This manual was created to provide a reference for installers and end users of Araknis Networks™ products.
It provides all known information regarding the installation, setup, use, and maintenance of the product. The
symbols below are used to identify important information:
Pro Tip – Pro tips are included in sections of the manual to add information that provides extra
value, utility, or ease-of-use for the installer or end user of the product. These items are not
required, but have been added for your convenience.
Note – Notes emphasize information important to the installation, setup, or use of the product
that is not essential to follow for safety of the equipment or user. These items contain essential
information that, if missed, would cause the installer or end user extra work to overcome.
Caution – The caution symbol is used to indicate information vital to the safety of the equipment
in use with the product, or the product itself. Not following a caution will almost always result in
permanent damage to equipment that is not covered by warranty.
Warning – Warnings indicate information vital to the safety of the installer or end user of the
product. Not following a warning may result in permanent damage to equipment and serious injury
or death of the installer or end user.
Thank you for purchasing an Araknis 210/310 series network switch. This manual details the installation and
setup of the hardware and the managed interface.
Elevated Operating Ambient – If installed in a closed or multi-unit rack assembly, the operating ambient
temperature of the rack environment may be greater than room ambient. Therefore, consideration should be
given to installing the equipment in an environment compatible with the maximum ambient temperature of
104°F.
Reduced Air Flow – Installation of the equipment in a rack should be such that the amount of air flow
required for safe operation of the equipment is not compromised.
Mechanical Loading – Mounting of the equipment in the rack should be such that a hazardous condition is
not achieved due to uneven mechanical loading.
Circuit Overloading – Consideration should be given to the connection of the equipment to the supply circuit
and the eect that overloading of the circuits might have on overcurrent protection and supply wiring.
Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.
Reliable Earthing – Reliable earthing of rack-mounted equipment should be maintained. Particular attention
should be given to supply connections other than direct connections to the branch circuit (e.g. use of power
strips).
Note – AN-210-SW-R-8-POE shown. Connection is the same for models with both front- and rear-
facing ports.
Input Power Requirements
AC Input Voltage: 100-240V AC, 50-60 Hz.
Network Cable Requirements
568B termination is recommended (Figure 4. EIA/TIA 568B Termination Pattern) Connect a Cat5e/6
straight-through cable between the switch and other equipment.
Figure 4. EIA/TIA 568B Termination Pattern
Pin 1White/OrangePin 5White/Blue
Pin 2OrangePin 6Green
Pin 3White/GreenPin 7White/Brown
Pin 4BluePin 8Brown
(Gold pins facing up)
Note – Maximum cable length is 328 feet (100m). A repeater device is required for longer runs.
SFP Ports
The SFP (Small Form Factor Pluggable) ports guarantee a 1 Gbps connection and are typically used to
connect switches together. Connect SFP ports using Araknis SFP adapters for RJ45 or multi-mode fiber
cables. SFP adapters sold separately.
The power budget for delivering Power over Ethernet limits the total number of watts available between all
of the ports (limited to 30W total consumption on each port). Add the total number of watts consumed by
all connected PoE devices to ensure that every thing can be powered, as illustrated in the example below.
ModelPoE Budget
AN-210-SW-F/R-8-POE65W
AN-210-SW-F/R-16-POE130W
AN-210-SW-F/R-24-POE190W
AN-210-SW-F-48-POE375W
AN-310-SW-F/R-8-POE130W
AN-310-SW-F/R-16-POE250W
AN-310-SW-F/R-24-POE375W
PoE Budget Calculation Example
Figure 5. PoE Calculation Example
1357
Link/Act1 Gbps
RESET
2468
AN-210-SW-R-8-POE
1 Gbps
Link/Act
9 SFP10 SFP
8W+++8W12W14W
Total PoE Budget Available=65W
Total PoE Device
Consumption
=42W
PoE Budget Left Available=23W
Note – Port PoE settings may be modified using the PoE Settings menu. Click to see information
and instructions.
OvrC provides remote firmware upgrades, real-time notifications, and intuitive customer management, right
from your computer or mobile device. Setup is plug-and-play, with no port forwarding or DDNS address
required.
Figure 6. OvrC Operation Diagram
Web Browser
Access
1 2 3 4 5 6 7 8
1 Gbps
Link/Act
AN-110-SW-R-8
Mobile
Apps
ENABLED
To add this device to your OvrC account:
1. Connect the switch to the network (Internet access required).
2. Log Into OvrC (www.ovrc.com) or load the OvrC app.
3. Select or create a customer account.
4. Add the device (MAC address and Service Tag numbers needed for authentication).
5. Check for OvrC firmware updates and apply if available.
1. Log into the Ovrc app and find the switch. The OvrC web interface is easier to use than mobile for Web
Connect access. Popup blockers must be disabled.
2. Click the More button and then click Web Connect. In the Web Connect menu, click the appropriate
button to access the web interface.
3. OvrC will open a new tab in your web browser and load the login screen. Enter your username and
password, then click Log In.
Default Login
Usernamearaknis
Passwordaraknis
4. If you were able to log in successfully, go to the System Settings menu to begin completing the
recommended setup for all users. See section “11 - Recommended Setup – System Settings” on page
26.
5. If this access method does not work for your application, see the next section for instructions to access
the interface using a DHCP IP address.
1. Use one of these methods to find the IP address of the switch:
• Check the client table on your router
• Use a network scanner (e.g. Fing) to sni the network. The manufacturer field will display SnapAV.
• See the highlighted field in the figure below for an example of an Araknis device being identified.
2. Enter the IP address in your web browser to load the login screen. Enter your username and password,
then click Log In.
Default Login
Usernamearaknis
Passwordaraknis
3. If you were able to log in successfully, go to the System Settings menu to begin completing the
recommended setup for all users. See section “11 - Recommended Setup – System Settings” on page
26.
4. If this access method does not work for your application, see the next section for instructions to access
the interface using the switch’s default IP address.
8. Left-click OK to close Internet Protocol Version 4 (TCP/IPv4) Properties, then left-click OK to close
Network Connection Properties.
9. Open a web browser and navigate to http://192.168.20.254/ to load the login screen. Enter your
username and password, then click Log In.
Default Login
Usernamearaknis
Passwordaraknis
10. If you were able to log in successfully, go to the System Settings menu to begin completing the
recommended setup for all users. See section “11 - Recommended Setup – System Settings” on page
Use this section to become familiar with the common parts of the interface.
Figure 7. Interface Layout
C
A
B
D
• A - Main Navigation Menu
Use the submenus under the Status, Settings, Maintenance, and Advanced headings to configure and
maintain the switch.
• B - Main Window
The main window displays the currently selected submenu.
• C - Top Bar
The top bar displays the current connection status to the OvrC server, the current internally-set system
time, and the current system uptime in DAYS:HOURS:MINUTES.
• D - Search
Search for menu functions by entering a term, then selecting the appropriate item from the drop down
results. Do not press enter when searching.
Applying or Canceling Changes
After changes are made to a menu page, you must click the Apply button to save the new settings or Cancel
to revert the changes. These buttons are always located at the bottom-right corner of the page.
• System Name – Assign a name for identifying the system.
• System Location – Describe the location of the switch.
• Admin Username – Enter a username for administrator access.
Default: araknis.
• Current Admin Password – Enter the current password when changing the system name.
Default: araknis.
