Asus X2048 User Manual

Download

Page 1

GigaX2024/2048

Layer 2 Managed Switch

User Manual

Page 2

E2301

October 2005 V2.3

of this manual, including the products and software described in it, may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except documentation kept by the purchaser for backup purposes, without the express written permission of ASUSTeK COMPUTER INC. (ASUS).

Product warranty or service will not be extended if: (1) the product is repaired, modiﬁed or altered, unless such repair, modiﬁcation of alteration is authorized in writing by ASUS; or (2) the serial number of the product is defaced or missing.

ASUS provides this manual “as is” without warranty of any kind, either express or implied, including but not limited to the implied warranties or conditions of merchantability or ﬁtness for a particular purpose. In no event shall ASUS, its directors, ofﬁcers, employees, or agents be liable for any indirect, special, incidental, or consequential damages (including damages for loss of proﬁts, loss of business, loss of use or data, interruption of business and the like), even if ASUS has been advised of the possibility of such damages arising from any defect or error in this manual or product.

Speciﬁcations and information contained in this manual are furnished for informational use only, and are subject to change at any time without notice, and should not be construed as a commitment by ASUS. ASUS assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual, including the products and software described in it.

Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their respective companies, and are used only for identiﬁcation or explanation and to the ownersʼ beneﬁt, without intent to infringe.

Page 3

GigaX2024/2048 L2 Managed Switch User Manual

Federal Communications Commission Statement

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference, and

• This device must accept any interference received including interference that may cause undesired operation.

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with manufacturerʼs instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

WARNING!

graphics card is required to assure compliance with FCC regulations. Changes or modiﬁcations to this unit not expressly approved by the party responsible for compliance could void the userʼs authority to operate this equipment.

The use of shielded cables for connection of the monitor to the

Canadian Department of Communications Statement

This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

This class B digital apparatus complies with Canadian ICES-003.

Page 4

GigaX2024/2048 L2 Managed Switch User Manual

ASUS contact information

ASUSTeK COMPUTER INC. (Asia-Paciﬁc)

Address: 150 Li-Te Road, Peitou, Taipei, Taiwan General Tel: +886-2-2894-3447 General Fax: +886-2-2894-7798 Web Site: www.asus.com.tw

Technical Support

MB/Others (Tel): +886-2-2890-7121 (English) Notebook (Tel): +886-2-2890-7122 (English) Desktop/Server (Tel): +886-2-2890-7123 (English) Support Fax: +886-2-2890-7698

ASUS COMPUTER INTERNATIONAL (America)

Address: 44370 Nobel Drive, Fremont, CA 94538, USA General Fax: +1-502-933-8713 General Email: tmd1@asus.com Web Site: usa.asus.com

Technical Support

Support Fax: +1-502-933-8713 General Support: +1-502-995-0883 Notebook Support: +1-510-739-3777 x5110 Support Email: tsd@asus.com

ASUS COMPUTER GmbH (Germany and Austria)

Address: Harkort Str. 25, D-40880 Ratingen, BRD, Germany General Fax: +49-2102-9599-31 General Email: sales@asuscom.de (for marketing requests only)

Technical Support

Support Hotlines: (Components) +49-2102-95990 (Notebook PC) +49-2102-959910 Support Fax: +49-2102-959911 Support Email: www.asuscom.de/de/support (for online support) Web Site: www.asuscom.de

ASUS COMPUTER (Middle East and North Africa)

Address: P.O. Box 64133, Dubai, U.A.E. General Tel.: +9714-283-1774 General Fax: +9714-283-1775 General Email: www.ASUSarabia.com

Page 5

GigaX2024/2048 L2 Managed Switch User Manual

Table of Contents

1 Introduction .............................................................................. 1

1.1 GigaX2024/2048 features ........................................................... 1

1.2 Conventions used in this document ........................................... 2

1.2.1 Notations ........................................................................................ 2

1.2.2 Typography ..................................................................................... 2

1.2.3 Symbols .......................................................................................... 2

2 Getting to know the GigaX ...................................................... 3

2.1 Package contents ....................................................................... 3

2.2 Front Panel .................................................................................. 4

2.3 Rear Panel .................................................................................. 5

2.4 Technical speciﬁcations ............................................................... 5

3 Quick start guide .....................................................................6

3.1 Part 1 — Installing the hardware .................................................. 6

3.1.1 Installing the switch on a ﬂat surface .............................................. 6

3.1.2 Mounting the switch on a rack ........................................................ 6

3.2 Part 2 — Setting up the switch ..................................................... 6

3.2.1 Connect the console port ................................................................ 6

3.2.2 Connect to the computers or a LAN ............................................... 7

3.2.3 Attach the RPS module ................................................................. 7

3.2.4 Attach the power adapter ............................................................... 7

3.3 Part 3 — Basic switch setting for management ........................... 8

3.3.1 Setting up through the console port ............................................... 8

3.3.2 Setting up through the Web interface ............................................. 9

4 Management with the Web Interface ...................................12

4.1 Log into Web user interface ....................................................... 12

4.2 Functional layout ........................................................................ 14

4.2.1 Menu navigation tips ..................................................................... 15

iii

Page 6

GigaX2024/2048 L2 Managed Switch User Manual

4.2.2 Commonly used buttons and icons ............................................. 16

4.3 System Pages ............................................................................ 16

4.3.1 Management ................................................................................. 16

4.3.2 IP Setup ........................................................................................ 17

4.3.3 Administration .............................................................................. 18

4.3.4 Reboot ......................................................................................... 18

4.3.5 Firmware Upgrade ........................................................................ 18

4.4 Physical Interface ..................................................................... 19

4.5 Bridge ......................................................................................... 20

4.5.1 Spanning Tree .............................................................................. 20

4.5.2 Link Aggregation ........................................................................... 21

4.5.3 Mirroring ....................................................................................... 23

4.5.4 Static Multicast ............................................................................. 24

4.5.5 IGMP Snooping ............................................................................ 25

4.5.6 Trafﬁc Control ............................................................................... 25

4.5.7 Dynamic Addresses ...................................................................... 26

4.5.8 Static Addresses ........................................................................... 27

4.5.9 Tagged VLAN ............................................................................... 27

4.5.10 Default Port VLAN and CoS ....................................................... 29

4.5.11 DHCP Snooping ......................................................................... 30

4.6 SNMP ......................................................................................... 31

4.6.1 Community Table .......................................................................... 31

4.6.2 Host Table ..................................................................................... 31

4.6.3 Trap Setting .................................................................................. 32

4.6.4 VACM Group ................................................................................ 32

4.6.5 VACM View ................................................................................... 33

4.6.6 USM User ..................................................................................... 34

4.7 Filters ......................................................................................... 35

4.7.1 Filter Set ....................................................................................... 35

Page 7

GigaX2024/2048 L2 Managed Switch User Manual

4.7.2 Filter Attach ................................................................................... 37

4.8 Security ...................................................................................... 38

4.8.1 Port Access Control ...................................................................... 38

4.8.2 Dial-In User ................................................................................... 40

4.8.3 RADIUS ........................................................................................ 40

4.8.4 Port Security ................................................................................. 41

4.8.4.1 Port Conﬁguration ................................................................. 41

4.8.4.2 Port Status ............................................................................ 42

4.8.4.3 Secure MAC Addresses .......................................................44

4.9 QoS ............................................................................................ 44

4.9.1 Trust State .................................................................................... 45

4.9.2 Mapping ........................................................................................ 46

4.9.3 Class Set ...................................................................................... 46

4.9.4 Policy Set ...................................................................................... 47

4.9.5 Policy Attach ................................................................................. 49

4.9.6 CoS ............................................................................................... 49

4.10 Statistics Chart ........................................................................ 50

4.10.1 Trafﬁc Comparison ...................................................................... 50

4.10.2 Error Group ................................................................................. 51

4.10.3 Historical Status .......................................................................... 52

4.11 Save Conﬁguration .................................................................. 53

5 Console Interface ..................................................................54

5.1 Power On Self Test .................................................................... 54

5.1.1 Boot ROM Command Mode ......................................................... 55

5.1.2 Boot ROM Commands ................................................................. 55

5.2 Login and Logout ....................................................................... 57

5.3 CLI Commands .......................................................................... 57

5.3.1 System Commands ...................................................................... 57

5.3.2 Physical Interface Commands ...................................................... 60

Page 8

GigaX2024/2048 L2 Managed Switch User Manual

5.3.3 Bridge Commands ........................................................................ 60

5.3.4 SNMP ........................................................................................... 68

5.3.5 Filters Commands ........................................................................ 74

5.3.6 Security Commands ..................................................................... 77

5.3.7 QoS Commands ........................................................................... 82

5.4 Miscellaneous Commands ......................................................... 85

6 IP Addresses, Network Masks, and Subnets ...................... 86

6.1 IP Addresses .............................................................................. 86

6.1.1 Structure of an IP address ............................................................ 86

6.1.2 Network classes ........................................................................... 87

6.2 Subnet masks ............................................................................ 87

7 Troubleshooting ....................................................................89

7.1 Diagnosing problems using IP utilities ....................................... 89

7.1.1 ping ............................................................................................... 89

7.1.2 nslookup ....................................................................................... 90

7.2 Replacing defective fans ............................................................ 91

7.3 Simple ﬁxes ................................................................................ 93

8 Glossary .................................................................................95

9 Index .....................................................................................101

Page 9

GigaX2024/2048 L2 Managed Switch User Manual

List of Figures

Figure 1. GigaX L2 managed switch package contents ..................................... 3

Figure 2. Front panel (GigaX 2048) .................................................................... 4

Figure 3. Front panel (GigaX 2024) .................................................................... 4

Figure 4. Rear panel ........................................................................................... 5

Figure 5. Overview of Hardware Connections .................................................... 7

Figure 6. Login and IP setup Screen .................................................................. 9

Figure 7. Login Screen ..................................................................................... 10

Figure 8. IP Setup (GigaX 2048) ...................................................................... 11

Figure 9. IP Setup (GigaX 2024) ...................................................................... 11

Figure 10. Conﬁguration manager login screen ............................................... 12

Figure 11. Home page (GigaX 2048) ................................................................ 13

Figure 12. Home page (GigaX 2024) ............................................................... 13

Figure 13. Top frame (GigaX 2048) .................................................................. 14

Figure 14. Top frame (GigaX 2024) .................................................................. 14

Figure 15. Expanded Menu List ........................................................................ 15

Figure 16. Management ................................................................................... 17

Figure 17. IP Setup ........................................................................................... 17

Figure 18. Administration .................................................................................. 18

Figure 19. Reboot ............................................................................................. 18

Figure 20. Firmware Upgrade ........................................................................... 19

Figure 21. Physical Interface ........................................................................... 20

Figure 22. Spanning Tree ................................................................................. 21

Figure 23. Link aggregation (GigaX 2048) ....................................................... 23

Figure 24. Link aggregation (GigaX 2024) ....................................................... 23

Figure 25. Mirroring page (GigaX 2048) ........................................................... 24

Figure 26. Mirroring page (GigaX 2024) ........................................................... 24

Figure 27. Static Multicast (GigaX 2048) .......................................................... 25

Figure 28. Static Multicast (GigaX 2024) .......................................................... 25

vii

Page 10

GigaX2024/2048 L2 Managed Switch User Manual

Figure 29. IGMP Snooping ................................................................................ 25

Figure 30. Trafﬁc Control ..................................................................................26

Figure 31. Dynamic Address ............................................................................. 26

Figure 32.Static Address ................................................................................... 27

Figure 33. Tagged VLAN (GigaX 2048) ............................................................29

Figure 34. Tagged VLAN (GigaX 2024) ............................................................29

Figure 35. Default Port VLAN and CoS ........................................................... 30

Figure 36. DHCP Snooping (GigaX 2048) ........................................................ 30

Figure 37. DHCP Snooping (GigaX 2024) ........................................................ 30

Figure 38. Community Table ............................................................................ 31

Figure 39. Host Table ........................................................................................ 31

Figure 40. Trap Setting .....................................................................................32

Figure 41. VACM Group .................................................................................... 33

Figure 42. VACM View ...................................................................................... 34

Figure 43. USM User ........................................................................................35

Figure 44. Filter Set .......................................................................................... 36

Figure 45. Filter Rule in MAC mode .................................................................. 36

Figure 46. Filter Rule in IP mode ...................................................................... 36

Figure 47. Filter Attach (GigaX 2048) ............................................................... 37

Figure 48. Filter Attach (GigaX 2024) ............................................................... 38

Figure 49. Port Access Control ......................................................................... 39

Figure 50. Dial-In user ...................................................................................... 40

Figure 51. RADIUS ..........................................................................................41

Figure 52. Port Conﬁguration ............................................................................ 42

Figure 53. Port Status ....................................................................................... 43

Figure 54. Secure MAC Addresses ................................................................... 44

Figure 55. Trust State ....................................................................................... 46

Figure 56. Mapping ........................................................................................... 46

Figure 57. Class Set ......................................................................................... 47

viii

Page 11

GigaX2024/2048 L2 Managed Switch User Manual

Figure 58. Policy Set ........................................................................................ 48

Figure 59. Policy Edit ........................................................................................ 49

Figure 60. Policy Attach .................................................................................... 49

Figure 61. CoS ................................................................................................. 50

Figure 62. Trafﬁc comparison (GigaX 2048) ..................................................... 51

Figure 63. Trafﬁc comparison (GigaX 2024) ..................................................... 51

Figure 64. Error group ...................................................................................... 52

Figure 65. Historical Status .............................................................................. 52

Figure 66. Save Conﬁguration .......................................................................... 53

Figure 67. CLI interface .................................................................................... 54

Figure 68. Boot ROM Command Mode ............................................................ 55

Figure 69. SYS commands ............................................................................... 58

Figure 70. Using the ping utility ........................................................................ 89

Figure 71. Using the nslookup utility ................................................................. 90

Figure 72. Loosening the thumbscrew ............................................................. 91

Figure 73. Removing the fan module ............................................................... 91

Figure 74. Detaching the fan from the module ................................................. 92

Page 12

GigaX2024/2048 L2 Managed Switch User Manual

List of Tables

Table 1. Front panel labels and LEDs ................................................................. 4

Table 2. Rear panel labels .................................................................................. 5

Table 3. Technical speciﬁcations ........................................................................ 5

Table 4. LED Indicators ...................................................................................... 8

Table 5. Port color description .......................................................................... 14

Table 6. Commonly used buttons and icons ..................................................... 16

Table 7. Boot ROM commands ......................................................................... 56

Table 8. IP address structure ............................................................................ 86

Table 9. Troubleshooting .................................................................................. 93

Page 13

GigaX2024/2048 L2 Managed Switch User Manual

1 Introduction

Congratulations on becoming the owner of the ASUS GigaX2024/2048 Layer 2 managed switch! You may now manage your LAN (local area network) through a friendly and powerful user interface.

