gm28p-500 user manual
Post on 12-Apr-2016
41 Views
Preview:
DESCRIPTION
TRANSCRIPT
1
User Manual
16/24 PortPOE/4 Port Combo /2 Port SFP
Managed Switch
2
Index * ABOUTTHIS MANUAL………………..……………P.3
* CONTENTS………………………….……………..P.4 - PART1 INTRODUCTION………………………………………........P.4 - PART 2 HARDWARE DESCRIPTION………………………….…..P.4 - PART 3 WEB CONFIGURATION………………………………...…P.4 - PART 4 WEB MANAGEMENT……………………………………....P.4 - PART 5 WEB MONITOR………………………………………..…....P.6 - PART 6 WEB DIAGNOSTICS………………………………….…....P.7 - PART 7 WEB MAINTENANCE…………………………….…..…....P.7
*Chapter 1INTRODUCTION……………….…..P.8 - PART 1 INTRODUCTION FEATURES…………….………..….....P.9
- PART 2 INTRODUCTION SPECIFICATIONS….………….........P.10
- PART 3 INTRODUCTION PACKAGE CONTENTS..................P.11
*Chapter 2HARDWARE DESCRIPTION…….P.12
- PART 1 HARDWARE DESCRIPTION REAR PANEL...............P.13
* Chapter 3 WEB MANAGEMENT………........P.14
- PART 1 WEB MANAGEMENT INITIAL SWITCH......................P.15 CONFIGURATION
- PART 2WEB MANAGEMENT CONFIGURATION OPTION.....P.16
- PART 3WEB MANAGEMENT MENU TREE…………………....P.17
- PART 4 WEB CONFIGURATION CONFIGURATION…….….....P.23
- PART 5 WEB MONITOR SYSTEM………………………….….....P.80
- PART 6 WEB DIAGNOSTICS PING…………………….….........P.119
- PART 7 WEB MAINTENANCE RESTART DEVICE….………...P.117
* Glossary..........................................................P.125
3
ABOUT THIS MANUAL
PurposeThis manual gives specific information on how to operate and use the
management functions of this switch.
AudienceThis manual is intended for use by network administrators who are responsible for operating and maintaining network equipments;
consequently, it assumes a basic network network knowledge of generalswitch functions, the Internet Protocol (IP), IEEE 802.3at/af Power over Ethernet
Standard and Simple Network Management Protocol(SNMP).
4
CONTENTS
REVISION HISTORY
ABOUT THIS MANUAL CONTENTS FIGURES TABLES
PART1INTRODUCTION Product Overview Features Specifications Performance Package Contents PART 2HARDWARE DESCRIPTION Physcial Dimensions / Weight Configuration Option Front Panel Menu Tree PART 3WEB CONFIGURATION
Configuration System
Information IP & Time
LFront Panel LED Indicator Rear Panel Hardware Installation
PART4WEB MANAGEMENT
Initial Switch Configuration
5
Web Interface og
Power Reduction LED
Ports Security
Switch Password Auth Method SNMP
System Communities Users Groups Views Access
Network ACL Ports Rate Limiters Access Control List
AAA Port Trunking
Statics LACP
Loop Protection Spanning Tree
Bridge Settings Bridge Ports
IPMC IGMP Snooping
Basic Configuration VLAN Configuration
POE Private VLANs
PVLAN Membership Port Isolation
QoS
6
Port Classification Port Policing QoS Control List Storm Control
Mirroring
PART 5WEB MONITOR Monitor
System Information CPU Load Log Detailed log
Ports State Traffic Overview QoS Statistics QCL Status Detailed Statistics
Security Network
ACL Status AAA
RADIUS Overview RADIUS Details
LACP System Status Port Status Port Statistics
Loop Protection Spanning Tree
Bridge Status Port Status Port Statistics
IPMC IGMP Snooping
Status Groups Information
7
POE VLANs
VLAN Membership VLAN Port
PART 6WEB DIAGNOSTICS
Diagnostics Ping
PART 7WEB MAINTENANCE
Maintenance Restart Device Factory Defaults Software
Upload Image Select
Configuration Save Upload
8
This chapter provides an overview of thisPOEWeb Smart switch, and introduces
thekey features and supported specificationsof thisPOEWeb Smart switches.
PRODUCT OVERVIEW ThisPOE switch is aPOEWeb Smart switch equiped with 8-ports 10/100/1000BaseT(X) plus 2-ports gigabit SFP open
slots. It provides a broad range of features for Layer2 switching and fully802.3at/afPOE/POE+ functions.
It was designed for easy installation and high performance in an environment where the traffic is on the network and the number of users increases continuously. The smart and efficient power design can improve the power saving.
FEATURES Table 1. Features
Features Descriptions Dual Images Prevent any kind of upgrading process
failure IPv4 Supports IPv4 addressing, management
and QoS Log Support local and remote syslog server
with 3 levels(Info, Warning, Error) Power Saving ActiPHY, PerfectReach
LED Power management Thermal Protection
Security Private VLAN(Static) ACLs for filtering, policing, and port copy, including ACL wizards
CHAPTER 1 INTRODUCTION
9
Table 1. Features
(continued)
Authentication Telnet, Web - username/password Telnet - SSH SNMP v1/2c – Community strings SNMP version 3 – MD5 or SHA password Port-based 802.1X
Port Limiting Input rate limiting per port(manual setting or ACL)
Port Configuration Speed, Duplex mode, Flow control, MTU, Power saving mode
Port Mirroring 1 sessions, up to 10 source port to one analysis port per session
Port Trunking IEEE 802.3ad Link Aggregation, static and LACP
Spanning Tree Algorithm
Supports standard STP, Rapid Spanning Tree Protocol (RSTP)
IEEE 802.1D Bridge
Supports dynamic data switching and addresses learning
Quality of Service Traffic classes(1,2, or 4/8 active priorities) Storm control for UC, MC and BC
DHCP Client Configuration Save and Restore configuration Firmware Upgrade & firmware image switch using
Web & console port CLI command Support Cli command with console port
(Baudrate:115200, DataBit:8, Parity: N,StopBit 1)
INTRODUCTION
FEATURES
PART 1
10
SPECIFICATIONS Table 2, Specifications
Standard IEEE 802.3at/af Power over Ethernet(POE/POE+) IEEE 802.3ad Link Aggregation IEEE 802.3x Flow Control IEEE 802.1x Port-based Network Access Control IEEE 802.1Q VLAN Tagging IEEE 802.1d Spanning Tree Protocol IEEE 802.1w Rapid Spanning Tree Protocol 8 integrated IEEE 802.3ab-compliant 10/100/1000BASE-T Ethernet MIBs RFC 1213 MIB II RFC 3411 SNMP Management Frameworks RFC 3621 LLEP-MED Power RFC 3635 Ethernet-like MIB RFC 4188 Bridge MIB IEEE 802.1AB LLDP MIB
PERFORMANCES Table 3, Performance
Information MAC Address : 8K , 4K VLAN support Packet Memory : 4 Megabits of Integrated shared memory Jambo Frame : 9.6K Transmission Method : Store and Forward
PART 2 INTRODUCTION
SPECIFICATIONS
11
Before you start to install this switch, please verify your package that contains the following items: OnePOEGigabit Ethernet Switch One Power Cord One User’s Manual (CD disk)
Note: If any of these items is found missing or damaged, please contact your local supplier for replacement.
PART 3 INTRODUCTION
PACKAGE CONTENTS
12
This chapter primarily presents hardware of thePOE switch,
physical dimenstions and functional overview would be described.
PHYSICAL DIMENSION AND WEIGHT 263 x 160 x 44 mm (H x W x D) / 1.5kg FRONT PANEL The Front Panel of thePOE Web Smart Switch consists of8-port gigabit ethernet port
and 2-port gigabit SFP open slot. The LED indicators are also located on the Front Panel.
LED INDICATORS The LED Indicators present real-time information of
systematic operation status. The following table provides the description of LED status and meanings.
Table 4, LED INDICATORS
LED Status Description Power On System on
OFF System off POE On Port is linked to Power Device
OFF No Power Device is connected Link/ACT Flashing Link and Data Activating
OFF Port is disable or disconnected
CHAPTER 2 HARDWARE DESCRIPTION
13
REAR PANEL The 3-pronged power plug is placed at the rear panel of the
POE Web Smart Switch right side show as below:
HARDWARE INSTALLATION Theattachment with a PICTURE with Power cord, RJ45
cable, And SFP if needed. Then step1~4 to describe
PART 1 HARDWARE DESCRIPTION
REAR PANEL
14
This chapter provides the entire Web SmartPOE switch
features, along with a detailed description of how to configure each feature via web interface.
Initial Switch Configuration This part guides you to configure and manage this switch through the web
interface. With this facility, you can easilyconfigure and monitor through any one port of this switch. Start up by the following steps: 1. Place the switch close to your PC/NB that you intend to
use for configuration. It will help you to check the status of the switch by LED in front panel while working on your PC/NB.
2. Connect the Ethernet port of your PC/NB to any port on the front panel of the switch. Turn the switch on and make sure the connectivity by checking LED in the front panel of the switch.
3. Configure your PC’s IP address the same subnet with the switch’s. The following table describes the default necessary login Information: Table. Login Information IP Address 192.168.2.1 IP Mask 255.255.255.0 IP Router 0.0.0.0 Username admin Password
4. Open the web browser, and go to 192.168.2.1Site then the login windows will pop out. Key in theusername “admin” and leave password blank then clicks OK.
CHAPTER 3 WEB MANAGEMENT
15
5. After you login successfully, you will see the home page
is displayed as shown below. The home page display the Menu Bar on the left side of the screen and show the front panel port states on the right side.
Before you start to configure, we strongly recommended you to change the password. To change the password, click Security and then Switch. Fill old and new password in Password tab.
PART 1 WEB MANAGEMENT
INITIAL SWITCH CONFIGURATION
16
WEB Interface Configuration OptionConfigurable parameters have seveal forms : text field,
drop-down list, radio button and checkbox. Once you change the parameters, please make sure to click Save button to apply
The following table provides the description of each button:
Table. Configuration buttons Front Panel The default page after you login successfully is port states’
page. The port 1 to port 8 are gigabit Ethernet port and port 9 and 10 are SFP slot. When the port image is green, it means this port is connected. Auto-refresh mode is disable by default setting. It will update the current port state by 5 seconds if you check it. Or you can click Refresh button to update the statesmanually. Click the each port image will open detailed statstics of selected port.
Button Description
Save Set specific value into the Switch Reset Restore the parameters to previous
saving value
Show the help information for selected page
Logout the management web interface of the switch
WEB MANAGEMENT
MENU TREE
PART 3
PART 2 WEB MANAGEMENT
CONFIGURATION OPTION
17
MENU TREEThere isa Menu Tree in the left side of Web management
system with 4 categories: Configuration, Monitor, Diagnostic and Maintenance. The follow table has a breifly description of each tab.
Table. MENU TREE
Menu Descriptions Configuration
System Information Configures system contact, name,
location and timezone offset IP & Time Configures IPv4 (Statics IP
Address, DHCP client), VLAN ID and SNTP settings
Log Configures Remote system log Server which 3 levels( Infor, Warning, Error)
Power Reductinon LED Reduces LED intensity during
specified hours and configure link change at error settings
Thermal Protection Configures temperature 4 priority levels and each value. Port will shut-down if the temperature exceeded the assigned value.
Ports Configures ports’ connection settings
Secuirty Switch Password Change the new password Auth Method Configures authentication method
for console and web access via local database and RADIUS
WEB MANAGEMENT
MENU TREE
18
Table. MENU TREE (Continue) Menu Descriptions
SNMP System Configures read-only and R/W
community strings for SNMP v1/v2c, engine ID for SNMP v3, and trap parameters
Communities Configures community strings Users Configures SNMP v3 users on this
switch Groups Configures SNMP v3 groups Views Configures SNMP v3 views Access Assigns security model, Security
level, and R/W views to SNMP groups
Network ACL Access Control Lists AAA Configures RADIUS authentication
server.( Max 5 Server supported) Port Trunking Static Speifies ports to group into static
trunks LACP Allows ports to join trunk
dynamically Loop Protection Configure ports to shutdown if the
ports are in loop Spanning Tree
Bridge Setting 1. Configures global bridge setting for STP and RSTP
2. Configures edge port setting for BPDU filtering, BPDU guard and port error recovery
WEB MANAGEMENT
MENU TREE
19
Table. MENU TREE (Continue) Menu Descriptions
Bridge Ports Configure CIST port, priority and path cost
IPMC IGMP Snooping Basic Configuration Configures global and related
port setting VLAN Configuration Configures IGMP snooping per
VLAN group POE Configures total power supply
and eachPOE port type(POE/POE++/disabled)
VLANs VLAN Membership Configures VLAN groups Ports Specifies default PVID and
VLAN atrributes Private VLANs PVLAN Membership Configures PVLAN groups Port isolation Configures Port isolation QoS Port Classification Configures QoS Ingress
Classification Settings for all ports
Port Policing Configures QoS ingress Port policers to constrain traffic flows and mark frames by specific rate
QoS Control List Configures QoS Control Entry based on parameters such as VLAN ID, UDP/TCP port, IPv4 DSCP or Tag Priority
Storn Control Set limitation for broadcast, unicast and multicast traffic
Table. MENU TREE (Continue) Menu Descriptions
Mirroring Set source and destination port
20
for mirroring Monitor System Information Displays system contact, name,
location, switch’s MAC address, system time, firmware version
CPU load Displays CPU load by realtime SVG graph
Log Displays logged message with selected level (Info, Warning, Error, All)
Detailed Log Displays fully logged message Thermal Protection Shows the current port
temperature and status Ports State Displays a graphic image of the
front panel to indicate current port states
Traffic Overview Shows the basic port statistics QoS Statistics Shows the count of incoming
and outgoing egress queues QCL Status Shows the QoS Control Lists
status Detailed Statistics Shows the detailed port statistics Security Network ACL Status Shows the ACL status by
different ACL users
WEB MANAGEMENT
MENU TREE
21
Table. MENU TREE (Continue) Menu Descriptions
AAA RADIUS Overview Displays the status of associated
authentication RADIUS servers RADIUS Details Displays the traffic and status of
each associated RADIUS server LACP System Status Displays each local port’s LACP
information included Aggr ID, Partner system ID and Parter key
Port Status Displays each local port’s Key, Aggr ID, Partner system ID and Parnter port
Port Statistics Displays statistics for LACP protocol message
Loop Protection Display loop status for each port Spanning Tree Bridge Status Displays STP detailed bridge
status, CIST Ports and Aggregations state
Port Status Displays CIST role, State and uptime for each port
Port Statistics Displays statistics for RSTP, STP and TCN packets
IPMC IGMP Snooping Status Displays statistics related to
IGMP packets passed upstream to the IGMP Querier or downstream to multicast clients
WEB MANAGEMENT
MENU TREE
22
Table. MENU TREE (Continue) Menu Descriptions
Groups Information Displays IGMP snooping groups information
POE Displays total power consumption, PD class and power usage for each associated port
VLANs VLAN Membership Show the port members for
specific VLAN ID VLAN Port Shows the VLAN Port Status for
Static user Diagnostics Ping Tests specific IP Address by
using ping function Maintenance Restart Device Restarts the device Factory Defaults Restores all settings to
manufactory default Software Upload Updates firmware of this switch
through Web UI Image Select Selects a rescovery firmware to
boot up the device Configuration Save Saves configuration to your local
management PC Upload Restores the previous
configuration from a file
WEB CONFIGURATION
CONFIGURATION
PART 4
23
This chapter describes all of the configuration for thisPOE Web Smart Switch.