• New Admin Password – Enter the new value when changing the administrator password.
• Confirm New Admin Password – Re-enter the new value when changing the administrator password.
Must be the same as the above field.
• Management VLAN ID – Select the VLAN to be used when accessing the switch interface. All ports are
set to VLAN 1 by default. Do not change this setting unless additional VLANs have been configured.
Once the setting is changed, you will lose access to the interface unless your computer is connected to a
port on the specified VLAN.
Default: 1
• LED – Select what information is represented by the front panel port status LEDs. Options:
• 1Gbps (default) – Left RJ45 LED and front status LED ON indicates 1 Gbps connection.
• PoE – Left RJ45 LED and front status LED ON indicates that a PoE-powered device is connected.
• Disabled – All port and status LEDs are disabled.
We recommend changing the following interface settings to provide the best security and performance.
These are the minimum settings that should be changed on every install.
Path – Settings, System
Figure 15. Recommended System Settings
Default Setting
Username araknis
Passwordaraknis
1. Change Default User Name and Password
Enter a user name and password for the administrator account (System menu at the top of the page).
This will prevent unauthorized access to the interface. (Default login: araknis; araknis) Record the new
settings so you can log in after applying the changes.
2. Configure System IP Address
Set an IP address for accessing the interface. We recommend a static IP so the address doesn’t change.
Record the address so you can access the interface later.
3. Configure System Time and Date
We recommend using the Automatically Get Time and Date setting using the default server “time.nst.
gov”. This will ensure that scheduling features configured in the switch operate on the correct schedule.
4. Configure other System Settings
Configure any other fields on the page as desired. See the previous section for all setting definitions.
5. Save the new settings
Click the Apply button at the bottom right of the screen to save the new system settings. Enter the new
user name and password when the login screen appears.
• Link Status – Current operating status of the port. Link up or Link down.
• Flow Control – Flow control can eliminate frame loss by “blocking” trac from end devices or other
network devices connected directly to the switch when the buer is overloaded on a specific switch
port. When enabled, back pressure is used for half-duplex operation and IEEE 802.3-2005 (formally IEEE
802.3x) for full-duplex operation.
Default: Disabled
• EEE Status – Energy Ecient Ethernet (EEE) is a standard defined by IEEE 802.3az to reduce LAN
device power consumption during idle periods. With EEE enabled, compatible devices can go into LPI
(Low Power Idle) mode during periods of low utilization and then turn back on when needed.
Default: Disabled
Note – EEE causes some network latency. If you experience latency problems with this mode
enabled, try disabling the feature to determine if EEE is causing the issue.
The switch is designed to make PoE a plug-and-play aair for most applications. Use the PoE Settings menu
to monitor, troubleshoot, and control each port.
Figure 18. PoE Settings Menu
• Enable – Check the box to enable PoE on the specified port.
Default: Enabled
• Port – The number of the physical switch port.
• Power Limit Type – Auto, 7W, 15.4W, or 30W.
Default: Auto
• Priority – Port priority is used when remote devices require more power than the power supply can
deliver. In this case, the ports with the lowest priority will be turned o starting from the port with the
highest port number. Low, Medium, or High.
Default: Low
• Status –
• Detecting – The port is not providing PoE power and waiting for a connection that requires it. If a
device is connected and status is still Detecting, then the device is not powered via PoE.
• Delivering – The port is connected to a PoE device and power is being provided.
• Class – PoE Class of the connected device (1,2,3, or 4).
• Output Voltage (V) – PoE voltage being supplied to the port.
• Output Current (mA) – Current in milliamps being supplied to the port.
• Output Power (W) – Power in watts being supplied to the port.
• Power Cycle – Check the box and click Apply to power cycle PoE on one or more ports.
In the image above, a PoE-powered access point is connected to port 1 on the switch. The Status, Class and
Output fields tell you that PoE is functioning correctly (Delivering), as well as how much power is being
consumed. Update the page after changing port connections or settings on the page to refresh the table.
• Status – Options:
• Detecting – The port is not providing PoE power. If a device is connected and status is still
Detecting, see the PoE Troubleshooting section below.
• Delivering – The port is connected to a PoE device and power is being provided.
• Class – PoE Class of the device connection.
• Output Voltage (V) – Voltage being supplied to the port.
• Output Current (mA) – Current in milliamps being supplied to the port.
• Output Power (W) – Power in watts being supplied to the port.
Configuring PoE Ports
Use these settings to customize PoE in situations where power is critical for certain equipment or if power
must be disabled on a port.
• Enable – Check the box to enable PoE on the specified port.
• Power Limit Type – Auto, 7W, 15.4W, or 30W.
• Priority – Port priority is used when remote devices require more power than the power supply can
deliver. In this case, the ports with the lowest priority will be turned o starting from the port with the
highest port number. Low, Medium, or High.
Troubleshooting PoE Issues
• Power Cycle – Check the box and click Apply to power cycle PoE on one or more ports.
• Overcurrent Condition – With default PoE settings, if the current drawn from PoE devices exceeds the
total budget for the switch, PoE will be disabled on ports beginning with the highest numbered port.
Use this menu to configure port-based VLANs. See the Understanding and Using VLANs white paper for
more information about this feature and detailed setup examples and instructions. By default, all ports are
assigned to VLAN 1 as untagged ports.
Figure 20. VLAN Settings
• VID – VLAN ID.
• Name – Use this field to enter a custom VLAN name for easy identification.
• Access Port – Ports and LAGs assigned to the VLAN. The switch tags untagged packets from assigned
Access Ports with the specified VLAN ID. See the figure below for information about changing settings.
• Trunk Port – Trunk port/s assigned to the VLAN. Trunk Ports send tagged packets to other devices.
• Custom Port – Displays ports assigned to the VLAN that have customized settings. Customizations can
be made in the Advanced VLAN configuration menus. See section “Advanced VLANs – 802.1Q VLANs”
on page 61.
• Delete – Click the trash can icon then click Apply to delete a VLAN definition.
Access and Trunk Port Selection
Figure 21. Access and Trunk Port Selection
• Access Port – Ports and LAGs assigned to the VLAN. The switch tags untagged packets from assigned
Access Ports with the specified VLAN ID.
• Trunk Port – Trunk port(s) assigned to the VLAN. Trunk Ports send tagged packets to other devices.
• none – These ports are not included in the VLAN.
3. Assign access and trunk ports by clicking either Port field to open the assignment window, then
selecting the function of each port as it relates to that VLAN. You may also assign Link Aggregation
Groups to VLANs in the menu.
• Access Port – Ports and LAGs assigned to the VLAN. The switch tags untagged packets from
assigned Access Ports with the specified VLAN ID.
• Trunk Port – Trunk port/s assigned to the VLAN. Trunk Ports send tagged packets to other devices.
• none – These ports are not included in the VLAN.
4. Click Confirm to close the window. The selections will appear in the Access and Trunk Port fields.
5. Click Apply to save the new settings.
Figure 22. Configuring Ports in a VLAN
In this example, for VLAN 20, Ports 3-5 are configured as Access ports and Port 2 is assigned as a Trunk port. The remaining ports are
left set to none and remain on the default VLAN 1.
Link Aggregation is also known as Port Trunking. It allows using multiple ports in parallel to increase the link
speed between two switches, increasing redundancy for higher availability.
