linksys srw224g4p manual
TRANSCRIPT
-
7/31/2019 Linksys SRW224G4P Manual
1/72
USER GUIDE
BUSINESS SERIE
24-Port 10/100 + 4-PortGigabit Switch withWebView and Powerover Ethernet
Model: SRW224G4P
-
7/31/2019 Linksys SRW224G4P Manual
2/72
Table of Contents
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
About This Guide 1
Icon Descriptions 1
Online Resources 1
Copyright and Trademarks 1Chapter 1: Introduction 2
Chapter 2: Product Overview 3
Front Panel 3
Back Panel 4
Side Panel 4
Chapter 3: Connecting the Switch 5
Overview 5
Pre-Installation Considerations 5Fast Ethernet Considerations 5
Full-Duplex Considerations 5
1000BASE-T Cable Requirements 5
Positioning the Switch 5
Placement Options 5
Desktop Placement 6
Rack-Mount Placement 6
Hardware Installation 6
Uplinking the Switch 6
Chapter 4: Confguration Using the Console Interace 7
Overview 7
Conguring the HyperTerminal Application 7
Conguring the Switch through the Console Interace 8
Login 8
Switch Main Menu 8
System Conguration Menu 8
Port Status 12
Port Conguration 12
PoE Conguration 12
Chapter 5: Confguring the Switch 14
Setup 14
Setup > Summary 14
Setup > Network Settings 15
Setup > Time 16
Port Management 17
Port Management > Port Settings 17
Port Management > Link Aggregation 18
-
7/31/2019 Linksys SRW224G4P Manual
3/72
Table of Contents
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Port Management > LACP 19
Port Management > PoE Power Settings 19
VLAN Management 20
VLAN Management > Create VLAN 20
VLAN Management > Port Settings 20
VLAN Management > Ports to VLAN 21
VLAN Management > VLAN to Ports 21
Statistics 22
Statistics > RMON Statistics 22
Statistics > RMON History 22
Statistics > RMON Alarms 23
Statistics > RMON Events 23
Statistics > Port Utilization 24
Statistics > 8021x Statistics 24
ACL 24
ACL > IP based ACL 25
ACL > MAC based ACL 25
Security 26
Security > ACL Binding 26
Security > Authentication Servers 26
Security > 8021x Settings 27
Security > Ports Security 28
Security > HTTPS Settings 29
Security > Management ACL 29Security > SSH Settings 30
Security > SSH Host-Key Settings 30
QoS 31
QoS > CoS Settings 31
QoS > Queue Settings 32
QoS > DSCP Settings 32
QoS > DiServ Settings 33
QoS > DiServ Port Binding 35
QoS > Bandwidth 35
Spanning Tree 35Spanning Tree > STP Status 36
Spanning Tree > Global STP 36
Spanning Tree > STP Port Settings 37
Spanning Tree > RSTP Port Settings 39
Spanning Tree > MSTP Properties 40
Spanning Tree > MSTP Instance Settings 40
Spanning Tree > MSTP Interace Settings 41
Multicast 42
Multicast > Global Settings 43
-
7/31/2019 Linksys SRW224G4P Manual
4/72
Table of Contents
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Multicast > Static Member Ports 43
Multicast > Static Router Ports 44
Multicast > Member Ports Query 44
Multicast > Router Ports Query 44
SNMP 44
SNMP > Global Parameters 45
SNMP > Views 46
SNMP > Group Prole 46
SNMP > Group Membership 47
SNMP > Communities 47
SNMP > Notication Recipient 48
Admin 48
Admin > User Authentication 48
Admin > Forwarding Database 49
Admin > Log 50
Admin > Port Mirroring 51
Admin > Cable Test 52
Admin > Ping 52
Admin > Save Conguration 52
Admin > Jumbo Frame 53
Admin > Firmware Upgrade 53
Admin > HTTP Upgrade 53
Admin > Reboot 54
Admin > Factory Deault 54Appendix A: About Gigabit Ethernet and Fiber Optic Cabling 55
Gigabit Ethernet 55
Fiber Optic Cabling 55
Appendix B: Glossary 56
Appendix C: Specifcations 60
Appendix D: Warranty and Regulatory Inormation 62
Limited Warranty 62
FCC Statement 63
Saety Notices 63
Industry Canada (Canada) 63
IC Statement 63
Rglement dIndustry Canada 63
EC Declaration o Conormity (Europe) 63
Appendix E: Contact Inormation 68
-
7/31/2019 Linksys SRW224G4P Manual
5/72
1
About This Guide
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
About Ths Gude
Icon Descriptions
While reading through the User Guide you may encountervarious icons designed to call attention to a speciic itemBelow is a description o these icons:
NOTE: This checkmark indicates that there isa note o interest and is something that youshould pay special attention to while using theproduct
WARNING: This exclamation point indicatesthat there is a caution or warning and it is
something that could damage your property orproduct
WEB: This globe icon indicates a noteworthywebsite address or e-mail address
Online Resources
Most web browsers allow you to enter the web addresswithout adding the http:// in ront o the address ThisUser Guide will reer to websites without including http://in ront o the address Some older web browsers mayrequire you to add it
Resource Webste
Linksys wwwlinksyscom
Linksys International wwwlinksyscom/international
Glossary wwwlinksyscom/glossary
Network Security wwwlinksyscom/security
Copyright and Trademarks
Speciications are subject to change without noticeLinksys is a registered trademark or trademark o CiscoSystems, Inc and/or its ailiates in the US and certainother countries Copyright 2007 Cisco Systems, Inc Allrights reserved Other brands and product names aretrademarks or registered trademarks o their respectiveholders
-
7/31/2019 Linksys SRW224G4P Manual
6/72
2
Introduction
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 1
Chapter 1:
Introducton
Thank you or choosing the 24-Port 10/100 + 4-PortGigabit Switch with WebView and Power over EthernetThis Switch will allow you to network better than everThe 24-Port 10/100 + 4-Port Gigabit Switch with WebViewdelivers non-blocking, wire speed switching or your 10and 100 megabit network clients, plus multiple optionsor connecting to your network backbone Twenty Four10/100 ports wire up your workstations, while the ourintegrated 10/100/1000 ports connect to other switchesand the backbone at Gigabit speeds The miniGBIC portsallow uture expansion through alternate transmissionmedia like optical iber
All o the 10/100 ports on the Switch support pre-standardand IEEE 8023a standard (8023a) Power over Ethernet(PoE) capabilities Each port can detect connectedpre-standard and 8023a-compliant network devices, suchas IP phones or wireless access points, and automaticallysupply the required DC power
The Switch can provide DC power to a wide range oconnected devices, eliminating the need or an additionalpower source and cutting down on the amount o cablesattached to each device Once conigured to supplypower, an automatic detection process is initialized by theSwitch that is authenticated by a PoE signature rom theconnected device Detection and authentication prevent
damage to non-PoE devices
The Switch eatures WebView monitoring and conigurationvia your web browser, making it easy to manage the 256VLANs and up to 8 trunking groups Or i you preer, youcan use the integrated console port to conigure theSwitch The non-blocking, wire-speed switching orwardspackets as ast as your network can deliver them
All ports have automatic MDI/MDI-X crossover detectionEach port independently and automatically negotiates thebest speed and whether to run in hal- or ull-duplex modeHead-o-line blocking prevention keeps your high-speedclients rom bogging down in lower-speed traic and aststore-and-orward switching prevents damaged packetsrom being passed on into the network
Use the instructions in this User Guide to help you connectthe Switch, set it up, and conigure it to bridge yourdierent networks These instructions should be all youneed to get the most out o the 24-Port 10/100 + 4-PortGigabit Switch with WebView and Power over Ethernet
-
7/31/2019 Linksys SRW224G4P Manual
7/72
Product Overview
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 2
Chapter 2:
Product Overvew
Front PanelThe LEDs and ports are located on the ront panel o theSwitch
Front Panel
POWER (Green/Amber) Lights up green toindicate that power is being supplied to theSwitch Lights amber to indicate that the Switchspower-on-sel-test (POST) is in progress Blinksamber to indicate that the POST has ailed
LINK/ACT (1-24) (Green/Amber) Lights upgreen to indicate a unctional 10/100Mbpsnetwork link through the corresponding portwith an attached device that does not use Powerover Ethernet (PoE) Lights up amber to indicate aunctional 10/100Mbps network link through thecorresponding port with an attached PoE deviceBlinks green to indicate that the Switch is activelysending or receiving data over that port
LINK/ACT (G1-G4) (Green/Amber) Lights up
green to indicate a unctional 10/100Mbpsnetwork link through the corresponding portwith an attached device Blinks green to indicatethat the Switch is actively sending or receivingdata over that port Lights amber to indicate aunctional 1000Mbps network link Blinks greento indicate that the Switch is actively sendingor receiving data over that port No amber lightindicated that the link is at 10/100Mbps or thereis no link
ETHERNET 1-24 These RJ-45 ports supportnetwork speeds o either 10Mbps or 100Mbps,and can operate in hal and ull-duplex modesAuto-sensing technology enables each port toautomatically detect the speed o the deviceconnected to it (10Mbps or 100Mbps), and adjustits speed and duplex accordingly
The Switchs 10/100 RJ-45 ports also support theIEEE 8023a Power-over-Ethernet (PoE) standardthat enables DC power to be supplied to attacheddevices using wires in the connecting twisted-paircable Any 8023a-compliant device attached toa port can directly draw power rom the Switchover the twisted-pair cable without requiring itsown separate power source This capability givesnetwork administrators centralized power controlor devices such as IP phones and wireless access
points, which translates into greater networkavailability