System Information Using System Information page to set System Contact, Name, Location, Timezone offset LOCATION: ▼ Configuration ▼ System ■Information PARAMETERS: Items Description System Contact Administrator is responsible for this
device ( Maximum Length:255 characters)
System Name Name of this device ( Maximum Length:255 characters)
System Location Sets the location of this device ( Maximum Length:255 characters)
System Timezone offset (minutes)
Sets the timezone as an offset from Greenwich Mean Time(GMT), negative vale is meaning before GMT, postive value is meaning of after GMT ( Range: -720~720 )
Note the unit of system timezone is minute WEB Interface To configure System Information
A. Click Configuration/System/Information/ B. Specify the System contact, Name, Location and
Timezone. C. Click Save to apply the setting or Reset to restore
the previous setting
24
IP & Time Using IP & Time page to Configure Static IP Address or
DHCP client, and SNTP server
LOCATION: ▼ Configuration ▼ System ■IP & Time
PARAMETERS: Items Description DHCP Client Sets the checkbox in configured column to
enable DHCP client or uncheck for static IP Address
IP Address Address of the VLAN specified in the VLAN ID field. It should match with your management PC/NB’s setting.(Default IP:192.168.2.1)
IP Mask This mask identifies the host address bits used for routing to specific subnet.
IP Router IP address of the gateway VLAN ID Default VLAN ID=1, it needs to match your
management PC/NB’s VLAN ID. (Range:1~4096)
SNTP Server SNTP Server’s IP address Renew Clicks renew button to renew IP address
25
WEB Interface To Configure Static IP address & DHCP Client
enable/disable:
A. Click Configuration/System/IP&Time B. Enable DHCP client vis set checkbox C. Specify the IP address, IP Mask, IP Router and SNTP
Server IP address D. Click Renew button to renew IP Address under DHCP
Client Enable mode E. Click Save to apply the setting or Reset to restore
the previous setting
Log Using Log page to configure remote system log server.
LOCATION: ▼ Configuration ▼ System ■Log
PARAMETERS: Items Description
26
Server Mode Enable or Disable remote system logging function
Server Address Set IP address of remote system log server
Syslog Level Choose the logging event level. Info:send info, Warnings, Errors. Warning:send Warnings and Errors Error:send Errors
WEB Interface
A. Click Configuration/System/Log B. Enable remote system logging, enter Server’s IP
Address, and choose what kind of logging level to record
C. Click Save to apply the setting or Reset to restore the previous setting
Power Reduction(LED) Using LED Power Reduction page to reduce LED intensity
during specificed hour(s), the maximum setting range is 24 hours.
LOCATION: ▼ Configuration ▼ Power Reduction ■LED
PARAMETERS: Items Description
27
LED Intensity Timers Time Time at which LED intensity is set Intensity LED Intensity
(10 levels increase by 10%, 0%=LED off, 100%=LED full power)
Maintenance On time at link change LED set full powr for a period of
time(second) when a link change occurs.
On at errors LED set full power when a link error occurs.
WEB Interface
A. Click Configuration/Power Reduction/LED B. Set LED intensity for corresponding hours, then
click Add button to attach list C. Set the duration of LED full power when a link
change occurs D. Set the duration of LED full power when a link error
occurs E. Click Save to apply the setting or Reset to restore
the previous setting
Ports
28
Using Port Configuration page to configure the detail parameters for each port. You can enable/disable each port and set port speed such as Auto, half-duplex, full-duplexfor 10Mbps, 100Mbps, 1Gbps and disabled. It also allows to set frame size , collision policy and Power control.
LOCATION: ▼ Configuration ■Port PARAMETERS: Items Description Link Displays the status of the ports Speed Current:Displays the current speed
Configured :There are 7 options Disabled :disables the port interface Auto :Enables auto-negotiation 10Mbps HDX:Support 10Mbps half-duplex 10Mbps FDX:Support 10Mbps full-duplex 100Mbps HDX:Support 100Mbps half-duplex 100Mbps FDX:Support 100Mbps full-duplex 1Gbps FDX:Support 1Gbps full-duplex
Flow Control Current TX and Current RX indicate the Flow control state of TX and RX. Checks the configured box to enable Flow Control Flow control can eliminate packet loss. When auto-negotiation mode is set, this switch advertises the flow control information to linked partner. When the manual speed is set, the Current TX field indicates if the pause frame be transmitted from this port, and the Current RX field indicates whether the pasue frame are obeyed on this port
Maximum Frame Size
Set the Maximum frame size allows to transfer for each port
Excessive Collision
Configure port transmit collision behavior Discard:Discards the frames after 16 collision
29
Mode happened. Restart:Restarts the backoff algorithm after
16 collision happened. Power Control
There are 3 options for automatic power saving mode: ActiPHY:It will detect unused Ethernet ports
on Network devices and power them down.
PerfectReach:an intelligent algorithm that actively adjusts the power level needed based on cable length.
Enabled:Enables both ActiPHY and PerfectReach
Disabled:Disables power saving mechanism WEB Interface
A. Click Configuration/Port B. Specify the Speed Configured, Flow Control,
Maximum Frame Size, Excessive Collision Mode and Power Control.
C. Click Save to apply the setting or Reset to restore the previous setting ● Refresh button:Re-load information of the page
manually.
30
Security You can configure user authentication for management
access and control client access ports Password Using this Password page to change the administrator’s
password. LOCATION:
▼ Configuration ▼ Security ▼ Switch ■ Password PARAMETERS: Items Description Old Password Insert the old password
(Default is blank)
31
New Password Inserts new password (Case sensitive, Maximum is 31 characters)
Confirm New Password
Re-types the same string as New Password field.
WEB Interface
A. Click Configuration/Security/Switch/User B. Enter Old Password, New Password, and Confirm
New Password. C. Click Save to apply the setting.
Security Auth Method Using Authentication Method Configuration page to
specify the authentication Method for access management via console and web. Access can be controlled by local(Password) or remote access authentication(RADIUS Server).
LOCATION:
▼ Configuration ▼ Security ▼ Switch ■ Auth Method
32
PARAMETERS: Items Description Client Specify the authentication Method for
Administrator Authentication Method
There are 3 options for Console and Web None:disablesaccess vis specified management interface Local:checks by password RADIUS:checks vis RADIUS Server
Fallback This only works for Authentication Method =”RADIUS”. When Radius Server authentication fail, it will check by local password if fallback is checked
WEB Interface
A. Click Configuration/Security/Switch/Auth Method B. Select Authentication Method for console and web,
specify the Fallback check if needed. C. Click Save to apply the settingor Reset to restore
the previous setting.
Security SNMP Any Network Management System (NMS) running the
Simple Network Management Protocol(SNMP) can manage the device which equipped with SNMP agent and attached with Management information Bases(MIBs). The SNMP is a common comminunication protocol for managing devices on a network. SNMP is typically using for configuring and monitoring devices.
33
The switch supports SNMPv1, v2c and v3.It continously
monitors the status of the switch hardware as well as the traffic passing through its’ ports.
SNMP System Using the SNMP System Configuration page to configure
SNMP settings, Community name, trap host and public traps as well as the throttle of SNMP, A SNMP manager must pass the authentication by identifying both community names, then it can access the MIB information of the switch. So, both parties must have the same community name.
LOCATION: ▼ Configuration ▼ Security ▼ Switch ▼ SNMP ■ System
PARAMETERS: Items Description SNMP System Configuration Mode Enables or disables SNMP service Version Specifies the SNMP version
(SNMP v1, SNMP v2c, SNMP v3) Read Community The community for Read access Write Community The community for Read/Write access Engine ID The SNMP v3 Engine ID,It is only
available for SNMP v3 (10-64 HEX digits, excluding a string of all 0’s or F’s)
SNMP Trap Configuration Trap Mode Enables or disables SNMP traps Trap Version Specifies the Trap Version
(SNMP v1, SNMP v2c, SNMP v3) Trap Community Specifies the community string for
SNMP trap packets
34
Trap Destination Address
Specifies the IP Address of management PC/NB to get trap packets
Trap Authentication Failure
Issues a notification message to specified IP trap managers whenever of a SNMP request fails.
Trap Link-up and Link-down
Issues a notification message to specified IP trap managers whenever a port link is established or broken
Trap Inform Mode Enables or disables sending notification as inform message. It is only available for SNMP v2c and SNMP v3. Inform mode can guarantee the message is received.
Trap Inform Timeout
The time for waiting a ACK (Range:0-2147, unit:second)
Trap Inform Retry Times
The Maximum numbers of re-try times before gotting ACK
Trap Probe Security Engine ID
Specifies whether or not to use the engine ID of the SNMP trap probe in trap and inform messages(It is only available for SNMP v3)
Trap Security Engine ID
Displays the SNMP Trap security engine ID. (It is only available for SNMP v3)
Trap Security Name Displays the Trap security Name (It is only available for SNMP v3)
WEB Interface To setup SNMP System & Trap Configuration
A. ClicksConfiguration/Security/Switch/SNMP/System B. Set Mode to Enable SNMP service and specify
SNMP version then change the Read and Write Community access strings if required and set the engine ID
35
C. In the SNMP Trap Configuration table, enable Trap mode to allow the switch to send SNMP traps. Specifies the trap version, trap community and IP Address of management PC/NB which will receive the trap messages. Select inform mode for SNMP v2c and SNMP v3 clients. Set Security engine ID for SNMP v3 client.
D. Click Save to apply the setting or Reset to restore the previous setting.
Communities Using SNMPv3 Community Confugration page to set
access community strings. It should include all community strings for SNMPv1, SNMPv2c and SNMPv3.
36
LOCATION: ▼ Configuration ▼ Security ▼ Switch ▼ SNMP ■ Communities PARAMETERS: Items Description Community Specifies the community string to allow
access the SNMP agent.(Range:1-32) Source IP Specifies the IP Address of the SNMP client Source Mask Specifies the subnet mask of the SNMP client WEB Interface To setup SNMP Community access string:
A. ClicksConfiguration/Security/Switch/SNMP/Commu
nities B. Set the IP Address and subnet mask for the default
community string or delete for security. C. Add any new Community strings by click Add new
community button D. Click Save to apply the setting or Reset to restore
the previous setting.
Users Using SNMPv3 User Configuration page to set a specific
Engine ID, Name, security level and the types of authentication and privacy for each SNMPv3 user.
37
LOCATION: ▼ Configuration ▼ Security ▼ Switch ▼ SNMP ■ Users PARAMETERS: Items Description Engine ID The engine identifier for SNMP agent.
(It is only available for SNMPv3) User Name The unique username for SNMP agent
(Range:1-32 characters) Security Level There are 3 options:
NoAuth, NoPriv:no authentication and encryption during the communication
Auth,NoPriv:with authentication but no encryption during the cummunication
Auth,Priv: with both authentication and encryption during the communication
Authentication Protocol
The methods for authentication (None, MD5, SHA,)
Authentication Password
A plain text as password(Range:1-32 characters)
Privacy Protocol
The encryption algorithm ( none or 56-bit DES)
Privacy password
A string for Privacy pass phrase (Range:8-40 characters)
WEB Interface To setup SNMPv3 User:
A. ClicksConfiguration/Security/Switch/SNMP/Users B. Clicks “Add new user” to configure a username C. Enters a remote Engine ID
38
D. Defines username, security level, authentication and privacy settings
E. Click Save to apply the setting or Reset to restore the previous setting.
Groups Using SNMPv3 Group Configuration page to configure
SNMPv3 Group, it defines a specific SNMPv3 group and restricts assigned user’s access policy for read and write views.
LOCATION: ▼ Configuration ▼ Security ▼ Switch ▼ SNMP ■ Groups PARAMETERS: Items Description Secuirty Model The user security model, 3 options:
(v1, v2, usm=User-based security Model) Security Name The username which connect to SNMP
agent(Range:1-32 characters) Group Name The name of SNMP group
WEB Interface To setup SNMPv3 Group:
A. ClickConfiguration/Security/Switch/SNMP/Groups B. Click“Add new group” to create a new group
39
C. Select a Security Model( SNMPv1, SNMPv2c or User-based Security Model)
D. Select a Security Name E. Enter a Group Name F. Click Save to apply the setting or Reset to restore
the previous setting.
Figure Views Using SNMPv3 View Configuration page to define the
restricts access policy for specific MIB tree The default_view includes access ability for whole MIB tree.
LOCATION: ▼ Configuration ▼ Security ▼ Switch ▼ SNMP ■ Views PARAMETERS: Items Description View Name The Name of SNMP view
(Range:1-32 characters) View Type Indicates the OID is included or excluded
in this SNMP view OID Subtree Object identifiers of branches within the
MIB tree
40
WEB Interface To setup SNMPv3 Views:
A. ClickConfiguration/Security/Switch/SNMP/Views B. Click “Add new view” to create a new view C. Enter a View Name, Type and OID Subtree D. Click Save to apply the setting or Reset to restore
the previous setting.
Access Using SNMPv3 Access Configuration page to define the
Access rights for portion of MIB tree. You can have more than one Access policy for SNMPv3 group.
LOCATION: ▼ Configuration ▼ Security ▼ Switch ▼ SNMP ■ Access PARAMETERS: Items Description Group Name The Name of SNMP group
(Range:1-32 characters) Security Model The user security model, 3 options:
(v1, v2, usm=User-based security Model) Security Level There are 3 options:
NoAuth, NoPriv:no authentication and encryption during the communication
41
Auth,NoPriv:with authentication but no encryption during the cummunication
Auth,Priv: with both authentication and encryption during the communication
Read View Name Select View Name for Read Access Write View Name Select Write Name for Write Access
WEB Interface
To setup SNMPv3 Accesss: A. ClickConfiguration/Security/Switch/SNMP/Access B. Click “Add new access” to create a new view C. Select a Group Name, security model, security level,
Read View and Write View. D. Click Save to apply the setting or Reset to restore
the previous setting.
Network ACL ports Using ACL Ports Configuration page to specify the
assigned port’s re-actions when certain kind of frames are matchs. These behaviors include “Port Redirect”, “Mirror”, “Logging” and “Shutdown”.
