter4:CLIManagement
CLIManagement‐sFlow
PoESwitchUserManual|365
sFlow>statisticsample1‐2
Per‐PortStatistics:
====================
PortRxFlowSamplesTxFlowSamplesCounterSamples
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
1000
2000
Chapter4:CLIManagement
CLIManagement‐VCL
PoESwitchUserManual|366
4.25.CLIManagement‐VCL
FeatureCommandLine
MAC‐basedVLANConfiguration
MAC‐basedVLAN
Configuration
Syntax:
VCLMacvlanAdd<mac_addr><vid>[<port_list>]
Example:
VCL/Macvlan>add001122334455101‐4
Result:
VCL/Macvlan>conf
MACAddressVIDPorts
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐
00‐0b‐16‐21‐2c‐37101‐4
Protocol‐basedVLANConfiguration
ProtocoltoGroupSyntax:
VCLProtoVlanProtocolAddEth2<ether_type>|arp|ip|ipx|at
<group_id>
Example:
VCL/ProtoVlan>protocoladdEth20x0808E4
GrouptoVLANSyntax:
VCLProtoVlanVlanAdd[<port_list>]<group_id><vid>
Example:
VCL/ProtoVlan>vlanadd1‐8E410
ProtocolVLAN
Configuration
Result:
VCL/ProtoVlan>conf
ProtocolTypeProtocol(Value)GroupID
‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐
EthernetIIETYPE:0x808E4
LLC_OtherDSAP:0xff;SSAP:0xffL3
LLC_SNAPOUI‐00:e0:2b;PID:0x1S2
EthernetIIETYPE:0x800E1
Chapter4:CLIManagement
CLIManagement‐VCL
PoESwitchUserManual|367
GroupIDVIDPorts
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐
E4101‐8
E1105‐8
IPSubnet‐basedVLANConfiguration
IPSubnet‐basedVLAN
Configuration
Syntax:
VCLIPVlanAdd[<vce_id>]<ip_addr_mask><vid>[<port_list>]
Parameters:
<vce_id>:UniqueVCEIDforeachVCLentry
<ip_addr_mask>:SourceIPaddressandmask(Format:a.b.c.d/n).
<vid>:VLANID(1‐4095)
<port_list>:Portlistor'all',default:Allports
Example:
VCL/IPVlan>add1192.168.10.0/24101‐10
Result:
VCEIDIPAddressMaskLengthVIDPorts
‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐
1192.168.10.024101‐10
AppendixA:
ProductSafety
PoESwitchUserManual|368
AppendixA:ProductSafety
Thisappendixdescribessafetyissuesregardingtothisproduct.Tousethisproductsafely,itishighly
recommendedtoreadthisappendixbeforeinstallingandusingthisproduct.
Failuretofollowtheseprecautionsandwarningsmightcauseproductmalfunction,electricalshock,
orevenfire.Ifthisproductisworkingabnormally(e.g.generatingsmoke),pleasestopusingthis
productandcontactyourdistributororretailerimmediately.
DONOTinstallthisproductunderconditionslistedbelow:
DONOTinstallthisproductinanenvironmentwithconditionsexceedingitsspecified
operatingenvironment.
DONOTinstallthisproductinanenvironmentthatissubjectedtodirectsunlightornear
anyheatingequipment.
DONOTinstallthisproductinanenvironmentwithextremetemperaturechanges.Extreme
temperaturechanges,evenwithintheproduct’soperatingtemperaturerange,maycause
malfunctions.
DONOTinstallthisproductinalocationnearanysourcesofwaterorliquid.
DONOTstackthisproductwithothernetworkdevicesdirectlyontopofoneanother.
Stackingnetworkdevicesdirectlywithoutapplyingamountingrackwillcausethisproduct
tooverheat.
DONOTinstallthisproductonanunstablesurface.Doingsomightcausethisproducttofall,
resultingmalfunction.
ProductMaintenanceGuide:
DONOTdisassemblethisproduct.Doingsomightcausemalfunctionandvoidyour
product’swarranty.
Itisrecommendedtokeepyourproductclearofdust.To removedustfromyourproduct,
pleaseuseadrybrushandbrushitoffgently.
Whennotusingthisproduct,pleasestoreitinanenvironmentwithlowhumidity,cool
temperature,andfreeofdust.Failuretodosomightcausemalfunction.
Beforepoweringupthisproduct,pleasemakesurethattheelectricpowersourcemeets
thisproduct’srequirement.DONOTuseotherpoweradaptersifthisproductcomeswithits
ownpoweradapterinthepackage.
AppendixB:
IPConfigurationforYourPC
PoESwitchUserManual|369
AppendixB:IPConfigurationforYourPC
ThisappendixdescribeshowtosettheIPaddressofyourPCsoyoucanconnecttoproduct
configurationwebpage.Theconfigurationwebpageallowsyoutosetsystemvariablesormonitor
systemstatus.
ThefollowingsectionwillguideyoutosettheIPaddressproperlyinaMicrosoftWindows8
environment.SettingIPaddressinotherMicrosoftoperatingsystem(suchasWindowsVistaor
Windows7)isquitethesameandcanberelated.
1. OpenNetworkandSharingCenterinControlPanel,andclickonChangeadaptersettings
asshowninthefiguredownbelow.