This user manual tells how to set up the GigaX2024/2048 switch, and how to customize its conﬁguration to get the most out of this product.

1.1 GigaX2024/2048 features

• (GigaX 2048) 48 x 10/100BASE-TX auto-sensing Fast Ethernet ports

• (GigaX 2024) 24 x 10/100BASE-TX auto-sensing Fast Ethernet ports

• Two 10/100/1000BASE-T auto-sensing Gigabit Ethernet switching ports

• Two small form factor (SFP) Gigabit interface converter (GBIC) slots

• Automatic MDI/MDIX supported on 10/100BASE-TX and 10/100/1000BASE-T ports

• Compliant with 802.3u, 802.3z and 802.3ab speciﬁcations

• 802.1D transparent bridge/spanning tree protocol

• 802.1w RSTP (Rapid Spanning Tree Protocol)

• 802.1X port-based network access control

• RADIUS remote authentication dial-in user service

• 8K MAC address cache with hardware-assisted aging

• 802.3x ﬂow control

• 802.1Q-based tagged VLAN, up to 255 VLANs

• 802.1p class of service, 4 queues per port

• IGMP snooping support

• 802.3ad link aggregation (trunking), up to 6 trunk groups

• LACP (Link Aggregation Control Protocol)

• Port Mirroring

• Access Control List

• RMON: support 4 groups (1, 2, 3, 9)

• SNMP v1, v2, v3

• MIB-II

Page 14

GigaX2024/2048 L2 Managed Switch User Manual

• Enterprise MIB for PSU, fan, and system temperature, voltage

• Telnet or SSH2 remote login

• FTP for ﬁrmware update and conﬁguration backup

• IEEE 802.1x authentication (with dynamic VLAN assignment)

• DHCP snooping

• Syslog

• Command Line Interpreter through console, telnet and SSH

• Web-based Graphic User Interface (GUI)

• LEDs for port link status

• LEDs for system, redundant power supply (RPS), and fan status

1.2 Conventions used in this document

1.2.1 Notations

• Acronyms are deﬁned the ﬁrst time they appear in text and in the glossary.

• For brevity, the GigaX2024/2048 switch is referred to as “the switch.”

• The terms LAN and network are used interchangeably to refer to a group of Ethernet-connected computers at one site.

• The illustrations and web interface screens refer to both the GigaX 2048 and GigaX 2024 models, except otherwise indicated.

1.2.2 Typography

Boldface

lists, and text strings you type when prompted by the program.

type text is used for items you select from menus and drop-down

1.2.3 Symbols

This document uses the following icons to call your attention to speciﬁc instructions or explanations.

Provides clariﬁcation or additional information on the current topic.

Explains terms or acronyms that may be unfamiliar to many readers. These terms are also included in the Glossary.

Provides messages of high importance, including messages relating to personal safety or system integrity.

Page 15

GigaX2024/2048 L2 Managed Switch User Manual

2 Getting to know the GigaX

2.1 Package contents

The GigaX2024/2048 switch package comes with the following items:

• GigaX 2048 (48-port) or GigaX 2024 (24-port) L2 managed switch

• AC power cord

• Null modem cable for console interface (DB9)

• Rack installation kit (two brackets with six #6-32 screws)

• USB cable for console interface

• Installation CD-ROM

• Quick installation guide

Figure 1. GigaX L2 managed switch package contents

Page 16

GigaX2024/2048 L2 Managed Switch User Manual

2.2 Front Panel

The front panel includes 24/48 RJ-45 10/100Base-T ports, two 10/100/1000Base-T ports, two SPF GBIC port and LED indicators that show the status of the system, RPS, fan, and ports.

Figure 2. Front panel (GigaX 2048)

Figure 3. Front panel (GigaX 2024)

Table 1. Front panel labels and LEDs

Label Color Status Description

SYSTEM Green On Unit is powered on

Flashing Self-test, initiating, or downloading Amber On Abnormal temperature or voltage Off No power

RPS Green On The Power Supply Unit (PSU) is working properly

and the switch has a good redundant power supply Amber On The PSU is abnormal and the switch is powered by RPS Off No power (system LED is also off); RPS does not work

properly or not installed (system LED is on)

FAN Green On Both fans are working properly

Amber On Both or either one of the fans stopped

10/100 ports Green On Ethernet link is established

Flashing Data is being transmitted/received

Off No Ethernet link

10/100/1000 port status

10/100/1000 port speed

Green On Link (RJ-45 or SFP) is present; port is enabled

Flashing Data is being transmitted/received

Amber On Link is present, but port is disabled either manually or

by spanning tree

Flashing Port is in one of the STP blocking, listening and

learning state Off No Ethernet link Green On 1000Mbps Amber On 100Mbps Off 10Mbps

Page 17

GigaX2024/2048 L2 Managed Switch User Manual

2.3 Rear Panel

The switch rear panel contains the fan modules, two console ports (USB and DB9) and one RPS port..

Figure 4. Rear panel

Table 2. Rear panel labels

No. Label Description

1 Power Connector Connects to the supplied power cord

2 FAN1-FAN2 Replaceable system fans

3 Console RS232 RS232 serial port for console management

4 Console USB USB port for console management

5 RPS Redundant Power Supply connector

2.4 Technical speciﬁcations

Table 3. Technical speciﬁcations

Physical Dimensions

Power

Redundant Power Supply (RPS)

Environmental Ranges

Replaceable Fans

43.5mm(H) x 444 mm(W) x 265mm(D)

Input Consumption

100-240V AC/

2.5A 50-60Hz

Input Output

100-240V AC/

1.8A 50-60Hz

Temperature -10 to 50°C (14 to 122°F) -40 to 70°C (-40 to 158°F)

Humidity 15 to 90% 0 to 95%

Altitude up to 10,000ft (3,000m) up to 40,000 ft (12,000m)

Dimensions Voltage and Current Speed

40 x 40 x 20 mm 12VDC, 0.13A 8200RPM

< 90 watts

12V DC/12.5A

Operating Storage

Page 18

GigaX2024/2048 L2 Managed Switch User Manual

3 Quick start guide

This section provides the basic instructions to set up the switch environment. Refer also to the GigaX2024/2048 Installation Guide.

Part 1 shows how to install the GigaX2024/2048 on a ﬂat surface or on a rack.

Part 2 provides instructions to set up the hardware.

Part 3 shows how to conﬁgure basic settings on the GigaX2024/2048 switch.

Before start, obtain the following information from your network administrator:

IP address for the switch

Default gateway for the network

Network mask for this network

3.1 Part 1 — Installing the hardware

3.1.1 Installing the switch on a ﬂat surface

The switch must be installed on a level surface that can support the weight of the switch and its accessories. Attach four rubber pads on the marked location on the bottom of the switch.

3.1.2 Mounting the switch on a rack

1. Position the bracket posts with the holes on both sides of the switch.

2. Use three screws to secure the bracket to the switch.

3. Repeat the above steps for the other side of the switch.

4. Use four rack-mount screws to mount the switch to the rack (The rackmount screws are not provided in the package).

3.2 Part 2 — Setting up the switch

3.2.1 Connect the console port

For console management, use an RS232 (DB9) or a USB cable (requiring installation of the USB driver included in the support CD) to connect the switch. If you want to use Web interface, connect your PC to the switch using an Ethernet cable.

Page 19

Note

Console Management

RS-232

RPS

USB

Expension Hub/ Switch

LAN Computers

Cat.5 Ethernet Cables

GigaX2024/2048 L2 Managed Switch User Manual

3.2.2 Connect to the computers or a LAN

You can use Ethernet cable to connect computers, hubs and other switches to the switch ports. Either crossover or straight-through Ethernet cable can apply for connecting these devices.

Use a twisted-pair Category 5 Ethernet cable to connect the 1000BASE-T port. Otherwise, the link speed can not reach 1Gbps.

3.2.3 Attach the RPS module

Connect your Redundant Power Supply (RPS) module (optional) to the RPS jack on the rear panel of the switch and make sure the other end of the RPS is connected to the power cord. Connect to the power cord to a grounded power outlet.

3.2.4 Attach the power adapter

1. Connect the AC power cord to the POWER receptacle on the back of the switch and plug the other end of the power cord into a wall outlet or a power strip.

2. Check the front LED indicators with the description in Table 4. If the LEDs light up as described, the switch hardware is working properly.

Figure 5. Overview of Hardware Connections

Page 20

GigaX2024/2048 L2 Managed Switch User Manual

Table 4. LED Indicators

No. LED Description

1 System Solid green indicates that the switch is turned on. If this

light is off, check if the power adapter if attached to the switch and plugged into a power source.

2 Switch ports

[1] to [50] (2048) [1] to [26] (2024)

3 RPS Solid green indicates that an RPS module is successfully

4 Fan Solid green indicates that all fans are working properly

Solid green indicates that the connection between the switch and other devices is built. Flashing means the switch is transmitting data .

installed.

3.3 Part 3 — Basic switch setting for management

After completing the hardware connections, conﬁgure the basic settings for your switch. You can manage the switch using the following methods:

•

Web interface:

management via Java®-enabled IE5.0 or higher version.

•

Command Line Interface:

3.3.1 Setting up through the console port

the switch features a set of web pages which enable easy

using console port to conﬁgure the switch.

1. Use the supplied crossover RS-232 cable to connect to the console port on the back of the switch. This port is a male DB-9 connector, implemented as a data terminal equipment (DTE) connection. Tighten the retaining screws on the cable to secure it on the connector. Connect the other end of the cable to a PC running terminal emulation software. e.g Hyper Terminal.

2. Use the supplied USB cable to connect to a PC. You have to install the USB driver from the switch CD-ROM before connection. The USB driver simulates an additional COM port under Windows Me/2K/XP OS.

3. Make sure the settings of your terminal emulation software as follows:

a) Choose the appropriate serial port number

b) Set the data baud rate to 115200 (or 9600 on some models)

c) Set the data format to no parity, 8 data bits and 1 stop bit

d) No ﬂow control

e) Set VT1000 for emulation mode

4. After setting up the terminal, you can see the prompt “(ASUS)%” on the terminal.

Page 21

Note

5. Type “login” to access the command line interface. The default user name is “admin”. Skip the password by pressing

GigaX2024/2048 L2 Managed Switch User Manual

<Enter>

You can change the password at any time through CLI (see section 5.3.1). To protect your switch from unauthorized access, you must change the default password as soon as possible.

6. Follow these steps to assign an IP address to the switch:

a) Type

net interface ip sw0 <your ip address> <your network mask>

For example, if your switch IP is 192.168.10.1 and the network mask is

255.255.255.0. Then you should type

255.255.255.0

b) If the switch has to be managed across networks, then a default gateway

or a static route entry is required. Type

network gateway IP> 0.0.0.0 1

Figure 6.

net interface ip sw0 192.168.10.1

net route static add 0.0.0.0 <your

as your default route entry, as shown in

Figure 6. Login and IP setup Screen

3.3.2 Setting up through the Web interface

To connect your PC to the switch, your PC must have a valid IP in your network. Contact your network administrator to obtain a valid IP for the switch. If you wish to change the default IP address of the switch, follow section 3.3.1 to change the IP address.

1. It is not required to login the Web interface at the ﬁrst time because the default conﬁguration for Web access authentication is disabled. To secure the system conﬁguration, please enable the authentication function at the

Administration

disable the login authentication.

2. At any PC connected to the network that the switch can access, open your Web browser (Internet Explorer), and type the following URL in the address/ location box, and press

page under

<Enter>

http://192.168.1.1

category. Skip step 2 if you choose to

System

Page 22

GigaX2024/2048 L2 Managed Switch User Manual

Note

This is the factory default IP address of the switch.

A login screen appears, as shown in Figure 7.

Figure 7. Login Screen

Enter your user name and password, and then click OK to enter the Conﬁguration Manager. Use the following defaults the ﬁrst time you log into this interface:

Default User Name: admin

Default Password: (no password)

You can change the password at any time (see section 5.3.1 System Commands).

3. To setup a new IP address, click

System

, then

IP Setup

(see Figure 8). Fill

in the IP address, network mask and default gateway, then click OK.

4. When the new address is applied to the switch, the browser can no longer update the switch status window or retrieve any page. You need to retype the new IP address in the address/location box, and press

<Enter>

Web link returns.

5. To enable authentication for Web access, click list, then select

Enabled

to start the protection.

Administration

on the menu

6. A login window appears immediately after you click OK. See the ﬁgures on the next page.

Note that the GigaX 2048 and 2024 models have the same web interface, except for the front panel image on top of the screen (see ﬁgures on the next page).

The following sections show only one screen image (that of the GigaX 2048 model) if the screen contents for both models are the same. Both the GigaX 2048 and 2024 screens are shown when the screen elements are different.

, then the

Page 23

GigaX2024/2048 L2 Managed Switch User Manual

Figure 8.IP Setup (GigaX 2048)

Figure 9.IP Setup (GigaX 2024)

Page 24

GigaX2024/2048 L2 Managed Switch User Manual

Note

4 Management with the Web Interface

The switch provides Web pages that allow switch management through the Internet. The program is designed to work best with Microsoft Internet Explorer®

5.5, or later versions with Java® enabled.

4.1 Log into Web user interface

1. Open the web browser (IE) on your computer, type the following in the web address (or location) box, and press

http://192.168.1.1

This is the factory default IP address for the switch. A login screen displays as shown in Figure 10.

Netscape is not supported.