For each attached 8023a-compliant device,the Switch automatically senses the load anddynamically supplies the required power TheSwitch delivers power to a device using the twodata wire pairs in the twisted-pair cable Eachport can provide up to 154W o power at thestandard -48 VDC voltage
To connect a device to a port, you will need touse Category 5 (or better) network cable
ETHERNET G1-G4 The Switch is equipped withour Gigabit RJ-45 ports, two that are shared withtwo miniGBIC ports I a Gigabit miniGBIC port isbeing used, the associated RJ-45 port (G3 and/orG4) cannot be used
All our ports support auto-negotiation, so theoptimum transmission mode (hal or ull duplex)and data rate (10, 100, or 1000 Mbps) can beselected automatically, i this eature is alsosupported by the attached device I a deviceconnected to one o these ports does not support
auto-negotiation, the communication mode othat port can be conigured manually
Each port also supports IEEE 8023-2002auto-negotiation o low control, so the Switchcan automatically prevent port buers rombecoming saturated
These ports support automatic MDI/MDI-Xoperation, so you can use straight-through cablesor all network connections to PCs, servers, oradditional switches
-
7/31/2019 Linksys SRW224G4P Manual
8/72
4
Product Overview
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 2
MnGBIC (1-2) The Switch is equipped withtwo miniGBIC ports that have shared GigabitEthernet ports (G3 and G4) which provide orthe installation o one expansion module Theseports provide links to high-speed networksegments or individual workstations at speeds oup to 1000Mbps (Gigabit Ethernet)
To establish a Gigabit Ethernet connection usinga miniGBIC port, you will need to install a MGBT1,MGBSX2, or MGBLH1 Gigabit expansion moduleand use Category 5e cabling or iber opticcabling
To establish a Fast Ethernet connection using aminiGBIC port, you will need to install a MFEFX1(100BASE-FX) or MFELX1 (100BASE-LX) 100SFPTransceiver and use iber optic cabling
Back Panel
The console and power ports are located on the backpanel o the Switch
Back Panel
POWER The Power port is where you willconnect the AC power
CONSOLE The Switch is equipped with aserial port labeled Console (located on theback o the switch) that allows you to connectto a computers serial port (or conigurationpurposes) using the provided serial cable Youcan use HyperTerminal to manage the Switchusing the console port
Side Panel
The security slot is located on a side panel o the Switch
Side Panel
SECURITY SLOT The security slot can beutilized to attach a lock to the Switch
-
7/31/2019 Linksys SRW224G4P Manual
9/72
Connecting the Switch
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter
Chapter :
Connectng the Swtch
OverviewThis chapter will explain how to connect network devicesto the Switch The ollowing diagram shows a typicalnetwork coniguration
InternetCable/DSL
Modem RouterWireless Access
Point
Desktop Notebook Server
Typical Network Coniguration
When you connect your network devices, make sure youdont exceed the maximum cabling distances, which arelisted in the ollowing table:
Maxmum Cablng Dstances
From To Maxmum Dstance
Switch Switch or Hub 100 meters (328 eet)
Hub Hub 5 meters (164 eet)
Switch or Hub Computer 100 meters (328 eet)
A hub reers to any type o 100Mbps hub A 10Mbps hub connectedto another 10Mbps hub can span up to 100 meters (328 eet)
Pre-Installation Considerations
Fast Ethernet Considerations
I you are using the Switch or Fast Ethernet (100Mbps)applications, you must observe the ollowing guidelines:
Full-Duplex Considerations
The Switch provides ull-duplex support or its RJ-45ports Full-duplex operation allows data to be sent andreceived simultaneously, doubling a ports potential data
throughput I you will be using the Switch in ull-duplexmode, the maximum cable length using Category 5 cableis 328 eet (100 meters)
1000BASE-T Cable Requirements
All Category 5 UTP cables that are used or 100Base-TXconnections should also work or 1000Base-T, providingthat all our wire pairs are connected However, it isrecommended that or all critical connections, or anynew cable installations, Category 5e (enhanced Category5) or Category 6 cable should be used The Category5e speciication includes test parameters that are only
recommendations or Category 5 Thereore, the irststep in preparing existing Category 5 cabling or running1000Base-T is a simple test o the cable installation to besure that it complies with the IEEE 8023ab standards
Positioning the Switch
Beore you choose a location or the Switch, observe theollowing guidelines:
Make sure that the Switch is accessible and that thecables can be connected easily
Keep cabling away rom sources o electrical noise,
power lines, and luorescent lighting ixturesPosition the Switch away rom water and moisturesources
To ensure adequate air low around the Switch, besure to provide a minimum clearance o two inches(50mm)
Do not stack ree-standing Switches more than ourunits high
Placement Options
There are two ways to physically install the Switch, either
set the Switch on its our rubber eet or desktop placementor mount the switch in a standard-sized, 19-inch high rackor rack-mount placement
-
7/31/2019 Linksys SRW224G4P Manual
10/72
Connecting the Switch
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter
Desktop Placement
Attach the rubber eet to the recessed areas on thebottom o the Switch
Place the Switch on a desktop near an AC powersource
Keep enough ventilation space or the switch andcheck the environmental restrictions mentioned inAppendix C: Speciications as you are placing theSwitch
Connect the Switch to network devices according tothe Hardware Installation instructions below
Attaching the Switchs Rubber Feet
Rack-Mount Placement
To rack-mount the Switch in any standard 19-inch rack,ollow the instructions described below
Place the Switch on a hard lat surace with the ront
panel aced towards your ront sideAttach a rackmount bracket to one side o the Switchwith the supplied screws and secure the brackettightly
Attaching the Brackets
Follow the same steps to attach the other bracket tothe opposite side
Ater the brackets are attached to the Switch, usesuitable screws to securely attach the brackets to anystandard 19-inch rack
1
2
3
4
Mounting in Rack
Connect the Switch to network devices according tothe Hardware Installation instructions below
Hardware InstallationTo connect network devices to the Switch, ollow theseinstructions:
Make sure all the devices you will connect to the Switchare powered o
Connect a Category 5 Ethernet network cable to oneo the numbered ports on the Switch
Connect the other end to a PC or other networkdevice
Repeat steps 2 and 3 to connect additional devicesI pre-standard or 8023a-compliant PoE devices are
connected to the Switchs 10/100 ports, the Switchautomatically supplies the required power
I you are using a miniGBIC port, then connect aminiGBIC module to the miniGBIC port For detailedinstructions, reer to the modules documentation
Connect the supplied power cord to the Switchspower port, and plug the other end into an electricaloutlet When connecting power, always use a surgeprotector
Power on the devices connected to the Switch Eachactive ports corresponding LED will light up on the
Switch
Uplinking the Switch
To uplink the Switch, connect one end o a Cat 5 (or better)Ethernet network cable into one o the 4 gigabit ports, andthen connect the other end o the cable into the peripheraldevices uplink port MDI/MDIX will automatically detectthe speed and cable type
The hardware installation is complete Proceed to Chapter4: Coniguration using the Console Interace, or directionson how to set up the Switch
5
1
2
3
4
5
6
7
-
7/31/2019 Linksys SRW224G4P Manual
11/72
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
Chapter 4:
Conguraton Usng the
Console InteraceOverview
The Switch eatures a menu-driven console interace orbasic switch coniguration You can easily manage yournetwork rom the screens through the console portBeore you can use the console interace, you will need toconigure the HyperTerminal application
Coniguring the HyperTerminal Application
Click the Start button
Select Programs > Accessores > Communcatons >HyperTermnal
Start > Programs > Accessories > Communications > HyperTerminal
Enter a name or this connection In the example, thename o the connection is SRW224G4P Select an iconor the application, then clickOK
HyperTerminal Connection Description Screen
1
2
3
Select a port to communicate with the switch SelectCOM1 or COM2
HyperTerminal Connect To Screen
Set the serial port settings as ollows, then clickOK
Bits per Second: 8400
Databits: 8
Parity: None
Stop bits: 1
Flow control: None
HyperTerminal Properties Screen
4
5
-
7/31/2019 Linksys SRW224G4P Manual
12/72
8
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
Coniguring the Switch through the
Console Interace
The Console Interace consist o a series o menus Each
menu has several options, which are listed vertically Ahighlight in each menu lets you select the option youwish to choose; pressing the Enter key activates thehighlighted option
To navigate through the Console Interace, use the UpArrow or Down Arrow keys or use the Number keys toselect the respective option (or example, press the keyto highlight Help) The Enter key selects an option and theEsc key returns to the previous selection; menu optionsand any values entered or present are highlighted Notethat the bottom o the window provides help, indicatingthe appropriate keys to use
Login