The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP). Static
trunks must be manually configured at both ends of the link. You can configure any number of ports on the
switch to use LACP as long as they are not already configured as part of a static trunk.
Figure 23. Link Aggregation Settings Menu
• Group – Number of the group configured in the rule.
• Name – Enter a custom name for the group being configured.
• Mode – Select whether the rule is disabled, static, or LACP.
Default: Disabled
• Active Ports – Displays ports being actively used for LAG.
• Member Ports – Click to select member ports for the group.
Configure user account permissions and what access protocols may be used for access.
Figure 24. Access Management Menu Page
User Management
• User Name – Enter a user name for the account. 1-18 characters. Not case sensitive.
• Password – Enter a password for the account. 4-32 characters. Case sensitive.
• Privilege Type – Select whether the account has user or admin level account functionality. Options:
• Admin – Full access and control of the entire local interface.
• User – Limited to viewing current settings in all menus.
• Delete – Click the trash can icon then click Apply to delete an entry (must click Apply to save the
setting). The default admin account cannot be removed.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.
Note – The user name of the primary account must be changed in the System Settings menu. See
section “10 - System Settings” on page 23.
HTTP/Telnet/SSH
• HTTP – Select whether the local interface may be accessed using HTTP. This is the most common access
method.
Default: Enabled
• HTTPS – Select whether the interface can be accessed using HTTPS.
Default: Disabled
• Telnet – Select whether the switch will accept Telnet commands.
Default: Enabled
• SSH – Select whether the switch will accept SSH commands. Default: Disabled
Send ICMP echo request packets to another device on the network to determine if it can be reached. Use the
Ping test to determine whether a device or host is communicating correctly.
Figure 25. Ping Test Page
• IP Address – Enter the IP address of a device or web page to be pinged.
• Count – Number of ping attempts (1-5).
Default: 4
• Interval – Number of seconds between pings (1-5).
Default: 1
• Ping Packet Size – Enter the packet size of each ping (8-5120 bytes). Change to test MTU issues.
Default: 56 Bytes
• Result – Displays results of the test in real time. Resize screen table using bottom right corner click-drag.
• Test – Click to start the ping test.
Running a Ping Test
1. Enter the target IP address into the IP Address field.
2. Change other parameters if desired. The default settings are a great start for troubleshooting.
3. Click Test and wait for the results to appear. See the next page for help understanding results.
• The first line shows the IP address pinged. If a URL was entered (example: google.com) then the IP
address will be displayed also.
• If a ping is successful, the details of each packet are displayed one per line. Note how the successful ping
above has four lines beginning with 64 bytes from... whereas the failed ping does not.
• Ping Statistics are displayed last. Describes the number of packets (pings) transmitted, the number
of packets received from the target in response, percent packet loss, and, if successful, the minimum,
average, and maximum round trip timing of the packets.
Troubleshooting Using Ping Test Results
• If no packets are received, check the connections between the switch and the target device first. The
target device may not be connected. If the connection is good, reset or power cycle the target device. It
may have become unresponsive.
• If packets are still not received, check for a bad cable, port, or failing equipment. Try changing the
connections to a known, working path.
• If everything checks out, but still no packets are received, there may be a trac issue due to network
settings like VLAN or ACL misconfiguration. Check settings related to the ports, IP addresses, and MAC
addresses in use.
The Trace Route test uses a ping to tell you what path a packet takes to travel between the switch and the
target device by counting the number of hops (hops happen when a packet is forwarded from one router to
another). Trace route is primarily used to troubleshoot issues with connections over the WAN port because
on the LAN there is rarely more than one router for the packet to pass through.
Figure 28. Trace Route Test Page
• IP Address – Enter the IP address of a device or web page to ping for the test.
• Max Hop – Enter the maximum number of hops to be recorded in the Ping test (2-55).
Default: 30
• Result – Displays the results of the test in real time. Resize screen table using bottom right corner clickdrag.
• Test – Click the button to start the Traceroute test.
Running a Trace Route Test
1. Enter the target IP address into the IP Address field.
2. Click Tes t and wait for the results to appear. See the next page for help understanding results.
• The results window displays the parameters for the test, followed by information about each hop or hop
attempt.
• Each line starting with a number indicates a hop in the path to the target IP address. Only hops between
routers are shown, not between switches.
• Each hop is tested three times. In each hop entry, the send and receive IP address are shown, followed by
the amount of time it took for the hop to occur on each of the three attempts.
Save configuration files (of current switch settings) and upgrade firmware.
Figure 30. File Management Menu
Configuration File
Use the Configuration File menu to back up or restore settings to the switch.
• Backup Current Configuration – Save the current configuration settings to a compressed archive on your
computer. Click the To PC button and select a location to save the file.
• Upload New Configuration File – Restore previously saved configuration settings. Click Choose File
and select a configuration from the Open window. Then, click the From PC button to upload the
configuration file.
• Restore Factory Defaults – Click the Yes button to restore all factory default settings.
Firmware
• Current Firmware Version – Indicates the current firmware version on the selected partition.
• Partition – Select the partition to change firmware for:
• Partition 0 – Default partition.
• Partition 1 – Backup partition. (In the event of one partition failing, the switch will reboot and use the
alternate firmware.)
• Upload New Firmware – Upload a new firmware version to the selected partition. Click Choose File to
select a file from your computer. Click Upload to Partition to load the firmware.
Select which partition the switch runs on. In the event of one partition failing, the switch will reboot and use
the alternate firmware.
Figure 31. Dual Image Menu
• Active – Select the desired partition and click Apply to reboot the switch from the firmware on the
selected partition.
• Flash Partition – Name of the partition.
• Status – Current partition status:
• Active – The partition the switch is currently operating from.
• Backup – The partition the switch is NOT currently operating from.
• Image Name – Firmware version currently loaded on the partition.
• Image Size (Bytes) – File size of the firmware on the partition.
• Created Time – Time and date the firmware file was uploaded to the partition.
Firmware Update Instructions
1. Download the new firmware from the product support tab. Extract the firmware from the zip file to a
know location on your computer.
2. Navigate to the Maintenance > File Management > Firmware menu.
3. Click the Choose File button for Upload New Firmware, then find and select the new firmware and click
Open.
4. Click Upload to Partition then follow the prompts to complete the update for the first partition.
5. After the first partition is updated, repeat the process, but before clicking Upload to Partition, select the
alternate partition from the Partition drop down.
6. After the alternate partition uploads, the process is complete.
• Restart Switch – Click to restart the switch. No settings will be lost, but Ethernet will drop for connected
devices until the restart is complete (~ 60 seconds). The login screen will reload once the restart is
complete.
Log Out
Figure 33. Log Out Page
• Log Out – Click to log out from the current session. The login screen will reload once the logout is
complete.
Use the Detailed Port Statistics page to display detailed statistics for each switch port. This information can
be used to identify potential problems with the switch (like a faulty port or an unusual trac drop).
All values displayed are accumulated in each respective counter since the last system reboot or the last time
you cleared the counters. Statistics are refreshed every 1 second by default. Use the drop-down menu at the
top-right of the page to select a switch port. Click the Clear button to reset the statistics for the selected
port.
Figure 34. Detailed Port Statistics
• Receive/Transmit Total
• Packets – The number of all packets sent and received (good and bad).
• Octets – The number of all bytes sent and received (good and bad), including Frame Check
Sequence, but excluding framing bits.