NOTE:

<Enter>

Figure 10. Conﬁguration manager login screen

2. Enter your user name and password, then click OK.

Use the following defaults the ﬁrst time you log into the system. You can change the password at any time through CLI interface (see section 5.3.1 on page 57).

Default User Name: admin

Default Password: <no password>

The home page appears each time you log into the program. See Figures 11 and 12).

Page 25

GigaX2024/2048 L2 Managed Switch User Manual

Figure 11. Home page (GigaX 2048)

Figure 12. Home page (GigaX 2024)

Page 26

GigaX2024/2048 L2 Managed Switch User Manual

4.2 Functional layout

The web-based conﬁguration page consists of three separate frames. The top frame has a switch logo and front panel as shown in Figures 13 and 14. This frame remains on the top of the browser window all the times and updates the LED status periodically. See Table 4 for the LED deﬁnitions. See Table 5 for the color status description.

Figure 13. Top frame (GigaX 2048)

Figure 14. Top frame (GigaX 2024)

Table 5. Port color description

Port Color Description

Green Ethernet link is established

Black

Amber Link is present but port is disabled manually or by spanning tree

No Ethernet link

Clicking on the port icon of the switch displays the port conﬁguration in the lower right frame.

The left frame, which is shown in Figure 15, contains all the features available for switch conﬁguration. These features are grouped into categories, e.g. System, Bridge, etc. You can click on any of these to display a speciﬁc conﬁguration page.

Page 27

GigaX2024/2048 L2 Managed Switch User Manual

Figure 15. Expanded Menu List

The above frame displays conﬁguration pages or graphics for the statistics. See section 4.3 for details.

4.2.1 Menu navigation tips

• To expand a group of related menus, click on the corresponding group name. The sign will change to after expansion.

• To contract a group of related menus: click on the corresponding group name. The sign will appear next to the group name.

• To open a speciﬁc conﬁguration page, click on the desired menu item.

Page 28

GigaX2024/2048 L2 Managed Switch User Manual

4.2.2 Commonly used buttons and icons

The following table describes the function for each button and icon used in the application.

Table 6. Commonly used buttons and icons

Button/Icon Description

Stores any changes you have made on the current page.

Adds the existing configuration to the system, e.g. a static MAC address or a ﬁrewall ACL rule and etc.

Modiﬁes an existing entry

Modiﬁes the existing conﬁguration in the system, e.g. a static route or a ﬁlter ACL rule and etc.

Deletes the selected item, e.g. a static route or a ﬁlter ACL rule and etc.

Re-displays the current page with updated statistics or settings.

4.3 System Pages

System pages include management, IP setup, administration, reboot, and ﬁrmware update function.

4.3.1 Management

The Management page contains the following information:

Model Name:

MAC Address:

System Name:

System Name can not include character ʻ/ʼ.

System Contact

System Location

Click on OK to make the setting effective immediately. Click on refresh the setting to current value, as shown in Figure 16. To save conﬁguration permanently, please go to

product name

switch MAC address

user assigned name to identify the system (editable).

(editable). System Contact can not include character ʻ/ʼ.

(editable). System Location can not include character ʻ/ʼ.

Reload

Save Conﬁguration

page, then click on

Save

Page 29

GigaX2024/2048 L2 Managed Switch User Manual

Figure 16. Management

4.3.2 IP Setup

The switch supports dynamic IP and static IP assignment. Dynamic IP can be got from a DHCP server within the same VLAN. The IP Setup page contains the following editable information:

VLAN ID:

necessary to be within the same VLAN for management usages.

DHCP Client:

to specify a static IP address. The DHCP server must be reachable within the management VLAN.

IP Address:

Network Mask

Default Gateway

Click on OK to make the setting effective immediately. Click on refresh the setting to current value, as shown in Figure 17. To save conﬁguration permanently, please go to

Speciﬁes a VLAN ID to system management interface. It is

Enables DHCP to get a dynamic IP address, or disable DHCP

Assigns a static IP address to the switch management interface.

Reload

Save Conﬁguration

page, then click on

Save

Figure 17. IP Setup

Page 30

GigaX2024/2048 L2 Managed Switch User Manual

Note

Warning

4.3.3 Administration

The Administration page allows to enable or disable the password protection for web user authentication. The default setting does not require any authentication.

To save any changes and make it effective immediately, click OK. Use to update the setting, as shown in Figure 18. When you enable the password protection, you have to login again immediately.

Reload

You can change the password at any time through the CLI interface.

Figure 18. Administration

4.3.4 Reboot

The Reboot page contains a system.

button. Clicking the button to reboot the

Reboot

Rebooting the system stops the network trafﬁc and terminates the Web interface connection.

Figure 19. Reboot

4.3.5 Firmware Upgrade

The Firmware Upgrade and Auto-conﬁg page contains the following information:

Hardware Version:

Boot ROM Version:

Firmware Version:

number renews automatically after ﬁrmware update is complete.

shows the hardware revision number.

shows the version of the boot code

shows the current running ﬁrmware version. This

Page 31

Warning

Browse...

Enter the ﬁrmware (or auto-conﬁg ﬁle) location into the ﬁrmware space directly, or click

Browse...

from prompt window. Click ﬁle). See Figure 20 for reference.

Click the upload button to load the assigned ﬁrmware to the switch, then reboot system after a successful ﬁrmware update. You need to login again after reboot.

to choose the ﬁle name of the ﬁrmware (or auto-conﬁg ﬁle)

GigaX2024/2048 L2 Managed Switch User Manual

to update the switch ﬁrmware (or auto-conﬁg

Upload

DO NOT cut the power supply of the switch when the ﬁrmware upgrading is in process. Update failure can cause the switch unable to boot.

The ﬁle name of the auto-conﬁg ﬁle must be "conﬁg.bat"; the ﬁrst line must be "#autoconﬁg".

Figure 20. Firmware Upgrade

4.4 Physical Interface

The Physical Interface shows the realtime Ethernet port status. You can conﬁgure the port in following ﬁelds:

select the port to conﬁgure

Port:

disable/enable the port

Admin:

set the speed and duplex mode

Mode:

Flow Control:

Port Status Window:

Link status:

State:

Admin:

Mode:

Flow Control:

mechanism

enable/disable 802.3x ﬂow control mechanism

displays the following information for each port

the link speed and duplex if link exists

the Spanning Tree Protocol (STP) state

the setting value to disable or enable the port

the setting value for link speed and duplex mode

the setting value to enable or disable 802.3x ﬂow control

Page 32

GigaX2024/2048 L2 Managed Switch User Manual

Select the corresponding port and conﬁgure the port setting, then click on the

button. The ﬁeld you change will update the content of the display

Modify

window. Click to refresh the setting to current value. To make the conﬁguration effective, go to

Save Conﬁguration

to send the settings to the switch (HTTP server). Click

page, then click on

Save

Reload

Figure 21. Physical Interface

4.5 Bridge

The Bridge page group contains layer 2 conﬁgurations, like link aggregation,

STP....etc..

4.5.1 Spanning Tree

The Spanning Tree page activates the conﬁguration while the switch is working. The page consists of three parts.

The ﬁrst part shows the root information. It shows the current STP setting about the root switch.

The second part is STP setting. The following options are available:

Disable/STP Enable/RSTP Enabled:

turn the STP/RSTP on, STP/RSTP will use the following settings if the switch is the root switch.

Hello Time:

Max Age:

Forward Delay:

Bridge Priority:

The third part is port setting. It contains a display window to show the current conﬁguration for each port. Click RSTP. The following ﬁelds are available:

Port:

the interval between the generation of conﬁguration BPDU

a timeout value to be used by all Bridges in the LAN

a timeout value to be used by all bridges in the LAN

the switch priority in the LAN

Modify

select the corresponding port to conﬁgure

Turn the STP/RSTP off/on. When you

to change the port setting for STP/

Page 33

GigaX2024/2048 L2 Managed Switch User Manual

Priority:

priority. The port with lower priority is more likely to be blocked by STP if a network loop is detected. The valid value is from 0 to -240.

Cost:

to be blocked by STP if a network loop is detected.

Edge Port:

STP port when BPDU is received. Also, it takes very short time for an edge port to be in forwarding state.

Point to Point:

point link. Otherwise, it is a shared link. Point to point link may have less convergence time. Auto is recommended in most cases.

Click on OK to make the setting effective immediately. Click on refresh the setting to current value. To save conﬁguration permanently, please go to

the port priority in the switch. Low numeric value indicates a high

the valid value is from 1 to200000000. The higher cost is more likely

All ports are set to be edge ports by default. Edge port becomes

Auto/Yes/No. A full duplex link is considered as a point to

Reload

Save Conﬁguration

page, then click

Save

Figure 22. Spanning Tree

4.5.2 Link Aggregation

This page is used to conﬁgure the link aggregation group (port trunking). The switch can have 6 link aggregation groups.

Show Trunk:

an existing group to display related ﬁelds and port icons.

Port Selection Criterion:

Select “Add a new Trunk” for a new created group, or select

the algorithm to distribute packets among the ports

Page 34

GigaX2024/2048 L2 Managed Switch User Manual

Note

of the link aggregation group according to source MAC address, destination MAC address, source and destination MAC address, source IP address, destination IP address, or source and destination IP address.

the group name. The string of group name cannot include character ʻ/ʼ

Name:

and space.

Trunk ID:

LACP:

Active.

Remove Trunk:

Port Icons:

to click on the icon the select the group members. The port can be removed from the group by clicking the selected port again.

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

You have to check the runtime link speed and duplex mode to make sure the trunk is physically active. Go to the runtime status window for the trunk ports. If all the trunk members are in the same speed and full duplex mode, then the trunk group is set up successfully. If one of the members is not in the same speed or full duplex mode, the trunk is not set correctly. Check the link partner and change the settings to have the same speed and full duplex mode for all the members of your trunk group.

a number to identify the trunk group besides the group name.

Enable/Disable LCAP on selected trunk. LACP mode is ﬁxed to be

Remove the selected trunk.

these port icons are listed in a way like the front panel. You have

Reload

page, then click

Physical Interface

Save

and check the link mode in

• All the ports in the link aggregation group MUST operate in full-duplex mode at the same speed.

• All the ports in the link aggregation group MUST be conﬁgured in auto-negotiation mode or full duplex mode. This conﬁguration will make the full duplex link possible. If you set the ports in full duplex force mode, then the link partner MUST have the same setting. Otherwise the link aggregation could operate abnormally.

• All the ports in the link aggregation group MUST have the same VLAN setting.

• All the ports in the link aggregation group are treated as a single logical link. That is, if any member changes an attribute, the others will change too. For example, a trunk group consists of port 1 and 2. If the VLAN of port 1 changes, the VLAN of port 2 also changes with port 1.

Page 35

Note

GigaX2024/2048 L2 Managed Switch User Manual

Figure 23. Link aggregation (GigaX 2048)

Figure 24. Link aggregation (GigaX 2024)

4.5.3 Mirroring

Mirroring, together with a network trafﬁc analyzer, helps you monitor network trafﬁcs. You can monitor the selected ports for egress or ingress packets.

Selects the mirror group. Each group consists of 24 Fast Ethernet

Mirror:

ports and one Gigabit port. (for GigaX 2048 only)

Mirror Mode:

Monitor Port:

ports.

GigaX 2048 has two monitor ports. Each port can monitor 24 Fast Ethernet ports and one Gigabit port.

GigaX 2024 has only one monitor port. The port can monitor 24 Fast Ethernet ports and two Gigabit ports.

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

Enables or disables the mirror function for the selected group.

Receives the copies of all the trafﬁcs in the selected mirrored

The monitor port can not belong to any link aggregation group.

The monitor port can not belong to any Private VLAN.

The monitor port can not operate as a normal switch port. It does not switch packets or do address learning.

Reload

page, then click

Save

Page 36

GigaX2024/2048 L2 Managed Switch User Manual

Figure 25. Mirroring page (GigaX 2048)

Figure 26. Mirroring page (GigaX 2024)

4.5.4 Static Multicast

This page can add multicast addresses into the multicast table. The switch can hold up to 255 multicast entries. All the ports in the group will forward the speciﬁed multicast packets to other ports in the group.

Show Group:

existing group address to display

MAC Address:

VLAN:

isolated port is forwarded only to promiscuous port.

assigns the priority for Class of Service

CoS:

Click OK to make the setting effective immediately. Click settings to current value. To save conﬁguration permanently, please go to

Conﬁguration

selects “Add a new Group” to enter a new entry. Or select an

the multicast address

selects the vlan group . If you selected a Private VLAN, trafﬁc from

to refresh the

Reload

page, then click on

Save

Page 37

GigaX2024/2048 L2 Managed Switch User Manual

Figure 27. Static Multicast (GigaX 2048)

Figure 28. Static Multicast (GigaX 2024)

4.5.5 IGMP Snooping

IGMP snooping helps reduce the multicast trafﬁcs on the network by allowing the IGMP snooping function to be turned on or off. When turned on, the switch snoops the IGMP packets and puts the new group into the multicast table. However, if the static entries occupy all 255 spaces, the IGMP snoop does not work normally. The switch only allows 255-layer 2 multicast group.

Click OK to make the setting effective immediately. Click settings to current value. To save conﬁguration permanently, please go to

Conﬁguration

page, then click on

Save

Reload

to refresh the

Save

Figure 29. IGMP Snooping

4.5.6 Trafﬁc Control

Trafﬁc control prevents the switch bandwidth from ﬂooding packets including broadcast packets, multicast packets and the unicast packets because of destination address lookup failure. The limit number is a threshold to limit the total number of the checked type packets. For example, if broadcast and multicast are enabled, the total trafﬁc amount for those two types will not exceed

Page 38

GigaX2024/2048 L2 Managed Switch User Manual

the limit value. Trafﬁc control does not work for isolated port of Private VLAN.