When you inish coniguring the HyperTerminal, theLogin screen appears The irst time you open the ConsoleInterace, use the deault username admin and leavethe password blank and press the Enter key You canset a password later rom the User and Password Settingsscreen
Console Login Screen
Switch Main Menu
The Main Menu screen displays six menu choices: SystemConiguration Menu, Port Status, Port Coniguration, PoEConiguration, Help, and Log Out
Main Menu
System Coniguration Menu
System Coniguration Menu
System Coniguration Menu options:
System Coniguration
Management Settings
User and Password Settings
IP Coniguration
File Management
Restore System Deault Settings
Reboot System
0 Back to Main Menu
System Configuration
From the System Information screen you can check currentirmware versions and other general switch inormation
System Inormation
1
2
3
4
5
6
7
-
7/31/2019 Linksys SRW224G4P Manual
13/72
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
Versions
The Versions screen displays the Boot Version, SotwareVersion, Loader Version and the Hardware Version
Versions
Boot Verson This ile runs when the Switch is turned onIt perorms power-on diagnostics and loads the operatingsystem or the Switch
Sotware Verson This ile contains the programmingcode that runs the Switch
Loader Verson This ile loads the sotware rom storagememory to main memory
Hardware Verson The current hardware setup o theSwitch
General Information
The General Information screen displays the SystemDescription, System Up Time, System Mac Address, System
Contact, System Name and System Location
General Inormation
Management Settings
The Management Settings screen displays the Serial PortConiguration
Management Settings
Serial Port Configuration
The Serial Port Configuration screen displays the currentsetting or the baud rate The baud rate can be changed byselecting Edt then using the spacebar to toggle throughthe dierent baud rates Use the Save action to set thenew baud rate
Serial Port Coniguration
User & Password Settings
The User & Password Settings screen displays user accountinormation on the Switch The deault account is theadmn account To add a new user, use the arrow keys toselect Edt and then press the Enter key, then enter theuser name o the new account and assign a password tothe account The password must be re-entered into the
Agan Password column to conirm the password
User & Password Settings
-
7/31/2019 Linksys SRW224G4P Manual
14/72
10
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
You can add up to ive user accounts in addition to thedeault admin account The admin account cannot bedeleted rom the system
To save the new user account inormation, use the arrow
keys to select Save and press EnterIP Configuration
The IP Configuration screen displays our menu choices:IP Address Settings, HTTP/HTTPS, SNMP, and NetworkDiagnostics
IP Coniguration
IP Address Settings
The IP Address Settings screen allows you to set the IPinormation or the Switch
IP Address Coniguration
IP Address This sets the Switchs IP Address The deaultsetting is 19216815
Subnet Mask This combined with the IP Address deines
the Switchs network addressDeault Gateway This deines the IP Address or thedeault gateway o the network
Management VLAN Set the ID number o theManagement VLAN This is the only VLAN through whichyou can gain management access to the Switch Bydeault, all ports on the Switch are members o VLAN 1,so a management station can be connected to any port
on the Switch However, i other VLANs are coniguredand you change the Management VLAN, you may losemanagement access to the Switch In this case, you shouldreconnect the management station to a port that is amember o the Management VLAN
WARNING: Do not deine the ManagementVLAN as a VLAN that has yet to be created Ithe VLAN does not exist already, the sotwarewill automatically create the VLAN but will notassign VLAN membership I this happens, theSwitch cannot be managed via the web-based
utility until it has been reconigured via theconsole interace
IP Mode Choose to have either a user-deined IP addressor to have it assigned by DHCP or BOOTP
HTTP/HTTPS
The HTTP/HTTPS screen allows you to set the Hyper TextTranser Protocol server (web server) inormation or theSwitch
HTTP/HTTPS
HTTP Server Enable or disable the Switchs HTTP serverunction
HTTP Server port Set the TCP port that HTTP packets aresent and received rom
HTTPS Server Enable or disable the Secure HTTP serverunction o the Switch
HTTPS Server port Set the TCP port that the HTTPSpackets are sent and received rom
SNMP
The SNMP screen allows you to set the Switchs SNMPsettings
-
7/31/2019 Linksys SRW224G4P Manual
15/72
11
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
SNMP
SNMP Server Enable or Disable the SNMP unction orthe Switch
SNMP Server Port Set the TCP port that will be used orsending and receiving SNMP packets
Network Diagnostics
The Network Configuration screen allows you to use PINGto test network connectivity Enter the IP address othe interace or device you wish to PING and select theExecute action
Ping
File Management
The File Management screen allows you to upload anddownload iles to the Switch using TFTP
File Management
Source Fle Speciy the location o the ile to transerSelect one o the ollowing:
TFTP I the ile is located on a TFTP server
Image I the ile is a sotware code ile
Startup-cong I the ile is a coniguration ile
Destnaton Fle Speciy where the ile is to be transerredSelect one o the ollowing:
TFTP I the ile is to be uploaded to a TFTP server
Image I the ile is to be downloaded as a sotwarecode ile
Startup-cong I the ile is a coniguration ile
Boot I the ile is a boot ile
Fle Name Enter the name o the ile to be uploaded ordownloaded
IP Address Enter the IP address o the TFTP server thatwill transer the ile
Restore System Default Settings
To restore the Switch back to the actory deault settings,select Restore System Deault Settng and press EnterA conirmation message appears asking Are you sure? [Y/N] Press the Y key to continue or the N key to cancel theaction
Restore Deault
Reboot System
I you want to restart the Switch, select Reboot Systemand press Enter A conirmation message appears askingReboot Now? [Y/N] Press the Y key to continue or the Nkey to cancel the action
Reboot System
-
7/31/2019 Linksys SRW224G4P Manual
16/72
12
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
Back to Main Menu
Select Back to Man Menu i you want to return to themain menu
Port StatusThe Port Status screen allows you to view the status oa port The Port, Enable, Link Status, Spd/Dpx, and FlowControl are displayed
Port Status
Ports 1 through 24 are Ethernet RJ-45 ports and areall 10/100 ports Ports G3 and G4 are shared with theminiGBIC ports I there is a connection to one o theminiGBIC ports then the corresponding Gigabit RJ-45 portcannot be used
Port Coniguration
You can use the Port Configuration screen to enable/
disable an interace, set auto-negotiation and the interacecapabilities to advertise, or manually ix the speed, duplexmode, and low control
Port Coniguration
Enable Allows you to manually enable or disable aninterace You can disable an interace due to abnormalbehavior (or example, excessive collisions), and thenenable it again, once the problem has been resolved Youmay also disable an interace or security reasons
Auto-negotaton (Port Capabltes) This option enables or
disables auto-negotiation When auto-negotiation is enabled,
you need to specify the capabilities to be advertised When
auto-negotiation is disabled, you can force the settings for
speed, mode, and flow control The following capabilities are
supported
10hal Supports 10 Mbps hal-duplex operation
10ull Supports 10 Mbps ull-duplex operation
100hal Supports 100 Mbps hal-duplex operation
100ull Supports 100 Mbps ull-duplex operation
1000ull Supports 1000 Mbps ull-duplex operation
Deault: Auto-negotiation enabled; Advertised capabilitiesor 100Base-TX 10hal, 10ull, 100hal, 100ull; 1000Base-T 10hal, 10ull, 100hal, 100ull, 1000ull; 1000Base-SX/LX/LH (SFP) 1000ull; 100Base-FX (SFP) 100ull
Speed/Duplex Allows manual selection o port speed andduplex mode (that is, with auto-negotiation disabled)
Flow Control Allows automatic or manual selection olow control
PoE Coniguration
The PoE Main Menu screen displays three menu choicesand a back option:
PoE Main Menu
System PoE Coniguration
Port PoE Status
Port PoE Coniguration
1
2
3
-
7/31/2019 Linksys SRW224G4P Manual
17/72
1
Configuration Using the Console Interface
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter 4
System PoE Configuration
The Power Configuration screen allows you to set the PoEpower allocation rom the Switch to connected devices
System PoE Coniguration
The Switchs power management enables total Switchpower and individual port power to be controlled within aconigured power budget Port power can be automaticallyturned on and o or connected devices, and a per-portpower priority can be set so that the Switch never exceedsits allocated power budget When a device is connectedto a port, its power requirements are detected by theSwitch beore power is supplied I the power requiredby a device exceeds the power budget o the port or thewhole Switch, power is not supplied
Port PoE Status
The Power Port Status screen allows you to view the currentPoE settings or each port on the Switch
Power Port Status