LOCATION: ▼ Configuration ▼ Security ▼ Network ▼ ACL ■Ports
42
PARAMETERS: Items Description Port Port Number Policy ID Specify the Policy ID
(Range:0-255) Action Permit or deny the forwarding if policy is
matched Rate limiter ID Specify a Rate Limiter ID, the mapping
table is in “Rate Limiters” page Port Redirect Specify the packets redirect to which port if
policy matched Mirror Specify the packets also forward to
predefined mirror port if policy matched Logging Enable logging the matched frames to
system log Shutdown Shut down the port if policy matched Counter Show the number of frames which match
the specific policy
WEB Interface To Configure ACL policies and its’ re-action:
A. ClickConfiguration/Security/Network/ACL/Ports B. Assign policy which is set on ACE Configuration
page. Specify re-action behaviors when frames matcheds, it includes “Port Redirect”, “Mirror”, “Logging”, “Shutdown”.
C. Click Save to apply the setting or Reset to restore the previous setting. ● Refresh Button:Refresh the Counter of frames
matched the policy. ● Clear Button:Clean the Counter of frames
matched the policy
43
.
. Rate Limiters Using ACL Rate Limiter Configuration page to configure up
to 16 Rate Limit options
LOCATION: ▼ Configuration ▼ Security ▼ Network ▼ ACL ■ Rate Limiters PARAMETERS: Items Description Rate Limiter ID Rate Limit Identifier (Range:1-16) Rate The dropping threshold, the allowed value:
0-3276700 in pps,0, 100, 2*100, 3*100…100000 in kbps
Unit Unit of measure( pps, kbps)
44
WEB Interface To Configure ACL Rate limitation:
A. Click Configuration/Security/Network/ACL/Rate
Limiters B. Specify Rate and Unit for Rate Limiter ID(1-16) C. Click Save to apply the setting or Reset to
restore the previous setting.
Access Control List Using Access Control List page to make up of ACE s deine on this switch. Each row describes the ACE that is defined.
You can define filtering rules for an ACL policy, for a specific port or for all ports.
LOCATION: ▼ Configuration ▼ Security ▼ Network ▼ ACL ■ Access Control List
45
PARAMETERS: Items Description Ingress Port Specific port or All ports Policy/Bitmask Indicate the Policy and Bitmask of the ACE Frame Type Indicate the frame type of ACE.
Any:match any frames Ethernet:match Ethernet type frames ARP:match ARP/RARP frames IPv4:matchIPv4 frames IPv4/ICMP:match IPv4 frames with ICMP
Protocol IPv4/UDP:match IPv4 frames with UDP
Protocol IPv4/TCP:match IPv4 frames with TCP
Protocol IPv4/Other:match IPv4 frames which are
not ICMP/UDP/TCP Action Permit or deny frames when the frames
matched Rate Limiter Indicate the rate limiter number of the ACE. Port Redirect Indicate the port redirect operation of the ACE Mirror Specify the mirror operation of this port Counter Indicate the number of times the ACE was hit
by a frame Modification Buttons
Insert a new ACE before the current row Edit the ACE row Move the ACE up the list Move the ACE down the list Delete the ACE The lowest plus sign adds a new entry at the buttom of the ACE listings
WEB Interface To Configure ACL Rate limitation:
A. Click Configuration/Security/Network/ACL/Access
46
Control List B. Click the button to add new ACE, or use the
button to modify the ACE row C. Specify the parameters of the ACE D. Click Save to apply the setting, Reset to restore
the previous setting or Cancl to back ACE list
● Clear Button:Clean the Counter of frames matched the policy
● Remove All Button:Delete all ACE rows ● Auto-refresh:Refresh the page automatically
47
AAA Using the Authentication Server Configuration page to build
up an authenticated mechanism with RADIUS server.
LOCATION: ▼ Configuration ▼ Security ■ AAA PARAMETERS: Items Description Common Server Configuration Timeout The maximum waiting time to wait for a reply
from server (Range:3-3600 seconds) Dead Time The time after which the switch
Considers an authentication server to be dead if it does not reply
RADIUS Authentication Server Configuration Enable Enable the RADIUS Authentication Server by
Check this box IP Address IP Address of RADIUS server Port The UDP port to use on the RADIUS
authentication Server. Secret Encryption key(Maximum characters:29)
WEB Interface To Configure ACL Rate limitation:
A. Click Configuration/Security/AAA B. Specify the parameters of the RADIUS
Authentication Server. C. Click Save to apply the setting or Reset to
restore the previous setting.
48
Port Trunking(Static) Using Aggregation Mode Configuration page to configure
the Aggregation Mode and Members of each static group.
LOCATION: ▼ Configuration ▼ Port Trunking ■ Static PARAMETERS: Items Description Hash Code Contributors Source MAC Address
Enable:The source MAC Address can be used to calculate the destination
49
port for the frame.(Disable is not) Destination MAC Address
Enable:The Destination MAC Address can be used to calculate the destination port for the frame. (Disable is not)
IP Address Enable:The IP Address can be used to calculate the destination port for the frame.(Disable is not)
TCP/IP Port Number
Enable:The TCP/IP port number canbe used to caclulate the destination port for the frame.(Disable is not)
Port Members Group ID Normal:There is no aggregation
Note:Only one group ID is valid per port. Port Members Port Identifier
WEB Interface To Configure a Static Trunk:
A. Click Configuration/Port Trunking/Static B. Select load-balancing method in hash code
contributors C. Assign port members to specific trunking group D. Click Save to apply the setting or Reset to
restore the previous setting.
50
Port Trunking(LACP) Using LACP Port configuration page to enable LACP on
selected ports, configure key and LACP mode.
LOCATION: ▼ Configuration ▼ Port Trunking ■ LACP PARAMETERS: Items Description Port Port Identifier LACP Enabled Control whether LACP is enabled on this
switch port. LACP will from an aggregation when 2 or more ports are connected to the same partner. LACP can from max 12 LLAGs per switch and GLAGs per stack.
Key The Key value incurred by the port.(Range:
51
1-65535). The “Auto” setting will set the key as appropriate by the physical link speed, 10Mb=1, 100Mb=2, 1Gb=3. Using the specific setting, a user-defined value can be entered. The same key setting ports can participate in the same aggregation group.
Role The Role shows the LACP activity status. The “Active” will transmit LACP packets each second, while “Passive” will wait for a LACP packet from a partner.
WEB Interface To Configure theLACP:
A. Click Configuration/Port Trunking/LACP B. Enable LACP on all of the ports in an LAG C. Divide the LAG by different key D. Set one Active role port in one LAG at least E. Click Save to apply the setting or Reset to
restore the previous setting.
52
Loop Protection Using Loop Protection page to configure loop protection
LOCATION: ▼ Configuration ■ Loop Protection PARAMETERS: Items Description General Settings Enable Loop Protection
Controls whether loop protections is enabled
Transmission Time
The interval between each loop protection PDU sent on each port. Valid values are 1 to 10 seconds
Shutdown Time
The period(in seconds) for which a port will be kept disabled in the event of loop is detected (and the port action shuts down the port). Valid values are 0 to 604800 seconds(7 days). A value of zero will keep a port disabled (until next device restart)
Port Configuration Port Port identifier Enable Control whether loop protection is enabled on
this switch port Action Configure the action performed when a loop
protection is detected on a port. Valid values are “Shutdown Port”, “Shutdown Port and Log”, or “Log only”
Tx mode Control whether the port is actively generating loop protection PDU’s, or whether it is just passively looking for looped PDU’s
WEB Interface To Configure the Loop Protection:
A. Click Configuration/Loop Protection B. Enable Loop Protection, configure Transmission
Time and Shutdown Time C. Specify reaction for each port when loop
protection is detected
53
D. Click Save to apply the setting or Reset to restore the previous setting.
Spanning Tree The Spanning Tree Algorithm can be used to detect and
disable network loops and provide backup links between switches, bridges and routers. This allows the switch to cooperate with other bridging devices.
Spanning Tree
(Bridge Settings) Using the STP Bridge Settings page to configure settings for STA which apply globally setting.
54
LOCATION: ▼ Configuration ▼ Spanning Tree ■ Bridge Settings PARAMETERS: Items Description Basic Settings Protocol Version The STP protocol version setting, the
Valid values are STP(IEEE 802.1D)and RSTP(IEEE 802.1w).
Bridge Priority Control the bridge priority, low numeric values have higher priority
Forward Delay The delay used by STP Bridges to transit Root and Designated Ports to forwarding(used in STP compatible mode). (Range:4-30 seconds)
Max Age The Maximum age of information transmitted by the Bridge when it is the Root Bridge. (Range:6-40 seconds). Max Age must be <=(FwdDelay-1)*2
Maximum Hop Count
This define the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region. (Range:6-40 hops)
Transmit Hold Count
The number of BPDU’s bridge port can send per seconds. When exceed, transmission of the next BPDU will delay. (Range:1-10 BPDUs per second)
Advanced Settings Edge Port BPDU filtering
Control whether the port explicitly configured as Edge will transmit and receive BPDUs.
Edge Port BPDU Guard
Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDUs. The port will enter the error-disables state and will be
55
removed from the active topology. Port Error Recovery
Control whether a port in the error-disable state automatically will be enabled after a certain time. If recovery is not enabled, ports have to be disabled and re-enabled from normal STP operation. The condition is also cleared by a system reboot.
Port Error Recovery Timeout
The time to pass beofre a port in the error-disabled state can be enabled.(Range:30-86400seconds)
WEB Interface To Configure STP Configuration:
A. Click Configuration/Spanning Tree/Bridge
Settings B. Configure the required attributes C. Click Save to apply the setting or Reset to
restore the previous setting.
56
Spanning Tree (Bridge Ports) Using the STP CIST Ports Configuration page to configure
STA attributes for interfaces when the Spanning Tree mode is set to STP or RSTP or for Interfaces in the CIST.
STA interface attributes include path cost, priority, edge port, automatic detection of an edge port and PtP link type
LOCATION: ▼ Configuration ▼ Spanning Tree ■ Bridge Ports PARAMETERS: Items Description CIST Aggregation Port Configuration STP Enable Control whether STP is enabled on this
switch port Path Cost Control the Path Cost incurred by this
port. The “Auto” setting will set the path cost as approciate by physical link speed, using the 802.1D recommended values. Using “specific” settings, a user-defined value can be entered. The path cost is used when establishing the active topology of the network. Low path cost ports are chosen as forwarding ports in favour of higher path cost ports. (Range:1-200000000)
Priority Control the port priority. This can be used to control priority of the ports having identical port cost.
Admin Edge Enable this option if this port is connected to an end node or at the end o the bridge.
Auto Edge Control whether automatic edge detection is enabled on a bridge port
Restricted Role If enabled, cause the port not to be selected as Root port for the CIST, even if
57
it has the best spanning tree priority vector. This features is also known as “Root Guard”
Restricted TCN If enabled, cause the port not to propagate received topology change notifications and topology changes to other ports.If set it can cause temporary loss of connectivity after changes in a spannig tree’s active topology as a result of persistently incorrect learned station location information. It is set by a network administrator to prevent bridges extenal to a core region of the network, causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently.
BPDU Guard If enabled, cause the port to disable itself upon receiving valid BPDU’s. Contrary to the similar bridge setting, the port Edge status desn’t effect this settings.
Point-to-Point Control whether the port connects to a point-to-point LAN rather than a shared medium. This can be automatically determined, or forced either true or false. Transtion to the forwarding state is faster for point-to-point LAns than for shared media.
WEB Interface To Configure STP CIST Port Configuration:
A. Click Configuration/Spanning Tree/Bridge Port s B. Configure the required attributes C. Click Save to apply the setting or Reset to
restore the previous setting.
58
IGMP SNOOPING Multi-casting is using to support real-time applications
such as video-conferencing or streaming audio. A multicast server doesn’t have to establish a separate connection to each client. It merely broadcasts its’ service to the network. By this approach, it will increase a lot of broadcast traffic in the network.
This switch can use IGMP to filter multi-cast traffic. IGMP snooping can be used to passively monitor or snoop the packets exchanging between multi-cast hosts and clients.
Then, it can set its filters
59
IGMP SNOOPING Basic Configuration Using the IGMP Snooping Configuration page to configure
Global and Port Related settings to control the forwarding of multi-cast traffic. This can decrease broadcast traffic to improve the network performance.
LOCATION: ▼ Configuration ▼ IPMC ▼ IGMP Snooping ■ Basic Configuration PARAMETERS: Items Description Global Configuration Snooping Enabled Control whether the IGMP snooping
is enabled Unregistered IPMCv4 Flooding Enabled
Enable unregistered IPMCv4 Flooding
Port Related Configuration Port Port Identifier Router Port Specify which porta act as router
ports.A Router port is a port on the Ethernet switch that leads toward the layers multi-cast device or IGMP querier. If an aggregation member port is selected as a router port. The whole aggregation will act as a router port.
Fast Leave Delete a member port of mult-cast Service immediately if a leave packet is received at this portEnable Fast Leave on this port.
60
WEB Interface To Configure Global and Port related settings for IGMP
Snooping: A. Click Configuration/IPMC/IGMP Snooping/Basic
Configuration B. Specify the required IGMP Snooping Settings C. Click Save to apply the setting, Reset to restore
the previous setting.
61
IGMP SNOOPING VLAN Configuration Using the IGMP Snooping VLAN Configuration page to
configure IGMP Snooping settings.
LOCATION: ▼ Configuration ▼ IPMC ▼ IGMP Snooping ■ VLAN Configuration PARAMETERS: Items Description VLAN ID VLAN Identifier Snooping Enabled Enable the per-VLAN IGMP
Snooping. Up to 32 VLANs can be selected for IGMP Snooping.
Port Port Identifier
WEB Interface To Configure IGMP Snooping VLAN:
A. Click Configuration/IPMC/IGMP Snooping/VLAN
Configuration B. Specify the required IGMP Snooping VLAN
Settings C. Click Save to apply the setting, Reset to restore
the previous setting. ● Refresh Button:Refresh the Display table
Starting from the first entry of the VLAN table.
62
Power Over EthernetThis Switch provides IEEE 802.3af/atPOE functions, it provides PD class power allocation and power reserved manually with different priority policy. The total power is 120 Watt.
Using Power Over Ethernet Configuration to setPOE mode,
its priority and Maximum power per port:
LOCATION: ▼ Configuration ■POE PARAMETERS: Items Description Primary Power Supply[W]
It depends on power supply. We provides 120 Watt for this model
Port Port identifier POE Mode ThePOE Mode represents thePOE
operating mode for the port. Disabled:Turn thePOE off POE:Enable 802.3af(Class 4 PD Maximum power is 15.4Watt) POE+:Enable 802.3at(Class 4 PD Maximum power is 34.2Watt)
Priority There are 3 priority levels.(Low, High, Critical). The priority is used in the case where the remote devices requires more power than power supply can deliver. In this case the port with lowest priority will be turn off starting from the port with the highest port number.
WEB Interface To ConfigurePOE functions:
A. Click Configuration/POE B. Specify Disabled/POE/POE+ and priority for
each port C. Click Save to apply the setting, Reset to restore
63
the previous setting.