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

page, then click

Save

Reload

Figure 30. Trafﬁc Control

4.5.7 Dynamic Addresses

This page displays the result of dynamic MAC address lookup by port, VLAN ID, or speciﬁed MAC address. The dynamic address is the MAC address learned by switch, it will age out from the address table if the address is not learned again during the age time. User can set the age time by entering a valid number from 10 to 1,000,000 in seconds. Then click OK to make the setting effective immediately. Click conﬁguration permanently, please go to

Save

You can look up MAC addresses by checking the port, VLAN ID, or/and MAC address, then click on the the query.

to refresh the settings to current value. To save

Reload

Save Conﬁguration

. The address window will display the result of

Query

page, then click on

Figure 31. Dynamic Address

Page 39

GigaX2024/2048 L2 Managed Switch User Manual

4.5.8 Static Addresses

You can add a MAC address into the switch address table. The MAC address added by this way will not age out from the address table. We call it static address. The switch only allows 1024 static addresses.

MAC Address:

VLAN ID:

Port Selection:

Discard:

packets as destination address, source address, or either of them.

Click on the information. Then you will see the new added entry shows in the address window. You can remove the existed address by selecting the entry with the mouse, then clicking on address entries. You can look up a static address entry by MAC address and VLAN ID, then click on the switch (HTTP server). Click make the conﬁguration effective, please go to click

Save

enter the MAC address

enter the VLAN ID that the MAC belongs

select the port which the MAC belongs

you can do packet ﬁltering when the MAC address appears in the

when you create a new static MAC address by the above

Add

Remove. The Modify

. Click OK to make the setting send to the

Query

to refresh the settings to current value. To

Reload

button updates the existed MAC

Save Conﬁguration

page, then

Figure 32.Static Address

4.5.9 Tagged VLAN

You can set up to 255 VLAN groups and show VLAN group in this page. There is a default VLAN created by the switch. This feature prevents the switch from malfunctions. You can remove any existed VLAN except the default VLAN.

You can assign the port to be a tagged port or an untagged port by toggling the port button. There are three types of button displays:

“U” type:

packets.

untagged port that will remove VLAN tags from the transmitted

Page 40

GigaX2024/2048 L2 Managed Switch User Manual

“T” type:

“blank” type:

All packets transmitted from this port will be tagged.

This port is not a member of the VLAN group.

If one untagged port belongs to two or more VLAN groups at the same time, it will confuse the switch and cause ﬂooding trafﬁcs. To prevent it, the switch only allow one untagged port belongs to one VLAN at the same time. That is, the untagged port belongs to the VLAN group which is called “PVID” and conﬁgured in the “Default Port VLAN & CoS” page. If you want to assign an untagged port from one VLAN to another, you have to remove it from the original VLAN, or change it to be tagged in the original VLAN ﬁrst.

Show VLAN:

select the existed VLAN to display or select “Add a new VLAN”

to create a new VLAN group

the VLAN name. The string of VLAN name can not include character ʻ/ʼ

Name:

and space.

DHCP Snoop:

VLAN ID:

Enable or disable DHCP snooping on this VLAN.

this ﬁeld requires user to enter the VLAN ID when a new VLAN is

created

Remove VLAN:

Remove an existed VLAN. This ﬁeld disappears in VLAN

creation page.

Private VLAN:

Set this VLAN to be a Private VLAN(PVLAN). PVLAN is to provide LAN security with the simplicity of VLAN conﬁguration. System administrator can reduce the VLAN and IP consumption but provide the same security to LAN. We cannot use default VLAN(VLAN 1) as the PVLAN. In our system, the total number of PVLAN is four. There are two types port in a PVLAN, they are described as follows.

Promiscuous Port:

A PVLAN must and only can have one promiscuous

port. It communicates with all interfaces within a PVLAN.

Isolated Port:

The non-promiscuous ports in a PVLAN. It has complete Layer 2 separation from the other ports within the same PVLAN, but not from the promiscuous port. PVLANs block all trafﬁc to isolated ports except trafﬁc from promiscuous port. Trafﬁc from isolated port is forwarded only to promiscuous port. Trafﬁc control do not work for isolated port.

Promiscuous Port:

Select a promiscuous port for a PVLAN. This ﬁeld is

effective when Private VLAN ﬁeld is checked.

Click OK to make the setting send to the switch (HTTP server). Click

Reload

to refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

page, then click

Save

Page 41

GigaX2024/2048 L2 Managed Switch User Manual

Figure 33. Tagged VLAN (GigaX 2048)

Figure 34. Tagged VLAN (GigaX 2024)

4.5.10 Default Port VLAN and CoS

Some VLAN tag related ﬁeld settings for each port are included in this page. It includes:

select the port to conﬁgure

Port:

port-based VLAN ID. Every untagged packet received from this port will

PVID:

be tagged with this VLAN group ID

CoS (Class of Service) value:

will be assigned to this CoS in the VLAN tagged

Click on make the setting send to the switch (HTTP server). Click settings to current value. To make the conﬁguration effective, please go to

Conﬁguration

to change the content in the port list window. Click OK to

Modify

page, then click

every untagged packet received from this port

to refresh the

Reload

Save

Page 42

GigaX2024/2048 L2 Managed Switch User Manual

Figure 35. Default Port VLAN and CoS

4.5.11 DHCP Snooping

DHCP snooping is a DHCP security feature that provides security by ﬁltering untrusted DHCP messages and by building and maintaining a DHCP binding table.You can assign some ports to be trusted ports. The selected (trusted) port forwards the DHCP packets as a normal port, but the DHCP ACK packets will be dropped when the unselected (untrusted) port receives the packets.

DHCP Snooping is:

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

To enable or disable DHCP snooping.

page, then click

Save

Reload

Figure 36. DHCP Snooping (GigaX 2048)

Figure 37. DHCP Snooping (GigaX 2024)

Page 43

GigaX2024/2048 L2 Managed Switch User Manual

4.6 SNMP

This group offers the SNMP conﬁguration including Community Table, Host Table, and Trap Setting. To provide more secure management and access control, SNMPv3 is supported.

4.6.1 Community Table

You can type different community names and specify whether the community has the privilege to do set action (write access) by checking the box. Click

to make the setting effective immediately. Click

settings to current value. To save conﬁguration permanently, please go to

Conﬁguration

page, then click on

Save

. .

Figure 38. Community Table

4.6.2 Host Table

Reload

to refresh the

Save

This page links host IP address to the community name that is entered in Community Table page. Type an IP address and select the community name from the drop-down list. Click OK to make the setting effective immediately. Click permanently, please go to

to refresh the settings to current value. To save conﬁguration

Reload

Save Conﬁguration

page, then click on

Save

Figure 39. Host Table

Page 44

GigaX2024/2048 L2 Managed Switch User Manual

4.6.3 Trap Setting

By setting trap destination IP addresses and community names, you can enable SNMP trap function to send trap packets in different versions(v1 or v2c). Click

to make the setting effective immediately. Click

settings to current value. To save conﬁguration permanently, please go to

Conﬁguration

page, then click on

Save

Reload

to refresh the

Save

Figure 40. Trap Setting

4.6.4 VACM Group

VACM(View-based Access Control Model) Group is used to conﬁgure the information of SNMPV3 VACM Group.

Group Name:

allowed. Group name(Security Name) for SNMPv1&v2 is ro_noauth or rw_noauth only.

Read View Name:

related SNMP messages are Get, GetNext, GetBulk.

Write View Name:

related SNMP message is Set.

Notify View Name:

related SNMP messages are Trap, Report. Inform request. Note that this aspect of access control is not currently supported.

Security Model:

Any is suitable for v1,v2,v3. USM is SNMPv3 related.

Security level:

NoAuth, AuthNopriv, AuthPriv can be chosen. Itʼs all accepted that security level of PDU is greater or eaual.

Click on the information. Then you will see the new added entry shows in the group window.

enter the security group name. Multiple same names are

enter the Read View Name that the Group belongs. The

enter the Write View Name that the Group belongs. The

enter the Notify View Name that the Group belongs. The

enter the Security Model Name that the Group belongs.

enter the Security level Name that the Group belongs. Only

when you create a new VACM group entry by the above

Add

Page 45

You can remove the existed group by selecting the entry with the mouse, then clicking on entries. Click OK to make the setting effective immediately. Click refresh the settings to current value. To save conﬁguration permanently, please go to

Remove

Save Conﬁguration

. The

GigaX2024/2048 L2 Managed Switch User Manual

button updates the existed VACM Group

Modify

Reload

page, then click on

Save

Figure 41. VACM Group

4.6.5 VACM View

VACM(View-based Access Control Model) View is used to view the information of SNMPV3 VACM Group.

View Name:

allowed.

View Type:

when View Subtree matches the Oid in the SNMPv3 message.

View Subtree:

the Oid to match the Oid in the SNMPv3 message. The match is good when the subtree is shorter than the Oid in the SNMPv3 message. Decimal value is needed.

View Mask:

mask represents the digit between the dots of View Subtree from left side. Bit ʻ0ʼ means ʻdonʼt careʼ. Even amount of diﬁts(ex. Ff, ffc0) is preferred. Hex value is needed.

Click on information. Then you will see the new added entry shows in the view window. You can remove the existed views by selecting the entry with the mouse, then clicking on entries. Click OK to make the setting effective immediately. Click refresh the settings to current value. To save conﬁguration permanently, please

Add

enter the security group name. Multiple same names are

enter the View Type that the View belongs. Included or Excluded

enter the View Subtree that the View belongs. The Subtree is

enter the View Mask that the View belongs. Each bit in the

when you create a new VACM View entry by the above

Remove. The Modify

button updates the existed VACM View

Reload

Page 46

GigaX2024/2048 L2 Managed Switch User Manual

go to

Save Conﬁguration

page, then click on

Save

Figure 42. VACM View

4.6.6 USM User

USM(User-based Security Model) User is used to conﬁgure the information of SNMPV3 USM User.

Engine Id:

Name:

and Engine ID in the Manager.

Auth Protocol:

Only NoAuth ,MD5, SHA1 can be chosen. If the NoAuth is chosen, there is no need to enter password.

Auth Password:

password needs at least 8 characters or digits.

Priv Protocol:

Only NoPriv ,DES can be chosen. If the NoPriv is chosen, there is no need to enter password.

Priv Password:

password needs at least 8 characters or digits.

Click on Then you will see the new added entry shows in the User window. You can remove the existed User by selecting the entry with the mouse, then clicking on

Remove

to make the setting effective immediately. Click

settings to current value. To save conﬁguration permanently, please go to

Conﬁguration

enter the Engine Id that should match the ID in the Manager..

enter Name combined with Engine ID that should match the Name

enter the Auth Protocol that Engine ID and Name belong.

enter the password that the Auth Protocol belongs. The

enter the Priv Protocol that Engine ID and Name belong.

enter the password that the Priv Protocol belongs. The

when you create a new USM User entry by the above information.

Add

. The

page, then click on

button updates the existed USM User entries. Click

Modify

to refresh the

Reload

Save

Page 47

GigaX2024/2048 L2 Managed Switch User Manual

Figure 43. USM User

4.7 Filters

The switch can ﬁlter certain trafﬁc types according to packet header information from Layer 2 to Layer 4. Each ﬁlter set includes a couple of rules. You have to attach the ﬁlter set to certain ports to make the ﬁlter work.

4.7.1 Filter Set

You can create a ﬁlter set by giving a name, ID and a mode of rules. The switch deﬁnes two modes of rules, one is MAC mode and the other is IP mode. Only the same mode of rules can bundle together to form a ﬁlter set. Each mode has different ﬁelds to conﬁgure. For example, you can use IP mode rule to ﬁlter FTP packets. The string of ﬁlter name cannot include characters ʻ/ʼ, ʻ#ʼ, ʻ&ʼ and space.

When you click on the Set, the Filter Set page appears (Figure 39). First, create a ﬁlter set by typing a name and ID, then clicking on

button to select the set you want to edit or remove. Third, click on enter the rule page as Figure 40, or click on You have to follow the rules to make a valid ﬁlter set.

• One set consists of a type of rules. The rules having the same ﬁelds to ﬁlter packets belong to one type. For example, two rules ﬁlter packets with two destination IP addresses, then they are the same type. But a rule ﬁltering source IP address does not belong to the same type.

• Four types of rules can apply to ports at the same time. If there are more than four types, the system automatically disables the rules.

Remove

. Second, click on the

Add

Edit

to remove the ﬁlter set.

Page 48

GigaX2024/2048 L2 Managed Switch User Manual

Figure 44. Filter Set

The Filter Rule page provides options for rule modes, one is MAC rule (Figure

40) and the other is IP rule (Figure 41). If you did not enter the MAC address in the blank box, it means the rule donʼt care the MAC value. In IP rule setup, you can enter any of the 5 tuples, source IP, destination IP, protocol, source application port and destination application port. The the packet should be dropped or forwarding when it matches the rule. If a packet matches two rules with different action, the packet will follow the rule showed ﬁrst in the rule list.

ﬁeld determines if

Action

Figure 45. Filter Rule in MAC mode

Figure 46. Filter Rule in IP mode

Page 49

Note

GigaX2024/2048 L2 Managed Switch User Manual

4.7.2 Filter Attach

A ﬁlter set is idle if you did not attach it to any ingress or egress port. Use the Filter Attach page to attach a ﬁlter set to ingress and egress ports.

Click OK to make the setting send to the switch(HTTP server).To make the conﬁguration effective, go to the click on

To attach a ﬁlter set to ports:

• Attach to all ports: the ﬁlter set applies to all the ports of the system.

• Attach to certain ports: you can specify the ingress ports and egress port to be applied. For GigaX 2048, the egress ports and ingress ports must be in the ports 1-24 and 49, or ports 25 – 48 and 50.

• Detach from all ports: remove all the ﬁlters from the attached ports.

to refresh the page.

Reload

Save Conﬁguration

You may not detach certain ports after issuing an “Attach All” command. If you wish to detach ports, use the “Detach All” command.

Once the ﬁlter set is attached to the ingress ports and egress ports, it will ﬁlter the packets according to the ingress port, egress port, and the packet ﬁelds in the rules. For example, a set with a single rule to ﬁlter out destination MAC address 00:10:20:30:40:50 is attached to ingress port 1 and egress port 2. A packet with destination MAC 00:10:20:30:40:50 from port 1 is not switched to port 2, but it is possible to go to other ports except port 2 in ﬂooding situation.

page, then click

Save

, or

Figure 47. Filter Attach (GigaX 2048)

Page 50

GigaX2024/2048 L2 Managed Switch User Manual

Figure 48. Filter Attach (GigaX 2024)

4.8 Security

The switch has the 802.1x port-based security feature. Only authorized hosts are allowed to access the switch port. Trafﬁc is blocked for hosts failed to authenticate themselves. The authentication service is provided by a RADIUS server or the local database in the switch.