Ports can be set to one o three power priority levels:crtcal, hgh, or low To control the power supply withinthe Switchs budget, ports set at critical or high priorityhave power enabled in preerence to those ports set atlow priority For example, when a device is connected to aport set to critical priority, the Switch supplies the requiredpower, i necessary by dropping power to ports set or alower priority I power is dropped to some low-priorityports and later the power demands on the Switch all backwithin its budget, the dropped power is automaticallyrestored
Port PoE Configuration
The Power Port Configuration screen allows you to set thePoE settings or each port Select the Edt action and usethe let-rght and up-down arrows to select the attribute
you would like to set You can set the Admin Status, thePriority, and the Power Allocation Use the Save action tosave the new settings
Power Port Coniguration
Logout
Select Logout to log out o the Console ConigurationUtility
-
7/31/2019 Linksys SRW224G4P Manual
18/72
Chapter Configuring the Switch
1424-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Chapter :
Congurng the Swtch
Open your web browser and enter http://12.18.1.24into the address ield Press the Enter key and the Passwordscreen will appear
Address Bar
NOTE: The deault IP address is 12.18.1.24I the IP address has been changed using DHCPor via the console interace, enter the assignedIP address instead o the deault
The irst time you open the web-based utility, enteradmn (the deault username) in the username ield andleave the password blank Click the OK button You canset a password later rom the Admin tabs User Accountsscreen
Login Screen
Setup
The irst screen displays the Summaryscreen on the Setuptab There are 10 tabs across the top o the screen: Setup,Port management, VLAN Management, Statstcs, ACL,Securty, QoS, Spannng Tree, Multcast, and a Moretab Click the More tab to access the SNMP, Admn andLogout tabs Each tab contains screens that will help you
conigure and manage the Switch
Setup > Summary
The Setup > Summary screen displays a summary oSwitch inormation The settings cannot be modiied romthe Setup > Summaryscreen Many o the settings can be
modiied rom the Setup > Network Settings screen
Setup > Summary
Device Information
System Name Displays the name or the Switch, i onehas been entered
IP Address The IP address assigned to the Switch isdisplayed (The deault IP address is 12.18.1.24)
Subnet Mask The Subnet Mask assigned to the Switch isdisplayed (The deault is 2.2.2.0)
DNS Servers The IP address o your ISPs server, whichtranslates the names o websites into IP addresses
Deault Gateway IP address o the gateway routerbetween this device and management stations that existon other network segments (Deault: 0.0.0.0)
Address Mode Speciies whether IP unctionality is
enabled via manual coniguration (Static), Dynamic HostConiguration Protocol (DHCP), or Boot Protocol (BOOTP)I DHCP/BOOTP is enabled, IP will not unction until areply has been received rom the server Requests will bebroadcast periodically by the Switch or an IP address(DHCP/BOOTP values can include the IP address, subnetmask, and deault gateway)
Base MAC Address The MAC address o the Switch isdisplayed
-
7/31/2019 Linksys SRW224G4P Manual
19/72
Chapter Configuring the Switch
124-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
System Information
Seral Number The serial number o the Switch isdisplayed
Model Name The model name o the Switch is
displayed
Hardware verson The current hardware version isdisplayed
Boot Verson The current boot version is displayed
Frmware Verson The current sotware version isdisplayed
System Locaton Displays the location o the system i ithas been deined
System Contact The name o the administrator willappear here i it has been deined
System Uptme Length o time the management agenthas been up
Current Tme Displays the current time
PoE Information
Maxmum Avalable Power Displays the maximumpower that can be supplied to a connected PoE device
System Operaton Status Displays the operational statuso the Power over Ethernet mechanism
Manpower Consumpton Displays the current numbero watts that the Switch is providing to PoE devices
Setup > Network Settings
Setup > Network Settings
The Network Settings screen allows you to edit theollowing inormation
Identification
System Name Speciies the name o the Switch Enterthe name into the text ield provided By deault, a systemname is not deined
System Locaton This ield is used or entering adescription o where the Switch is located, such as 3rdloor
System Contact Enter the name o the administratorresponsible or the system
Object ID The system object identiier is displayed here
Base MAC Address Physical address o a device mappedto this interace
IP Configuration
To manually conigure IP settings, you need to set an IP
address and subnet mask compatible with your networkYou may also need to establish a deault gateway betweenthe Switch and management stations that exist on anothernetwork segment
An IP address may be used or management access to theSwitch over your network You may also need to establisha deault gateway between the Switch and managementstations that exist on another network segment
Management VLAN ID o the conigured VLAN (1-4094,no leading zeroes) By deault, all ports on the Switch aremembers o VLAN 1 However, the management stationcan be attached to a port belonging to any VLAN, as longas that VLAN has been assigned an IP address
IP Address Mode Speciies whether IP unctionality isenabled via manual coniguration (Static), Dynamic HostConiguration Protocol (DHCP), or Boot Protocol (BOOTP)
NOTE: I DHCP/BOOTP is enabled, IP will notunction until a reply has been received rom theserver Requests will be broadcast periodicallyby the Switch or an IP address I the mode isset to DHCP/BOOTP and a server is not available,you can reconigure the settings by connectingthe console interace directly to a computer
Select the IP Address Mode using the drop-downmenu Selecting Static will allow you to enter a static IPaddress, subnet mask and deault gateway using the textield provided Selecting BOOTP or DHCP disables thesetext boxes and auto assigns an IP address The deaultsetting is Statc
Host Name Assign a host name to the Switch
-
7/31/2019 Linksys SRW224G4P Manual
20/72
Chapter Configuring the Switch
124-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
IP Address Address o the VLAN interace that is allowedmanagement access Valid IP addresses consist o ournumbers, 0 to 255, separated by periods (Deault:12.18.1.24)
Subnet Mask This mask identiies the host addressbits used or routing to speciic subnets (Deault:2.2.2.0)
Deault Gateway IP address o the gateway routerbetween this device and management stations that existon other network segments (Deault: 0.0.0.0)
DNS Server Enter the IP address o the DNS server intothe text ield A second DNS address can be speciied inthe additional text ield provided
ClickSave Settngs to save the changes
Click Restart DHCP to assign a new IP address using
DHCP
Setup > Time
Simple Network Time Protocol (SNTP) allows the Switchto set its internal clock based on periodic updates rom atime server (SNTP or NTP) Maintaining accurate time onthe Switch enables the system log to record meaninguldates and times or event entries I the clock is not set, theSwitch will only record the time rom the actory deaultset at the last bootup When the SNTP client is enabled,the Switch periodically sends a request or a time updateto a conigured time server You can conigure up to twotime server IP addresses The Switch will attempt to polleach server in the sequence
Setup > Time
Set Time
Set the system tme manually This option allows you toset the time and date manually or the Switch
Set the system tme usng Smple Network Tme
Protocol (SNTP) automatcally Sets the system clockautomatically using SNTP
Manual
Hours The hour is entered here
Mnutes The minutes is entered here
Seconds The seconds is entered here
Month The month is entered here
Day The day is entered here
Year The year is entered here
Automatic
Sets the system clock automatically using SNTP
Tme Zone Set the time zone by selecting it rom thedrop-down menu
Daylght Savngs Enable daylight saving time bychecking the checkbox Then set USA, Europe, or customdaylight saving time by clicking the appropriate option
Tme Set Oset Custom daylight saving time is set byentering the time dierence in minutes into the Time SetOffsetield Set the date or this oset by entering the day
and month (DD/MM) in the From and To ieldsRecurrng To enable a recurring custom daylight savingstime, check the Recurring checkbox Set the day, week, andmonth the time dierence will be recurring (From and To)by using the drop-down menus Set the time (From andTo) o the recurrence using the ield provided (HH:MM)
SNTP Servers
Sets the IP address o up to two SNTP servers
Server 1 Set the IP address o the SNTP server
Server 2 Set the IP address o an additional SNTP server
Pollng Internal (1-184 sec) The value entered heredetermines the number o seconds between each timethe Switch contacts the SNTP server or an update
-
7/31/2019 Linksys SRW224G4P Manual
21/72
Chapter Configuring the Switch
124-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Port Management
Port unctionality can be controlled using the PortManagement settings Speeds, duplex, grouping, andPower over Ethernet settings, and more can be deined
Port Management > Port Settings
You can manually conigure the speed, duplex mode, andlow control used on speciic ports, or use to detect theconnection settings used by the attached device Use theull-duplex mode on ports whenever possible to doublethe throughput o switch connections Flow control shouldalso be enabled to control network traic during periodso congestion and prevent the loss o packets when portbuer thresholds are exceeded The Switch supports lowcontrol based on the IEEE 8023x standard