2. ANetworkConnectionswindowwillpopup,showingallthenetworkconnectionsavailable
onyourPC.Pleasedouble‐clickonthenetworkconnectionyouareusingtoconnectthe
AppendixB:
IPConfigurationforYourPC
PoESwitchUserManual|370
3. AnEthernetStatuswindowwillpopup.PleaseclickonthePropertiesbuttonasshownin
thefiguredownbelow.
4. AnEthernetPropertieswindowwillpopup.PleasedoubleclickontheInternetProtocol
Version4(TCP/IPv4).
AppendixB:
IPConfigurationforYourPC
PoESwitchUserManual|371
5. AnInternetProtocolVersion4(TCP/IPv4)Propertieswindowwillpopup.Pleasesetyour
PC’sIPaddressandsubnetmaskasshowninthefiguredownbelow.
Bydefault,yourproduct’sIPaddressshouldbe192.168.2.1.YoucansetanyIPaddressas
longasit’snotthesamewithyourproduct’sIPaddressandisinthesamenetworksegment
withyourproduct’sIPaddress.
PressOKtoapplytheTCP/IPv4settingsyoujustmade.Nowyoucanconnecttoyour
productusingawebbrowser(i.e.InternetExplorer,Chrome,orFirefox).
AppendixB:
IPConfigurationforYourPC
PoESwitchUserManual|372
AppendixC:
Glossary
PoESwitchUserManual|373
AppendixC:Glossary
Thisappendixcontainsthetermsandglossariesthatareusedinthisusermanual.
A
ACE
ACEisanacronymforAccessControlEntry.Itdescribesaccesspermissionassociatedwitha
particularACEID.
TherearethreeACEframetypes(EthernetType,ARP,andIPv4)andtwoACEactions(permitand
deny).TheACEalsocontainsmanydetailed,differentparameteroptionsthatareavailablefor
individualapplication.
ACL
ACLisanacronymforAccessControlList.ItisthelisttableofACEs,containingaccesscontrolentries
thatspecifyindividualusersorgroupspermittedordeniedtospecifictrafficobjects,suchasa
processoraprogram.
EachaccessibletrafficobjectcontainsanidentifiertoitsACL.Theprivilegesdeterminewhether
therearespecifictrafficobjectaccessrights.
ACLimplementationscanbequitecomplex,forexample,whentheACEsareprioritizedforthe
varioussituation.Innetworking,theACLreferstoalistofserviceportsornetworkservicesthatare
availableonahostorserver,eachwithalistofhostsorserverspermittedordeniedtousethe
service.ACLcangenerallybeconfiguredtocontrolinboundtraffic,andinthiscontext,theyare
similartofirewalls.
Thereare3web‐pagesassociatedwiththemanualACLconfiguration:
ACL|Access Control List:ThewebpageshowstheACEsinaprioritizedway,highest(top)to
lowest(bottom).Defaultthetableisempty.AningressframewillonlygetahitononeACEeven
thoughtherearemorematchingACEs.ThefirstmatchingACEwilltakeaction(permit/deny)onthat
frameandacounterassociatedwiththatACEisincremented.AnACEcanbeassociatedwithaPolicy,
1ingressport,oranyingressport(thewholeswitch).IfanACEPolicyiscreatedthenthatPolicycan
beassociatedwithagroupofportsunderthe"Ports"web‐page.Therearenumberofparameters
thatcanbeconfiguredwithanACE.ReadtheWebpagehelptexttogetfurtherinformationforeach
ofthem.ThemaximumnumberofACEsis64.
AppendixC:
Glossary
PoESwitchUserManual|374
ACL|Ports:TheACLPortsconfigurationisusedtoassignaPolicyIDtoaningressport.Thisisuseful
togroupportstoobeythesametrafficrules.TrafficPolicyiscreatedunderthe"AccessControlList"‐
page.Youcanyoualsosetupspecifictrafficproperties(Action/RateLimiter/Portcopy,etc)for
eachingressport.TheywillthoughonlyapplyiftheframegetspasttheACEmatchingwithout
gettingmatched.Inthatcaseacounterassociatedwiththatportisincremented.SeetheWebpage
helptextforeachspecificportproperty.
ACL|Rate Limiters:Underthispageyoucanconfiguretheratelimiters.Therecanbe15different
ratelimiters,eachrangingfrom1‐1024Kpacketsperseconds.Under"Ports"and"AccessControl
List"web‐pagesyoucanassignaRateLimiterIDtotheACE(s)oringressport(s).
Aggregation
Usingmultipleportsinparalleltoincreasethelinkspeedbeyondthelimitsofaportandtoincrease
theredundancyforhigheravailability.
ARP
ARPisanacronymforAddressResolutionProtocol.ItisaprotocolthatusedtoconvertanIPaddress
intoaphysicaladdress,suchasanEthernetaddress.ARPallowsahosttocommunicatewithother
hostswhenonlytheInternetaddressofitsneighborsisknown.BeforeusingIP,thehostsendsa
broadcastARPrequestcontainingtheInternetaddressofthedesireddestinationsystem.
ARPInspection
ARPInspectionisasecurefeature.Severaltypesofattackscanbelaunchedagainstahostordevices
connectedtoLayer2networksby"poisoning"theARPcaches.Thisfeatureisusedtoblocksuch
attacks.OnlyvalidARPrequestsandresponsescangothroughtheswitchdevice.