The switch also support dynamic VALN assignment through 802.1x authentication process. The VLAN information for the users/ports should be conﬁgured in the authentication server properly before enabling this feature.

The switch has the port security feature. Users can use the port security feature to restrict input to an interface by limiting and identifying MAC addressed of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward with source addresses outside the group of deﬁned addresses.

4.8.1 Port Access Control

Port Access Control is used to conﬁgure various 802.1x parameters. 802.1x uses either RADIUS server or local database(support MD5 authentication only) to authenticate port users.

The ﬁrst part is the Bridge(Global) settings:

Reauthentication:

user again when the re-authentication time is up.

Reauthentication Time:

the switch uses to re-send authentication request to the port user.(see above)

Authentication Method:

authenticate the port user.

Once enabled, The switch will try to authenticate the port

If ʻReauthenticationʼ is enabled, this is the time period

RADIUS or Local database can be used to

Page 51

GigaX2024/2048 L2 Managed Switch User Manual

Quiet Period:

If authentication failed either from RADIUS or local database, the switch waits upon this time period before sending another authentication request to the port user.

Retransmission Time:

If the port user failed to respond to authentication request from the switch, the switch waits upon this time period before sending another authentication request to the port user.

Max Reauthentication Attempts:

Retry count if the port user failed to

respond to authentication requests from the switch.

The second part is the port settings. Please click

when youʼre done with

Modify

the modiﬁcations.

Specify which port to conﬁgure.

Port:

Multi-host:

If enabled, ALL hosts connected to the selected port are allowed to use the port if ONE of the hosts passed the authentication. If disabled, only ONE host among other hosts passed the authentication is allowed to use the port.

Authentication Control:

If ʻforce_authorizedʼ is selected, the selected port is forced authorized. Thus, trafﬁc from all hosts is allowed to pass. Otherwise, if ʻforce_unauthorizedʼ is selected, the selected port is blocked and no trafﬁc can go through. If ʻAutoʼ is selected, the behavior of the selected port is controlled by 802.1x protocol. All ports should be set to ʻAutoʼ under normal conditions.

Guest VLAN:

Click OK to make the setting send to the switch (HTTP server). Click

Specify a guest VLAN to clients that are not 802.1x-capable.

Reload

refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

page, then click

Save

Figure 49. Port Access Control

Page 52

GigaX2024/2048 L2 Managed Switch User Manual

Note

4.8.2 Dial-In User

Dial-in User is used to deﬁne users in the local database of the switch.

User Name:

Password:

Conﬁrm Password:

Dynamic VLAN:

Please click the modiﬁcations. Click Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

New user name.

Password for the new user.

Enter the password again.

Specify the VLAN ID assigned to 802.1x-authenticated clients.

to add the new user. Click

Add

Remove

when you want to remove the selected user.

page, then click

when youʼre done with

Modify

Save

Reload

Figure 50. Dial-In user

4.8.3 RADIUS

In order to use external RADIUS server, the following parameters are required to be setup:

Authentication Server IP:

Authentication Server Port:

listening to.

Authentication Server Key:

GigaX and the RADIUS server.

Conﬁrm Authentication Key:

The VLAN of the RADIUS server connected to the switch must be the same as the VLAN of the system management interface.

The IP address of the RADIUS server.

The port number for the RADIUS server is

The key is used for communications between

Re-type the key entered above.

Page 53

GigaX2024/2048 L2 Managed Switch User Manual

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

page, then click

Save

Reload

Figure 51. RADIUS

4.8.4 Port Security

Port security pages include port conﬁguration, port status, and secure MAC addresses function.

4.8.4.1 Port Conﬁguration

This page is used to conﬁgure various Port Security parameters. The total number of available secure MAC addresses on the switch is 1024. Users can conﬁgure the port in following ﬁeld:

select the port to make conﬁguration.

Port:

disable/enable port security feature on the port.

Admin:

Violation Mode:

violation occurs. It is a security violation when the maximum numbers of secure MAC address have been added to the address table, and a station whose MAC address is not in the address table attempts to access the interface. You can conﬁgure the interface for one of three violation modes:

a) Protect:

occurred.

b) Restrict:

occurred. Speciﬁcally, an SNMP trap is sent, a syslog message is logged, and the violation counter increments.

c) Shutdown:

become blocking state immediately It also sends an SNMP trap, logs a syslog message, and increments the violation counter..

Max MAC Addresses:

addresses. The valid value is from 1 to 132. The sum of this value for all ports is less than or equal to the maximum number of secure MAC address allowed in the switch.

Aging Time:

set the violation mode. The action to be taken when a

In this mode, you are not notiﬁed that a security violation has

In this mode, you are notiﬁed that a security violation has

In this mode, a port security violation causes the interface to

set the maximum numbers of secure MAC

set the aging time. The valid value is from 0 to 1440(mins). The

Page 54

GigaX2024/2048 L2 Managed Switch User Manual

aging mechanism is only effective for dynamic secure MAC addresses. If the time is equal to 0, the aging mechanism is disabled for this port.

Aging Type:

secure MAC addresses are aged out. Two types of aging are supported for each port:

a) Absolute:

speciﬁed aging time.

b) Inactivity:

no data trafﬁc from the secure source MAC address for the speciﬁed time period.

Select the corresponding port number and conﬁgure the port setting, then click on the

Modify

display window. Click OK to make the setting effective immediately. Click to refresh the settings to current value. To save conﬁguration permanently, please go to

set the aging type. To determines the action when the dynamic

the secure addresses on the port are deleted after the

the secure addresses on the port are deleted only if there is

button. The ﬁeld you changed will update the content of the

Reload

Save Conﬁguration

page, then click on

Save

Figure 52. Port Conﬁguration

4.8.4.2 Port Status

This page is display the port security information for all ports. The information of the display window is as follows:

port number.

Port:

Status:

a) NoOper:

b) SecureUp:

c) SecureDown:

happens when port security is conﬁgured to be enabled but could not be operational due to certain reasons such as conﬂict with other features.

d) Restrict:

this indicates port security on the port is conﬁgured to disabled.

this indicates port security is operational.

this indicates port security is not operational. This

this indicates that the port occurs port security violation when

Page 55

GigaX2024/2048 L2 Managed Switch User Manual

the violation mode is ʻrestrictʼ.

e) Shutdown:

this indicates that the port is shutdown due to port security

violation occurs when the violation mode is ʻshutdownʼ.

Restart:

TotalMacAddrCount:

whether to restart the port in shutdown status (Yes/No).

the total numbers of current static and dynamic

secure MAC addresses.

StaticMacAddrCount:

the total numbers of current static secure MAC

addresses.

ViolationCount:

Port security status shows

the total numbers of secure violation.

SecureDown

if one of the following situations occurs:

• The port is link down.

• Administrative bridge port state is disables.

• The port is a trunk port.

• The port is a monitor port in port mirroring.

• The port is running 802.1x and in the single-host mode.

If the status of a port is ʻShutdownʼ, users can select the corresponding port number and set

Restart

, then click on the

Yes

button. The ﬁeld you

Modify

changed will update the content of the display window. Click OK to make the setting effective immediately. Click value. To save conﬁguration permanently, please go to page, then click on

Save

to refresh the settings to current

Reload

Save Conﬁguration

Figure 53. Port Status

Page 56

GigaX2024/2048 L2 Managed Switch User Manual

4.8.4.3 Secure MAC Addresses

Users can add a MAC address into the secure MAC address table of one port. The MAC address added by this way will not age out from the secure MAC address table. We call it static secure MAC address.

MAC Address:

Port Selection:

Click on information. Then you will see the new added entry shows in the address window.

Users can select one port from Port Selection, then click on the portʼs current total secure MAC addresses show in the address window.

Users can remove the existed address by selecting the entries with the mouse, then click on please press

Click secure MAC address permanently, please go to click on

Add

Save

enter the MAC address.

select the port, which the MAC belongs.

after you create a new static MAC address by the above

. You will see

Query

Remove

<Shift>

Remove

to remove them. When you want to select multi-entries,

of the keyboard and selecting the entries with the mouse.

, the conﬁguration effective immediately. To save static

Save Conﬁguration

page, then

Figure 54. Secure MAC Addresses

4.9 QoS

When you conﬁgure the QoS feature, you can select speciﬁc network trafﬁc prioritize it according to its relative importance. It makes network performance more predictable and bandwidth utilization more effective.

QoS pages include trust state, mapping, class set, policy set, policy attach, and CoS function.

Page 57

GigaX2024/2048 L2 Managed Switch User Manual

4.9.1 Trust State

This page is used to conﬁgure packets classiﬁcation using port trust states. Users can conﬁgure the port in following ﬁeld:

select the port to make conﬁguration.

Port:

set the trust state Three types of state are supported for each port.

State:

a) No

No trust state to classify ingress packets.

CoS

Classiﬁes ingress packets with the packet CoS values.

For tagged IP packets – the DSCP value of the packet is modiﬁed based on the CoS-to-DSCP map.

For untagged IP packets – the DSCP value of the packet is modiﬁed based on the default port CoS-to-DSCP map

CosOverride:

can be enabled when Trust State is ʻNoʼ trust. CoS Override will override the previously conﬁgured trust state and apply the default port CoS value to all incoming packets. If a port was previously set to trust DSCP, this command overrides the previously conﬁgured trust state, and all the incoming CoS values are assigned to default port CoS value. If and incoming packet is tagged, the CoS value of the packet is modiﬁed with the default port CoS.

Select the corresponding port number and conﬁgure the port setting, then click on the display window. Click OK to make the setting send to the switch (HTTP server). Click effective, please go to

DSCP

Classiﬁes ingress packets with the packet DSCP values.

For tagged non-IP packets – the packet CoS value is set to 0.

For untagged non-IP packets – the packet CoS value is set to default port CoS.

For IP packets – the switch modiﬁes the CoS value by using the DSCP-to CoS map.

disable/enable CoS Override on the port. Cos Override only

button. The ﬁeld you changed will update the content of the

Modify

to refresh the settings to current value. To make the conﬁguration

Reload

Save Conﬁguration

page, then click

Save

Page 58

GigaX2024/2048 L2 Managed Switch User Manual

Figure 55. Trust State

4.9.2 Mapping

This page is used to conﬁgure CoS (Classiﬁcation of Service) and DSCP (Differentiated Services Code Point) mapping.

Map CoS to DSCP:

Users can use the CoS-to-DSCP map to map CoS values in incoming packets to a DSCP value that QoS uses internally to represent the priority of the trafﬁc.

Map DSCP to CoS:

Users can use the DSCP-to-CoS map to map DSCP values in incoming packets to a CoS value, which is used to select one of the four egress queues.

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

each CoS value can map into one of the DSCP value.

each DSCP value can map into one of the CoS value.

Reload

page, then click

Save

Figure 56. Mapping

4.9.3 Class Set

This conﬁguration page is used to create QoS classes. A class set is a mechanism that you use to isolate a speciﬁc trafﬁc ﬂow (or class) from all other

Page 59

trafﬁc. The class set deﬁnes the criteria (match mode) used to match a speciﬁc trafﬁc ﬂow to further classify it. The criteria can include matching ACL rule in Filter Set ID or DSCP list. Only one match mode and only one CL rule for each class set are supported. After a packet is matched against the class-map criteria, it will be further classiﬁed through corresponding policy set. The switch only can have 56 classes. The following ﬁelds are available:

Class Name:

can not include character ʻ/ʼ and space.

Match:

Filter Set ID:

set ID.

DSCP:

Click on will see the new added entry shows in the class list. Click on to select the

class that you want to modify. Editing the class, then click on see the modiﬁed entry shows in the class list. Click on to select the class

that you want to remove, then click on conﬁguration effective, please go to

Save

Add

input a class name. The Class name can not duplicate and

select a match mode.

if the match mode is ʻFilterʼ, users must select an existed ﬁlter

if the match mode is ʻDSCPʼ, users must input DSCP values.

after you create a new class by the above information. Then you

GigaX2024/2048 L2 Managed Switch User Manual

. You will

Modify

Remove

Save Conﬁguration

to remove it. To make the

page, then click on

Figure 57. Class Set

4.9.4 Policy Set

A policy set speciﬁes which class set is acted. Policy actions can include setting a speciﬁc DSCP value in the trafﬁc class or specifying trafﬁc rate limitation and the action to take when the trafﬁc is out of trafﬁc rate and burst size.

Users can create a policy by giving a name and the policy name cannot duplicate. The string of policy name cannot include characters ʻ/ʼ, ʻ#ʼ, ʻ&ʼ and space. The switch only can have 56 policies and 256 policy rules.

First, you have to create a policy by giving a name and click on

. Secondly,

Add

Page 60

GigaX2024/2048 L2 Managed Switch User Manual

just click on to select the policy that you want to edit or remove. And then click on

to enter the Policy Edit page or click on

Edit

Remove

to remove the

policy. A policy only can have 6 policy actions.

Figure 58. Policy Set

The Policy Edit page is used to create policy actions. The classes that are added to a policy must have the same match type. A policy can only have maximum 6 classes. The following ﬁelds are available:

Class ID:

DSCP:

select an existed Class ID.

select a DSCP value. Incoming packets that match the class ID will

be speciﬁed the DSCP value to the class ID.

Trafﬁc Rate:

set the trafﬁc rate. The valid value is from 1 to 125. For Gigabit Ethernet ports, the value will be multiplied by 8. For example, set trafﬁc rate to 10. Then the trafﬁc rate of Fast Ethernet ports is 10 Mbps, but for Gigabit Ethernet ports, the trafﬁc arte is 80Mbps.

Trafﬁc Burst Size:

select a trafﬁc burst size. The minimum size of Fast Ethernet ports is 4K. For gigabit Ethernet ports, trafﬁc burst size will be multiplied by 8. For example, set trafﬁc burst size to 4K. Then the burst size of Fast Ethernet ports is 4K Bytes, but for Gigabit Ethernet ports, the burst size is 32K Bytes.