• Unicast – The number of unicast packets sent and received (good and bad).
• Multicast – The number of multicast packets sent and received (good and bad).
• Broadcast – The number of broadcast packets sent and received (good and bad).
• Pause – A count of the MAC Control frames sent or received on a switch port that have an operation
code indicating a PAUSE operation.
• Receive Error Counters
• Rx Undersize – Total number of frames received that were less than 64 octets long excluding
framing bits, but including FCS octets.
• Rx Oversize – Total number of frames received that were longer than the configured maximum
frame size for the particular switch port excluding framing bits, but including FCS octets.
• Rx Fragments – Total number of frames received that were less than 64 octets in size excluding
framing bits, but including FCS octets and had either an FCS or alignment error.
• Rx Jabber – Total number of received frames that were longer than the configured maximum frame
size for the particular switch port excluding framing bits, but including FCS octets, and had either an
FCS or alignment error.
• Rx Drops – The number of ingress packets that were dropped not due to errors in those packets.
This might be a result of a congested link and switch port buer overload.
• Rx CRC/Alignment – The number of frames received with CRC or alignment errors.
• Receive Size Counters – The number of packets sent and received (good and bad) divided into
categories based on packet frame sizes.
• Receive/Transmit Queue Counters – The number of packets sent and received divided into categories
based on QoS output queue.
Link Layer Discovery Protocol (LLDP) is used to discover basic information about other devices in the
same broadcast domain (i.e. VLAN). Advertised information is defined in the IEEE 802.1AB standard, and
can include device details such as their identity (eg. make/model), capabilities (eg. routing/switching), and
configuration settings.
Information Table
Araknis switch parameters shared using LLDP.
Figure 36. LLDP Information
• Chassis ID Subtype – Method used for device identification.
• Chassis ID – MAC Address of the switch.
• System Name – System name of the switch (configured in the System Settings menu).
• System Description – System make and model.
• Capabilities Supported – Displays the capabilities of the switch; bridge only.
• Capabilities Enabled – Displays the currently enabled capabilities of the switch; bridge only.
• Port ID Subtype – Identifier subtype for the switch. Always displays Local.
Internet Group Management Protocol (IGMP) can be used to filter multicast trac on the switch. IGMP
Snooping passively monitors exchanges between connected clients and an IGMP-enabled multicast server to
discover and connect clients that want to join a multicast group.
Use the IGMP Snooping page to display IGMP snooping statistics and port status, configure global and port
specific IGMP settings, and information on source-specific groups.
Settings
Configure global settings for IGMP Snooping.
Figure 39. IGMP Snooping Settings
• Status – Enable or disable IGMP Snooping. When enabled, the switch monitors network trac passing
through it to determine which connected clients want to receive multicast trac.
Default: Disabled
• Version – Select IGMPv2 or v3.
• Report Repression – Enable to prevent the router from seeing the IGMP messaging that occurs at the
client level. This alleviates load on the router, because the switch acts as a proxy for client level messages
(like leave requests).
Default: Enabled
VLAN Settings
Configure IGMP Snooping settings for individual VLANs.
Figure 40. IGMP Snooping VLAN Settings
• VLAN ID – VLAN identifier.
• IGMP Snooping Status – Enable or disable IGMP Snooping for the VLAN.
• Fast Leave – Enable to allow subscribed multicast clients to leave without a response message.
IGMP Query can be used to ask connected clients if they want to receive a specific multicast service. Then
the ports containing clients requesting to join the service are identified, and multicast data is sent to only
those ports. It then broadcasts the service request to any neighboring multicast switch to ensure that it will
continue to receive the multicast service from a server connected to that switch.
Figure 41. IGMP Snooping Querier Settings
• VLAN ID – VLAN identifier.
• Querier State – Enable to make the switch the querier for the VLAN. Typically used when there is no
multicast router acting as the querier.
Default: Disabled
• Querier Version – Select IGMPv2 or v3 IGMP Snooping support (regardless of what clients support).
• Querier Status – Displays whether the switch is currently acting as the querier for the VLAN.
• Querier IP – IP address of the switch acting as querier for the VLAN.
• Robustness – Variable for resending querier messages. A higher value means that packets will be resent
more often, useful for congested networks.
Default: 2
• Interval – How often the switch sends IGMP host querier messages.
• Max Response Interval – Maximum response time advertised in IGMP queries. This value must be lower
than the query interval.
Default: 10 seconds
• Oper Max Response Interval – Current reported maximum response time.
• Last Member Query Counter – Number of times the switch sends an IGMP query, separated by the last
member query response interval, in response to a host leave message from the last known active host on
the subnet. It is recommended to leave this setting at 2 in order to avoid multicast issues.
Default: 2
• Oper Last Member Query Counter – Current reported Last Member Query Counter value.
• Last Member Query Interval – Time to wait after receiving a host leave message from the last known
active host on the subnet. If no reports are received in the interval, the group state is deleted. Use this
value to tune how quickly the software stops transmitting on the subnet.
Default: 1 second
• Oper Last Member Query Interval – Current reported Last Member Query Interval.
Configure settings for Multicast Listener Discovery. MLD is used by IPv6 multicast routers to detect multicast
listeners.
Settings
Configure global settings for MLD Snooping.
Figure 45. MLD Snooping Menu
• Status – Enable or disable IGMP Snooping. When enabled, the switch monitors network trac passing
through it to determine which connected clients want to receive multicast trac.
Default: Disabled
• Version – Select MLDv1 or v2.
• Report Repression – Enable to prevent the router from seeing the IGMP messaging that occurs at the
client level. This alleviates load on the router, because the switch acts as a proxy for client level messages
(like leave requests).
Default: Enabled
VLAN Settings
Configure MLD Snooping settings for individual VLANs.
Figure 46. MLD Snooping VLAN Settings
• VLAN ID – VLAN identifier.
• IGMP Snooping Status – Enable or disable MLD Snooping for the VLAN.
• Fast Leave – Enable to allow subscribed multicast clients to leave without a response message.
Group List
See current group subscriptions by VLAN.
Figure 47. MLD Snooping Group List
• VLAN ID – VLAN identifier.
• IPv6 Address – IP address for the multicast.
• Member Ports – Switch ports that are part of the group.
The Spanning Tree Protocol (STP) is a Layer 2 protocol primarily used to detect and eliminate network loops
on redundant connections. Proper STP configuration ensures that only one route exists between any two
end devices, with backup routes automatically taking over if a primary route goes down.
STP – Global Settings
Use this page to enable STP, select which protocol is used, and configure settings for the switch used to
elect the root bridge device.
Figure 49. Global STP Settings Menu
Settings
• STP State – Select whether Spanning Tree Protocol is Enabled or Disabled.
• Force Version – Select the spanning tree protocol to enforce:
• STP – Spanning Tree Protocol (IEEE 802.1D). Uses a distributed algorithm to select a switch to serve
as the root of the spanning tree network. It selects a root port on each switch (except for the root
device), which has the lowest path cost forwarding a packet to the root device. All ports connected
to designated bridging devices are assigned as designated ports. After determining the lowest cost
path, STP enables all root ports and designated ports, and disables all other ports to prevent loops.
Network packets are then only forwarded between root ports and designated ports.