Auto‐Negotiation
Auto‐negotiationistheprocesswheretwodifferentdevicesestablishthemodeofoperationandthe
speedsettingsthatcanbesharedbythosedevicesforalink.
C
CDP
CDPisanacronymforCiscoDiscoveryProtocol.
AppendixC:
Glossary
PoESwitchUserManual|375
D
DEI
DEIisanacronymforDropEligibleIndicator.Itisa1‐bitfieldintheVLANtag.
DES
DESisanacronymforDataEncryptionStandard.Itprovidesacompletedescriptionofa
mathematicalalgorithmforencrypting(enciphering)anddecrypting(deciphering)binarycoded
information.
Encryptingdataconvertsittoanunintelligibleformcalledcipher.Decryptingcipherconvertsthe
databacktoitsoriginalformcalledplaintext.Thealgorithmdescribedinthisstandardspecifiesboth
encipheringanddecipheringoperationswhicharebasedonabinarynumbercalledakey.
DHCP
DHCPisanacronymforDynamicHostConfigurationProtocol.Itisaprotocolusedforassigning
dynamicIPaddressestodevicesonanetwork.
DHCPusedbynetworkedcomputers(clients)toobtainIPaddressesandotherparameterssuchas
thedefaultgateway,subnetmask,andIPaddressesofDNSserversfromaDHCPserver.
TheDHCPserverensuresthatallIPaddressesareunique,forexample,noIPaddressisassignedtoa
secondclientwhilethefirstclient'sassignmentisvalid(itsleasehasnotexpired).Therefore,IP
addresspoolmanagementisdonebytheserverandnotbyahumannetworkadministrator.
DynamicaddressingsimplifiesnetworkadministrationbecausethesoftwarekeepstrackofIP
addressesratherthanrequiringanadministratortomanagethetask.Thismeansthatanew
computercanbeaddedtoanetworkwithoutthehassleofmanuallyassigningitauniqueIPaddress.
DHCPRelay
DHCPRelayisusedtoforwardandtotransferDHCPmessagesbetweentheclientsandtheserver
whentheyarenotonthesamesubnetdomain.
TheDHCPoption82enablesaDHCPrelayagenttoinsertspecificinformationintoaDHCPrequest
packetswhenforwardingclientDHCPpacketstoaDHCPserverandremovethespecificinformation
fromaDHCPreplypacketswhenforwardingserverDHCPpacketstoaDHCPclient.TheDHCPserver
canusethisinformationtoimplementIPaddressorotherassignmentpolicies.Specificallytheoption
worksbysettingtwosub‐options:CircuitID(option1)andRemoteID(option2).TheCircuitID
sub‐optionissupposedtoincludeinformationspecifictowhichcircuittherequestcameinon.The
RemoteIDsub‐optionwasdesignedtocarryinformationrelatingtotheremotehostendofthe
circuit.
AppendixC:
Glossary
PoESwitchUserManual|376
ThedefinitionofCircuitIDintheswitchis4bytesinlengthandtheformatis"vlan_id""module_id"
"port_no".Theparameterof"vlan_id"isthefirsttwobytesrepresenttheVLANID.Theparameterof
"module_id"isthethirdbyteforthemoduleID(instandaloneswitchitalwaysequal0,instackable
switchitmeansswitchID).Theparameterof"port_no"isthefourthbyteanditmeanstheport
number.
TheRemoteIDis6bytesinlength,andthevalueisequaltheDHCPrelayagentsMACaddress.
DHCPSnooping
DHCPSnoopingisusedtoblockintruderontheuntrustedportsoftheswitchdevicewhenittriesto
intervenebyinjectingabogusDHCPreplypackettoalegitimateconversationbetweentheDHCP
clientandserver.
DNS
DNSisanacronymforDomainNameSystem.Itstoresandassociatesmanytypesofinformationwith
domainnames.Mostimportantly,DNStranslateshuman‐friendlydomainnamesandcomputer
hostnamesintocomputer‐friendlyIPaddresses.Forexample,thedomainnamewww.example.com
mighttranslateto192.168.0.1.
DottedDecimalNotation
DottedDecimalNotationreferstoamethodofwritingIPaddressesusingdecimalnumbersanddots
asseparatorsbetweenoctets.
AnIPv4dotteddecimaladdresshastheformx.y.z.w,wherex,y,z,andwaredecimalnumbers
between0and255.
DropPrecedenceLevel
EveryincomingframeisclassifiedtoaDropPrecedenceLevel(DPlevel),whichisusedthroughout
thedeviceforprovidingcongestioncontrolguaranteestotheframeaccordingtowhatwas
configuredforthatspecificDPlevel.ADPlevelof0(zero)correspondsto'Committed'(Green)
framesandaDPlevelof1orhighercorrespondsto'DiscardEligible'(Yellow)frames.
DSCP
DSCPisanacronymforDifferentiatedServicesCodePoint.ItisafieldintheheaderofIPpacketsfor
packetclassificationpurposes.
AppendixC:
Glossary
PoESwitchUserManual|377
E
EEE
EEEisanabbreviationforEnergyEfficientEthernetdefinedinIEEE802.3az.
EPS
EPSisanabbreviationforEthernetProtectionSwitchingdefinedinITU/TG.8031.
EthernetType
EthernetType,orEtherType,isafieldintheEthernetMACheader,definedbytheEthernet
networkingstandard.ItisusedtoindicatewhichprotocolisbeingtransportedinanEthernetframe.