IEEE 802.1Q VLAN This switch provides Layer 2 VLAN for following reasons;
By appropriated settings to eliminate broadcast storms in large networks. This also provide a more secure and cleaner network environment.
VLAN provides greater network performance by reducing broadcast traffic and also provides high level of network security since traffic must pass through a configured Layer 3 link to reacha different VLAN.
64
VLAN Configuration Using VLAN Membership Configuration page to set VLAN group:
LOCATION: ▼ Configuration ▼ VLANs ■ VLAN Membership PARAMETERS: Items Description VLAN ID ID of this particular VLAN
(Range:1-4096) VLAN Name The name of VLAN
(Range:up to 32 characters) Port Members A row of checkboxes for each port is
displayed for each VLAN ID Check the box . to include a port in a VLAN Check the box as shown to include a port in a forbidden port list. Uncheck the box .. to remove a port from a VLAN
WEB Interface To Configure IEEE 802.1Q VLAN groups:
A. Click Configuration/VLANs/VLAN Membership B. Change Default VLAN ID=1, if necessary. C. Click “Add New Entry” to create a new VLAN
group with ID, Name and port members. D. Click Save to apply the setting, Reset to restore
the previous setting. ● Refresh Button:Refresh the Display table
Starting from the first entry of the VLAN table.
65
VLAN Ports Using VLAN Ports Configuration page to set VLAN attributes for specific
interfaces, including processing frames with embedded tags, Ingress filtering, setting the accepted frame types and assigning Port VLAN ID.
LOCATION: ▼ Configuration ▼ VLANs ■ Ports PARAMETERS: Items Description Ethertype for Custom S-ports
This field specifies the ether type used for Custom S-ports. This is a global setting for all the Custom S-ports.
Port The logical port number of this row Port Type Port can be one of the following types:
Unaware, Customer port(C-port), Service Port(S-port), Custom Service port(S-custom-port). If Port Type is Unaware, all frames are classified to the Port VLAN ID and tags are not removed
Ingress Enable ingress filtering on a port by checking
66
filtering the box. This parameter affects VLAN ingress processing. If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame, the frame is discarded. By default, ingress filtering is disabled.
Frame Type Determines whether the port accepts all frames or only tagged/untagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on this port will be discarded
Port VLAN mode
Configure VLAN mode to “None” or “Specific”, None:a VLAN tag with classified VLAN ID is
Inserted in frames transmitted on the port.This mode is normally used for ports connected to VLAN aware swithces.
Specific:a Port VLAN ID can be configured. Untagged frames received on the
port are classified to the Port VLAN ID. If If VLAN awareness is disabled, all frames received on the port are classified to the Port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the Port VLAN ID, a VLAN tag with the classified VLAN ID is inserted in the frame.
Port VLAN ID Configures the VLAN identifier for the port. The allowed values are 1 through 4095. The default value is 1. Note: The port must be a member of the
same VLAN as the Port VLAN ID. Tx Tag Determines egress tagging of a port.
Untag_pvid - All VLANs except the configured PVID will be tagged. Tag_all - All VLANs are tagged. Untag_all - All VLANs are untagged
67
WEB Interface To Configure attributes for VLAN port member:
A. Click Configuration/VLANs/Ports B. Configure the required settings for each
interface. C. Click Save to apply the setting, Reset to restore
the previous setting.
68
Private VLAN Private VLAN provides port-base security and isolation between ports within
assigned VLAN. Data Traffic on ports assigned to a private VLAN can only be forwarded to or from uplinks ports. Ports isolated in the private VLAN are designated as downlink ports and can only communicate to uplink ports with the same private VLAN.
PVLAN Membership Using the private VLAN Membership Configuation page to assign
ports to specific private VLAN.
LOCATION: ▼ Configuration ▼ Private VLANs ■ PVLAN Membership PARAMETERS: Items Description PVLAN ID The ID of this particular private VLAN Port Members A row of check boxes for each port is
displayed for each private VLAN ID. To include a port in a Private VLAN, check the box. To remove or exclude the port from the Private VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked
WEB Interface To Configure VLAN port member for PVLANs:
A. Click Configuration/Private VLANs/PVLAN
Membership B. Add or delete members of any existing PVLAN,
or click “Add New Private VLAN” to create new PLVAN.
C. Click Save to apply the setting, Reset to restore the previous setting.
69
Port Isolation Using the Port Isolation Configuration page to prevent
communications between customer ports within the same private VLAN
LOCATION: ▼ Configuration ▼ Private VLANs ■ Port Isolation PARAMETERS: Items Description Port Members A check box is provided for each port of a
private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port. By default, port isolation is disabled on all ports.
WEB Interface To Configure PVLAN port isolation:
A. Click Configuration/Private VLANs/Port Isolation B. Make the checked ports are isolated from each
other. C. Click Save to apply the setting, Reset to restore
the previous setting.
70
Quality of Service The switch supports 4 QoS queues per port with stricted or weighted fair queuing
scheduling. This QoS classification mechanism is implemented in a QoS control list (QCL). The QoS class assigned to a frame is used throughout the device for providing queuing, scheduling and congestion control guarantee to the frame according to what was configured for that specific QoS class.
The switch also allows you to configure QoS classification criteria and service polices. The switch’s resources can be prioritized to meet the requirements of specific traffic types on a per hop basis. Each packet is classified upon entry into network based on Ethernet type, TCP/UDP port, DSCP and ToS.
71
Port Classification Using the QoS Ingress Port Configuration page to set the basic QoS parameters for a port, including the default traffic class, DP Level (IEEE 802.1p), user priority and drop eligible indicator.
LOCATION: ▼ Configuration ▼ QoS ■ Port classification PARAMETERS: Items Description Port The port number for which the configuration
below applies. QoS Class Controls the default QoS class, i.e., the QoS
class for frames not classified in any other way. There is a one to one mapping between QoS class, queue and priority. A QoS class of 0 (zero) has the lowest priority. Note: If the QoS class has been dynamically
changed, then the actual QoS class is shown in parentheses after the configured QoS class.DP level
DP Level Controls the default Drop Precedence Level, i.e., the DP level for frames not classified in any other way.
PCP Controls the default Priority Code Point(PCP) for untagged frames.
DEI Controls the default Drop Eligible Indicator (DEI) for untagged frames.
WEB Interface To useQoS Ingress Port Configuration:
A. Click Configuration/QoS/Port Classification B. Set QoS Class priority for each port, DP Level
and PCP, DEI for untagged frames. C. Click Save to apply the setting, Reset to restore
the previous setting.
72
Port Policing The Port policing is useful in constraining traffic flows and marking frames avobe specific rates. Policing is primarily useful for data flows and voice or video flows because voice video usually maintains a steady rate of traffic.
LOCATION: ▼ Configuration ▼ QoS ■ Port Policing
73
PARAMETERS: Items Description Port The port number for which the configuration
below applies. Enabled Controls whether the policer is enabled on
this switch port. Rate Controls the rate for the policer. The default
value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps" or "fps", and it is restricted to 1-3300 when the "Unit" is "Mbps" or "kfps".
Unit Controls the unit of measure for the policer rate as kbps, Mbps, fps or kfps . The default value is "kbps".
Flow Control If flow control is enabled and the port is in flow control mode, then pause frames are sent instead of discarding frames.
WEB Interface To Configure QoS Ingress Port Policiers:
A. Click Configuration/QoS/Port Policing. B. Evoke which port need to enable the QoS
Ingress Port Policers and type the Rate limitcondition
C. Scroll down to select Rate unit. D. Click Save to apply the setting, Reset to restore
the previous setting.
74
QoS Control List Using QoS Control List Configuration page to configure Quality of Service policies for handling ingress packets based on Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS or VLAN priority tag.
LOCATION: ▼ Configuration ▼ QoS ■ QoS Control List
75
PARAMETERS: Items Description QCE# Indicate the index of QCE. Port Indicates the list of ports configured with the
QCE. Frame Type Indicates the type of frame to look for
incomming frames. Possible frame types are: Any::The QCE will match all frame type. Ethernet::Only Ethernet frames (with Ether
Type 0x600-0xFFFF) are allowed. LLC:Only (LLC) frames are allowed. SNAP: Only (SNAP) frames are allowed. IPv4:The QCE will match only IPV4 frames. IPv6:The QCE will match only IPV6 frames
SMAC Display the OUI field of Source MAC address, i.e. first three octet (byte) of MAC address.
DMAC Specify the type of Destination MAC addresses for incoming frame. Possible values are: Any:All types of Destination MAC addresses
are allowed. Unicast:Only Unicast MAC addresses are
allowed. Multicast:Only Multicast MAC addresses are
allowed. Broadcast:Only Broadcast MAC addresses
are allowedd. The default value is 'Any'.
VID Indicates (VLAN ID), either a specific VID or range of VIDs. VID can be in the range 1-4095 or 'Any'
PCP Priority Code Point: Valid value PCP are specific(0, 1, 2, 3, 4, 5, 6, 7) or range(0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or 'Any'.
DEI Drop Eligible Indicator: Valid value of DEI can be any of values between 0, 1 or 'Any'.
Action Indicates the classification action taken on ingress frame if parameters configured are
76
matched with the frame's content. There are three action fields: Class, DPL and DSCP. Class:Classified QoS class. DPL:Classified Drop Precedence Level. DSCP:Classified DSCP value.
Modification Buttons
Insert a new QCE before the current row Edit the QCE row Move the QCE up the list Move the QCE down the list Delete the QCE The lowest plus sign adds a new entry at the buttom of the QCE listings
WEB Interface To Configure QCE Configuration:
A. Click Configuration/QoS/QoS Control List. B. Click the to add new QoS Control List C. Scroll all parameters and evoke the Port Member
to join the QCE rules. D. Click Save to apply the setting, Reset to restore
the previous setting.
77
Storm Control Using the Storm Control Configuration page to set limitation of broadcast,
multi-cast and unknown uni-cast traffic to control traffic storms when switch device is malfunctioning. Traffic storm can degrade the network performance or halt the network.
LOCATION: ▼ Configuration ▼ QoS ■Storm Control PARAMETERS: Items Description Frame Type The settings in a particular row apply to the
frame type listed here: Unicast, Multicast or Broadcast.
Enable Enable or disable the storm control status for the given frame type.
Rate The rate unit is packets per second (pps). Valid values are:1, 2, 4, 8, 16, 32, 64, 128,
256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K , 1024K, 2048K, 4096K, 8192K, 16384K or 32768K.
78
WEB Interface To Configure QCE Configuration:
A. Click Configuration/QoS/Storm Control. B. Enable Storm Control for Broadcast, Multi-cast
and unknow uni-cast and Scroll down to select the Rate value.
C. Click Save to apply the setting, Reset to restore the previous setting.
Port Mirroring Using the Mirror Configuration page to mirror traffic from any source port to a target port.
LOCATION: ▼ Configuration ■ Mirroring PARAMETERS: Items Description Port The logical port for the settings contained in
the same row. Mode Select mirror mode.
Rx only:Frames received on this port are mirrored on the mirror port. Frames transmitted are not mirrored.
Tx only:Frames transmitted on this port are mirrored on the mirror port. Frames received are not mirrored.
Disabled:Neither frames transmitted nor frames received are mirrored.
Enabled:Frames received and frames
79
transmitted are mirrored on the mirror port.
Note: For a given port, a frame is only transmitted once. It is therefore not possible to mirror Tx frames on the mirror port. Because of this, mode for the selected mirror port is limited to Disabled or Rx only.
WEB Interface To Configure Mirroring Configuration:
A. Click Configuration/Mirroring. B. Select the destination port to which all mirrored
traffic will be sent C. Set the mirror mode on any of source ports to be
mirrored. D. Click Save to apply the setting, Reset to restore
the previous setting.
80
This chapter describes how to monitor all of the basic
Functions, Configurations, System log, Traffic views and the switch (ports) states...etc. Under the Monitor/System menu, it displays system information, Real-time CPU load, log and detailed syslog.
SYSTEM INFORMATION Using System Information page to verfiy the firmware and
hardware versions. It also displays System Contact, Device name, Location and System uptime.
LOCATION: ▼ Monitor ▼ System ■ Information PARAMETERS: Items Description Contact The system contact configured in
Configuration| System | Information | System Contact.
Name The system name configured in Configuration | System | Information | System Name.
Location The system location configured in Configuration | System | Information | System Location.
MAC Address The MAC Address of this switch Chip ID The Chip ID of the switch System Date The current (GMT) system time and date. The
system time is obtained through the Timing server running on the switch, if any.
System Uptime
The period of time the device has been operational.
Software The software version of this switch
WEB MONITOR
SYSTEM
PART 5
81
Version Software Date The date when the switch software was
produced
WEB Interface To Update the System Information:
A. Click Monitor/System/Information. ● Click “Refresh” button to refresh the page
information manually. ● Check “Auto-refresh” checkbox to update page
information automatically
CPU Load This page display the CPU Load, using an SVG graph. The load
is measured as average over the last 100ms, 1 sec and 10 seconds intervals. The last 120 samples are graphed and the last numbers are displayed as text as well. In order to display the SVG graph, your browser must support SVG format. Consult the SVG wiki for more information on browser support. Specifically, at the time of writing, Microsoft Internet Explorer will need to have a plug-in installed to support SVG.
LOCATION: ▼ Monitor ▼ System ■ CPU Load
82
WEB Interface To Update the System Information:
B. Click Monitor/System/CPU Load. ● Default the“Auto-refresh” checkbox is checked to
update page information automatically
Log Using the System Log Information page to display event
messages
LOCATION: ▼ Monitor ▼ System ■ Log PARAMETERS: Items Description ID Event log ID Level The level of the system log entry. The
following level types are supported: Info:Information level of the system log. Warning:Warning level of the system log. Error:Error level of the system log. All:All levels.
Time The time of the system log entry. Message The message of the system log entry. Buttons Auto-refresh :Check this box to enable an
83
automatic refresh of the page at regular intervals.
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
:Updates the system log entries,
starting from the first available entry ID.
:Updates the system log entries, ending
at the last entry currently displayed.
:Updates the system log entries,
starting from the last entry currently displayed.
:Updates the system log entries,
ending at the last available entry ID.
WEB Interface To display the System Log:
A. Click Monitor/System/Log. B. Specify the different level to show the log up. C. Check the “auto-refresh”checkbox to update the
system log automatically and click “clear” to clean the log.
84
Detailed Log Using the Detail System log information page to display the detail event log LOCATION: ▼ Monitor ▼ System ■ Detailed Log PARAMETERS: Items Description ID Event log ID Message The detailed message of the system log entry. Buttons
:Updates the system log entries,
starting from the current entry ID.
:Updates the system log entries,
starting from the first available entry ID.
:Updates the system log entries, ending
at the last entry currently displayed.
:Updates the system log entries,
starting from the last entry currently displayed.
:Updates the system log entries,
ending at the last available entry ID.