This screen displays the current connection status,including the description, administrative status, linkstatus, speed, duplex mode, MDI/MDIX, low control, type,and LAG
Port Management > Port Settings
Port Displays the port number
Descrpton Displays a description or the port, i one hasbeen deined
Admnstratve Status Displays the administrative statuso the appropriate port
Lnk Status Displays the link status o the port
Speed Displays the current speed o the port
Duplex Displays the current duplex mode o the port
MDI/MDIX Indicates i the port is being utilized as an MDIor MDIX port
Flow Control Indicates the type o low control currentlyin use (IEEE 8023x, Back-Pressure, or None)
Type Indicates the port type (100Base-TX, 1000Base-T, orSFP)
LAG Indicates whether the port is a LAG memberEach port has a Detal button that opens a screen orediting port settings Click the Detal button to open thePort Setting detail screen or the desired port
Edit Port Settings
You can use the Port Setting detail screen to enable/disablean interace, set and interace capability advertisements,or manually orce the speed, duplex mode, and lowcontrol
Port Management > Edit Port Settings
This screen allows you to edit the ollowing inormationor each port on the Switch
Port Use the port drop-down menu to select a port
Port Configuration
Descrpton Use this ield to describe the interace
(Range: 1-64 characters)
Speed Duplex Used to manually set the port speed andduplex mode when autonegotiation is disabled
Autonegotaton Enables or disables autonegotiationWhen autonegotiation is enabled, you need to speciythe capabilities to be advertised When autonegotiation isdisabled, you can orce the settings or speed, mode, andlow control Autonegotiation is enabled by deault
-
7/31/2019 Linksys SRW224G4P Manual
22/72
Chapter Configuring the Switch
1824-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
The ollowing capabilities are supported
10hal Supports 10 Mbps hal-duplex operation
10ull Supports 10 Mbps ull-duplex operation
100hal Supports 100 Mbps hal-duplex operation
100ull Supports 100 Mbps ull-duplex operation
1000hal Supports 1000 Mbps hal-duplex operation
1000ull Supports 1000 Mbps ull-duplex operation
Sym (Gigabit only) Check this item to transmit andreceive pause rames, or clear it to autonegotiate thesender and receiver or asymmetric pause rames
Flow Control Allows automatic or manual selection olow control
Port Broadcast Control
Status To enable broadcast control on a speciied port,mark the Enabled checkbox or that port
Threshold You can protect your network rom broadcaststorms by setting a threshold or broadcast traic or allports Any broadcast packets exceeding the speciiedthreshold will then be dropped
Ater you modiy the required port settings, clickApply
Port Management > Link Aggregation
You can create multiple links between devices that workas one virtual, aggregate link (LAG) An aggregated link
oers a dramatic increase in bandwidth or networksegments where bottlenecks exist, as well as providing aault-tolerant link between two devices You can create upto our LAGs on the Switch Each LAG can contain up toeight ports
Port Management > Link Aggregation
LAG Displays the LAG number
Descrpton Displays the description assigned to theinterace
Admnstratve Status Indicates whether the interace is
enabled or disabledType Indicates i a LAG has been manually conigured(static) or dynamically set through LACP
Lnk Status Displays the status o the link
Speed Displays the port speed
Duplex Displays the duplex mode
Flow Control Displays the low control
Create To create a new LAG, click the Create button in theCreate column, then add members to the LAG by clickingon the Select Member button The select member screen
or the Link Aggregation opens
Port Management > Link Aggregation > Select Member
The LAG number is shown in the LAG drop-down menuThe Ethernet ports are represented by check boxes Assignup to 8 ports to the LAG by checking the check boxes othe ports, then clickApply
Detal To conigure the LAG and the LAG broadcastcontrol, click the Detal button The Link Aggregationdetail screen will be displayed
Port Management > Link Aggregation > Detail
-
7/31/2019 Linksys SRW224G4P Manual
23/72
-
7/31/2019 Linksys SRW224G4P Manual
24/72
-
7/31/2019 Linksys SRW224G4P Manual
25/72
Chapter Configuring the Switch
2124-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Ingress lterng Determines how to process ramestagged or VLANs or which the ingress port is not amember (Deault: Dsabled)
Ingress iltering only aects tagged rames
I ingress iltering is disabled and a port receives ramestagged or VLANs or which it is not a member, theserames will be looded to all other ports (except or thoseVLANs explicitly orbidden on this port)
I ingress iltering is enabled and a port receives ramestagged or VLANs or which it is not a member, theserames will be discarded
Ingress iltering does not aect VLAN independent BPDUrames, such as GVRP or STP However, they do aect VLANdependent BPDU rames, such as GMRP
Fill in the required settings or each interace, then click
Save Changes
VLAN Management > Ports to VLAN
Use the Ports to VLAN screen to conigure port membersor the selected VLAN index Assign ports as tagged ithey are connected to 8021Q VLAN compliant devices,or untagged they are not connected to any VLAN-awaredevices
VLAN Management > Ports to VLAN
Swtch Port Mode Indicates VLAN membership modeor an interace (Deault: Access)
Access Is the deault setting or all ports The port is amember o a single, untagged VLAN
Trunk Speciies a port as an end-point or a VLANtrunk A trunk is a direct link between two switches,so the port transmits tagged rames that identiythe source VLAN Note that rames belonging to theports deault VLAN (that is, associated with the PVID)are transmitted as untagged rames I the PVID isassociated with a VLAN ID other than 1, then therames are tagged
General Speciies a hybrid VLAN interace The portmay transmit tagged or untagged rames
Membershp Select VLAN membership or each interaceby selecting the appropriate option or a port or LAG:
Excluded The interace is orbidden rom joining theVLAN
Untagged The interace is a member o the VLAN Allpackets transmitted by the port will be untagged, thatis, not carry a tag and thereore not carry VLAN or CoSinormation Note that an interace must be assignedto at least one group as an untagged port
Tagged The interace is a member o the VLANAll packets transmitted by the port will be tagged,that is, carry a tag and thereore carry VLAN or CoSinormation
VLAN Management > VLAN to Ports
VLAN Management > VLAN to Ports
Use the VLAN to Ports screen to assign VLAN groups to theselected interace
-
7/31/2019 Linksys SRW224G4P Manual
26/72
Chapter Configuring the Switch
2224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Mode Indicates the VLAN switch port mode or theinterace
Jon VLAN Conigures the selected interace to be amember o other VLANs
VLANs VLANs or which the selected interace is amember
LAG Indicates the port is a member o the speciied LAG
Statistics
You can display standard statistics on network traic romthe Interaces Group and Ethernet-like MIBs, as well as adetailed breakdown o traic based on the RMON MIBInteraces and Ethernet-like statistics display errors on thetraic passing through each port
Statistics > RMON Statistics
Statistics > RMON Statistics
To view the interace statistics or a port, select the requiredinterace rom the drop-down menu and clickQuery
To set a reresh rate, to update the interace statistics,select a time interval rom the Reresh Rate drop-downmenu
Statistics > RMON History
The RMON History screen allows you to monitor yournetwork or common errors and overall traic rates TheHistory Control Table allows you to add, edit and delete
collection entries, or to select a speciic index entry andthen view the historical data in table orm
Statistics > RMON History
Source Interace The selected interace on the Switch
Samplng Interval The interval between taking samples(Range: 1-3600 seconds)
Samplng Requested The number o samples to record(Range:1-65535)
Owner The name o the person who created this entry inthe Control Table (Maximum 127 characters)
-
7/31/2019 Linksys SRW224G4P Manual
27/72
Chapter Configuring the Switch
224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Statistics > RMON Alarms
The RMON Alarms screen allows you to record importantevents and critical network problems The RMON Alarmand Event Control Tables are used together to deine
speciic criteria that will generate response eventsAlarms can be set to test data over any speciied timeinterval and can monitor absolute or changing values,such as a statistical counter reaching a speciic value, or astatistic changing by a certain amount over a set intervalAlarms can be set to respond to either rising or allingthresholds
Statistics > RMON Alarms
The Alarm Control Table allows you to add, update anddelete speciic index entries
Interace The selected interace on the Switch
Statstcs The traic statistics to be sampled Select romthe drop-down list
Interval The time interval in seconds over which datais sampled and compared with the rising or allingthreshold
Sample Type The method o sampling data, eitherAbsolute or Delta For an absolute sample the variable willbe compared directly to the thresholds For a delta samplethe last sample is subtracted rom the current value andthe dierence is then compared to the thresholds