F
FastLeave
MulticastsnoopingFastLeaveprocessingallowstheswitchtoremoveaninterfacefromthe
forwarding‐tableentrywithoutfirstsendingoutgroupspecificqueriestotheinterface.TheVLAN
interfaceisprunedfromthemulticasttreeforthemulticastgroupspecifiedintheoriginalleave
message.Fast‐leaveprocessingensuresoptimalbandwidthmanagementforallhostsonaswitched
network,evenwhenmultiplemulticastgroupsareinusesimultaneously.Thisprocessingappliesto
IGMPandMLD.
H
HTTP
HTTPisanacronymforHypertextTransferProtocol.Itisaprotocolthatusedtotransferorconvey
informationontheWorldWideWeb(WWW).
HTTPdefineshowmessagesareformattedandtransmitted,andwhatactionsWebserversand
browsersshouldtakeinresponsetovariouscommands.Forexample,whenyouenteraURLinyour
browser,thisactuallysendsanHTTPcommandtotheWebserverdirectingittofetchandtransmit
therequestedWebpage.TheothermainstandardthatcontrolshowtheWorldWideWebworksis
HTML,whichcovershowWebpagesareformattedanddisplayed.
AnyWebservermachinecontains,inadditiontotheWebpagefilesitcanserve,anHTTPdaemon,a
programthatisdesignedtowaitforHTTPrequestsandhandlethemwhentheyarrive.TheWeb
browserisanHTTPclient,sendingrequeststoservermachines.AnHTTPclientinitiatesarequestby
establishingaTransmissionControlProtocol(TCP)connectiontoaparticularportonaremotehost
(port80bydefault).AnHTTPserverlisteningonthatportwaitsfortheclienttosendarequest
message.
AppendixC:
Glossary
PoESwitchUserManual|378
HTTPS
HTTPSisanacronymforHypertextTransferProtocoloverSecureSocketLayer.Itisusedtoindicatea
secureHTTPconnection.
HTTPSprovideauthenticationandencryptedcommunicationandiswidelyusedontheWorldWide
Webforsecurity‐sensitivecommunicationsuchaspaymenttransactionsandcorporatelogons.
HTTPSisreallyjusttheuseofNetscape'sSecureSocketLayer(SSL)asasublayerunderitsregular
HTTPapplicationlayering.(HTTPSusesport443insteadofHTTPport80initsinteractionswiththe
lowerlayer,TCP/IP.)SSLusesa40‐bitkeysizefortheRC4streamencryptionalgorithm,whichis
consideredanadequatedegreeofencryptionforcommercialexchange.
I
ICMP
ICMPisanacronymforInternetControlMessageProtocol.Itisaprotocolthatgeneratedtheerror
response,diagnosticorroutingpurposes.ICMPmessagesgenerallycontaininformationabout
routingdifficultiesorsimpleexchangessuchastime‐stamporechotransactions.Forexample,
thePINGcommandusesICMPtotestanInternetconnection.
IEEE802.1X
IEEE802.1XisanIEEEstandardforport‐basedNetworkAccessControl.Itprovidesauthenticationto
devicesattachedtoaLANport,establishingapoint‐to‐pointconnectionorpreventingaccessfrom
thatportifauthenticationfails.With802.1X,accesstoallswitchportscanbecentrallycontrolled
fromaserver,whichmeansthatauthorizeduserscanusethesamecredentialsforauthentication
fromanypointwithinthenetwork.
IGMP
IGMPisanacronymforInternetGroupManagementProtocol.Itisacommunicationsprotocolused
tomanagethemembershipofInternetProtocolmulticastgroups.IGMPisusedbyIPhostsand
adjacentmulticastrouterstoestablishmulticastgroupmemberships.ItisanintegralpartoftheIP
multicastspecification,likeICMPforunicastconnections.IGMPcanbeusedforonlinevideoand
gaming,andallowsmoreefficientuseofresourceswhensupportingtheseuses.
IGMPQuerier
AroutersendsIGMPQuerymessagesontoaparticularlink.ThisrouteriscalledtheQuerier.
AppendixC:
Glossary
PoESwitchUserManual|379
IMAP
IMAPisanacronymforInternetMessageAccessProtocol.Itisaprotocolforemailclientstoretrieve
emailmessagesfromamailserver.
IMAPistheprotocolthatIMAPclientsusetocommunicatewiththeservers,andSMTPisthe
protocolusedtotransportmailtoanIMAPserver.
ThecurrentversionoftheInternetMessageAccessProtocolisIMAP4.ItissimilartoPostOffice
Protocolversion3(POP3),butoffersadditionalandmorecomplexfeatures.Forexample,theIMAP4
protocolleavesyouremailmessagesontheserverratherthandownloadingthemtoyourcomputer.
Ifyouwishtoremoveyourmessagesfromtheserver,youmustuseyourmailclienttogeneratelocal
folders,copymessagestoyourlocalharddrive,andthendeleteandexpungethemessagesfromthe
server.
IP
IPisanacronymforInternetProtocol.Itisaprotocolusedforcommunicatingdataacrossaninternet
network.
IPisa"besteffort"system,whichmeansthatnopacketofinformationsentoverisassuredtoreach
itsdestinationinthesameconditionitwassent.EachdeviceconnectedtoaLocalAreaNetwork
(LAN)orWideAreaNetwork(WAN)isgivenanInternetProtocoladdress,andthisIPaddressisused
toidentifythedeviceuniquelyamongallotherdevicesconnectedtotheextendednetwork.