WEB Interface To display the Detailed System Log:
A. Click Monitor/System/Detailed Log. B. Specify the Detailed system log.
85
Thermal Protection Using the Thermal Protection Status page to show the thermal status for each port. LOCATION: ▼ Monitor ■ Thermal Protection PARAMETERS: Items Description Thermal Portection Port Status
Shows if the port is thermally protected (link is down) or if the port is operating normally.
Port Status Display Port Status, the port will shutdown if temperature exceed.
Buttons Auto-refresh :Check this box to enable an automatic refresh of the page at regular intervals.
:Updates the system log entries,
starting from the current entry ID.. Port s State Using the Port State Overview page to display an image of
switch’s ports. Clicking specific port image to open detailed statistics of this port.
LOCATION: ▼ Monitor ▼ Ports ■ State
86
PARAMETERS: Items Description Port State The port states are illustrated as follows:
Buttons Auto-refresh :Check this box to enable an
automatic refresh of the page at regular intervals.
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display an image of the switch’s ports:
A. Click Monitor/Ports/State. B. Display current state of each port. C. Check “Auto-refresh” to update the switch’s port
state automatically.
Traffic Overview Using Port Statistics Overviewpage to display an overview of
incoming and ongoing packets for each port.
LOCATION: ▼ Monitor ▼ Ports ■ Traffic Overview
87
PARAMETERS: Items Description Port The logical port for the settings contained in the
same row. Packets The number of received and transmitted packets
per port. Bytes The number of received and transmitted bytes per
port. Errors The number of frames received in error and the
number of incomplete transmissions per port. Drops The number of frames discarded due to ingress
or egress congestion. Filtered The number of received frames filtered by the
forwarding process. Buttons Auto-refresh :Check this box to enable an
automatic refresh of the page at regular intervals.
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
WEB Interface To display a summary of port statistics:
A. Click Monitor/Ports/Traffic Overview. B. Check “Auto-refresh” to update the switch’s port
state automaticallyand click “clear” to reset all data.
88
QoS Statistics Using the Queuing Counters page to display the number of
packets processed by each port.
LOCATION: ▼ Monitor ▼ Ports ■ QoS Statistics PARAMETERS: Items Description Port The logical port for the settings contained in the
same row. Qn There are 8 QoS queues per port. Q0 is the
lowest priority queue. RX/TX The number of received and transmitted packets
per queue. Buttons Auto-refresh :Check this box to enable an
automatic refresh of the page at regular intervals.
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
89
WEB Interface To display a Queue Counters:
A. Click Monitor/Ports/QoS Statistics. B. Check “Auto-refresh” to update the switch’s port
state automatically and click “clear” to reset all data.
QCL Status Using QoS Control List Status to show QCE configured for different users or software modules and whether or not there is a conflict. LOCATION: ▼ Monitor ▼ Ports ■ QCL Status
90
PARAMETERS: Items Description Users Indicates the QCL user. QCE# Indicates the index of QCE. Frame Type
Indicates the type of frame to look for incomming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC:Only (LLC) frames are allowed. SNAP:Only (SNAP) frames are allowed. IPv4:The QCE will match only IPV4 frames. IPv6:The QCE will match only IPV6 frames.
Port Indicates the list of ports configured with the QCE.
Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content. There are three action fields: Class, DPL and DSCP. Class:Classified QoS class; if a frame matches
the QCE it will be put in the queue. DPL:Drop Precedence Level; if a frame matches
the QCE then DP level will set to value displayed under DPL column.
DSCP:If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column.
Conflict Displays Conflict status of QCL entries. As H/W resources are shared by multiple applications. It may happen that resources required to add a QCE may not be available, in that case it shows conflict status as 'Yes', otherwise it is always 'No'. Please note that conflict can be resolved by releaseing the H/W resources required to add QCL entry on pressing 'Resolve Conflict' button.
Buttons Combined:Select the QCL Status from this
91
drop down list.
Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.
:Click to release the resources
required to add QCL entry, incase conflict status for any QCL entry is 'yes'
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display the status of QCE entries:
A. Click Monitor/Ports/QCL Status. B. Select the user type to display from a dropdown
list. C. If any of the entries show the conflict, click
“Rresolve Conflict” to resolve the conflict then click “refresh” to check the result.
Detailed Port Statstics Using the Detailed Port Statistics page to display the detailed
statistic on network. All values have been accumulated since the system bootup.
92
LOCATION: ▼ Monitor ▼ Ports ■ Detailed Statistics PARAMETERS: Items Description Receive Total and Transmit Total RX and TX packets
The number of received and transmitted (good and bad) packets.
Rx and Tx Octets
The number of received and transmitted (good and bad) bytes. Includes FCS, but excludes framing bits.
Rx and Tx Unicast
The number of received and transmitted (good and bad) unicast packets.
Rx and Tx Multicast
The number of received and transmitted (good and bad) Multicast packets.
Rx and Tx Broadcast
The number of received and transmitted (good and bad) Broadcast packets.
Rx and Tx Pause
A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation
Receive and Transmit Size Counters
The number of received and transmitted (good and bad) packets split into categories based on their respective frame sizes.
Receive and Transmit Queue Counters
The number of received and transmitted packets per input and output queue.
Receive Error Counters Rx Drops The number of frames dropped due to lack
of receive buffers or egress congestion. Rx CRC /Alignment
The number of frames received with CRC or alignment errors.
Rx Undersize The number of short1 frames received with valid CRC.
Rx Oversize The number of long2 frames received with valid CRC.
Rx Fragments The number of short1 frames received with
93
invalid CRC. Rx Jabber The number of long 2 frames received with
invalid CRC. Rx Filtered The number of received frames filtered by
the forwarding process. 1 Short frames are frames that are smaller than 64 bytes. 2 Long frames are frames that are longer than the configured maximum frame length for this port. Transmit Error Counters Tx Drops The number of frames dropped due to
output buffer congestion. Tx Late/ Exc. Coll.
The number of frames dropped due to excessive or late collisions.
Buttons Auto-refresh :Check this box to enable an automatic refresh of the page at regular intervals.
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
WEB Interface To display the Detailed Port Statistics:
A. Click Monitor/Ports/Detailed Statistics. B. Select the Port number to display Detailed
Statistics of specific port.
94
ACL Status This ACL Status page shows the status by different ACL users. Each row describes the ACE that is defined. It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations. The maximum number of ACE is 256 on each switch.
LOCATION: ▼ Monitor ▼ Security ▼ Network ■ ACL Status PARAMETERS: Items Description User Indicates the ACL user. Ingress Indicates the ingress port of the ACE.
95
Port Possible values are: All:The ACE will match all ingress
port. Port:The ACE will match a specific
ingress port. Frame Type Indicates the frame type of the ACE. Possible
values are Any:The ACE will match any frame type. EType:The ACE will match Ethernet Type
frames. Note that an Ethernet Type based ACE will not get matched by IP and ARP frames.
ARP:The ACE will match ARP/RARP frames. IPv4:The ACE will match all IPv4 frames. IPv4/ICMP:The ACE will match IPv4 frames
with ICMP protocol. IPv4/UDP:The ACE will match IPv4 frames with
UDP protocol. IPv4/TCP:The ACE will match IPv4 frames with
TCP protocol. IPv4/Other:The ACE will match IPv4 frames,
which are not ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames.
Action Indicates the forwarding action of the ACE. Permit:Frames matching the ACE may be
forwarded and learned. Deny:Frames matching the ACE are dropped.
Rate Limiter
Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.
Port Redirect
Indicates the port redirect operation of the ACE. Frames matching the ACE are redirected to the port number. The allowed values are Disabled or a specific port number. When Disabled is displayed, the port redirect operation is disabled.
Mirror Specify the mirror operation of this port. The allowed values are:
96
Enabled:Frames received on the port are mirrored.
Disabled:Frames received on the port are not mirrored.
The default value is "Disabled". CPU Forward packet that matched the specific ACE
to CPU. CPU Once Forward first packet that matched the specific
ACE to CPU. Counter The counter indicates the number of times the
ACE was hit by a frame. Conflict Indicates the hardware status of the specific
ACE. The specific ACE is not applied to the hardware due to hardware limitations.
Buttons Combined:Select the QCL Status from
this drop down list.
Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID. WEB Interface To display ACL Status:
A. Click Monitor/Security/Network/ACL Status B. Select a software module from the scroll-down
list.
RADIUS Overview Using the RADIUS Overview page to display a list of configured
97
RADIUS Server
LOCATION: ▼ Monitor ▼ Security ▼ AAA ■ RADIUS Overview PARAMETERS: Items Description # The RADIUS server number. Click to navigate to
detailed statistics for this server. IP Address The IP address and UDP port number (in <IP
Address>:<UDP Port> notation) of this server. Status The current status of the server. This field takes
one of the following values: Disabled:The server is disabled. Not Ready:The server is enabled, but IP
communication is not yet up and running.
Ready:The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept access attempts.
Dead (X seconds left):Access attempts were made to this server, but it did not reply within the configured timeout. The server has temporarily been disabled, but will get re-enabled when the dead-time expires. The number of seconds left before this occurs is displayed in parentheses. This state is only reachable when more than one server is enabled.
Buttons Combined:Select the QCL Status from
this drop down list.
Auto-refresh :Check this box to refresh the
98
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display a list of RADIUS Server:
A. Click Monitor/Security/AAA/RADIUS Overview
RADIUS Details Using the RADIUS Details page to display statistics for RADIUS
Server.
LOCATION: ▼ Monitor ▼ Security ▼ AAA ■ RADIUS Details PARAMETERS:
99
Items Description Receive packets
The counters of Receive Packets, including following parameters: (Access Accepts, Access Rejects,Access Challenges, Malformed Access Responses,Bad Authenticators, Unknown Types,Packets Dropped)
Transmit Packets
The counters of Transmit Packets, including following parameters: (Access Requests,Access Retransmissions,Pending Requests,Timeouts)
Other Info. IP Address:Show the IP Address of RADIUS server.
State:Show the state of RADIUS server Round-Trip Time:the handshake time between
RADIUS Server and clients Buttons
Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
WEB Interface To display a detail information of RADIUS Server:
A. Click Monitor/Security/AAA/RADIUS Details
100
LACP System Status Using the LACP System Status page to display an overview of LACP groups.
LOCATION: ▼ Monitor ▼ LACP ■ System Status PARAMETERS: Items Description Aggr ID The Aggregation ID associated with this
aggregation instance. For LLAG the id is shown as 'isid:aggr-id' and for GLAGs as 'aggr-id'
Partner System ID
The system ID (MAC address) of the aggregation partner.
Partner Key The Key that the partner has assigned to this aggregation ID
Last changed
The time since this aggregation changed.
Local Ports Shows which ports are a part of this aggregation for this switch.
101
Buttons Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID. WEB Interface To display an overview of LACP group active on this
switch: A. Click Monitor/LACP/System Status
LACP Port Status Using the LACP Port Status page to display information on the
LACP groups active on each port.
LOCATION: ▼ Monitor ▼ LACP ■ Port Status PARAMETERS: Items Description Port The switch port number. LACP 'Yes' means that LACP is enabled and the port
link is up. 'No' means that LACP is not enabled or that the port link is down. 'Backup' means that the port could not join the aggregation group but will join if other port leaves. Meanwhile it's LACP status is disabled
Key The key assigned to this port. Only ports with the same key can aggregate together.
102
Aggr ID The Aggregation ID assigned to this aggregation group.
Partner System ID
The partner's System ID (MAC address).
Partner Port
The partner's port number connected to this
port. Buttons
Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID. WEB Interface To display LACP Status for local ports:
A. Click Monitor/LACP/Port Status
103
LACP Port Status Using the LACP Port Statistics page to display statistics on LACP control packets cross on each port.
LOCATION: ▼ Monitor ▼ LACP ■ Port Statistics PARAMETERS: Items Description Port The switch port number. LACP Received
Shows how many LACP frames have been received at each port.
LACP Transmitted
Shows how many LACP frames have been sent from each port.
Discarded Shows how many unknown or illegal LACP frames have been discarded at each port.
Buttons Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
WEB Interface To display LACP Port Statistics for local ports:
A. Click Monitor/LACP/Port Statistics Loop Protection Using Loop Protection Status page to display the loop status.
LOCATION: ▼ Monitor
104
■ Loop Protection PARAMETERS: Items Description Port The switch port number of the logical port. Action The currently configured port action. Transmit The currently configured port transmit mode. Loops The number of loops detected on this port. Status The current loop protection status of the port. Loop Whether a loop is currently detected on the port. Time of Last Loop
The time of the last loop event detected.
Buttons Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display the Loop Status for each port:
A. Click Monitor/Loop Protection. INFORMATION OF SPANNING TREE Using Monitor menu to display Spanning Tree bridge status,
CIST port status for physical ports of the currently switch and statistics for STP packets.
Bridge Status Using STP Detailed Bridge Status page to display STA information on the global bridge and individual ports.
LOCATION: ▼ Monitor ▼ Spanning Tree ■ Bridge Status
105
PARAMETERS: Items Description Bridge Instance
The Bridge instance - CIST, MST1, ...
Bridge ID The Bridge ID of this Bridge instance.
Root ID The Bridge ID of the currently elected root bridge.
Root Port The switch port currently assigned the root port role.
Root Cost Root Path Cost. For the Root Bridge this is zero. For all other Bridges, it is the sum of the Port Path Costs on the least cost path to the Root Bridge.
Regional Root
The Bridge ID of the currently elected regional root bridge, inside the MSTP region of this bridge. (For the CIST instance only).
Internal Root Cost
The Regional Root Path Cost. For the Regional Root Bridge this is zero. For all other CIST instances in the same MSTP region, it is the sum of the Internal Port Path Costs on the least cost path to the Internal Root Bridge. (For the CIST instance only).
Topology Flag
The current state of the Topology Change Flag of this Bridge instance.
Topology Change Count
The number of times where the topology change flag has been set (during a one-second interval).
Topology Last
The time passed since the Topology Flag was last set.
CIST Ports & Aggregations State Port The switch port number of the logical STP port. Port ID The port id as used by the STP protocol. This is
the priority part and the logical port index of the bridge port.
Role The current STP port role. The port role can be one of the following values: AlternatePort BackupPort RootPort DesignatedPort.
106
State The current STP port state. The port state can be one of the following values: Discarding Learning Forwarding.
Path Cost The current STP port path cost. This will either be a value computed from the Auto setting, or any explicitly configured value.
Edge The current STP port (operational) Edge Flag. An Edge Port is a switch port to which no Bridges are attached. The flag may be automatically computed or explicitly configured. Each Edge Port transits directly to the Forwarding Port State, since there is no possibility of it participating in a loop.
Point2Point The current STP port point-to-point flag. A point-to-point port connects to a non-shared LAN media. The flag may be automatically computed or explicitly configured. The point-to-point properties of a port affect how fast it can transit to STP state.
Uptime The time since the bridge port was last initialized.
Buttons Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display detailed information for the STP bridge
instance, along with port state for all active ports associated: A. Click Monitor/Spanning Tree/Bridge Status
to display the information.
107
STP Port Status Using STP Port Status page to display the STP CIST port status
for physical ports of the currently selected.