Once the network is stable, all switches listen for Hello BPDUs (Bridge Protocol Data Units) sent by
the Root Bridge. If a switch does not get a Hello BPDU after a certain period (Maximum Age), the
switch assumes that the link to the Root Bridge is down. Then, the switch initiates negotiations with
other switches in the network to recalculate the Spanning Tree Algorithm, determine the new root
bridge device, and make the network stable again.
• RSTP – Rapid Spanning Tree Protocol (IEEE 802.1w). Enhancement to legacy STP. RSTP is also
included in MSTP. RSTP performs faster reconfiguration when topology change is detected (1 to 3
seconds for RSTP, compared to 30 seconds or more for STP). RSTP only supports one spanning
tree instance on any link in a network. We recommend using RSTP over STP as long as the network
equipment supports it.
• MSTP – Multiple Spanning Tree Protocol (IEEE 802.1s). Designed to maintain multiple spanning
trees instances based on VLANs in the network. One or more VLANs can be grouped into a Multiple
Spanning Tree Instance (MSTI). Use this mode when there multiple spanning tree regions with their
own regional root bridge devices.
• Configuration Name – (MSTP mode only) Name the MSTP configuration.
Default: MAC address of the switch
• Configuration Revision – (MSTP mode only) Set a configuration revision for MSTP. The revision number
must be the same for switches in the same region. Use a dierent revision for each region.
Displays the STP parameters of the current elected root bridge device for the entire spanning tree.
Figure 50. Global STP Root Bridge Information
• Root Address – MAC address of the root bridge.
• Priority – Displays the value used to prioritize what switch is elected as the root bridge device. Smaller
values indicate higher priority; larger values, lower priority. If all switches are left to default priority, the
bridge device with the lowest numbered MAC address will be elected.
• Cost – Displays shortest path to the root bridge device.
• Port – Switch port linking to the root bridge device.
• Forward Delay – Amount of seconds before the root bridge port builds its bridge table after the Max
Age limit has passed.
• Maximum Age – Amount of seconds after receiving a BPDU before the root bridge port returns to the
listening state.
• Hello Time – Amount of seconds between BPDUs sent by the root bridge.
Configure root bridge settings for the switch. This information will be used to decide if the switch should be
the root bridge device.
Figure 51. Global STP Basic Settings
• Bridge Address – MAC address of the switch.
• Priority – Select the value used to prioritize whether the switch is elected as the root bridge. Smaller
values indicate higher priority; larger values, lower priority. If all switches are left to default priority, the
bridge device with the lowest numbered MAC address will be elected. If you want a particular switch to
be guaranteed as the root bridge device, set its Priority value lower than other switches. Range: 0-61440
(multiples of 4096)
Default: 32768
• Maximum Hop – Maximum number of link hops a BPDU will travel from the root bridge, as long as the
maximum age of the BPDU has not passed. Range: 1-40
Default: 20
• Forward Delay – Amount of seconds before the root bridge port rebuilds its bridge table after the Max
Age limit has passed. Range: 4-30 seconds
Default: 15 seconds
• Maximum Age – Amount of seconds after receiving a BPDU before the root bridge port returns to the
listening state. Range: 6-40 seconds
Default: 20 seconds
• TX Hold Count – Limit for the number of BPDUs can be sent during a Hello Time period. Range: 1-10
Default: 6
• Hello Time – Amount of seconds between BPDUs sent by the root bridge. Range: 1-10 seconds
Spanning Tree Protocol is used to prevent loops in networks where packets might have multiple possible
routes. Backup routes between equipment can also be maintained and used only when the primary fails. The
switch supports IEEE 802.1d STP, 802.1s RSTP (Rapid Spanning Tree Protocol), and 802.1w MSTP (Multiple
Spanning Tree Protocol).
STP – CIST Settings
Use this menu to view and customize port-based Common and Internal Spanning Tree (CIST) settings.
Port Settings
Figure 52. STP CIST Port Settings Menu
• Port – Switch port identifier.
• Priority – Set CIST priority for each port on the switch. Smaller values indicate higher priority; larger
values, lower priority. If all ports have the same path cost, this value will be used to determine the best
path to the root bridge. Range: 0-240 (multiples of 16)
Default: 128
• Path Cost Conf / Oper – (Configured/Operating) Enter a value larger than zero to modify the path cost.
The currently calculated (Oper) path cost is displayed below. If the entered value is zero, the Oper path
cost is based on the port speed, which in this case is 1 Gbps.
• Designated Root Bridge – Displays the designated root bridge device’s priority, forward delay, and MAC
address.
• External Root Cost – Displays the cost to reach the root bridge across links connecting the boundary
ports outside the MSTP region. When a BPDU is received on an internal port, this cost is not changed.
When a BPDU is received on a boundary port, this cost is adjusted based on the receiving boundary port
cost.
• Regional Root Bridge – Displays the regional root bridge device’s priority, forward delay, and MAC
address.
• Internal Root Cost – Displays the cost to reach the regional root bridge inside the MSTP region. When
a BPDU is received on an internal port, this cost is adjusted based on the receiving boundary port cost.
This information is not shared or counted outside the region.
• Designated Bridge – Displays the designated bridge device’s priority, forward delay, and MAC address.
• Edge Port Conf / Oper – (Configured/Operating) Configure a switch port as an edge port for a region
and see the current edge status of the port.
• P2P MAC Conf / Oper – (Configured/Operating) Options:
• Auto (default) – Allow P2P ports into full duplex mode.
• Yes – Force P2P ports into full duplex mode.
• No – No P2P status.
• Port Role – Displays what role the port is currently playing. Options:
• Disabled – Port is not in use.
• Root – The port with the lowest cost that links the switch to the root bridge device.
• Non-Designated – (STP only) Port is blocking and not listening.
• Alternate – (RSTP) Port links between bridges but is not the designated port, so it is not used unless
the designated port loses connection.
• Designated – Port is designated as the elected link between bridges in the spanning tree.
• Port State – Displays what state the port is currently in. Options:
• Disabled – Port is not in use.
• Blocking – Port is not forwarding frames or reading MAC addresses because it would cause a loop,
but is listening for BPDUs. This state is reached once a dierent port is designated.
• Listening – A designated or root port moves into this state if it stops blocking due to a change in
the spanning tree. BPDUs are received from the connected segment and analyzed to determine the
ideal topology. No other frames are forwarded while a port is in this state.
• Learning – Once the listening process is complete, the port begins updated the MAC address table
and gets ready to start forwarding frames as normal.
• Forwarding – The port is an active link in the spanning tree forwarding frames as normal.
• Migration Start – (RSTP Mode only) Click the box and click Apply to force the port to use the newest
configuration.
Multiple Spanning Tree Protocol (MSTP) is used to map multiple VLANs to one spanning tree topology. Since
there are rarely as many unique topologies as there are VLANs in a network, using MST saves switch CPU
power by reducing the number of spanning tree instances required to handle all VLANs on the device. Each
MST instance acts as its own RSTP node within the network’s CIST.
Instance Settings
Select which VLANs will be included in each MSTI.
Figure 53. STP MST Instance Settings Menu
• MST ID – MST instance identifier.
• VLAN List – Enter the VLAN IDs to be associated with the topology. Enter individual or ranges of values,
for example: “20, 30-32” entered would associate VLANs 20, 30, 31, and 32.