Exceed Action:

select exceed action. If the exceed action is not ʻNoneʼ,

user must enter or select a value for trafﬁc rate and trafﬁc burst size.

Exceed DSCP:

if exceed action is ʻDSCPʼ, must select an exceed DSCP

value.

Click on

after you create a new policy action by the above information.

Add

Then you will see the new added entry shows in the policy action list. Click on

to select the policy action that you want to modify. Editing the policy action,

then click on

. You will see the modiﬁed entry shows in the policy action

Modify

list. Click on to select the policy action that you want to remove, then click on

Remove

Conﬁguration

to remove it. To make the conﬁguration effective, please go to

page, then click on

Save

Page 61

GigaX2024/2048 L2 Managed Switch User Manual

Figure 59. Policy Edit

4.9.5 Policy Attach

A policy does nothing if you donʼt attach it to any ingress port. You can use this page to attach a policy to ingress ports. A port only can be one policy attached.

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

There are a few ways to attach a policy to ports:

• Attach to all ports: the policy will apply to all the ports of the system.

• Attach to certain ports: you can specify the ingress ports to be applied.

• Detach all: remove the policy from the attached ports.

page, then click

Save

Reload

Figure 60. Policy Attach

4.9.6 CoS

The switch supports four CoS queues for each egress port. For each queue, you can specify the scheduling types as follows:

Strict priority scheduling:

queues. The queue 4 has the highest priority to transmit the packets. And packets in the low-priority queue do not transmit until all the high-priority queues become empty. In Strict priority scheduling, weight settings always zero.

each CoS value can map into one of the four

Page 62

GigaX2024/2048 L2 Managed Switch User Manual

Weighted round-robin (WRR) scheduling:

you to specify a number the indicates the importance (weight) of the queue relative to other CoS queues. WRR scheduling prevents the low-priority queues from being completely neglected during periods of high-priority trafﬁc. The WRR scheduling transmits some packets from each queue in turn. The number of packets it sends corresponds to the relative importance of the queue. For example, if one queue has a weight of 3 and another has a weight of 4, three packets are sent from the ﬁrst queue for every four that are sent from the second queue. By using this scheduling, low-priority queues have the opportunity to send packets even through the high-priority queues are not empty. The valid value of weight is from 1 to 255 and weight settings only effective for WRR scheduling.

Click OK to make the setting send to the switch (HTTP server). Click refresh the settings to current value. To make the conﬁguration effective, please go to

Save Conﬁguration

page, then click

WRR scheduling requires

Save

Reload

Figure 61. CoS

4.10 Statistics Chart

The Statistics Chart pages provide network ﬂow in different charts. You can specify the period time to refresh the chart. You can monitor the network trafﬁc amount in different graphic chart by these pages. Most MIB-II counters are displayed in these charts.

Click

Refresh Rate

You can differentiate the statistics or ports by selecting

to let the browser to draw the graphic chart. Each new Draw will reset the

Draw

statistics display.

4.10.1 Trafﬁc Comparison

This page shows the one statistics item for all the ports in one graphic chart. Specify the statistics item to display and click the update data and refresh the graphic periodically.

to set the period for retrieving new data from the switch.

. Finally, click on

Color

, the browser will show you

Draw

Page 63

GigaX2024/2048 L2 Managed Switch User Manual

Figure 62. Trafﬁc comparison (GigaX 2048)

Figure 63. Trafﬁc comparison (GigaX 2024)

4.10.2 Error Group

Selecting the window shows you all the discards or error counts for the speciﬁed port. The data is updated periodically.

and display

Port

, then clicking the

Color

, the statistics

Draw

Page 64

GigaX2024/2048 L2 Managed Switch User Manual

Figure 64. Error group

4.10.3 Historical Status

You can display information for different ports and statistics items in this chart. Since this shows the history of the statistics information, the line chart keeps the old data even it is refreshed.

Figure 65. Historical Status

Page 65

Note

GigaX2024/2048 L2 Managed Switch User Manual

4.11 Save Conﬁguration

To save conﬁguration permanently, you have to click takes effective after a successful save.

Sometimes you may want to reset the switch conﬁguration, you can click on

Restore

reboot will follow this restoration process.

to reset the conﬁguration ﬁle to factory default. Of course, a system

. The setting also

Save

You will lose all the conﬁgurations when you choose to restore the factory default conﬁgurations.

Figure 66. Save Conﬁguration

Page 66

GigaX2024/2048 L2 Managed Switch User Manual

5 Console Interface

This chapter describes how to use console interface to conﬁgure the switch. The switch provides RS232 and USB connectors to connect your PC. Use a terminal emulator on your PC such as HyperTerminal and command line interpreter to conﬁgure the switch. You have to set up the terminal emulator with baud rate 9600, 8 bit data, no parity, and 1 stop bit, and no ﬂow control.

Once you enter CLI mode, type “?” will display all available command help messages. This is very useful when you are not familiar with the CLI commands. The CLI mode times out when idle for 10 minutes. You have to login again to enter CLI mode after the timeout.

All the CLI commands are case sensitive. In order to make them easier to use, you can enter into different category by typing the full command, then this category becomes your working category. Thereafter, you donʼt have to type “sys” before any sub-commands. For example, “sys” is a command category including a lot of sub-commands. You donʼt have to type “sys” for the sub-commands once you change your working category to “sys” by typing “sys”. The prompt will become “(system name)sys%” when your working category is “sys”.

5.1 Power On Self Test

POST is executing during the system booting time. It tests system memory, LED and hardware chips on the switchboard. It displays system information as the result of system test and initialization. You can ignore the information until the prompt, “(GigaX)%”, appears (see Figure 67).

Figure 67. CLI interface

Page 67

Warning

GigaX2024/2048 L2 Managed Switch User Manual

5.1.1 Boot ROM Command Mode

During the POST process, you can enter a pressing

Figure 50 shows dual images in the switch. One ﬁrmware is in Slot 0 and the other ﬁrmware is in Slot 1. The later version will be selected to boot the system automatically.

Enter

<ENTER>

key to show the help messages for all available commands.

<?>

key as shown in Figure 50.

Boot ROM Command

mode by

Although the commands are helpful in some situation, we STRONGLY suggest users not to use them if you donʼt know the command function.

Figure 68. Boot ROM Command Mode

5.1.2 Boot ROM Commands

Type

in the boot mode to display the valid commands list.

<?>

Page 68

GigaX2024/2048 L2 Managed Switch User Manual

Table 7. Boot ROM commands

Command Parameters Usage Notes

d Address

[,length]

Dump memory contents by giving address and length.

p NONE Replaceable system fans

g NONE Both fans are

working properly

a NONE Both or either one of

the fans stopped

b 0 or 1 or a Dual image support. You

can choose the ﬁrmware to execute by giving a slot ID, or use “a” for auto select. Auto-select will execute the most updated ﬁrmware. This is the default setting

s 0, 1, 2, 3 Set the console baud rate.

0: 9600bps 1:38400bps 2:57600bps

When you fail in ﬁrmware update, you can use this command to boot up the switch using the old ﬁrmware. Change it back to auto-select mode after successfully updating the ﬁrmware.

You have to set up the terminal emulator with the same baud rate to make the work

3:115200bps

x NONE Upload ﬁrmware

to the switch

It is slow to update ﬁrmware by the console port. If you lost network connection to switch, you can still update ﬁrmware in this way

r NONE Toggle the safe mode When a conﬁguration ﬁle is

corrupt or you forget your password, use safe mode to enter CLI mode. Your conﬁguration ﬁle is lost in this mode. You need to restore your conﬁguration, or re-conﬁgure the system

w NONE Toggle administrator

password reset

Reset user ID and password once to default value. Your conﬁguration settings will not be changed.

Page 69

Note

GigaX2024/2048 L2 Managed Switch User Manual

5.2 Login and Logout

By typing and password. As the ﬁrst time login, you can enter and bypass the password. For security reason, please change the user name and password after login. Once you forget the use name and password, you may contact ASUS support team or erase the whole conﬁguration ﬁle in the Boot ROM Command mode. If you take the second choice, the whole system conﬁguration is lost at the same time. That is, you have to conﬁgure the switch again.

Type

logout

CLI mode. The next user has to do login again with authorized user name and password.

to enter the CLI mode, you have to give a valid user name

as the user name

admin

to leave the CLI mode safely. This action allows you to secure the

5.3 CLI Commands

The switch provides CLI commands for all managed functions. The command uses are listed in the categories as the WEB management interface. This way, you can follow the instructions and set up the switch correctly as easily as using WEB interface to conﬁgure the switch.

Always use “?” to get the available commands list and help.

Always use “/” to get back to the root directory.

Always use “..” to get back to the parent directory.

Type the command only to get help for the command

5.3.1 System Commands

[System Name]

Displays the given name of the switch. This is an RFC-1213 deﬁned MIB object in System Group, and provides administrative information on the managed node.

CLI command:

If you put a name in the name description ﬁeld, the switch system name changes to the new one.

[System Contact]

Displays the detail information of contact about the switch. This is an RFC-1213 deﬁned MIB object in System Group, and provides contact information on the managed node.

CLI command:

sys info name <system name description>

sys info contact <system contact description>

Page 70

GigaX2024/2048 L2 Managed Switch User Manual

If you put the contact description in the contact description ﬁeld, the switch contact will change to the new one.

[System Location]

Displays the physical location of the switch. This is an RFC-1213 deﬁned MIB object in System Group, and provides the location information on the managed node.

CLI command:

sys info location <system location description>

Type in the location description in the location description ﬁeld to change the location.

Figure 69. SYS commands

[VLAN ID]

Displays the VLAN ID for the switch. It is necessary to be within the same VLAN for management usages.

CLI command:

net interface vlan sw0 <VLAN ID>

[DHCP Client]

Enable DHCP to get a dynamic IP address, or disable DHCP to specify a static IP address. If you enable DHCP, you can renew or release the IP address for the switch, and use show command to display the dynamic IP address.

CLI command:

net interface dhcp sw0 <enable/ disable/ renew/ release/

show>

[IP Address]

Displays the static IP address for the switch. This IP address is used for manageable purpose, i.e.; network applications such as, http server, SNMP server, ftp server , telnet server and SSH server of the switch are all using this

Page 71

GigaX2024/2048 L2 Managed Switch User Manual

IP address.

CLI command:

net interface ip sw0 < IP address> <netmask>

[Network Mask]

Displays the subnet mask for the switch.

CLI command:

net interface ip sw0 < IP address> <netmask>

[Default Gateway]

Displays the IP address of the default gateway. This ﬁeld is necessary if the switch network contains one or more routers.

CLI command:

net route static add <destination subnet/IP> <gateway>

[Password Protection is]

[Enabled/Disabled]

When the password protection is enabled, the web interface will request a user name and password authentication while user accesses the switch through the browser.

CLI command:

sys web set <enable/disable>

[New Password]

[Verify Password]

The default user name is admin. By default, a password is not required. You may set a password by conﬁguring these ﬁelds.

CLI command:

sys users modify <user name, ʻadminʼ by default>

user name (old user name, ʻadminʼ by default): <new user name>

password (old password): <new password>

[Reboot]

User can reboot the switch by issuing the reboot command.

CLI command:

sys reboot

[Upload]

No CLI command for this function. Refer to Boot ROM commands for this function.

Page 72

GigaX2024/2048 L2 Managed Switch User Manual

5.3.2 Physical Interface Commands

[Admin] [Enable/Disable]

Displays the port admin status, allow user to turn the port on or off.

CLI command:

[Mode] [Auto/10M-Half/10M-Full/100M-Half/100M-Full/1G-Full]

Displays the current speed and duplex mode of the port. The speed and duplex mode can be automatically detected when auto-negotiation is enabled on a port.

CLI command:

[Flow Control] [Enable/Disable]

Displays the IEEE802.3x ﬂow control setting of a port. Note that this ﬂow control is operating only in full duplex mode.

CLI command:

[Reload]

Restores the previous port settings from the conﬁguration ﬁle.

CLI command:

l2 port admin <port number> <enable/disable>

l2 port autoneg <port number> <enable/disable>

l2 port speed <port number> <10/100/1000>

l2 port duplex <port number> <full/half>

l2 port ﬂow <port number> <enable/disable>

l2 port retrieve

5.3.3 Bridge Commands

[Spanning Tree is] [STP Enabled/ RSTP Enabled/ Disabled]

Allows user to specify whether the switch participates the Spanning Tree Protocol (STP/ RSTP).

CLI command:

[Hello Time]

[Forward Delay]

[Max Age]

[Bridge Priority]

Displays the current STP/RSTP bridge parameters setting.

l2 stp start <stp / rstp>

l2 stp stop

Page 73

GigaX2024/2048 L2 Managed Switch User Manual

CLI command:

l2 stp bridge set

Hello Time (1..10 seconds): [old Hello Time] <new Hello Time>

Forward Delay (4..30 seconds): [old Forward Delay] <new Forward Delay>

Max Age (6..40 seconds): [old Max Age] <new Max Age>

Bridge Priority (0..61440): [old Bridge Priority] <new Bridge Priority>

[Priority]

[Path Cost]

[Edge Port]

[Point-to-point]

Displays the current STP/RSTP ports parameters setting.

CLI command:

l2 stp port set

Port Settings (all,...): [all] <select a port number, or just type ʻallʼ to iteratively conﬁg>

Port <port number> Priority (0..240): [old port Priority] <new port Priority>

Port <port number> Path Cost (1..200000000): [old port Path Cost] <new port Path Cost>

Port <port number> EdgePort (yes/no): [old port EdgePort] <new port EdgePort >

Port <port number> Point-to-Point (yes/no/auto): [old port Point-to-Point] <new port Point-to-Point >

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 stp retrieve

l2 stp bridge retrieve

l2 stp port retrieve

[Show Trunk]

Displays a speciﬁc trunk group settings. User can create a new trunk group by specify a unique trunk ID, a trunk name description, the port selection criterion (rtag), LACP mode (enabled or disable), and its trunk group member ports.