LOCATION: ▼ Monitor ▼ Spanning Tree ■ Port Status PARAMETERS: Items Description Port The switch port number of the logical STP port. CIST Role The current STP port role of the CIST port. The
port role can be one of the following values: AlternatePort BackupPort RootPort DesignatedPort Disabled.
CIST State The current STP port state of the CIST port. The port state can be one of the following values: Discarding Learning Forwarding
Uptime The time since the bridge port was last initialized.
Buttons Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
WEB Interface
108
To display STP Port Status: A. Click Monitor/Spanning Tree/Port Status
to display the participating STP Ports Status.
STP Port Statistics Using STP Port Statistics page to display statistics on Spanning
Tree Protocol packets crossing each port.
LOCATION: ▼ Monitor ▼ Spanning Tree ■ Port Statistics PARAMETERS: Items Description Port The switch port number of the logical STP port. RSTP The number of RSTP Configuration BPDU's
received/transmitted on the port. STP The number of legacy STP Configuration
BPDU's received/transmitted on the port. TCN The number of (legacy) Topology Change
Notification BPDU's received/transmitted on the port.
Discarded Unknown
The number of unknown Spanning Tree BPDU's received (and discarded) on the port.
Discarded Illegal
The number of illegal Spanning Tree BPDU's received (and discarded) on the port.
Buttons Auto-refresh :Check this box to refresh the
page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
109
WEB Interface To display information on STP Port Statstics:
A. Click Monitor/Spanning Tree/Port Statstics to display the STP Ports Statistics.
SHOW IGMP SNOOPING INFORMATION Using IGMP SNOOPING pages to display IGMP Snooping
statistics, Router port status and group information. IGMP Snooping Status Using IGMP Snooping Status page to display IGMP querier status,
snooping statistics for each VLAN
LOCATION: ▼ Monitor ▼ IPMC ▼ IGMP Snooping ■ Status PARAMETERS: Items Description VLAN ID The VLAN ID of the entry. Querier Version Working Querier Version currently.
Host Version Working Host Version currently. Querier Status Shows the Querier status is "ACTIVE" or
"IDLE". "DISABLE" denotes the specific interface is administratively disabled.
Queries Transmitted
The number of Transmitted Queries.
Queries Received
The number of Received Queries.
110
V1 Reports Received
The number of Received V1 Reports
V2 Reports Received
The number of Received V2 Reports
V3 Reports Received
The number of Received V3 Reports
V2 Leaves Received
The number of Received V2 Leaves.
Router Port Display which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier. Static denotes the specific port is configured to be a router port. Dynamic denotes the specific port is learnt to be a router port. Both denote the specific port is configured or learnt to be a router port.
Port Switch port number Status Indicate whether specific port is a router port
or not. Buttons
Auto-refresh :Check this box to refresh
the page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
:Flushes all system log entries.
WEB Interface To display IGMP Snooping Status information:
A. Click Monitor/IPMC/IGMP Snooping/Status
111
to display the STP Ports Statistics.
IGMP Snooping Group Information Using IGMP Snooping Group Information page to display the port
member of each service group.
LOCATION: ▼ Monitor ▼ IPMC ▼ IGMP Snooping ■Groups Information PARAMETERS: Items Description
112
VLAN ID The VLAN ID of the entry. Groups Group address of the group displayed.
Port Members Ports under this group. Buttons
Auto-refresh :Check this box to refresh
the page automatically. Automatic refresh occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
:Updates the table,starting with the
first entry in the IGMP group table.
:Updates the table, starting with the
entry after the last entry currently displayed..
WEB Interface To display IGMP Snooping Group information:
A. Click Monitor/IPMC/IGMP Snooping/Groups
informationto display group port members.
SHOW POWER OVER ETHERNET
Using Power Over Ethernet Status page to display total power consumption, PD Class, Power used, Current used, Priority and
113
Port status for each port. LOCATION: ▼ Monitor ■POE PARAMETERS: Items Description Local Port This is the logical port number for this row. PD Class Each PD is classified according to a class
that defines the maximum power the PD will use. The PD Class shows the PDs class. Five Classes are defined: Class 0:Max. power 15.4 W Class 1:Max. power 4.0 W Class 2:Max. power 7.0 W Class 3:Max. power 15.4 W Class 4:Max. power 34.2 W
Power Requested
The Power Requested shows the requested amount of power the PD wants to be reserved.
Power Allocated
The Power Allocated shows the amount of power the switch has allocated for the PD.
Power Used The Power Used shows how much power the PD currently is using.
Current Used The Power Used shows how much current the PD currently is using.
Priority The Priority shows the port's priority configured by the user.
Port Status The Port Status shows the port's status. Buttons
Auto-refresh :Check this box to refresh
the page automatically. Automatic refresh occurs at regular intervals.'
114
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display Power Over Ethernet information:
A. Click Monitor/POEto displayPOE information for each port and total power consumption.
DISPLAY INFORMATION OF VLANs Using Monitor pages for VLANs to display port members of VLANs and its’ VLAN attributes corresponding each port.
VLAN Membership Using VLAN Membership Status for specific users page to display the information of all VLAN status and reports. LOCATION: ▼ Monitor
▼ VLANs ■POE PARAMETERS: Items Description VLAN USER VLAN User module uses services of the
VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID. Currently we support the following VLAN user types: CLI/Web/SNMP:These are referred to as static. NAS:NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server.
115
MSTP:The 802.1s Multiple Spanning Tree protocol (MSTP) uses VLANs to create multiple spanning trees in a network, which significantly improves network resource utilization while maintaining a loop-free environment.
Port Members A row of check boxes for each port is displayed for each VLAN ID. If a port is included in a VLAN, an image will be displayed. If a port is included in a Forbidden port list, an image will be displayed. If a port is included in a Forbidden port list and dynamic VLAN user register VLAN on same Forbidden port, then conflict port will be displayed as .
VLAN Membership
The VLAN Membership Status Page shall show the current VLAN port members for all VLANs configured by a selected VLAN User (selection shall be allowed by a Combo Box). When ALL VLAN Users are selected, it shall show this information for all the VLAN Users, and this is by default. VLAN membership allows the frames class ified to the VLAN ID to be forwarded on the respective VLAN member ports.
Buttons Static: Select VLAN Users from
this drop down list.
Auto-refresh :Check this box to refresh
the page automatically. Automatic refresh
occurs at regular intervals.'
:Updates the system log entries,
116
starting from the current entry ID.
WEB Interface To display VLAN Membership Status for specific
users: A. Click Monitor/VLANs/VLAN Membership to
display VLAN Membership information.
VLAN Port Using VLAN Port Status for specific users page to display the information of all VLAN Port status. LOCATION: ▼ Monitor
▼ VLANs ■ VLAN Port PARAMETERS: Items Description Port The logical port for the settings contained in
the same row. PVID Shows the VLAN identifier for that port. The
allowed values are 1 through 4095. The default value is 1.
Port Type Shows the Port Type. Port type can be any of Unaware, C-port, S-port, Custom S-port. If Port Type is Unaware, all frames are classified to the Port VLAN ID and tags are not removed. C-port is Customer Port. S-port is Service port. Custom S-port is S-port with Custom TPID.
Ingress Filtering Shows the ingress filtering on a port. This parameter affects VLAN ingress processing. If ingress filtering is enabled and the ingress port is not a member of the classified VLAN, the frame is discarded.
117
Frame Type Shows whether the port accepts all frames or only tagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on that port are discarded.
Tx Tag Shows egress filtering frame status whether tagged or untagged.
UVID Shows UVID (untagged VLAN ID). Port's UVID determines the packet's behaviour at the egress side.
Conflicts Shows status of Conflicts whether exists or not. When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration, the following conflicts can occur: Functional Conflicts between features. Conflicts due to hardware limitation. Direct conflict between user modules.
Buttons Static
: Select VLAN Users from
this drop down list.
Auto-refresh :Check this box to refresh
the page automatically. Automatic refresh
occurs at regular intervals.'
:Updates the system log entries,
starting from the current entry ID.
WEB Interface To display VLAN Port Status for specific users:
A. Click Monitor/VLANs/VLAN Portto display VLAN Port information.
118
119
This chapter provides IPv4 ping for test the connectivity of network.
DIAGNOSTICS ICMP IPv4 Ping Using ICMP Ping page to send ICMP request packet to
another connected point to check if it is connect. LOCATION: ▼ Diagnostic ■ Ping PARAMETERS: Items Description IP Address The destination IP Address Ping Length The payload size of the ICMP packet.
Values range from 2 bytes to 1452 bytes. Ping Count The count of the ICMP packet. Values range
from 1 time to 60 times. Ping Interval The interval of the ICMP packet. Values
range from 0 second to 30 seconds. WEB Interface To Ping another IP device on the network:
A. Click Diagnostics/Ping to run the testing.
WEB DIAGNOSTICS
PING
PART 6
120
This chapter describes how to restart device, reload device tomanufactory default, saving or restore configuration andfirmware upgrading , swapping.
RESTART DEVICE
Using the Restart Device page to restart the switch. LOCATION: ▼ Maintenance ■ Restart Device WEB Interface To restart the switch:
A. Click Maintanence/Restart Device to restart the
switch. B. Click “Yes” to confirm the restart process and
“No” to cancel the restart process.
Figure FACTORY DEFAULTS
Using Factory Defaults page to reset the switch to manufactory default setting. LOCATION: ▼ Maintenance ■ Factory Defaults
WEB MAINTENANCE
RESTART DEVICE
PART 7
121
WEB Interface To resett the switch:
A. Click Maintanence/Factory Defaults to reset the
switch to manufactory default settings. B. Click “Yes” to confirm the process and “No” to
cancel.
Figure
SOFTWARE UPLOAD
Using Firmware Update page to upgrade the firmware of the switch. LOCATION: ▼ Maintenance
▼ Software ■Upload
PARAMETERS:
Items Description Buttons
to the location of a software
image and click
After the software image is uploaded, a page announces that the firmware update is initiated. After about a minute, the firmware is updated and the switch restarts. Warning: While the firmware is being
updated, Web access appears to be
122
defunct. The front LED flashes Green/Off
with a frequency of 10 Hz while the firmware
update is in progress. Do not restart or
power off the device at this time or the
switch may fail to function afterwards. WEB Interface To upgrade the firmware of the switch:
A. Click Maintanence/Software/Upload and browse the firmware file then click Upload.
Figure
SWAP IMAGE
Using Software Image Selection page to swap the firmware to alternative image. LOCATION: ▼ Maintenance
▼ Software ■ Image Select
PARAMETERS:
Items Description Image The flash index name of the firmware image.
The name of primary (preferred) image is image, the alternate image is named image.bk.
Version The version of the firmware image. Date The date where the firmware was produced. Buttons
:Click to use the
alternate image. This button may be disabled depending on system state
123
:Cancel activating the backup
image. Navigates away from this page. WEB Interface To swap the firmware to alternative image for the
switch: A. Click Maintanence/Software/Image Select to
swap to alternative image.
SAVE CONFIGURATIONUsing Configuration Save page to save your switch’s configuration to management PC/NB.
LOCATION: ▼ Maintenance
▼ Configuration ■Save
PARAMETERS:
Items Description Buttons
:Click the button, it will
pop out a file saving dialog, the default name is “config.xml”
WEB Interface To click “Save configuration” to save config:
124
A. Click Maintanence/Configuration/Saveto save to alternative image.
UPLOAD CONFIGURATION
Using Configuration Upload page to restore your switch’s to backup configuration from management PC/NB.
LOCATION: ▼ Maintenance
▼ Configuration ■ Upload
PARAMETERS: Items Description Buttons
to the location of configuration file
and click
After the configuration file is uploaded, a page announces that the configuration upload done. Reset the device to make configuration applied
WEB Interface To click “Configuration Upload” to restore config:
A. Click Maintanence/Configuration/Uploadto restore a backupconfiguration file.
125
Glossary
A B CDEF G HI J K LMNOPQRSTUVW X Y Z
A
ACE
ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID.
There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The
ACE also contains many detailed, different parameter options that are available for individual application.
ACL
ACL is an acronym for Access Control List. It is the list table of ACEs, containing access control entries that
specify individual users or groups permitted or denied to specific traffic objects, such as a process or a program.
Each accessible traffic object contains an identifier to its ACL. The privileges determine whether there are specific
traffic object access rights.
ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various situation.
In networking, the ACL refers to a list of service ports or network services that are available on a host or server,
each with a list of hosts or servers permitted or denied to use the service. ACL can generally be configured to
control inbound traffic, and in this context, they are similar to firewalls.
There are 3 web-pages associated with the manual ACL configuration:
ACL|Access Control List: The web page shows the ACEs in a prioritized way, highest (top) to lowest (bottom).
Default the table is empty. An ingress frame will only get a hit on one ACE even though there are more matching
ACEs. The first matching ACE will take action (permit/deny) on that frame and a counter associated with that ACE
is incremented. An ACE can be associated with a Policy, 1 ingress port, or any ingress port (the whole switch). If
an ACE Policy is created then that Policy can be associated with a group of ports under the "Ports" web-page.
There are number of parameters that can be configured with an ACE. Read the Web page help text to get further
information for each of them. The maximum number of ACEs is 64.
ACL|Ports: The ACL Ports configuration is used to assign a Policy ID to an ingress port. This is useful to group
ports to obey the same traffic rules. Traffic Policy is created under the "Access Control List" - page. You can you
also set up specific traffic properties (Action / Rate Limiter / Port copy, etc) for each ingress port. They will though
only apply if the frame gets past the ACE matching without getting matched. In that case a counter associated with
126
that port is incremented. See the Web page help text for each specific port property.
ACL|Rate Limiters: Under this page you can configure the rate limiters. There can be 15 different rate limiters,
each ranging from 1-1024K packets per seconds. Under "Ports" and "Access Control List" web-pages you can
assign a Rate Limiter ID to the ACE(s) or ingress port(s).
AES
AES is an acronym for Advanced Encryption Standard. The encryption key protocol is applied in 802.1i standard
to improve WLAN security. It is an encryption standard by the U.S. government, which will replace DES and 3DES.
AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits.
AMS
AMS is an acronym for Auto Media Select. AMS is used for dual media ports (ports supporting both copper (cu)
and fiber (SFP) cables. AMS automatically determines if a SFP or a CU cable is inserted and switches to the
corresponding media. If both SFP and cu cables are inserted, the port will select the prefered media.
APS
APS is an acronym for Automatic Protection Switching. This protocol is used to secure that switching is done
bidirectional in the two ends of a protection group, as defined in G.8031.
Aggregation
Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the
redundancy for higher availability.
(Also Port Aggregation, Link Aggregation).
ARP
ARP is an acronym for Address Resolution Protocol. It is a protocol that used to convert an IP address into a
physical address, such as an Ethernet address. ARP allows a host to communicate with other hosts when only the
Internet address of its neighbors is known. Before using IP, the host sends a broadcast ARP request containing
the Internet address of the desired destination system.