• Priority – Value used to prioritize what MST ID is elected as the path back to the root bridge device. If
all switches are left to default priority, the root bridge with the lowest numbered MAC address will be
elected. Smaller values indicate higher priority; larger values, lower priority. Range: 0-61440 (multiples of
4096)
Default: 32768
• Regional Root Bridge – Displays the MAC address and priority for the regional root bridge.
• Internal Root Cost – Displays the cost to reach the regional root bridge inside the MSTP region. When
a BPDU is received on an internal port, this cost is adjusted based on the receiving boundary port cost.
This information is not shared or counted outside the region.
• Designated Bridge – Displays the MAC address and priority for the current designated bridge.
• Root Port – Switch port connecting the switch to that MST’s root bridge device.
• Priority – Value used to prioritize the port. If all ports are left to default priority, then priority is elected
based on link speed of the port. Smaller values indicate higher priority; larger values, lower priority.
Range: 0-240 (multiples of 16)
Default: 128
• Internal Path Cost Conf / Oper – (Configured/Operating) Set the configured internal path cost and see
the current operational internal path cost.
• Regional Root Bridge – Displays the MAC address and priority for the regional root bridge.
• Internal Root Cost – Displays the cost to reach the regional root bridge inside the MSTP region. When
a BPDU is received on an internal port, this cost is adjusted based on the receiving boundary port cost.
This information is not shared or counted outside the region.
• Designated Bridge – Displays the MAC address and priority for the designated bridge.
• Port Role – Displays what role the port is currently playing. Options:
• Root – The port links the switch to the root bridge device.
• Designated – Ports in use within the MSTP region.
• Disabled – Port is not in use.
• Port State – Displays what state the port is currently in. Options:
• Root – The port links the switch to the root bridge device.
Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Trac on
ports assigned to a private VLAN can only be forwarded to and from uplink ports.
Note – The Private VLANs feature is only found in 310 series switches.
Figure 57. Private VLANs Menu
• Port – Switch port identifier.
• Private – Check the box to set a port to private status.
Cofigure VLANs for VOIP phone systems with built-in VLAN tagging abilities. The interface includes presets
for quickly configuring many popular brands. The switch will examine tagged packets from phones and
place them in the correct VLAN automatically. QoS prioritization can also be applied to help ensure audio
quality on VoIP calls.
General Settings
Note – In order to configure a new voice VLAN, you must first create a new VLAN. The default
VLAN cannot be used. See:
• Section “14 - VLAN Settings (Basic Port-Based)” on page 31, or
• Section “Advanced VLANs – 802.1Q VLANs” on page 61
Figure 58. Voice VLANs Settings
• Voice VLAN State – Click to enable or disable the Voice VLAN feature.
Default: Disabled
• Voice VLAN ID – Select an existing VLAN ID for use as a Voice VLAN.
• 802.1p Remark – Enable or disable 802.1p Remarks in packets to prioritize voice packets.
Default: Disabled
• Remark CoS/802.1p – Select what priority level to give voice packets if remarking is enabled. Higher
values receive higher priority. Range: 0-7
The Organizationally Unique Identifier (OUI) is the first half of a device MAC address, and is unique for every
phone manufacturer. The OUI is used to automatically detect packets from the phone and send them to the
Voice VLAN. The included values are very popular, and new values may be added.
Figure 59. Voice VLANS OUI Settings
• Index – Identifier for the OUI.
• OUI Address – Portion of the MAC address used to identify dierent brands of IP phones.
• Description – Phone system name.
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.
Port Settings
Configure port-based Voice VLAN settings.
Figure 60. Voice VLANS Port Settings
• Port – Switch port identifier.
• State – Enable or disable Voice VLAN tag examination on the port.
• CoS Mode – Select the Class of Service (CoS) mode. Options:
• Src – Only packets from the source MAC address are given QoS prioritization on the Voice VLAN.
• All – All packets on the Voice VLAN are given QoS prioritization.
• Operate Status – Displays the current operating status of the Voice VLAN feature on the port.
Port mirroring is used to send a copy of packets received on one switch port to a network monitoring
device/software on another switch port. This is commonly used for network appliances that require
monitoring of network trac. Network engineers or administrators use port mirroring to analyze and
diagnose errors on a network.
Figure 61. Port Mirroring Page
• Session ID – Session identifier.
• Enable – Check to enable a port mirroring session.
• Destination Port – Port that packets will be mirrored to.
• Source TX Port – Port that sent the original packets.
• Source RX Port – Port originally receiving the packets.
• Ingress State – Enable or disable.
28 - Security – 802.1x
802.1x allows port-based client authentication with the use of a RADIUS server.
802.1x Global Setting
Configure global 802.1x settings.
Figure 62. 802.1x Global Settings Menu
• State – Enable or disable the 802.1x feature.
• Guest VLAN – Enable or disable guest VLAN use for 802.1x. If enabled, all authorized clients will be
connected to the VLAN.
• GUEST VLAN ID – Select a VLAN ID for use if Guest VLAN is Enabled.
• Auto – Port allows only packets used for authentication and network discovery until the client is
authenticated, then allows uninterrupted trac.
• ForceUnAuthorized – The port will remain unauthorized state and ignore all attempts to
authenticate a client.
• ForceAuthorized – The port always behaves as if an authenticated client is connected.
• Reauthentication – Enable or disable reauthentication by the switch. If enabled, a client that failed to
authenticate will not be allowed to try again until the next period based on the Period Setting.
Default: Enabled
• Reauthentication period – Set the reauthentication period.
Default: 3600 seconds
• Quiet Period – Set the quiet period.
Default: 60
• Supplicant Period – Set the Supplicant period.
Default: 30
• Max Retry – Set the Max Retry value.
Default: 2
• Authorized Status – Displays the current authorization status of the port.
• Guest VLAN – Enable or disable guest VLAN use for the port.
The Remote Authentication Dial-In User Service (RADIUS) protocol provides central management for users
connecting to use network services. Use this menu to configure settings for the server.
Figure 65. Radius Server Menu
• Index – RADIUS Server entry identifier.
• Server IP – IP address of the RADIUS server.
• Authorized Port – Port for clients communicating with the server.
• Key String – Enter the authentication key used between the switch and the server.
• Timeout Reply – How many seconds to wait for a reply from the server before trying again.
Default: 3 seconds.
• Retry – Number of times to attempt connection to the server.
Default: 3
• Server Priority – Enter the RADIUS server the priority for the switch. The server with the highest priority
will be queried first. Lower values give higher priority.
Default: 1
• Dead Timeout – Amount of time before the switch stops attempting to connect.
Default: 0
• Delete – Click the trash can icon then click Apply to delete an entry.
• Ping Max Size Setting – Specify the maximum IPv6 fragment size to filter. Range: 0-65535 Bytes
Default: 512 Bytes
• Smurf Attack – Enable or Disable filtering of this type of attack.
Default: Enabled
• Netmask Length – Specify the netmask length to filter. Range: 0-32
• TCP Min Hdr Size – Enable or Disable filtering of this type of attack.
Default: Enabled
• TCP Min Hdr Bytes – Specify the minimum number of TCP Min Hdr Bytes to filter. Range: 0-31 Bytes
Default: 20 Bytes
• TCP-SYN(SPORT<1024) – Enable or Disable filtering of this type of attack.
Default: Enabled
• Null Scan Attack – Enable or Disable filtering of this type of attack.
Default: Enabled
• X-Mas Scan Attack – Enable or Disable filtering of this type of attack.