Startup Alarm How the alarm is activated when thevariable is compared to the thresholds This can be set toRising, Falling, or Rising or Falling
Rsng Threshold An alarm threshold or the sampledvariable I the current value is greater than or equal tothe threshold, and the last sample value was less than thethreshold, then an alarm will be generated (Ater a risingevent has been generated, another such event will not be
generated until the sampled value has allen below theRising Threshold and reaches the Falling Threshold)
Fallng Threshold An alarm threshold or the sampledvariable I the current value is less than or equal to thethreshold, and the last sample value was greater than thethreshold, then an alarm will be generated (Ater a allingevent has been generated, another such event will not begenerated until the sampled value has risen above theFalling Threshold and reaches the Rising Threshold)
Rsng Event Index (0-) The index o the Eventthat will be used i a rising alarm is triggered I there is nocorresponding entry in the Event Control Table, or i this
number is zero, then no event will be generated
Fallng Event Index (0-) The index o the Eventthat will be used i a alling alarm is triggered I there is nocorresponding entry in the Event Control Table, or i thisnumber is zero, then no event will be generated
Owner The name o the person who created this entry inthe Control Table
Statistics > RMON Events
An RMON Event determines the action to take when analarm is triggered The response to an alarm can include
logging the alarm or sending an SNMP trap message Ithe response corresponding to an alarm has not yet beendeined, use the RMON Event screen to conigure theEvent Setting table
Statistics > RMON Events
-
7/31/2019 Linksys SRW224G4P Manual
28/72
Chapter Configuring the Switch
2424-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Event Descrpton A text comment that describes theentry in the Event Setting Table
Type The type o action that is taken or an alarm Thiscan be None, Log, Trap, or Log and Trap
Communty The SNMP community name that a trapmanager must use to receive trap messages
Owner The name o the person who created this entry inthe Event Setting Table (Maximum 127 characters)
Click on the Add button to add an Event index entry tothe table
To display each time an event was triggered by an alarm,irst highlight an entry in the Event Control Table andthen click on the Vew Log Table button The Log Tableshows the log index number, the time o an event, and thedescription o the event that activated the entry
Statistics > Port Utilization
Statistics > Port Utilization
Displays the percentage o bandwidth currently utilizedon each port o the Switch
Statistics > 802.1x Statistics
Statistics > 8021x Statistics
The Switch can display statistics or 8021X protocolexchanges or any port
To view the statistics or a port, select the required interacerom the drop-down menu and clickQuery
To set a reresh rate or updating the 8021X statistics,select a time interval rom the Reresh Rate drop-downmenu
ACLAccess Control Lists (ACL) provide packet iltering or IPrames (based on address, protocol, Layer 4 protocol portnumber or TCP control code) or any rames (based on MACaddress or Ethernet type) To ilter incoming packets, irstcreate an access list, add the required rules, speciy a maskto modiy the precedence in which the rules are checked,and then bind the list to a speciic port
-
7/31/2019 Linksys SRW224G4P Manual
29/72
Chapter Configuring the Switch
224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
ACL > IP based ACL
ACL > IP based ACL
Target Select the New ACL Name option and enteran ACL name in the text ield provided (with up to 16characters) To add rules to an existing ACL, select theACL Name option and select an ACL rom the drop-downmenu
Acton An ACL can contain any combination o permit ordeny rules
Protocol Speciies the protocol type to match as TCP,UDP or Others, where others indicates a speciic protocolnumber (0-255) (Options: TCP, UDP, Others; Deault: ANY)
TCP Flags Speciy the TCP lag bits in byte 14 o the TCPheader by selecting Set or Unset rom the drop-downmenus The ollowing TCP lags may be speciied:
Urg Urgent pointer
Rst Reset
Ack Acknowledgement
Syn Synchronize
Psh PushFn Finish
Source/Destnaton Port (0-) Source/destinationport number or the speciied protocol type (Range: 0-65535)
Use the Source/Destination IP Address option to apply theACL rule to an IP address or select the Any option to applythe rule to all IP addresses
Source/Destnaton IP Address Enter a source ordestination IP address
Wldcard Mask Enter the Wildcard Mask or the Source/Destination IP addresses
Match CoS Packet priority settings based on the ollowingcriteria:
DSCP DSCP priority level (Range: 0-63)Precedence IP precedence level (Range: 0-7)
Then click the Add to Lst Button
To remove an ACL rule, select an ACL rule rom the tableand clickRemove
When all rules are removed rom the ACL the ACL is alsoremoved
ACL > MAC based ACL
ACL > MAC based ACL
Target Select the New ACL Name option and enteran ACL name in the text ield provided (with up to 16characters) To add rules to an existing ACL, select theACL Name option and select an ACL rom the drop-downmenu
Acton An ACL can contain any combination o permit ordeny rules
Use the Source/Destination MAC Address option to applythe ACL rule to a MAC address or select the Any option toapply the rule to all MAC addresses
Source/Destnaton MAC Address Speciy a MACaddress (or example, 11-22-33-44-55-66)
Source/Destnaton Wldcard Mask Hexadecimal maskor source or destination MAC address
VLAN ID Speciy a VLAN ID (Range: 1-4094)
-
7/31/2019 Linksys SRW224G4P Manual
30/72
Chapter Configuring the Switch
224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Ethernet Type Speciy an Ethernet Type This option canonly be used to ilter Ethernet II ormatted packets (Range:0-65535) A detailed listing o Ethernet protocol types canbe ound in RFC 1060 A ew o the more common typesinclude 0800 (IP), 0806 (ARP), 8137 (IPX)
Then click the Add to Lst button
To remove an ACL rule, select an ACL rule rom the tableand clickRemove
When all rules are removed rom the ACL the ACL is alsoremoved
Security
Security > ACL Binding
Security > ACL Binding
Ater coniguring Access Control Lists (ACL), you shouldbind them to the ports that need to ilter traic You canassign one IP or MAC access list to any port
You must conigure a mask or an ACL rule beore you canbind it to a port
This Switch only supports ACLs or ingress iltering Youcan only bind one IP or one MAC ACL to any port, oringress iltering
Mark the Enable checkbox or the port you want to bindto an ACL Select the required ACL rom the drop-downmenu
Port Fixed port or SFP module
IP (Input) Speciies the IP Access List to enable or aport
MAC (Input) Speciies the MAC Access List to enableglobally
ClickSave Settngs to save the changes
Security > Authentication Servers
Security > Authentication Servers
RADIUS Server Setting
Remote Authorization Dial-In User Service (RADIUS)servers provide additional security or networks RADIUSservers provide a centralized authentication method orweb access
Up to 5 RADIUS servers can be conigured The Switchattempts authentication using the listed sequence oservers The process ends when a server either approvesor denies access to a user
Index Indicates the server number or global setting
Server IP Address Enter the IP address o the server
Server Port Number (1-) Enter the authenticationport The authentication port is used during RADIUS serverauthentication The authentication port deault is 1812
Secret Key Strng Enter the secret key string as deinedon the RADIUS server The secret key string is used orauthenticating and encrypting communications betweenthe device and the RADIUS server
Number o Retres (1-0) Deines the number otransmitted requests sent to the RADIUS server beore aailure occurs The possible ield values are 1 - 30 2 is thedeault value
Tmeout or Reply (1- sec) Deines the amount othe time in seconds the device waits or an answer romthe RADIUS server beore retrying the query, or switchingto the next server The possible ield values are 1 - 655355 is the deault value
-
7/31/2019 Linksys SRW224G4P Manual
31/72
Chapter Configuring the Switch
224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
TACACS Server Setting
The Switch provides Terminal Access Controller AccessControl System (TACACS+) client support TACACS+provides centralized security or validation o users
accessing the device TACACS+ provides a centralized usermanagement system, while still retaining consistency withRADIUS and other authentication processes The TACACS+protocol ensures network integrity through encryptedprotocol exchanges between the device and TACACS+server
Server IP Address Enter the TACACS+ Server IP address
Server Port Number (1-) Deines the port numberthrough which the TACACS+ session occurs The deaultport is 49
Secret Key Strng Deines the authentication andencryption key or TACACS+ server The key must matchthe encryption key used on the TACACS+ server
Security > 802.1x Settings
Security > 8021x Settings
Network switches can provide open and easy accessto network resources by simply attaching a client PCAlthough this automatic coniguration and access is a
desirable eature, it also allows unauthorized personnelto easily intrude and possibly gain access to sensitivenetwork data