ThecurrentversionoftheInternetprotocolisIPv4,whichhas32‐bitsInternetProtocoladdresses
allowingforinexcessoffourbillionuniqueaddresses.Thisnumberisreduceddrasticallybythe
practiceofwebmasterstakingaddressesinlargeblocks,thebulkofwhichremainunused.Thereisa
rathersubstantialmovementtoadoptanewversionoftheInternetProtocol,IPv6,whichwould
have128‐bitsInternetProtocoladdresses.Thisnumbercanberepresentedroughlybyathreewith
thirty‐ninezeroesafterit.However,IPv4isstilltheprotocolofchoiceformostoftheInternet.
IPMC
IPMCisanacronymforIPMultiCast.
IPMCsupportsIPv4andIPv6multicasting.IPMCv4denotesmulticastforIPv4.IPMCv6denotes
multicastforIPv6.
AppendixC:
Glossary
PoESwitchUserManual|380
IPSourceGuard
IPSourceGuardisasecurefeatureusedtorestrictIPtrafficonDHCPsnoopinguntrustedportsby
filteringtrafficbasedontheDHCPSnoopingTableormanuallyconfiguredIPSourceBindings.Ithelps
preventIPspoofingattackswhenahosttriestospoofandusetheIPaddressofanotherhost.
L
LACP
LACPisanIEEE802.3adstandardprotocol.TheLinkAggregationControlProtocol,allowsbundling
severalphysicalportstogethertoformasinglelogicalport.
LLC
TheIEEE802.2LogicalLinkControl(LLC)protocolprovidesalinkmechanismforupperlayer
protocols.Itistheuppersub‐layeroftheDataLinkLayerandprovidesmultiplexingmechanismsthat
makeitpossibleforseveralnetworkprotocols(IP,IPX)tocoexistwithinamultipointnetwork.LLC
headerconsistsof1byteDSAP(DestinationServiceAccessPoint),1byteSSAP(SourceServiceAccess
Point),1or2bytesControlfieldfollowedbyLLCinformation.
LLDP
LLDPisanIEEE802.1abstandardprotocol.
TheLinkLayerDiscoveryProtocol(LLDP)specifiedinthisstandardallowsstationsattachedtoanIEEE
802LANtoadvertise,tootherstationsattachedtothesameIEEE802LAN,themajorcapabilities
providedbythesystemincorporatingthatstation,themanagementaddressoraddressesofthe
entityorentitiesthatprovidemanagementofthosecapabilities,andtheidentificationofthe
stationspointofattachmenttotheIEEE802LANrequiredbythosemanagemententityorentities.
TheinformationdistributedviathisprotocolisstoredbyitsrecipientsinastandardManagement
InformationBase(MIB),makingitpossiblefortheinformationtobeaccessedbyaNetwork
ManagementSystem(NMS)usingamanagementprotocolsuchastheSimpleNetworkManagement
Protocol(SNMP).
LLDP‐MED
LLDP‐MEDisanextensionofIEEE802.1abandisdefinedbythetelecommunicationindustry
association(TIA‐1057).
LLQI
LLQI(LastListenerQueryInterval)isthemaximumresponsetimeusedtocalculatetheMaximum
ResponseCodeinsertedintoSpecificQueries.Itisusedtodetectthedepartureofthelastlistenerfora
multicastaddressorsource.InIGMP,thistermiscalledLMQI(LastMemberQueryInterval).
LOC
AppendixC:
Glossary
PoESwitchUserManual|381
LOCisanacronymforLossOfConnectivityandisdetectedbyaMEPandisindicatinglost
connectivityinthenetwork.CanbeusedasaswitchcriteriabyEPS
M
MACTable
SwitchingofframesisbasedupontheDMACaddresscontainedintheframe.Theswitchbuildsupa
tablethatmapsMACaddressestoswitchportsforknowingwhichportstheframesshouldgoto
(basedupontheDMACaddressintheframe).Thistablecontainsbothstaticanddynamicentries.
Thestaticentriesareconfiguredbythenetworkadministratoriftheadministratorwantstodoa
fixedmappingbetweentheDMACaddressandswitchports.
TheframesalsocontainaMACaddress(SMACaddress),whichshowstheMACaddressofthe
equipmentsendingtheframe.TheSMACaddressisusedbytheswitchtoautomaticallyupdate
theMACtablewiththesedynamicMACaddresses.DynamicentriesareremovedfromtheMAC
tableifnoframewiththecorrespondingSMACaddresshasbeenseenafteraconfigurableagetime.
Mirroring
Fordebuggingnetworkproblemsormonitoringnetworktraffic,theswitchsystemcanbeconfigured
tomirrorframesfrommultipleportstoamirrorport.(Inthiscontext,mirroringaframeisthesame
ascopyingtheframe.)
Bothincoming(source)andoutgoing(destination)framescanbemirroredtothemirrorport.
MLD
MLDisanacronymforMulticastListenerDiscoveryforIPv6.MLDisusedbyIPv6routerstodiscover
multicastlistenersonadirectlyattachedlink,muchasIGMPisusedinIPv4.Theprotocolis
embeddedinICMPv6insteadofusingaseparateprotocol.