CLI command:

l2 trunk show <trunk id>

Page 74

GigaX2024/2048 L2 Managed Switch User Manual

[Create Trunk]

Creates a new trunk group by giving trunk ID, rtag, name , LACP mode and port numbers. The “rtag” is the packet distribution algorithm for the trunk group.

Rtag values and corresponding meanings:

1: select port by source MAC

2: select port by destination MAC

3. select port by source and destination MAC

4. select port by source IP

5: select port by destination IP

6. select port by source and destination IP

CLI command:

l2 trunk create <trunk id> <rtag (1-6)> <trunk name> <lacp

(enable/disable)> <port list>

[Add/Remove Trunk]

Trunk group port members can be added to or removed from an existing trunk group.

CLI command:

l2 trunk add <trunk id> <port list>

l2 trunk remove <trunk id> <port list>

[LACP Action]

User can enable or disable LACP on a speciﬁc trunk group.

CLI command:

l2 trunk lacp action <trunk id> <enable/disable>

[LACP System Priority]

User can assign the system priority for running LACP.

CLI command:

l2 trunk lacp syspri <priority (1-65535)>

[LACP Port Priority]

User can assign the system priority for running LACP.

CLI Command:

l2 vlan add <vlan id> <port list>

[Reload]

Restores the previous saved settings of trunking from conﬁguration ﬁle.

CLI command:

l2 trunk retrieve

Page 75

GigaX2024/2048 L2 Managed Switch User Manual

**For GigaX 2048

[Mirror] [Mirror 1/Mirror 2]

[Mirror Mode] [Enable/Disable]

[Monitor Port] [port number]

Displays the mirroring settings of the switch. User can create a maximum of two mirroring ports on the switch. One is associated to a SoC., which means mirror ID 1 is dedicated to SoC 0, and mirror ID 2 is dedicated to SoC 1. Therefore, only port number 1-24 can be assigned to mirror ID 1 as monitor port, ingress port(s), or egress port (2). Only ports 25-48 can be assigned to mirror ID 2 as mirroring ports.

CLI command:

l2 mirror create <mirror id (1 or 2)> <monitor port no>

CLI command:

l2 mirror ingress <mirror id (1 or 2)> <port list>

l2 mirror egress <mirror id (1 or 2)> <port list>

l2 mirror remove <mirror id (1 or 2)> <ingress/egress> <port

list>

**For GigaX 2024

[Mirror Mode] [Enable/Disable]

[Monitor Port] [port number]

Displays the mirroring settings of the switch.

CLI command:

l2 mirror create <monitor port no> <enable/disable>

l2 mirror ingress <port list>

l2 mirror egress <port list>

l2 mirror remove <ingress/egress> <port list>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 mirror retrieve

[Show Group]

Displays the static multicast groups that are presented in the multicast group table.

CLI command:

l2 mcast show

Page 76

GigaX2024/2048 L2 Managed Switch User Manual

[MAC Address]

[VLAN]

[CoS] [0-7]

Allows user to add or modify a static multicast group by specifying the MAC address, VLAN ID, Class of Service, VLAN port members, and its untagged port members. Note that MAC address and VLAN ID combination is formed as an unique entry in multicast group table.

CLI command:

l2 mcast set

mac address [format: xx:xx:xx:xx:xx:xx]: <multicast mac address>

vlan id [1 by default]: <vlan id>

cos [0-7, 0 by default]: <Class of Service >

port list [format: 1 2 3 4-50/* for all ports]: <vlan port list>

untagged port list [format: 1 2 3 4-50/* for all ports]: <untagged port list>

[Remove Multicast Group]

Allows user to delete a static multicast group entry from multicast group table by given a MAC address and VLAN ID.

CLI command:

l2 mcast delete

mac address [format: xx:xx:xx:xx:xx:xx]: <multicast mac address>

vlan id: <vlan id>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

[IGMP is]

[Enabled/Disabled]

l2 mcast retrieve

Layer 2 IGMP snooping can be started or terminated by user if necessary.

CLI command:

l2 igmp <start/stop>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 igmp retrieve

[Broadcast] [Enabled/Disabled]

Page 77

GigaX2024/2048 L2 Managed Switch User Manual

[Multicast]

[Destination Lookup Failure]

[Enabled/Disabled]

User can limit the broadcast, multicast, and ﬂooding (due to destination lookup failed) trafﬁc rate by turning the trafﬁc control on.

CLI command:

l2 rate set <1: bcast/2: mcast/3: dlf> <enable/disable>

[Limit]

Displays the current rate limitation value of the switch. User can change this value by giving a new limit value. This value is applied to all of the trafﬁc control mentioned above.

CLI command:

l2 rate limit <limit rate>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 rate retrieve

[Aging Time]

User can set the ARL(Address Resolution Logic) entries aging time by setting the aging time value.

CLI command:

l2 arl age [aging time value]

[Query by Port]

ARL entries existed in ARL table can be queried according to port number.

CLI command:

l2 arl port <port number>

[Query by VLAN ID]

ARL entries existed in ARL table can be queried according to VLAN ID.

CLI command:

l2 arl vlan <vlan id>

[Query by MAC Address]

ARL entries existed in ARL table can be queried according to MAC address.

CLI command:

l2 arl mac <mac address> [vlan id]

[MAC Address]

[VLAN ID]

[Port Selection]

Page 78

GigaX2024/2048 L2 Managed Switch User Manual

[Discard] [none/source/destination/source & destination]

User can add or modify a static ARL entry by specifying a MAC address, VLAN ID, port number, trunk ID, and discard criteria.

CLI command:

l2 arl static <mac> <vlan id> <port no> <trunk id> <discard:

0-3>

[Remove]

Static ARL entries can be deleted by indicating the MAC address and its VLAN ID. These two-ﬁeld combination is formed as unique entry in ARL table.

CLI command:

l2 arl delete <mac address> <vlan id>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 arl retrieve

[Show VLAN]

Displays the existing VLAN information of the switch.

CLI command:

l2 vlan show <vlan id>

[Name]

[VLAN ID]

[Private VLAN]

Allows user to conﬁg the VLAN settings. User may create a new VLAN by giving a unique VLAN ID, a VLAN description name, and its port member list, note that the port member here is indicated as tagged port member. To specify a VLAN port member as untagged port, CLI command utportadd can achieve this purpose. User may use CLI command add or remove to further add some port members to a VLAN or exclude some existing port members from a VLAN.

CLI command:

l2 vlan create <vlan id> <vlan name> [<vlan type:

private>][<port list: * for all ports>]

CLI command:

l2 vlan add <vlan id> <port list>

l2 vlan remove <vlan id> <port list>

l2 vlan utportadd <vlan id> <untagged port list>

[DHCP Snoop]

Enable or disable DHCP snooping on this VLAN.

Page 79

GigaX2024/2048 L2 Managed Switch User Manual

CLI command:

l2 dhcpsnoop enable <vlan id list>

l2 dhcpsnoop disable <vlan id list>

[Remove VLAN]

Allows user to completely destroy an existing VLAN.

CLI command:

l2 vlan delete <vlan id>

[Promiscuous Port]

Set the promiscuous port for a Private VLAN.

CLI command:

l2 vlan promisport <vlan id> <promiscuous port id>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 vlan retrieve

[PVID]

Sets the default VLAN for a port by giving a VLAN ID and its associated port member list.

CLI command:

l2 port vlan <vlan id, 4095 to disable the port-based vlan>

<port list> [CoS Value]

Sets the Class of Service for a port by assigning it a priority (with range of 0-7) criteria value.

CLI command:

l2 port priority <CoS> <port list>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 port retrieve

[Priority] [CoS Queue]

Allows user to map the CoS priority (with range of 0-7) for a buffer queue (total of 4, with queue ID of 1-4).

CLI command:

l2 cos map <queue id (1-4)> <cos (0-7)>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 cos retrieve

Page 80

GigaX2024/2048 L2 Managed Switch User Manual

[DHCP Snooping is]

Enable or disable DHCP snooping on speciﬁc VLAN.

CLI command:

[Add/Remove Trusted Port]

Allows user to add or remove speciﬁc ports for DHCP snooping.

l2 dhcpsnoop enable <vlan id list>

l2 dhcpsnoop disable <vlan id list>

CLI command:

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

l2 dhcpsnoop add <port list>

l2 dhcpsnoop remove <port list>

l2 dhcpsnoop retrieve

5.3.4 SNMP

[Community Name] [Set]

A community entry contains a community description string and a set of privileges. Get privilege are turned on by default, and user can specify whether to give it the Set Privilege while create a new entry.

CLI command:

New community string: <new community string>

Get privileges: [y, always turn on by default]

Set privileges? (y/n):[n] <set privilege, y for ʻyesʼ; n for ʻnoʼ>

CLI command:

User can modify a community entry in the table by reassigning its community string and privileges.

Community entry (table index): <entry id to conﬁg>

Community string (old community string): <new community string>

This action will modify all hosts with community string from ʻold communityʼ to ʻnew communityʼ.

Are you sure? (y/n): [y] <y for ʻyesʼ; n for ʻnoʼ>

Get privileges: [y, always turn on by default]

Set privileges? (y/n): [n] <set privilege, y for ʻyesʼ; n for ʻnoʼ>

snmp community add

snmp community set

Page 81

GigaX2024/2048 L2 Managed Switch User Manual

CLI command:

snmp community delete

Allows user to delete a community entry from community table.

Community entry (table index): <entry id to delete>

This action will delete all hosts in community string with ʻdelete communityʼ.

Are you sure? (y/n): [y] <y for ʻyesʼ; n for ʻnoʼ>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

snmp community retrieve

[Host IP Address] [Community]

A host entry contains a host IP address, network mask and its dedicated community string.

CLI command:

snmp host add

Host IP/Subnet: <IP address>

Netmask: <netmask>

Community: <community string>

CLI command:

snmp host set

User can modify a host entry in the table by reassigning its allowed IP address, network mask and community string.

Host table entry (table index): <entry id to conﬁg>

Host IP/Subnet (old IP address): <new IP address>

Netmask (old netmask): <new netmask>

Community (old community string): <new community string>

CLI command:

snmp host delete

Allows user to delete a host entry from host table.

Entry id (table index): <entry id to delete>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

snmp host retrieve

[Trap Version] [v1/v2c]

Page 82

GigaX2024/2048 L2 Managed Switch User Manual

[Destination]

[Community for Trap]

A trap entry contains SNMP version (currently support version 1 and version 2c), a destination IP address and the remote community string.

CLI command:

snmp trap add

SNMP version? (1/2c): [1, by default] <snmp version>

Destination IP: <IP address>

Community: <community string>

CLI command:

snmp trap set

User can modify a trap entry in the table by reassigning its SNMP version, destination IP address and community string.

Trap table entry (table index): <entry id to conﬁg>

SNMP version? (1/2c): [old snmp version] <new snmp version>

Destination IP (old IP address): <new IP address>

Community (old community string): <new community string>

CLI command:

snmp trap delete

Allows user to delete a trap entry from trap table.

Trap table entry (table index): <entry id to delete>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

snmp trap retrieve

[Group Name]

[Read View Name]

[Write View Name]

[Notify View Name]

[Security Model]

[Security level]

A VACM(View-based Access Control Model) Group entry contains a group name, read view name, write view name, notify view name, security model,

Page 83

GigaX2024/2048 L2 Managed Switch User Manual

security level and context match.

CLI command:

snmp snmpv3 access add

Gruop Name: <group name string>

Security Model [0/1/2/3](any/v1/v2c/usm): <security model>

Security Level [1/2/3](noauth/authnopriv/authpriv): <security level>

Context Match [0/1](inexact/exact): <context match>

Read View Name: <read view name string>

Write View Name: <write view name string>

Notify View Name: <notify view name string>

CLI command:

snmp snmpv3 access set

User can modify a VACM entry in the Group by reassigning its allowed group name, read view name, write view name, notify view name, security model, security level and context match.

Gruop Name: (old group name string) <new group name string>

Security Model [0/1/2/3](any/v1/v2c/usm): (old security model) <new security model>

Security Level [1/2/3](noauth/authnopriv/authpriv): (old security level) <new security level>

Context Match [0/1](inexact/exact): (old context match) <new context match>

Read View Name: (old read view name string) <new read view name string>

Write View Name: (old write view name string) <new write view name string>

Notify View Name: (old notify view name string) <new notify view name string>

CLI command:

snmp snmpv3 access delete

Allows user to delete a VACM entry from VACM group.

Access entry: <entry id to delete>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

snmp snmpv3 access retrieve

[View Name]

[View Type]

Page 84

GigaX2024/2048 L2 Managed Switch User Manual

[View Subtree]

[View Mask]

VACM(View-based Access Control Model) View is used to view the information of SNMPV3 VACM Group. A VACM View entry contains a view name, view type, view subtree and view mask.

CLI command:

snmp snmpv3 view add

View Name: <view name string>

View Subtree [oid]: <view subtree>

View Mask: <view mask>

View Type[1/2](included/excluded): <view type>

CLI command:

snmp snmpv3 view set

User can modify a VACM View entry in the table by reassigning its allowed view name, view type, view subtree and view mask.

View Name: (old view name string) <new view name string >

View Subtree [oid]: (old view subtree) <new view subtree>

View Mask: (old view mask) <new view mask >

View Type[1/2] (included/excluded): (old view type) <new view type >

CLI command:

snmp snmpv3 view delete

Allows user to delete a VACM View entry.

View entry: <entry id to delete>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

snmp snmpv3 view retrieve

[Engine Id]

[Name]

[Auth Protocol]

[Auth Password]

[Priv Protocol]

[Priv Password]

Page 85

GigaX2024/2048 L2 Managed Switch User Manual

USM(User-based Security Model) User is used to conﬁgure the information of SNMPV3 USM User. A USM User entry contains a engine Id, name, auth protocol, auth password, priv protocol and priv password.

CLI command:

snmp snmpv3 usmuser add

EngineId: <engine id string >

Name: <user name string >

AuthProtocol [oid]: <auth protocol oid string >

AuthPassword: <auth password string>

Priv Protocol [oid]: <priv protocol oid string >

Priv Password: <priv password string >

CLI command:

snmp snmpv3 usmuser set

User can modify a USM User entry in the table by reassigning its allowed engine Id, name, auth protocol, auth password, priv protocol and priv password.