The IEEE 8021X (dot1X) standard deines a port-basedaccess control procedure that prevents unauthorizedaccess to a network by requiring users to irst submitcredentials or authentication Access to all switch ports ina network can be centrally controlled rom a server, whichmeans that authorized users can use the same credentialsor authentication rom any point within the network
This Switch uses the Extensible Authentication Protocolover LANs (EAPOL) to exchange authentication protocolmessages with the client, and a remote RADIUSauthentication server to veriy user identity and accessrights When a client connects to a switch port, the Switch
responds with an EAPOL identity request The clientprovides its identity (such as a user name) in an EAPOLresponse to the Switch, which it orwards to the RADIUSserver The RADIUS server veriies the client identity andsends an access challenge back to the client The EAP packetrom the RADIUS server contains not only the challenge,but the authentication method to be used The client canreject the authentication method and request another,depending on the coniguration o the client sotwareand the RADIUS server The authentication method mustbe MD5 The client responds to the appropriate methodwith its credentials, such as a password or certiicateThe RADIUS server veriies the client credentials andresponds with an accept or reject packet I authenticationis successul, the Switch allows the client to access thenetwork Otherwise, network access is denied and theport remains blocked
The operation o 8021X on the Switch requires theollowing:
The Switch must have an IP address assigned
RADIUS authentication must be enabled on the Switchand the IP address o the RADIUS server speciied
8021X must be enabled globally or the Switch
Each Switch port that will be used must be set to dot1XAuto mode
Each client that needs to be authenticated musthave dot1X client sotware installed and properlyconigured
The RADIUS server and 8021X client support EAP (TheSwitch only supports EAPOL in order to pass the EAPpackets rom the server to the client)
The RADIUS server and client also have to support thesame EAP authentication type MD5 (Some clientshave native support in Windows, otherwise the dot1xclient must support it)
To enable 8021X System Authentication Control, selectthe RADIUS option
When 8021X is enabled, you need to conigure theparameters or the authentication process that runsbetween the client and the Switch, as well as the clientidentity lookup process that runs between the Switch andauthentication server These parameters are described inthis section
-
7/31/2019 Linksys SRW224G4P Manual
32/72
Chapter Configuring the Switch
2824-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Operaton Mode Allows single or multiple hosts (clients)to connect to an 8021X-authorized port (Options: Single-Host, Multi-Host; Deault: Sngle-Host)
Maxmum Count (1-1024) The maximum number o
hosts that can connect to a port when the Multi-Hostoperation mode is selected The deault value is
Mode Sets the authentication mode to one o theollowing options:
Auto Requires a dot1x-aware client to be authorizedby the authentication server Clients that are not dot1x-aware will be denied access
Force-Authorzed Forces the port to grant access toall clients, either dot1x-aware or otherwise (This is thedeault setting)
Force-Unauthorzed Forces the port to deny access
to all clients, either dot1x-aware or otherwiseAuthorzed Indicates the current status o the port:
Yes A connected client is authorized
No No connected clients are authorized
Blank Displays nothing when there is no connectionon a port
Supplcant Indicates the MAC address o a connectedclient
Modiy the parameters required using the drop-downmenus and ields provided or each port, then clickDetal
to conigure the 8021X settings or that port
Security > 8021x Port Setting Detail
The 8021x Port Settings screen allows coniguration othe ollowing parameters:
Maxmum Request Sets the maximum number o timesthe switch port will retransmit an EAP request packet tothe client beore it times out the authentication session(Range: 1-10; Deault 2)
Quet Perod Sets the time that a switch port waitsater the Max Request Count has been exceeded beoreattempting to acquire a new client (Range: 1-65535seconds; Deault: 0 seconds)
Reauthentcaton Perod Sets the time period aterwhich a connected client must be re-authenticated(Range: 1-65535 seconds; Deault: 00 seconds)
Transmt Perod Sets the time period during anauthentication session that the Switch waits beore re-transmitting an EAP packet (Range: 1-65535; Deault: 0seconds)
ClickSave Settngs to apply the changes
Security > Ports Security
Port security is a eature that allows you to conigure aswitch port with one or more device MAC addresses thatare authorized to access the network through that portWhen port security is enabled on a port, the Switch stopslearning new MAC addresses on the speciied port whenit has reached a conigured maximum number Onlyincoming traic with source addresses already stored inthe dynamic or static address table will be accepted asauthorized to access the network through that port I adevice with an unauthorized MAC address attempts touse the switch port, the intrusion will be detected and theSwitch can automatically take action by disabling the portand sending a trap message
Security > Ports Security
-
7/31/2019 Linksys SRW224G4P Manual
33/72
Chapter Configuring the Switch
224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
To use port security, speciy a maximum number oaddresses to allow on the port and then let the Switchdynamically learn the pair or rames received on the port When the port hasreached the maximum number o MAC addresses the
selected port will stop learning The MAC addressesalready in the address table will be retained and will notage out Any other device that attempts to use the portwill be prevented rom accessing the Switch
Set the action to take when an invalid address is detectedon a port, mark the checkbox in the Status column toenable security or a port, set the maximum number oMAC addresses allowed on a port ClickSave Changes tosave the changes
Security > HTTPS Settings
You can conigure the Switch to enable the SecureHypertext Transer Protocol (HTTPS) over the SecureSocket Layer (SSL), providing secure access (that is, anencrypted connection) to the Switchs web interace
Security > HTTPS Settings
To enable HTTPS, check the HTTPS Status checkbox andspeciy the port number
ClickSave Settngs to save the changes
Security > Management ACL
Security > Management ACL
You can create a list o up to 16 IP addresses or IP addressgroups that are allowed access to the Switch through the
web interace, SNMP, or Telnet
The management interaces are open to all IP addressesby deault Once you add an entry to a ilter list, accessto that interace is restricted to the speciied addressesI anyone tries to access a management interace on theSwitch rom an invalid address, the Switch will reject theconnection, enter an event message in the system log,and send a trap message to the trap manager
IP addresses can be conigured or SNMP, web and Telnetaccess Each o these groups can include up to ivedierent sets o addresses, either individual addresses oraddress ranges When entering addresses or the same
group (ie, SNMP, web or Telnet), the Switch will not acceptoverlapping address ranges When entering addressesor dierent groups, the Switch will accept overlappingaddress ranges
You cannot delete an individual address rom a speciiedrange You must delete the entire range, and reenterthe addresses You can delete an address range just byspeciying the start address, or by speciying both thestart address and end address
-
7/31/2019 Linksys SRW224G4P Manual
34/72
Chapter Configuring the Switch
024-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Security > SSH Settings
Security > SSH Settings
The Secure Shell (SSH) includes server/client applicationsthat can provide remote management access to the Switchand act as a secure replacement or Telnet
When the client contacts the Switch through the SSHprotocol, the Switch generates a public-key that the clientuses along with a local user name and password or accessauthentication SSH also encrypts all data transers passingbetween the Switch and SSH-enabled managementstation clients, and ensures that data traveling over the
network arrives unaltered
NOTE: You need to install an SSH client on themanagement station to access the Switch ormanagement through the SSH protocol TheSwitch supports both SSH Version 15 and 20
SSH Server Status Allows you to enable/disable the SSHserver on the Switch (Deault: Dsabled)
Verson The Secure Shell version number Version 20 isdisplayed, but the Switch supports management accessvia either SSH Version 15 or 20 clients
SSH Authentcaton Tmeout (1-120) Speciies the timeinterval in seconds that the SSH server waits or a responserom a client during an authentication attempt (Deault:120 seconds)
SSH Authentcaton Retres (1-) Speciies the numbero authentication attempts that a client is allowed beoreauthentication ails and the client has to restart theauthentication process (Deault: )
SSH Server-Key Sze (12-8) Speciies the SSH serverkey size The server key is a private key that is never sharedoutside the Switch The host key is shared with the SSHclient, and is ixed at 1024 bits (Deault:8)
Security > SSH Host-Key Settings
Security > SSH Host-Key Settings
A host public/private key pair is used to provide securecommunications between an SSH client and the SwitchAter generating this key pair, you must provide the hostpublic key to SSH clients and import the clients public keyto the Switch
Publc-Key o Host-Key The public key or the host