MSTP
In2002,theIEEEintroducedanevolutionofRSTP:theMultipleSpanningTreeProtocol.TheMSTP
protocolprovidesformultiplespanningtreeinstances,whileensuringRSTPandSTPcompatibility.
ThestandardwasoriginallydefinedbyIEEE802.1s,butwaslaterincorporatedinIEEE802.1D‐2005.
AppendixC:
Glossary
PoESwitchUserManual|382
MVR
MulticastVLANRegistration(MVR)isaprotocolforLayer2(IP)‐networksthatenables
multicast‐trafficfromasourceVLANtobesharedwithsubscriber‐VLANs.
ThemainreasonforusingMVRistosavebandwidthbypreventingduplicatemulticaststreamsbeing
sentinthecorenetwork,insteadthestream(s)arereceivedontheMVR‐VLANandforwardedtothe
VLANswherehostshaverequestedit/them(Wikipedia).
N
NTP
NTPisanacronymforNetworkTimeProtocol,anetworkprotocolforsynchronizingtheclocksof
computersystems.NTPusesUDP(datagrams)astransportlayer.
O
OptionalTLVs.
ALLDPframecontainsmultipleTLVs
ForsomeTLVsitisconfigurableiftheswitchshallincludetheTLVintheLLDPframe.TheseTLVsare
knownasoptionalTLVs.IfanoptionalTLVsisdisabledthecorrespondinginformationisnotincluded
intheLLDPframe.
OUI
OUIistheorganizationallyuniqueidentifier.AnOUIaddressisagloballyuniqueidentifierassignedto
avendorbyIEEE.YoucandeterminewhichvendoradevicebelongstoaccordingtotheOUIaddress
whichformsthefirst24bitsofaMACaddress.
P
PCP
PCPisanacronymforPriorityCodePoint.Itisa3‐bitfieldstoringtheprioritylevelforthe802.1Q
frame.ItisalsoknownasUserPriority.
PD
PDisanacronymforPoweredDevice.InaPoEsystemthepowerisdeliveredfromaPSE(power
sourcingequipment)toaremotedevice.TheremotedeviceiscalledaPD.
PHY
PHYisanabbreviationforPhysicalInterfaceTransceiverandisthedevicethatimplementthe
Ethernetphysicallayer(IEEE‐802.3).
AppendixC:
Glossary
PoESwitchUserManual|383
PING
PingisaprogramthatsendsaseriesofpacketsoveranetworkortheInternettoaspecific
computerinordertogeneratearesponsefromthatcomputer.Theothercomputerrespondswithan
acknowledgmentthatitreceivedthepackets.Pingwascreatedtoverifywhetheraspecificcomputer
onanetworkortheInternetexistsandisconnected.
PingusesInternetControlMessageProtocol(ICMP)packets.ThePINGRequestisthepacketfrom
theorigincomputer,andthePINGReplyisthepacketresponsefromthetarget.
PoE
PoEisanacronymforPowerOverEthernet.
PowerOverEthernetisusedtotransmitelectricalpower,toremotedevicesoverstandardEthernet
cable.ItcouldforexamplebeusedforpoweringIPtelephones,wirelessLANaccesspointsandother
equipment,whereitwouldbedifficultorexpensivetoconnecttheequipmenttomainpowersupply.
Policer
Apolicercanlimitthebandwidthofreceivedframes.Itislocatedinfrontoftheingressqueue.
PrivateVLAN
InaprivateVLAN,PVLANsprovidelayer2isolationbetweenportswithinthesamebroadcastdomain.
IsolatedportsconfiguredaspartofPVLANcannotcommunicatewitheachother.Memberportsofa
PVLANcancommunicatewitheachother.
PTP
PTPisanacronymforPrecisionTimeProtocol,anetworkprotocolforsynchronizingtheclocksof
computersystems.
Q
QCE
QCEisanacronymforQoSControlEntry.ItdescribesQoSclassassociatedwithaparticularQCEID.
TherearesixQCEframetypes:EthernetType,VLAN,UDP/TCPPort,DSCP,TOS,andTagPriority.
Framescanbeclassifiedbyoneof4differentQoSclasses:"Low","Normal","Medium",and"High"
forindividualapplication.
AppendixC:
Glossary
PoESwitchUserManual|384
QCL
QCLisanacronymforQoSControlList.ItisthelisttableofQCEs,containingQoScontrolentriesthat
classifytoaspecificQoSclassonspecifictrafficobjects.
EachaccessibletrafficobjectcontainsanidentifiertoitsQCL.Theprivilegesdeterminespecifictraffic
objecttospecificQoSclass.
QL
QLInSyncEthisistheQualityLevelofagivenclocksource.Thisisreceivedonaportin
aSSMindicatingthequalityoftheclockreceivedintheport.
QoS
QoSisanacronymforQualityofService.Itisamethodtoguaranteeabandwidthrelationship
betweenindividualapplicationsorprotocols.
Acommunicationsnetworktransportsamultitudeofapplicationsanddata,includinghigh‐quality
videoanddelay‐sensitivedatasuchasreal‐timevoice.Networksmustprovidesecure,predictable,
measurable,andsometimesguaranteedservices.
AchievingtherequiredQoSbecomesthesecrettoasuccessfulend‐to‐endbusinesssolution.
Therefore,QoSisthesetoftechniquestomanagenetworkresources.