Default: Enabled
• TCP SYN-FIN Attack – Enable or Disable filtering of this type of attack.
Default: Enabled
• TCP SYN-RST Attack – Enable or Disable filtering of this type of attack.
Default: Enabled
• TCP Fragment (Oset = 1) – Enable or Disable filtering of this type of attack.
Default: Enabled
Port Settings
Configure port-based DOS security settings.
Figure 67. DOS Port Settings Table
• Port – Switch port identifier.
• DoS Protection – Select Yes to enable DoS protection for the port, or No disable protection for the port.
If enabled, the switch will block any types of trac that filtering is enabled for in the DOS Global Settings
menu.
Remote Network Monitoring (RMON) allows the switch to monitor network trac and send alarms if
specified limits are reached or passed. Configure what events to monitor and how to react. Events may be
logged and/or sent to other network clients using SNMP.
RMON – Event List
Define event types to execute when RMON alarms are triggered.
Figure 70. Event List
• Index – Enter a value to identify the event entry. Range: 1-65535
• Event Type – Select the desired action from the drop down:
• Log – Add an entry to the event log when the alarm goes o.
• SNMP Trap – Send a message to the remote log server when the alarm goes o.
• Log and Trap – Log and send a message (above) when the alarm goes o.
• Community – If using SNMP Trap or Log and Trap event type, select whether the SNMP community is
Public or Private.
• Description – Enter a description for the event type.
• Last Time Sent – Last occurrence of an event of the specified type being sent.
• Owner – Enter a name for the owner of the event.
• Delete – Click the trash can icon then click Apply to delete an entry.
RMON – Event Log Table
View RMON event logs.
Figure 71. Event Log Table
• Select Event Index – Select an Event identifier from the drop down. There must be configured entries in
the RMON Event List to use the drop down.
• Refresh – Click to refresh the list and see the newest events.
• Index – Enter an identifier for the Alarm List entry.
• Sample Port – Select the port to monitor from the drop down.
• Sample Variable – Select the event type to monitor for. Options: DropEvents, Octets, Pkts,
BroadcastPkts, MulticastPkts, CRCAlignErrors, UnderSizePkts, OverSizePkts, Fragments, Jabbers,
Collisions, PktsOctets, Pkts65-127Octets, Pkts128to255Octets, Pkts256to511Octets, Pkts512to1023Octets,
Pkts1024to1518Octets.
• Sample Interval – Enter the alarm interval time.
• Sample Type – Select the sampling method:
• Absolute – Compares values of thresholds vs. captured at the end of each sample interval. Use this
option if the monitored value can increase or decrease at any time.
• Delta – Detects change over time by subtracting the most recent sampled value from the current
Use the option if the monitored value always increases over time.
• Rising Threshold – Upper threshold of the monitored value. Use this in conjunction with Falling Threshold
to be alerted when the monitored value leaves the desired operating range.
• Falling Threshold – Lower threshold of the monitored value. Use this in conjunction with Rising Threshold
to be alerted when the monitored value leaves the desired operating range.
• Rising Event – Select an event to execute from the drop down when the monitored value exceeds the
Rising Threshold.
• Falling Event – Select an event to execute from the drop down when the monitored value exceeds the
Falling Threshold.
• Owner – Enter a name to identify when the switch sends an alarm.
• Delete – Click the trash can icon then click Apply to delete an entry.
Configure the events to record to the RMON history log on each port.
Figure 73. History List
• Index – History Log identifier
• Sample Port – Select the port to monitor.
• Bucket Requested – Enter the number of samples to save in each entry.
• Interval – Enter the interval for recording samples on the port.
• Owner – Enter the name of the requester.
• Delete – Click the trash can icon then click Apply to delete an entry.
RMON – History Log Table
View selected history logs.
Figure 74. History Log Table
• Select History Index – Select a History Log type to monitor from the drop down. In order to view logs,
you must first configure an entry in the RMON History List.
• Refresh – Click to refresh the log and see the newest results.
Quality of Service (QoS) is used to organize and prioritize packet flow and bandwidth use on the LAN based
on trac type, source, or destination in order to help guarantee network performance for critical services.
QoS – Global Settings
Figure 75. Global Settings
• State – Enabled or Disabled.
• Scheduling Method – Select the desired mode for scheduling trac from the drop down:
• Strict Priority – Trac is scheduled specifically based on queue priority.
• WRR – Use the Weighted Round Robin algorithm to prioritize trac queues.
• Trust Mode – Select the desired mode of operation from the drop down:
• 802.1p – Trac is prioritized based on its 802.1p priority tag.
• DSCP – Trac is prioritized based on its DSCP priority tag.
• 802.1p + DSCP – Trac is prioritized based on both 802.1p and DSCP priority tags.
QoS – COS Mapping
Assign trac of dierent CoS priority levels to the desired queue.
Figure 76. COS Mapping Table
• CoS – CoS Priority level identifier.
• Queue – Select a queue from the drop down for the given priority level. The default values are standard
for most applications.
Use Storm Control to limit the amount of broadcast, unknown multicast, and unknown unicast packets
coming into ports on the switch. Excessive frames are discarded when the specified limit is passed.
Figure 80. Storm Control Table
• Port – Switch Port identifier.
• Status – Enable or Disable Storm Control for the specified port.
• Broadcast (kbps) – Check the box to enable Broadcast storm control, then enter the maximum allowed
trac rate of that type in kbps.
• Unknown Multicast (kbps) – Check the box to enable Unknown Multicast storm control, then enter the
maximum allowed trac rate of that type in kbps.
• Unknown Unicast (kbps) – Check the box to enable Unknown Unicast storm control, then enter the
maximum allowed trac rate of that type in kbps.
Access Control Lists (ACLs) are used for preventing access between or to devices on the network, primarily
for many clients to one or vice versa. MAC-based ACLs can only control incoming trac and IPv4/IPv6
-based ACLs can control both incoming and outgoing trac.
Note – The ACL feature is only found in 310 series switches.
ACL – MAC ACL
Create MAC address-based rules for controlling incoming access to a device on any connected port.
Figure 81. MAC ACL List
MAC ACL List
Manage MAC ACLs.
• Index – List identifier.
• Name – Enter a name to describe the members or reason for the ACL list.
• Delete – Click the trash can icon then click Apply to delete an entry.
MAC ACE List
Define Access Control Entries (ACEs) associated with each ACL list.
• Click any entry field to open the MAC ACE List Editor (see next page).
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings. You must create an
ACL List entry before adding a new ACE List entry.
• ACL Name – Select the ACL to associate the ACE with.
• Sequence – Enter a value for the sequence in relation to other ACLs. The smallest value is processed first.
• Action – Select whether to Permit or Deny trac that meets the set criteria.
• Destination MAC Address – Destination MAC address to monitor for. Options: Any or User Defined.
• Destination MAC Mask – Destination MAC mask to monitor for. Use this field to filter multiple addresses
within a range. Only visible when monitoring a User Defined address.
• Source MAC Value – Source MAC address to monitor for. Options: Any or User Defined.
• Source MAC Mask – Source MAC mask to monitor for. Use this field to filter multiple addresses within a
range. Only visible when monitoring a User Defined address.
• VLAN ID – Enter the VLAN ID to monitor for.
• 802.1p Value – Enter the 802.1p value to monitor for.
• Ethertype – Leave blank. Entering a value will restrict trac using certain protocols.