ARP Inspection
ARP Inspection is a secure feature. Several types of attacks can be launched against a host or devices connected
to Layer 2 networks by "poisoning" the ARP caches. This feature is used to block such attacks. Only valid ARP
requests and responses can go through the switch device.
Auto-Negotiation
Auto-negotiation is the process where two different devices establish the mode of operation and the speed
settings that can be shared by those devices for a link.
127
C
CC
CC is an acronym for Continuity Check. It is a MEP functionality that is able to detect loss of continuity in a network
by transmitting CCM frames to a peer MEP.
CCM
CCM is an acronym for Continuity Check Message. It is a OAM frame transmitted from a MEP to it's peer MEP
and used to implement CC functionality.
CDP
CDP is an acronym for Cisco Discovery Protocol.
D
DEI
DEI is an acronym for Drop Eligible Indicator. It is a 1-bit field in the VLAN tag.
DES
DES is an acronym for Data Encryption Standard. It provides a complete description of a mathematical algorithm
for encrypting (enciphering) and decrypting (deciphering) binary coded information.
Encrypting data converts it to an unintelligible form called cipher. Decrypting cipher converts the data back to its
original form called plaintext. The algorithm described in this standard specifies both enciphering and deciphering
operations which are based on a binary number called a key.
DHCP
DHCP is an acronym for Dynamic Host Configuration Protocol. It is a protocol used for assigning dynamic IP
addresses to devices on a network.
DHCP used by networked computers (clients) to obtain IP addresses and other parameters such as the default
gateway, subnet mask, and IP addresses of DNS servers from a DHCP server.
The DHCP server ensures that all IP addresses are unique, for example, no IP address is assigned to a second
client while the first client's assignment is valid (its lease has not expired). Therefore, IP address pool
management is done by the server and not by a human network administrator.
Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather
than requiring an administrator to manage the task. This means that a new computer can be added to a network
without the hassle of manually assigning it a unique IP address.
128
DHCP Relay
DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are
not on the same subnet domain.
The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets
when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply
packets when forwarding server DHCP packets to a DHCP client. The DHCP server can use this information to
implement IP address or other assignment policies. Specifically the option works by setting two sub-options:
Circuit ID (option 1) and Remote ID (option2). The Circuit ID sub-option is supposed to include information specific
to which circuit the request came in on. The Remote ID sub-option was designed to carry information relating to
the remote host end of the circuit.
The definition of Circuit ID in the switch is 4 bytes in length and the format is "vlan_id" "module_id" "port_no". The
parameter of "vlan_id" is the first two bytes represent the VLAN ID. The parameter of "module_id" is the third byte
for the module ID (in standalone switch it always equal 0, in stackable switch it means switch ID). The parameter
of "port_no" is the fourth byte and it means the port number.
The Remote ID is 6 bytes in length, and the value is equal the DHCP relay agents MAC address.
DHCP Snooping
DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by
injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server.
DNS
DNS is an acronym for Domain Name System. It stores and associates many types of information with domain
names. Most importantly, DNS translates human-friendly domain names and computer hostnames into
computer-friendly IP addresses. For example, the domain name www.example.com might translate to
192.168.0.1.
DoS
DoS is an acronym for Denial of Service. In a denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting at network sites or network connection, an
attacker may be able to prevent network users from accessing email, web sites, online accounts (banking, etc.), or
other services that rely on the affected computer.
Dotted Decimal Notation
Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as
separators between octets.
An IPv4 dotted decimal address has the form x.y.z.w, where x, y, z, and w are decimal numbers between 0 and
255.
129
Drop Precedence Level
Every incoming frame is classified to a Drop Precedence Level (DP level), which is used throughout the device for
providing congestion control guarantees to the frame according to what was configured for that specific DP level.
A DP level of 0 (zero) corresponds to 'Committed' (Green) frames and a DP level of 1 corresponds to 'Discard
Eligible' (Yellow) frames.
DSCP
DSCP is an acronym for Differentiated Services Code Point. It is a field in the header of IP packets for packet
classification purposes.
E
EEE
EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802.3az.
EPS
EPS is an abbreviation for Ethernet Protection Switching defined in ITU/T G.8031.
Ethernet Type
Ethernet Type, or EtherType, is a field in the Ethernet MAC header, defined by the Ethernet networking standard.
It is used to indicate which protocol is being transported in an Ethernet frame.
F
FTP
FTP is an acronym for File Transfer Protocol. It is a transfer protocol that uses the Transmission Control Protocol
(TCP) and provides file writing and reading. It also provides directory service and security features.
Fast Leave
Multicast snooping Fast Leave processing allows the switch to remove an interface from the forwarding-table entry
without first sending out group specific queries to the interface. The VLAN interface is pruned from the multicast
tree for the multicast group specified in the original leave message. Fast-leave processing ensures optimal
bandwidth management for all hosts on a switched network, even when multiple multicast groups are in use
simultaneously. This processing applies to IGMP and MLD.
H
HTTP
HTTP is an acronym for Hypertext Transfer Protocol. It is a protocol that used to transfer or convey information on
the World Wide Web (WWW).
130
HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should
take in response to various commands. For example, when you enter a URL in your browser, this actually sends
an HTTP command to the Web server directing it to fetch and transmit the requested Web page. The other main
standard that controls how the World Wide Web works is HTML, which covers how Web pages are formatted and
displayed.
Any Web server machine contains, in addition to the Web page files it can serve, an HTTP daemon, a program
that is designed to wait for HTTP requests and handle them when they arrive. The Web browser is an HTTP client,
sending requests to server machines. An HTTP client initiates a request by establishing a Transmission Control
Protocol (TCP) connection to a particular port on a remote host (port 80 by default). An HTTP server listening on
that port waits for the client to send a request message.
HTTPS
HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer. It is used to indicate a secure
HTTP connection.
HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for
security-sensitive communication such as payment transactions and corporate logons.
HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sublayer under its regular HTTP
application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.)
SSL uses a 40-bit key size for the RC4 stream encryption algorithm, which is considered an adequate degree of
encryption for commercial exchange.
I
ICMP
ICMP is an acronym for Internet Control Message Protocol. It is a protocol that generated the error response,
diagnostic or routing purposes. ICMP messages generally contain information about routing difficulties or simple
exchanges such as time-stamp or echo transactions. For example, the PING command uses ICMP to test an
Internet connection.
IEEE 802.1X
IEEE 802.1X is an IEEE standard for port-based Network Access Control. It provides authentication to devices
attached to a LAN port, establishing a point-to-point connection or preventing access from that port if
authentication fails. With 802.1X, access to all switch ports can be centrally controlled from a server, which means
that authorized users can use the same credentials for authentication from any point within the network.
IGMP
131
IGMP is an acronym for Internet Group Management Protocol. It is a communications protocol used to manage
the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to
establish multicast group memberships. It is an integral part of the IP multicast specification, like ICMP for unicast
connections. IGMP can be used for online video and gaming, and allows more efficient use of resources when
supporting these uses.
IGMP Querier
A router sends IGMP Query messages onto a particular link. This router is called the Querier.
IMAP
IMAP is an acronym for Internet Message Access Protocol. It is a protocol for email clients to retrieve email
messages from a mail server.
IMAP is the protocol that IMAP clients use to communicate with the servers, and SMTP is the protocol used to
transport mail to an IMAP server.
The current version of the Internet Message Access Protocol is IMAP4. It is similar to Post Office Protocol version
3 (POP3), but offers additional and more complex features. For example, the IMAP4 protocol leaves your email
messages on the server rather than downloading them to your computer. If you wish to remove your messages
from the server, you must use your mail client to generate local folders, copy messages to your local hard drive,
and then delete and expunge the messages from the server.
IP
IP is an acronym for Internet Protocol. It is a protocol used for communicating data across an internet network.
IP is a "best effort" system, which means that no packet of information sent over is assured to reach its destination
in the same condition it was sent. Each device connected to a Local Area Network (LAN) or Wide Area Network
(WAN) is given an Internet Protocol address, and this IP address is used to identify the device uniquely among all
other devices connected to the extended network.
The current version of the Internet protocol is IPv4, which has 32-bits Internet Protocol addresses allowing for in
excess of four billion unique addresses. This number is reduced drastically by the practice of webmasters taking
addresses in large blocks, the bulk of which remain unused. There is a rather substantial movement to adopt a
new version of the Internet Protocol, IPv6, which would have 128-bits Internet Protocol addresses. This number
can be represented roughly by a three with thirty-nine zeroes after it. However, IPv4 is still the protocol of choice
for most of the Internet.
IPMC
IPMC is an acronym for IPMultiCast.
132
IPMC supports IPv4 and IPv6 multicasting. IPMCv4 denotes multicast for IPv4. IPMCv6 denotes multicast for
IPv6.
IP Source Guard
IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic
based on the DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing
attacks when a host tries to spoof and use the IP address of another host.
L
LACP
LACP is an IEEE 802.3ad standard protocol. The Link Aggregation Control Protocol, allows bundling several
physical ports together to form a single logical port.
LLC
The IEEE 802.2 Logical Link Control (LLC) protocol provides a link mechanism for upper layer protocols. It is the
upper sub-layer of the Data Link Layer and provides multiplexing mechanisms that make it possible for several
network protocols (IP, IPX) to coexist within a multipoint network. LLC header consists of 1 byte DSAP
(Destination Service Access Point), 1 byte SSAP (Source Service Access Point), 1 or 2 bytes Control field
followed by LLC information.
LLDP
LLDP is an IEEE 802.1ab standard protocol.
The Link Layer Discovery Protocol(LLDP) specified in this standard allows stations attached to an IEEE 802 LAN
to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system
incorporating that station, the management address or addresses of the entity or entities that provide
management of those capabilities, and the identification of the stations point of attachment to the IEEE 802 LAN
required by those management entity or entities. The information distributed via this protocol is stored by its
recipients in a standard Management Information Base (MIB), making it possible for the information to be
accessed by a Network Management System (NMS) using a management protocol such as the Simple Network
Management Protocol (SNMP).
LLDP-MED
LLDP-MED is an extendsion of IEEE 802.1ab and is defined by the telecommunication industry association
(TIA-1057).
LOC
LOC is an acronym for Loss Of Connectivity and is detected by a MEP and is indicating lost connectivity in the
network. Can be used as a switch criteria by EPS
133
M
MAC Table
Switching of frames is based upon the DMAC address contained in the frame. The switch builds up a table that
maps MAC addresses to switch ports for knowing which ports the frames should go to ( based upon the DMAC
address in the frame ). This table contains both static and dynamic entries. The static entries are configured by the
network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch
ports.
The frames also contain a MAC address ( SMAC address ), which shows the MAC address of the equipment
sending the frame. The SMAC address is used by the switch to automatically update the MAC table with these
dynamic MAC addresses. Dynamic entries are removed from the MAC table if no frame with the corresponding
SMAC address have been seen after a configurable age time.
MEP
MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group (ITU-T
Y.1731).
MD5
MD5 is an acronym for Message-Digest algorithm 5. MD5 is a message digest algorithm, used cryptographic hash
function with a 128-bit hash value. It was designed by Ron Rivest in 1991. MD5 is officially defined in RFC 1321 -
The MD5 Message-Digest Algorithm.
Mirroring
For debugging network problems or monitoring network traffic, the switch system can be configured to mirror
frames from multiple ports to a mirror port. (In this context, mirroring a frame is the same as copying the frame.)
Both incoming (source) and outgoing (destination) frames can be mirrored to the mirror port.
MLD
MLD is an acronym for Multicast Listener Discovery for IPv6. MLD is used by IPv6 routers to discover multicast
listeners on a directly attached link, much as IGMP is used in IPv4. The protocol is embedded in ICMPv6 instead
of using a separate protocol.
MVR
Multicast VLAN Registration (MVR) is a protocol for Layer 2 (IP)-networks that enables multicast-traffic from a
source VLAN to be shared with subscriber-VLANs.
134
The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the
core network, instead the stream(s) are received on the MVR-VLAN and forwarded to the VLANs where hosts
have requested it/them(Wikipedia).
N
NAS
NAS is an acronym for Network Access Server. The NAS is meant to act as a gateway to guard access to a
protected source. A client connects to the NAS, and the NAS connects to another resource asking whether the
client's supplied credentials are valid. Based on the answer, the NAS then allows or disallows access to the
protected resource. An example of a NAS implementation is IEEE 802.1X.
NetBIOS
NetBIOS is an acronym for Network Basic Input/Output System. It is a program that allows applications on
separate computers to communicate within a Local Area Network (LAN), and it is not supported on a Wide Area
Network (WAN).
The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a
different host name, provides the session and transport services described in the Open Systems Interconnection
(OSI) model.
NFS
NFS is an acronym for Network File System. It allows hosts to mount partitions on a remote system and use them
as though they are local file systems.
NFS allows the system administrator to store resources in a central location on the network, providing authorized
users continuous access to them, which means NFS supports sharing of files, printers, and other resources as
persistent storage over a computer network.
NTP
NTP is an acronym for Network Time Protocol, a network protocol for synchronizing the clocks of computer
systems. NTP uses UDP (datagrams) as transport layer.
O
OAM
OAM is an acronym for Operation Administration and Maintenance.
135
It is a protocol described in ITU-T Y.1731 used to implement carrier ethernet functionality. MEP functionality like
CC and RDI is based on this
Optional TLVs.
A LLDP frame contains multiple TLVs
For some TLVs it is configurable if the switch shall include the TLV in the LLDP frame. These TLVs are known as
optional TLVs. If an optional TLVs is disabled the corresponding information is not included in the LLDP frame.
OUI
OUI is the organizationally unique identifier. An OUI address is a globally unique identifier assigned to a vendor by
IEEE. You can determine which vendor a device belongs to according to the OUI address which forms the first 24
bits of a MAC address.
P
PCP
PCP is an acronym for Priority Code Point. It is a 3-bit field storing the priority level for the 802.1Q frame. It is also
known as User Priority.
PD
PD is an acronym for Powered Device. In a POE system the power is delivered from a PSE ( power sourcing
equipment ) to a remote device. The remote device is called a PD.
PHY
PHY is an abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical
layer (IEEE-802.3).
PING
ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to
generate a response from that computer. The other computer responds with an acknowledgment that it received
the packets. Ping was created to verify whether a specific computer on a network or the Internet exists and is
connected.
ping uses Internet Control Message Protocol (ICMP) packets. The PING Request is the packet from the origin
computer, and the PING Reply is the packet response from the target.
POE
POE is an acronym for Power Over Ethernet.
136
Power Over Ethernet is used to transmit electrical power, to remote devices over standard Ethernet cable. It could
for example be used for powering IP telephones, wireless LAN access points and other equipment, where it would
be difficult or expensive to connect the equipment to main power supply.
Policer
A policer can limit the bandwidth of received frames. It is located in front of the ingress queue.
POP3
POP3 is an acronym for Post Office Protocol version 3. It is a protocol for email clients to retrieve email messages
from a mail server.
POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some
implementations allow users or an administrator to specify that mail be saved for some period of time. POP can be
thought of as a "store-and-forward" service.
An alternative protocol is Internet Message Access Protocol (IMAP). IMAP provides the user with more
capabilities for retaining e-mail on the server and for organizing it in folders on the server. IMAP can be thought of
as a remote file server.
POP and IMAP deal with the receiving of e-mail and are not to be confused with the Simple Mail Transfer Protocol
(SMTP). You send e-mail with SMTP, and a mail handler receives it on your recipient's behalf. Then the mail is
read using POP or IMAP. IMAP4 and POP3 are the two most prevalent Internet standard protocols for e-mail
retrieval. Virtually all modern e-mail clients and servers support both.
PPPOE
PPPOE is an acronym for Point-to-Point Protocol over Ethernet.
It is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It is used
mainly with ADSL services where individual users connect to the ADSL transceiver (modem) over Ethernet and in
plain Metro Ethernet networks (Wikipedia).
Private VLAN
In a private VLAN, PVLANs provide layer 2 isolation between ports within the same broadcast domain. Isolated
ports configured as part of PVLAN cannot communicate with each other. Member ports of a PVLAN can
communicate with each other.
PTP
PTP is an acronym for Precision Time Protocol, a network protocol for synchronizing the clocks of computer
systems.
137
Q
QCE
QCE is an acronym for QoS Control Entry. It describes QoS class associated with a particular QCE ID.
There are six QCE frame types: Ethernet Type, VLAN, UDP/TCP Port, DSCP, TOS, and Tag Priority. Frames can
be classified by one of 4 different QoS classes: "Low", "Normal", "Medium", and "High" for individual application.
QCL
QCL is an acronym for QoS Control List. It is the list table of QCEs, containing QoS control entries that classify to
a specific QoS class on specific traffic objects.
Each accessible traffic object contains an identifier to its QCL. The privileges determine specific traffic object to
specific QoS class.
QL
QL In SyncE this is the Quality Level of a given clock source. This is received on a port in a SSM indicating the
quality of the clock received in the port.
QoS
QoS is an acronym for Quality of Service. It is a method to guarantee a bandwidth relationship between individual
applications or protocols.
A communications network transports a multitude of applications and data, including high-quality video and
delay-sensitive data such as real-time voice. Networks must provide secure, predictable, measurable, and
sometimes guaranteed services.
Achieving the required QoS becomes the secret to a successful end-to-end business solution. Therefore, QoS is
the set of techniques to manage network resources.
QoS class
Every incoming frame is classified to a QoS class, which is used throughout the device for providing queuing,
scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS
class. There is a one to one mapping between QoS class, queue and priority. A QoS class of 0 (zero) has the
lowest priority.
R
RARP
138
RARP is an acronym for Reverse Address Resolution Protocol. It is a protocol that is used to obtain an IP address
for a given hardware address, such as an Ethernet address. RARP is the complement of ARP.
RADIUS
RADIUS is an acronym for Remote Authentication Dial In User Service. It is a networking protocol that provides
centralized access, authorization and accounting management for people or computers to connect and use a
network service.
RDI
RDI is an acronym for Remote Defect Indication. It is a OAM functionallity that is used by a MEP to indicate defect
detected to the remote peer MEP
Router Port
A router port is a port on the Ethernet switch that leads switch towards the Layer 3 multicast device.
RSTP
In 1998, the IEEE with document 802.1w introduced an evolution of STP: the Rapid Spanning Tree Protocol,
which provides for faster spanning tree convergence after a topology change. Standard IEEE 802.1D-2004 now
incorporates RSTP and obsoletes STP, while at the same time being backwards-compatible with STP.
S
SAMBA
Samba is a program running under UNIX-like operating systems that provides seamless integration between UNIX
and Microsoft Windows machines. Samba acts as file and print servers for Microsoft Windows, IBM OS/2, and
other SMB client machines. Samba uses the Server Message Block (SMB) protocol and Common Internet File
System (CIFS), which is the underlying protocol used in Microsoft Windows networking.
Samba can be installed on a variety of operating system platforms, including Linux, most common Unix platforms,
OpenVMS, and IBM OS/2.
Samba can also register itself with the master browser on the network so that it would appear in the listing of hosts
in Microsoft Windows "Neighborhood Network".
SHA
SHA is an acronym for Secure Hash Algorithm. It designed by the National Security Agency (NSA) and published
by the NIST as a U.S. Federal Information Processing Standard. Hash algorithms compute a fixed-length digital
representation (known as a message digest) of an input data sequence (the message) of any length.
Shaper
A shaper can limit the bandwidth of transmitted frames. It is located after the ingress queues.
139
SMTP
SMTP is an acronym for Simple Mail Transfer Protocol. It is a text-based protocol that uses the Transmission
Control Protocol (TCP) and provides a mail service modeled on the FTP file transfer service. SMTP transfers mail
messages between systems and notifications regarding incoming mail.
SNAP
The SubNetwork Access Protocol (SNAP) is a mechanism for multiplexing, on networks using IEEE 802.2 LLC,
more protocols than can be distinguished by the 8-bit 802.2 Service Access Point (SAP) fields. SNAP supports
identifying protocols by Ethernet type field values; it also supports vendor-private protocol identifier.
SNMP
SNMP is an acronym for Simple Network Management Protocol. It is part of the Transmission Control
Protocol/Internet Protocol (TCP/IP) protocol for network management. SNMP allow diverse network objects to
participate in a network management architecture. It enables network management systems to learn network
problems by receiving traps or change notices from network devices implementing SNMP.
SNTP
SNTP is an acronym for Simple Network Time Protocol, a network protocol for synchronizing the clocks of
computer systems. SNTP uses UDP (datagrams) as transport layer.
SPROUT
Stack Protocol using ROUting Technology. An advanced protocol for almost instantaneous discovery of topology
changes within a stack as well as election of a master switch. SPROUT also calculates parameters for setting up
each switch to perform shortest path forwarding within the stack.
SSID
Service Set Identifier is a name used to identify the particular 802.11 wireless LANs to which a user wants to
attach. A client device will receive broadcast messages from all access points within range advertising their SSIDs,
and can choose one to connect to based on pre-configuration, or by displaying a list of SSIDs in range and asking
the user to select one (wikipedia).
SSH
SSH is an acronym for Secure SHell. It is a network protocol that allows data to be exchanged using a secure
channel between two networked devices. The encryption used by SSH provides confidentiality and integrity of
data over an insecure network. The goal of SSH was to replace the earlier rlogin, TELNET and rsh protocols,
which did not provide strong authentication or guarantee confidentiality (Wikipedia).
SSM
SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication.
STP
140
Spanning Tree Protocol is an OSI layer-2 protocol which ensures a loop free topology for any bridged LAN. The
original STP protocol is now obsolete by RSTP.
Switch ID
Switch IDs (1-16) are used to uniquely identify the switches within a stack. The Switch ID of each switch is shown
on the display on the front of the switch and is used widely in the web pages as well as in the CLI commands.
SyncE
SyncE Is an abbreviation for Synchronous Ethernet. This functionality is used to make a network 'clock frequency'
synchronized. Not to be confused with real time clock synchronized (IEEE 1588).
sFlow
sFlow is an acronym for sample Flow. This protocol is used to monitor the sampled traffic on the switch.The sFlow
Agent configures the sampling rate at which the samples have to collected. The sFlow collector is configured to
send the sample data to the external traffic monitoring application.
T
TACACS+
TACACS+ is an acronym for Terminal Acess Controller Access Control System Plus. It is a networking protocol
which provides access control for routers, network access servers and other networked computing devices via
one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting
services.
Tag Priority
Tag Priority is a 3-bit field storing the priority level for the 802.1Q frame.
TCP
TCP is an acronym for Transmission Control Protocol. It is a communications protocol that uses the Internet
Protocol (IP) to exchange the messages between computers.
The TCP protocol guarantees reliable and in-order delivery of data from sender to receiver and distinguishes data
for multiple connections by concurrent applications (for example, Web server and e-mail server) running on the
same host.
The applications on networked hosts can use TCP to create connections to one another. It is known as a
connection-oriented protocol, which means that a connection is established and maintained until such time as the
message or messages to be exchanged by the application programs at each end have been exchanged. TCP is
responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the
packets back into the complete message at the other end.
141
Common network applications that use TCP include the World Wide Web (WWW), e-mail, and File Transfer
Protocol (FTP).
TELNET
TELNET is an acronym for TELetype NETwork. It is a terminal emulation protocol that uses the Transmission
Control Protocol (TCP) and provides a virtual connection between TELNET server and TELNET client.
TELNET enables the client to control the server and communicate with other servers on the network. To start a
Telnet session, the client user must log in to a server by entering a valid username and password. Then, the client
user can enter commands through the Telnet program just as if they were entering commands directly on the
server console.
TFTP
TFTP is an acronym for Trivial File Transfer Protocol. It is transfer protocol that uses the User Datagram Protocol
(UDP) and provides file writing and reading, but it does not provide directory service and security features.
ToS
ToS is an acronym for Type of Service. It is implemented as the IPv4 ToS priority control. It is fully decoded to
determine the priority from the 6-bit ToS field in the IP header. The most significant 6 bits of the ToS field are fully
decoded into 64 possibilities, and the singular code that results is compared against the corresponding bit in the
IPv4 ToS priority control bit (0~63).
TLV
TLV is an acronym for Type Length Value. A LLDP frame can contain multiple pieces of information. Each of these
pieces of information is known as TLV.
TKIP
TKIP is an acronym for Temporal Key Integrity Protocol. It used in WPA to replace WEP with a new encryption
algorithm. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. The key used for
encryption in TKIP is 128 bits and changes the key used for each packet.
U
UDP
UDP is an acronym for User Datagram Protocol. It is a communications protocol that uses the Internet Protocol (IP)
to exchange the messages between computers.
UDP is an alternative to the Transmission Control Protocol (TCP) that uses the Internet Protocol (IP). Unlike TCP,
UDP does not provide the service of dividing a message into packet datagrams, and UDP doesn't provide
reassembling and sequencing of the packets. This means that the application program that uses UDP must be
142
able to make sure that the entire message has arrived and is in the right order. Network applications that want to
save processing time because they have very small data units to exchange may prefer UDP to TCP.
UDP provides two services not provided by the IP layer. It provides port numbers to help distinguish different user
requests and, optionally, a checksum capability to verify that the data arrived intact.
Common network applications that use UDP include the Domain Name System (DNS), streaming media
applications such as IPTV, Voice over IP (VoIP), and Trivial File Transfer Protocol (TFTP).
UPnP
UPnP is an acronym for Universal Plug and Play. The goals of UPnP are to allow devices to connect seamlessly
and to simplify the implementation of networks in the home (data sharing, communications, and entertainment)
and in corporate environments for simplified installation of computer components
User Priority
User Priority is a 3-bit field storing the priority level for the 802.1Q frame. It is also known as PCP.
V
VLAN
Virtual LAN. A method to restrict communication between switch ports. VLANs can be used for the following
applications:
VLAN unaware switching: This is the default configuration. All ports are VLAN unaware with Port VLAN ID 1 and
members of VLAN 1. This means that MAC addresses are learned in VLAN 1, and the switch does not remove or
insert VLAN tags.
VLAN aware switching: This is based on the IEEE 802.1Q standard. All ports are VLAN aware. Ports connected
to VLAN aware switches are members of multiple VLANs and transmit tagged frames. Other ports are members of
one VLAN, set up with this Port VLAN ID, and transmit untagged frames.
Provider switching: This is also known as Q-in-Q switching. Ports connected to subscribers are VLAN unaware,
members of one VLAN, and set up with this unique Port VLAN ID. Ports connected to the service provider are
VLAN aware, members of multiple VLANs, and set up to tag all frames. Untagged frames received on a subscriber
port are forwarded to the provider port with a single VLAN tag. Tagged frames received on a subscriber port are
forwarded to the provider port with a double VLAN tag.
VLAN ID
VLAN ID is a 12-bit field specifying the VLAN to which the frame belongs.
Voice VLAN
143
Voice VLAN is VLAN configured specially for voice traffic. By adding the ports with voice devices attached to voice
VLAN, we can perform QoS-related configuration for voice data, ensuring the transmission priority of voice traffic
and voice quality.
W
WEP
WEP is an acronym for Wired Equivalent Privacy. WEP is a deprecated algorithm to secure IEEE 802.11 wireless
networks. Wireless networks broadcast messages using radio, so are more susceptible to eavesdropping than
wired networks. When introduced in 1999, WEP was intended to provide confidentiality comparable to that of a
traditional wired network (Wikipedia).
WiFi
WiFi is an acronym for Wireless Fidelity. It is meant to be used generically when referring of any type of 802.11
network, whether 802.11b, 802.11a, dual-band, etc. The term is promulgated by the Wi-Fi Alliance.
WPA
WPA is an acronym for Wi-Fi Protected Access. It was created in response to several serious weaknesses
researchers had found in the previous system , Wired Equivalent Privacy (WEP). WPA implements the majority of
the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i
was prepared. WPA is specifically designed to also work with pre-WPA wireless network interface cards (through
firmware upgrades), but not necessarily with first generation wireless access points. WPA2 implements the full
standard, but will not work with some older network cards (Wikipedia).
WPA-PSK
WPA-PSK is an acronym for Wi-Fi Protected Access - Pre Shared Key. WPA was designed to enhance the
security of wireless networks. There are two flavors of WPA: enterprise and personal. Enterprise is meant for use
with an IEEE 802.1X authentication server, which distributes different keys to each user. Personal WPA utilizes
less scalable 'pre-shared key' (PSK) mode, where every allowed computer is given the same passphrase. In PSK
mode, security depends on the strength and secrecy of the passphrase. The design of WPA is based on a Draft 3
of the IEEE 802.11i standard (Wikipedia)
WPA-Radius
WPA-Radius is an acronym for Wi-Fi Protected Access - Radius (802.1X authentication server). WPA was
designed to enhance the security of wireless networks. There are two flavors of WPA: enterprise and personal.
Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each
user. Personal WPA utilizes less scalable 'pre-shared key' (PSK) mode, where every allowed computer is given
the same passphrase. In PSK mode, security depends on the strength and secrecy of the passphrase. The design
of WPA is based on a Draft 3 of the IEEE 802.11i standard (Wikipedia)
WPS
144
WPS is an acronym for Wi-Fi Protected Setup. It is a standard for easy and secure establishment of a wireless
home network. The goal of the WPS protocol is to simplify the process of connecting any home device to the
wireless network (Wikipedia).
WRED
WRED is an acronym for Weighted Random Early Detection. It is an active queue management mechanism that
provides preferential treatment of higher priority frames when traffic builds up within a queue. A frame's DP level is
used as input to WRED. A higher DP level assigned to a frame results in a higher probability that the frame is
dropped during times of congestion.
WTR
WTR is an acronym for Wait To Restore. This is the time a fail on a resource has to be 'not active' before
restoration back to this (previously failing) resource is done.
top related