QoSclass
EveryincomingframeisclassifiedtoaQoSclass,whichisusedthroughoutthedeviceforproviding
queuing,schedulingandcongestioncontrolguaranteestotheframeaccordingtowhatwas
configuredforthatspecificQoSclass.ThereisaonetoonemappingbetweenQoSclass,queueand
priority.AQoSclassof0(zero)hasthelowestpriority.
R
RARP
RARPisanacronymforReverseAddressResolutionProtocol.Itisaprotocolthatisusedtoobtain
anIPaddressforagivenhardwareaddress,suchasanEthernetaddress.RARPisthecomplement
ofARP.
RADIUS
RADIUSisanacronymforRemoteAuthenticationDialInUserService.Itisanetworkingprotocol
thatprovidescentralizedaccess,authorizationandaccountingmanagementforpeopleorcomputers
toconnectanduseanetworkservice.
AppendixC:
Glossary
PoESwitchUserManual|385
RSTP
In1998,theIEEEwithdocument802.1wintroducedanevolutionofSTP:
theRapidSpanningTreeProtocol,whichprovidesforfasterspanningtreeconvergenceaftera
topologychange.StandardIEEE802.1D‐2004nowincorporatesRSTPandobsoletesSTP,whileatthe
sametimebeingbackwards‐compatiblewithSTP.
S
sFlow
sFlowisanindustrystandardtechnologyformonitoringswitchednetworksthroughrandom
samplingofpacketsonswitchportsandtime‐basedsamplingofportcounters.Thesampledpackets
andcounters(referredtoasflowsamplesandcountersamples,respectively)aresentas
sFlowUDPdatagramstoacentralnetworktrafficmonitoringserver.Thiscentralserveriscalledan
sFlowreceiverorsFlowcollector.
Shaper
Ashapercanlimitthebandwidthoftransmittedframes.Itislocatedaftertheingressqueues.
SMTP
SMTPisanacronymforSimpleMailTransferProtocol.Itisatext‐basedprotocolthatusesthe
TransmissionControlProtocol(TCP)andprovidesamailservicemodeledontheFTPfiletransfer
service.SMTPtransfersmailmessagesbetweensystemsandnotificationsregardingincomingmail.
SNAP
TheSubNetworkAccessProtocol(SNAP)isamechanismformultiplexing,onnetworksusingIEEE
802.2LLC,moreprotocolsthancanbedistinguishedbythe8‐bit802.2ServiceAccessPoint(SAP)
fields.SNAPsupportsidentifyingprotocolsbyEthernettypefieldvalues;italsosupports
vendor‐privateprotocolidentifier.
SNMP
SNMPisanacronymforSimpleNetworkManagementProtocol.ItispartoftheTransmissionControl
Protocol/InternetProtocol(TCP/IP)protocolfornetworkmanagement.SNMPallowdiversenetwork
objectstoparticipateinanetworkmanagementarchitecture.Itenablesnetworkmanagement
systemstolearnnetworkproblemsbyreceivingtrapsorchangenoticesfromnetworkdevices
implementingSNMP.
SNTP
SNTPisanacronymforSimpleNetworkTimeProtocol,anetworkprotocolforsynchronizingthe
clocksofcomputersystems.SNTPusesUDP(datagrams)astransportlayer.
AppendixC:
Glossary
PoESwitchUserManual|386
SSH
SSHisanacronymforSecureSHell.Itisanetworkprotocolthatallowsdatatobeexchangedusinga
securechannelbetweentwonetworkeddevices.TheencryptionusedbySSHprovidesconfidentiality
andintegrityofdataoveraninsecurenetwork.ThegoalofSSHwastoreplacetheearlier
rlogin,TELNETandrshprotocols,whichdidnotprovidestrongauthenticationorguarantee
confidentiality.
SSM
SSMInSyncEthisisanabbreviationforSynchronizationStatusMessageandiscontaining
aQLindication.
STP
SpanningTreeProtocolisanOSIlayer‐2protocolwhichensuresaloopfreetopologyforanybridged
LAN.TheoriginalSTPprotocolisnowobsoletebyRSTP.
SyncE
SyncEIsanabbreviationforSynchronousEthernet.Thisfunctionalityisusedtomakeanetwork
'clockfrequency'synchronized.Nottobeconfusedwithrealtimeclocksynchronized(IEEE1588).
T
TAC ACS+
TAC ACS+isanacronymforTerminalAcessControllerAccessControlSystemPlus.Itisanetworking
protocolwhichprovidesaccesscontrolforrouters,networkaccessserversandothernetworked
computingdevicesviaoneormorecentralizedservers.TACACS+providesseparateauthentication,
authorizationandaccountingservices.
TagPriority
TagPriorityisa3‐bitfieldstoringtheprioritylevelforthe802.1Qframe.
TCP
TCPisanacronymforTransmissionControlProtocol.Itisacommunicationsprotocolthatusesthe
InternetProtocol(IP)toexchangethemessagesbetweencomputers.
TheTCPprotocolguaranteesreliableandin‐orderdeliveryofdatafromsendertoreceiverand
distinguishesdataformultipleconnectionsbyconcurrentapplications(forexample,Webserverand
e‐mailserver)runningonthesamehost.