• OK – Click to accept the new settings and return to the MAC ACL ACE List.
• Cancel – Click to reject the new settings and return to the MAC ACL ACE List.
Create rules for controlling incoming and outgoing trac to any device on a connected port based on its
IPv4 address.
Figure 83. IPv4 ACL Menu Page
IPv4 ACL List
• Index – List identifier.
• Name – Enter a name to describe the members or reason for the ACL list.
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.
IPv4 ACE List
Define Access Control Entries (ACEs) associated with each ACL list.
• Click any entry field to open the IPv4 ACE List Editor (see next page).
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings. You must create an
ACL List entry before adding a new ACE List entry.
• ACL Name – Select the ACL to associate the ACE with.
• Sequence – Enter a value for the sequence in relation to other ACLs. The smallest value is processed first.
• Action – Select whether to Permit or Deny trac that meets the set criteria.
• Protocol – Select whether trac using a certain protocol is controlled. Options:
• Any – No Protocol monitoring.
• Select from list – Select the protocol to control from the drop down. Options: IPv4:ICMP, IPinIP, TCP,
EGP, UDP, HMP, RDP, IPv6, IPv6:Rout, IPv6Frag, RSVP, IPv6:ICMP, OSPF, PIM, or L2TP.
• Protocol ID – Enter the identifier for the protocol.
• Source/Destination IP Address – Select whether to monitor Any or a User Defined address.
• Source/Destination IP Address Value – Enter the address to monitor. Only visible when monitoring a
User Defined address.
• Source/Destination IP Mask – Subnet mask to monitor. Use this field to filter multiple addresses within a
range. Only visible when monitoring a User Defined address.
• Source/Destination Port/Port Range – Enter a port or ports to monitor.
• Type of Service – Select Any or DSCP to match (then enter range).
• ICMP Type – Select the IMCP type to monitor:
• Any – No ICMP monitoring.
• Select from list – Select the ICMP type to monitor. Options: EchoReply, Destination Unreachable,
Source Quench, Echo Request, Router Advertisement, Router Solicitation, Time Exceeded,
Timestamp, Timestamp Reply, or Traceroute.
• Protocol ID – Enter the identifier for the protocol
• ICMP Code
• Any – No ICMP code monitoring.
• User Defined – Enter the code value to be monitored.
• OK – Click to accept the new settings and return to the IPv4 ACL ACE List.
• Cancel – Click to reject the new settings and return to the IPv4 ACL ACE List.
Create rules for controlling incoming and outgoing trac to any device on a connected port based on its
IPv6 address.
Figure 85. IPv6 ACL Menu Page
IPv6 ACL List
• Index – List identifier.
• Name – Enter a name to describe the members or reason for the ACL list.
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.
IPv6 ACE List
Define Access Control Entries (ACEs) associated with each ACL list.
• Click any entry field to open the IPv4 ACE List Editor (see next page).
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings. You must create an
ACL List entry before adding a new ACE List entry.
• ACL Name – Select the ACL to associate the ACE with.
• Sequence – Enter a value for the sequence in relation to other ACLs. The smallest value is processed first.
• Action – Select whether to Permit or Deny trac that meets the set criteria.
• Protocol – Select whether trac using a certain protocol is controlled. Options:
• Any – No specific protocol monitoring.
• Select from list – Select the protocol to control from the drop down. Options: TCP, UDP, IPv6:ICMP.
• Protocol ID – Enter the identifier for the protocol.
• Source/Destination IP Address – Select whether to monitor Any or a User Defined address.
• Source/Destination IP Address Value – Enter the address to monitor. Only visible when monitoring a
User Defined address.
• Source/Destination IP Prefix Length – Prefix to monitor. Use this field to filter multiple addresses within a
range. Only visible when monitoring a User Defined address.
• Source/Destination Port/Port Range – Enter a port or ports to monitor.
• TCP Flags – Select options for monitoring TCP Flags when monitoring TCP Protocol.
• Type of Service – Select Any or DSCP to match (then enter range).
• OK – Click to accept the new settings and return to the IPv6 ACL ACE List.
• Cancel – Click to reject the new settings and return to the IPv6 ACL ACE List.
The Simple Network Management Protocol (SNMP) is a Layer 7 protocol for managing and monitoring
network equipment from a central SNMP manager.
Managed devices that support SNMP run their own agent software; the SNMP agent maintains a defined set
of variables that are used to manage the switch. These objects are defined in a Management Information
Base (MIB).
The Araknis switch includes an SNMP agent that supports SNMP versions 1, 2c, and 3. This agent
continuously monitors the status of the switch hardware and the trac passing through its ports. SNMP
client software can access the switch SNMP agent through SNMP community strings. These community
strings are used for authentication.
SNMPv3 provides additional security features that cover message integrity, authentication, and encryption,
as well as controlling user access to specific objects in the MIB.
SNMP – Global Settings
Configure global settings for SNMP.
Settings
Figure 88. SNMP Global Settings
• SNMP State – Enabled or disable SNMP for the switch.
• Engine ID – Enter a unique SNMP Engine identifier. Check the box to use the default ID. The ID must be
made from an even number of 10~64 hex letters. Enter this ID in other equipment when prompted to use
the switch as the SNMP server.
Configure SNMP groups, events, community strings, and users.
Group Lists
Figure 91. SNMP Group List
• Group Name – Enter a name to describe the group.
• Security Mode – Select the SNMP version for the group. Options: v1, v2c, or v3
• Security Level – Select the security level for users in the group. Options:
• NoAuth – No authentication or privacy for group members.
• Auth – SNMP messages are authenticated.
• Priv – SNMP messages are encrypted.
• Read View – All; cannot be changed.
• Write View – Select None or All.
• Notify View – Select None or All.
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.
View List
Figure 92. SNMP View List
• View Name – Enter a name to identify the View.
• Subtree OID – Enter the Subtree Object Identifier (OID) value (must begin with a “.”). This value identifies
an MIB tree that will be granted or denied access by the SNMP manager. Max level: 20
• Subtree Mask – Enter 0 (zero) for does not concern, or 1 for is concerned.
• View Type – Select Included or Excluded.
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.
Configure advanced system logging. These settings aect the log on the system status page.
Settings
Turn advanced logging on or o.
Figure 96. Log Settings
• Logging Service – Enabled or disable logging services.
Local Logging
Use this menu to configure whether log entries are submitted for the specified event severity. Values to the
left indicate more severe events, and logs to the right indicate less severe events. Any NOTICE, INFO, or
DEBUG events may be disregarded by the user.
Figure 97. Local Logging
• EMERG/ALERT/CRIT/ERROR/WARNING/NOTICE/INFO/DEBUG – Select Yes to enable local logging for
the event severity level or No to disable logging for the event severity level.
Remote Logging
Figure 98. Remote Logging
• IP/Hostname – Enter the IP address of the remote log server.
• Server Port – Enter the port configured for server communication.
• EMERG/ALERT/CRIT/ERROR/WARNING/NOTICE/INFO/DEBUG – Select Yes to enable remote logging
for the event severity level or No to disable logging for the event severity level.
• Facility – Select the facility value for the remote logging event. Options: local0-local7.
Default: local 0
• Delete – Click the trash can icon then click Apply to delete an entry.
• Add – Click to create a new entry. Remember to click Apply to save the new settings.