RSA (Verson 1) The irst ield indicates the size o thehost key (eg, 1024), the second ield is the encodedpublic exponent (eg, 65537), and the last string is theencoded modulus
DSA (Verson 2) The irst ield indicates that theencryption method used by SSH is based on theDigital Signature Standard (DSS) The last string is theencoded modulus
Host-Key Type The key type used to generate thehost key pair (ie, public and private keys) (Range: RSA(Version 1), DSA (Version 2), Both: Deault: RSA) The SSHserver uses RSA or DSA or key exchange when the clientirst establishes a connection with the Switch, and thennegotiates with the client to select either DES (56-bit) or3DES (168-bit) or data encryption
Save Host-Key rom Memory to Flash Saves the host keyrom RAM (volatile memory) to lash memory Otherwise,the host key pair is stored to RAM by deault Note thatyou must select this item prior to generating the host-keypair
-
7/31/2019 Linksys SRW224G4P Manual
35/72
Chapter Configuring the Switch
124-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Generate This button is used to generate the host keypair Note that you must irst generate the host key pairbeore you can enable the SSH server
Clear This button clears the host key rom both volatile
memory (RAM) and non-volatile memory (Flash)
QoS
Network traic is usually unpredictable, and the onlybasic assurance that can be oered is best eort traicdelivery To overcome this challenge, Quality o Service(QoS) is applied throughout the network This ensures thatnetwork traic is prioritized according to speciied criteria,and that speciic traic receives preerential treatmentQoS in the network optimizes network perormance andentails two basic acilities:
Classiying incoming traic into handling classes, based
on an attribute, including:
The ingress interace
Packet content
A combination o these attributes
Providing various mechanisms or determining theallocation o network resources to dierent handlingclasses, including:
The assignment o network traic to a particularhardware queue
The assignment o internal resources
Traic shaping
The terms Class o Service (CoS) and QoS are used in theollowing context:
CoS provides varying Layer 2 traic services CoS reers toclassiication o traic to traic-classes, which are handledas an aggregate whole, with no per-low settings CoS isusually related to the 8021p service that classiies lowsaccording to their Layer 2 priority, as set in the VLANheader
QoS reers to Layer 2 traic and above QoS handles per-low settings, even within a single traic class
QoS > CoS Settings
Class o Service (CoS) allows you to speciy which datapackets have greater precedence when traic is bueredin the Switch due to congestion The Switch supports CoSwith our priority queues or each port Data packets ina ports high-priority queue will be transmitted beorethose in the lower-priority queues You can set the deaultpriority or each interace, and conigure the mapping orame priority tags to the Switchs priority queues
QoS > Cos Settings
The priority levels recommended in the IEEE 8021pstandard or various network applications are shown in theollowing table However, you can map the priority levelsto the Switchs output queues in any way that beneitsapplication traic or your own network
Prorty Level Mappngs
Prorty Level Trac Type
1 Background
2 (Spare)
0 (deault) Best Eort
3 Excellent Eort
4 Controlled Load
5 Video, less than 100 ms latency and jitter
6 Voice, less than 10 ms latency and jitter
7 Network Control
CoS to Queue
Assign priorities to the traic classes (output queues) orthe selected interace
Class o Servce CoS value (Range: 0-7, where 7 is thehighest priority queue)
Queue (0-) The output priority queue (Range: 0-3,where 3 is the highest CoS priority queue)
-
7/31/2019 Linksys SRW224G4P Manual
36/72
Chapter Configuring the Switch
224-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
Port to CoS
Modiy the deault priority or any interace using the textield provided
Port Displays the port number
Deault CoS (0-) The priority that is assigned tountagged rames received on the interace (Range: 0-7,where 7 is the highest priority)
LAG Indicates i ports are members o a LAG To conigurethe deault priority or LAGs, go to the table entry or theLAG number, which is listed ater ports Gig 1 and Gig 2 atthe end o the table
Deault settings can be restored using the RestoreDeaults button
ClickSave Settngs to save the changes
QoS > Queue Settings
QoS > Queue Settings
The Switch prioritizes each packet based on the requiredlevel o service, using our priority queues with strict orWeighted Round Robin Queuing It uses IEEE 8021p and8021Q tags to prioritize incoming traic based on inputrom the end-station application These unctions can be
used to provide independent priorities or delay-sensitivedata and best-eort data
Queue Settings
You can set the Switch to service the queues based ona strict rule that requires all traic in a higher priorityqueue to be processed beore lower priority queues are
serviced, or use Weighted Round-Robin (WRR) queuingthat speciies a relative weight o each queue WRR uses apredeined relative weight or each queue that determinesthe percentage o service time the Switch services eachqueue beore moving on to the next queue This preventsthe head-o-line blocking that can occur with strict priorityqueuing
Strct Prorty Services the egress queues in sequentialorder, transmitting all traic in the higher priorityqueues beore servicing lower priority queues
WRR Weighted Round-Robin shares bandwidth at theegress ports by using scheduling weights 1, 2, 4, 8 or
queues 0 through 3 respectivelySet the Queue Mode to Strct or WRR using the QueueMode drop-down menu then click Save Settings
Queue Scheduling
The Switch uses the Weighted Round Robin (WRR)algorithm to determine the requency at which it serviceseach priority queue A weight is assigned to each othese queues (and thereby to the corresponding traicpriorities) This weight sets the requency at which eachqueue will be polled or service, and subsequently aectsthe response time or sotware applications assigned a
speciic priority value
The queue weighting is ixed or the Switch and cannotbe conigured
QoS > DSCP Settings
QoS > DSCP Settings
-
7/31/2019 Linksys SRW224G4P Manual
37/72
Chapter Configuring the Switch
24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet
The Switch supports a common method o prioritizinglayer 3/4 traic to meet application requirements Traicpriorities can be speciied in the IP header o a rameusing the priority bits in the Type o Service (ToS) octet Ipriority bits are used, the ToS octet may contain six bits or
Dierentiated Services Code Point (DSCP) service Whenthese services are enabled, the priorities are mapped toa Class o Service value by the Switch and the traic thensent to the corresponding output queue Because dierentpriority inormation may be contained in the traic, theSwitch maps priority values to the output queues in theollowing manner:
The precedence or priority mapping is DSCP Priority andthen Deault Port Priority
To enable DSCP priority mapping, check the DSCP PrortyStatus Enabled checkbox
Prorty Status Enables the DSCP priority mapping(Enabled is the deault setting)
DSCP to CoS Maps Dierentiated Services Code Pointvalues to CoS values
ClickSave Settngs to save the changes
QoS > DiServ Settings
QoS > DiServ Settings
The commands described in this section are used toconigure Quality o Service (QoS) classiication criteriaand service policies Dierentiated Services (DiServ)provides policy-based management mechanisms used orprioritizing network resources to meet the requirements
o speciic traic types on a per hop basis Each packet isclassiied upon entry into the network based on accesslists, IP Precedence, DSCP values, or VLAN lists Usingaccess lists allows you to select traic based on Layer 2,Layer 3, or Layer 4 inormation contained in each packetBased on conigured network policies, dierent types otraic can be marked or dierent types o orwarding
All switches or routers that access the Internet rely on classinormation to provide the same orwarding treatmentto packets in the same class Class inormation can beassigned by end hosts, or switches or routers along thepath Priority can then be assigned based on a general
policy, or a detailed examination o the packet However,note that detailed examination o packets should takeplace close to the network edge so that core switchesand routers are not overloaded Switches and routersalong the path can use class inormation to prioritize theresources allocated to dierent traic classes The mannerin which an individual device handles traic in the DiServarchitecture is called per-hop behavior All devices alonga path should be conigured in a consistent manner toconstruct a consistent end-to-end QoS solution
Class Map
A class map is used or matching packets to a speciiedclass The class map uses the Access Control List ilteringengine, so you must also set an ACL to enable iltering orthe criteria speciied in the class map
The class map is used with a policy map to create aservice policy or a speciic interace that deines packetclassiication, service tagging, and bandwidth policing
NOTE: One or more class maps can be assignedto a policy map
Class Name Name o the class map (Range: 1-32characters)
Type Only one match command is permitted per classmap, so the match-any ield reers to the criteria speciiedby the lone match command
Descrpton A brie description o a class map (Range: 1-256 characters)
Add Creates a new class map using the entered classname and description
Remove Removes the