TheapplicationsonnetworkedhostscanuseTCPtocreateconnectionstooneanother.Itisknown
asaconnection‐orientedprotocol,whichmeansthataconnectionisestablishedandmaintained
untilsuchtimeasthemessageormessagestobeexchangedbytheapplicationprogramsateach
endhavebeenexchanged.TCPisresponsibleforensuringthatamessageisdividedintothepackets
AppendixC:
Glossary
PoESwitchUserManual|387
thatIPmanagesandforreassemblingthepacketsbackintothecompletemessageattheotherend.
CommonnetworkapplicationsthatuseTCPincludetheWorldWideWeb(WWW),e‐mail,andFile
TransferProtocol(FTP).
TELNET
TELNETisanacronymforTELetypeNETwork.Itisaterminalemulationprotocolthatusesthe
TransmissionControlProtocol(TCP)andprovidesavirtualconnectionbetweenTELNETserverand
TELNETclient.
TELNETenablestheclienttocontroltheserverandcommunicatewithotherserversonthenetwork.
TostartaTelnet session,theclientusermustlogintoaserverbyenteringavalidusernameand
password.Then,theclientusercanentercommandsthroughtheTelnetprogramjustasiftheywere
enteringcommandsdirectlyontheserverconsole.
TFTP
TFTPisanacronymforTrivialFileTransferProtocol.ItistransferprotocolthatusestheUser
DatagramProtocol(UDP)andprovidesfilewritingandreading,butitdoesnotprovidedirectory
serviceandsecurityfeatures.
ToS
ToS isanacronymforTypeofService.ItisimplementedastheIPv4ToSprioritycontrol.Itisfully
decodedtodeterminethepriorityfromthe6‐bitToSfieldintheIPheader.Themostsignificant6bits
oftheToSfieldarefullydecodedinto64possibilities,andthesingularcodethatresultsiscompared
againstthecorrespondingbitintheIPv4ToSprioritycontrolbit(0~63).
TLV
TLVisanacronymforTypeLengthValue.ALLDPframecancontainmultiplepiecesofinformation.
EachofthesepiecesofinformationisknownasTLV.
U
UDP
UDPisanacronymforUserDatagramProtocol.Itisacommunicationsprotocolthatusesthe
InternetProtocol(IP)toexchangethemessagesbetweencomputers.
UDPisanalternativetotheTransmissionControlProtocol(TCP)thatusestheInternetProtocol(IP).
UnlikeTCP,UDPdoesnotprovidetheserviceofdividingamessageintopacketdatagrams,andUDP
doesn'tprovidereassemblingandsequencingofthepackets.Thismeansthattheapplication
programthatusesUDPmustbeabletomakesurethattheentiremessagehasarrivedandisinthe
rightorder.Networkapplicationsthatwanttosaveprocessingtimebecausetheyhaveverysmall
AppendixC:
Glossary
PoESwitchUserManual|388
dataunitstoexchangemaypreferUDPtoTCP.
UDPprovidestwoservicesnotprovidedbytheIPlayer.Itprovidesportnumberstohelpdistinguish
differentuserrequestsand,optionally,achecksumcapabilitytoverifythatthedataarrivedintact.
CommonnetworkapplicationsthatuseUDPincludetheDomainNameSystem(DNS),streaming
mediaapplicationssuchasIPTV,VoiceoverIP(VoIP),andTrivialFileTransferProtocol(TFTP).
UPnP
UPnPisanacronymforUniversalPlugandPlay.ThegoalsofUPnParetoallowdevicestoconnect
seamlesslyandtosimplifytheimplementationofnetworksinthehome(datasharing,
communications,andentertainment)andincorporateenvironmentsforsimplifiedinstallationof
computercomponents
UserPriority
UserPriorityisa3‐bitfieldstoringtheprioritylevelforthe802.1Qframe.ItisalsoknownasPCP.
V
VLAN
VirtualLAN.Amethodtorestrictcommunicationbetweenswitchports.VLANscanbeusedforthe
followingapplications:
VLANunawareswitching:Thisisthedefaultconfiguration.AllportsareVLANunawarewith
PortVLANID1andmembersofVLAN1.ThismeansthatMACaddressesarelearnedinVLAN1,and
theswitchdoesnotremoveorinsertVLANtags.
VLANawareswitching:ThisisbasedontheIEEE802.1Qstandard.AllportsareVLANaware.Ports
connectedtoVLANawareswitchesaremembersofmultipleVLANsandtransmittaggedframes.
OtherportsaremembersofoneVLAN,setupwiththisPortVLANID,andtransmituntaggedframes.
Providerswitching:ThisisalsoknownasQ‐in‐Qswitching.PortsconnectedtosubscribersareVLAN
unaware,membersofoneVLAN,andsetupwiththisuniquePortVLANID.Portsconnectedtothe
serviceproviderareVLANaware,membersofmultipleVLANs,andsetuptotagallframes.Untagged
framesreceivedonasubscriberportareforwardedtotheproviderportwithasingleVLANtag.
Tag gedframesreceivedonasubscriberportareforwardedtotheproviderportwithadoubleVLAN
tag.
VLANID
VLANIDisa12‐bitfieldspecifyingtheVLANtowhichtheframebelongs.
VoiceVLAN
AppendixC:
Glossary
PoESwitchUserManual|389
VoiceVLANisVLANconfiguredspeciallyforvoicetraffic.Byaddingtheportswithvoicedevices
attachedtovoiceVLAN,wecanperformQoS‐relatedconfigurationforvoicedata,ensuringthe
transmissionpriorityofvoicetrafficandvoicequality.