EngineId: (old engine id string ) <new engine id string >

Name: (old user name string ) < new user name string >

AuthProtocol [oid]: (old auth protocol oid string) < new auth protocol oid string >

AuthPassword: (old auth password string) < new auth password string>

Priv Protocol [oid]: (old priv protocol oid string) < new priv protocol oid string >

Priv Password: (old priv password string) < new priv password string >

CLI command:

snmp snmpv3 view delete

Allows user to delete a USM User entry.

USM user entry: <entry id to delete>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

snmp snmpv3 usmuser retrieve

Page 86

GigaX2024/2048 L2 Managed Switch User Manual

5.3.5 Filters Commands

[New]

Creates a new ﬁlter set with specifying a unique ACL ID and its description name.

CLI command:

[Remove]

User can delete a ﬁlter set by indicating the ACL ID.

CLI command:

[Edit]

[Rule Mode] [MAC Rule]

[Action] [Permit/Deny]

[Source MAC]

[Destination MAC]

[Add]

User can add a new MAC address rule associated to a ﬁlter set. These ﬁlter rule works with ICMP, TCP or UDP protocols with action of permit or deny. User can also specify the MAC address (source or destination) of the ﬁlter rule by using CLI command dstmac and srcmac.

CLI command:

any> <action: permit/deny>

CLI command:

address])>

CLI command:

address])>

ﬁlter set new <acl id> <acl name>

ﬁlter set delete <acl id>

ﬁlter rule new <set id> <rule id> <protocol: ICMP/TCP/UDP/

ﬁlter rule dstmac <set id> <rule id> <type: (any/[mac

ﬁlter rule srcmac <set id> <rule id> <type: (any/[mac

[Rule Mode] [IP Rule]

[Action] [Permit/Deny]

[Source IP] [Type/IP, Mask]

[Destination IP] [Type/IP, Mask]

[Source Port] [Type/Port]

Page 87

GigaX2024/2048 L2 Managed Switch User Manual

[Destination Port] [Type/Port]

[Protocol] [ICMP/TCP/UDP/ANY]

[Add]

User can add a new IP rule associated to a ﬁlter set. These ﬁlter rule works with ICMP, TCP or UDP protocols with permit or deny options. User can also specify the IP address (source or destination) and port number of the ﬁlter rule using the CLI command dstip/srcip and dstport/srcport, respectively.

CLI command:

ﬁlter rule new <set id> <rule id> <protocol: ICMP/TCP/UDP/

any> <action: permit/deny>

CLI command:

ﬁlter rule dstip <set id> <rule id> <type: (any/[ip] [subnet])>

ﬁlter rule srcip <set id> <rule id> <type: (any/[ip] [subnet])>

ﬁlter rule dstport <set id> <rule id> <type: (any/[port])>

ﬁlter rule srcport <set id> <rule id> <type: (any/[port])>

[Rule Mode]

[Action]

[MAC Rule]

[Permit/Deny]

[Source MAC]

[Destination MAC]

[Modify]

Allows user to modify the MAC ﬁlter rule.

CLI command:

ﬁlter rule modify <set id> <rule id> <protocol: ICMP/TCP/

UDP/any> <action: permit/deny>

CLI command:

ﬁlter rule dstmac <set id> <rule id> <type: (any/[mac

address])>

CLI command:

ﬁlter rule srcmac <set id> <rule id> <type: (any/[mac

address])>

[Rule Mode]

[Action]

[Source IP]

[Destination IP]

[Source Port]

[IP Rule]

[Permit/Deny]

[Type/IP, Mask]

[Type/Port]

Page 88

GigaX2024/2048 L2 Managed Switch User Manual

[Destination Port] [Type/Port]

[Protocol] [ICMP/TCP/UDP/ANY]

[Modify]

Allows user to modify the IP ﬁlter rule.

CLI command:

ﬁlter rule modify <set id> <rule id> <protocol: ICMP/TCP/

UDP/any> <action: permit/deny>

CLI command:

ﬁlter rule dstip <set id> <rule id> <type: (any/[ip] [subnet])>

ﬁlter rule srcip <set id> <rule id> <type: (any/[ip] [subnet])>

ﬁlter rule dstport <set id> <rule id> <type: (any/[port])>

ﬁlter rule srcport <set id> <rule id> <type: (any/[port])>

[Rule Mode] [MAC Rule]

[Action] [Permit/Deny]

[Source MAC]

[Destination MAC]

[Delete]

Allows user to delete the MAC ﬁlter rule.

CLI command:

ﬁlter rule delete <set id> <rule id>

[Rule Mode]

[Action]

[Source IP]

[Destination IP]

[Source Port]

[Destination Port]

[Protocol]

[IP Rule]

[Permit/Deny]

[Type/IP, Mask]

[Type/Port]

[ICMP/TCP/UDP/ANY]

[Delete]

Allows user to delete the MAC ﬁlter rule.

CLI command:

ﬁlter rule delete <set id> <rule id>

Page 89

[Rule List]

Displays the ﬁlter set and ﬁlter rule conﬁgurations.

CLI command:

Attach

Attach a ﬁlter set to ingress/egress ports to enable the ﬁlter function.

[Filter ID]

Displays the ﬁlter conﬁgurations.

CLI command:

[Ingress Port]

Applies a ﬁlter set to an ingress port.

CLI command:

[Egress Port]

Applies a ﬁlter set to an egress port.

CLI command:

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

ﬁlter rule show <set id> <rule id>

ﬁlter show

ﬁlter apply ingress <ﬁlter set id> <any/none/[port number]>

ﬁlter apply egress <ﬁlter set id> <any/none/[port number]>

ﬁlter retrieve

GigaX2024/2048 L2 Managed Switch User Manual

5.3.6 Security Commands

[Reauthentication]

Allows user to enable or disable periodic reauthentication.

CLI command:

[Reauthentication Time]

Allows user to set up the reauthentication time.

CLI command:

(1-4294967295 sec)>

[Authentication Method]

Allows user to set up the authentication method (RADIUS or Local database).

CLI command:

security dot1x bridge reauth <enable / disable>

security dot1x bridge reauthtime <reauthentication time

security dot1x bridge authmeth <type (1:local 2:radius)>

Page 90

GigaX2024/2048 L2 Managed Switch User Manual

[Quiet Period]

Allows user to set up the quiet period.

CLI command:

security dot1x bridge quietperiod <quiet period (1-65535

sec)>

[Retransmission Time]

Allows user to set up the retransmission time.

CLI command:

security dot1x bridge retxtime <retransmission time (1-65535

sec)>

[Max Reauthentication Attempts]

Allows user to set up the max number of the reauthentication attemps.

CLI command:

security dot1x bridge reauthmax <max reauthentication

attemps (1-10)>

[Multi-host]

Allows user to enable or disable Multi-host on some speciﬁc ports.

CLI command:

security dot1x port multihost <enable/disable><port list/*>

[Authentication Control]

Allows user to set up the authentication control of some speciﬁc ports.

CLI command:

security dot1x port authctrl <type (1: force_authorized 2:

force_unauthorized 3: auto)><port list/*>

[Guest VLAN]

Allows user to set up the guest VLAN ID of some speciﬁc ports.

CLI command:

security dot1x bridge port guestvlan <vlan id (0:no guest

vlan)> <port list/*>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

security dot1x retrieve

[User Name]

[Password]

[Conﬁrm Password]

Page 91

GigaX2024/2048 L2 Managed Switch User Manual

[Dynamic VLAN]

Create users in the local database of the switch for 802.1x authentication. A user entry contains a user name, password and dynamic VLAN.

CLI command:

security dialinuser create

User Name: <user name string>

Password: <password string>

Conﬁrm Password: <conﬁrm password string>

Dynamic VLAN: <dynamic VLAN>

CLI command:

security dialinuser remove <user name/*>

Allows user to delete a user entry from the local database.

CLI command:

security dialinuser modify <user name/*>

Allows user to modify a user entry from the local database. It contains a user name, password and dynamic VLAN.

User Name: <new user name string>

Password: <new password string>

Conﬁrm Password: <new conﬁrm password string>

Dynamic VLAN: <new dynamic VLAN>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

security dialinuser retrieve

[Authentication Server IP]

[Authentication Server Port]

[Authentication Server Key]

[Conﬁrm Authentication Key]

Allows user to conﬁg the RADIUS server IP, server port and server key .

CLI command:

security radius set

authentication server ip <ip/none>: (old server ip)<new server ip >

authentication server port <port/default>: (old server port)<new server port>

authentication server key <key/none>: <server key>

Page 92

GigaX2024/2048 L2 Managed Switch User Manual

conﬁrm authentication key <key/none>: <conﬁrm server key>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

security radius retrieve

[Generate SSH key]

Allows user to generate SSH keys. SSH (Secure SHell) is a protocol for remotely logging into a machine via a shell. It is very similar in functionality to telnet, however unlike telnet, all data between the client and server is encrypted. The encryption provides protection against various network security risks. Currently, our switch supports SSH protocol version 2 and allows one login at a time. Two pairs of SSH keys will be created in system ﬂash storage. The pairs of keys are RSA and DSA public/private keys respectively.

CLI command:

security sshkey start

[Reset SSH key]

Reset SSH keys to default value.

CLI command:

security radius default

[Show Generating Status]

Show the SSH key generating status. It will display “success” or “SSH keys generated fail” or “system is generating keys ...”.

CLI command:

security sshkey show[Admin] [Enable/Disable]

Allows user to enable/disable port security of some particular ports.

CLI command:

security portsecu admin <enable/disable> <port list/*>

[Violation Mode] [Protect/Restrict/Shutdown]

Allows user to set up the secure violation mode of some particular ports.

CLI command:

security portsecu violation violation <mode (1:protect 2:

restrict 3:shutdown)> <port list/*>

[Max MAC Addresses]

Allows user to set up maximum number of secure MAC addresses.

CLI command:

security portsecu maxaddr <max number of addresses >

[Aging Time]

Page 93

GigaX2024/2048 L2 Managed Switch User Manual

Allows user to set up the aging time of some particular ports.

CLI command:

security portsecu age <age time> <port list/*>

[Aging Type] [Absolute/Inactivity]

Allows user to set up aging type of some particular ports.

CLI command:

security portsecu agetype <type (1:absolute 2:inactivity)>

[Restart]

Allows user to restart some particular ports if they are in the ʻshutdownʼ status.

CLI command:

security portsecu restart <port list/*>

[Port Selection]

[Query]

Display current secure MAC addresses of some particular ports

CLI command:

security portsecu mac display <port list/*>

[MAC Address]

[Port Selection]

[Add]

Add a static secure MAC address to a port

CLI command:

security portsecu mac add <mac address> <port no>

[Remove]

Remove a secure MAC address from a port by giving a MAC, the VID, and a port number, or clear all of the secure MAC addresses of some particular ports.

CLI command:

security portsecu mac delete <mac address > <vid> <port no>

security portsecu mac clear <port list/*>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

security portsecu retrieve

Page 94

GigaX2024/2048 L2 Managed Switch User Manual

5.3.7 QoS Commands

[State] [No/CoS/DSCP]

Allows users to set up trust state of some particular ports.

CLI command:

[CoSOverride] [Disable/Enable]

Allows users to enable or disable CoS override of some particular ports. CoS override only can be enabled when trust state is ʻNoʼ trust.

CLI command:

[CoS to DSCP]

Allows users to set up the CoS to DSCP map.

CLI command:

[DSP to CoS]

Allows users to set up the DSCP to CoS map.

CLI command:

[Class Name]

qos trust state <no/cos/dscp> <port list/*>

qos trust override <enable/disable> <port list/*>

qos map cosdscp <dscp1> <dscp2> <dscp3> <dscp4>

qos map dscpcos <dscp list> to <cos priority>

[Match][None/Filter/DSCP]

[Filter Set ID]

[DSCP][0/8/10/16/18/24/26/32/34/40/46/48/56]

[Add]

Creates a new class with specifying a unique class name and match mode. If the match mode is ʻFilterʼ, users must input an existed ﬁlter set ID. If the match mode is ʻDSCPʼ, users must input DSCP values. If users input <dscp list>, <acl id> will not display, and <acl id> force to 0.

CLI command:

dscp (0/8/10/16/18/24/26/32/34/40/46/48/56): <dscp value>

acl id: <acl id>

[Modify]

qos class new <class name>

qos class match <class id(1-56)>

Page 95

GigaX2024/2048 L2 Managed Switch User Manual

Allows users to modify a match criterion of a class. If users input <new dscp list>, <new acl id> will not display, and <new acl id> force to 0.

CLI command:

qos class modify <class id(1-56)>

dscp (old DSCP): <new dscp list>

acl id (old ACL ID):<new Acl ID>

[Remove]

Allows users to delete a class by indicating the class ID. Users can delete all classes by inputting ʻ*ʼ.

CLI command:

qos class delete <class id(1-56): * for all classes>

[Policy Name]

[Add]

Creates a new policy with specifying a unique policy name.

CLI command:

qos policy new <policy name>

[Remove]

Allows users to remove a policy by indicating the policy ID. Users can remove all policies by inputting ʻ*ʼ.

CLI command:

qos class remove <policy id(1-56): * for all policies>

[Edit]

[Class ID]

[DSCP]

[Trafﬁc Rate]

[Trafﬁc Burst Size]

[Exceed Action][None/Drop/DSCP]

[Exceed DSCP]

[Add]

Allows users to add a new policy action by specifying a policy ID and class ID. A policy only can have 6 policy actions. If users do not input trafﬁc rate, all of below prompts will not display. If users input ʻnoneʼ or ʻdropʼ in exceed act, <exceed dscp> will not display.

Page 96

GigaX2024/2048 L2 Managed Switch User Manual

CLI command:

qos policy add <policy id(1-56)> <class id(1-56)>

dscp (0/8/10/16/18/24/26/32/34/40/46/48/56):<dscp value>

trafﬁc rate(1-125): <trafﬁc rate>

trafﬁc burst size: <trafﬁc rate size>

exceed act(none/drop/dscp): <exceed action>

exceed dscp(0/8/10/16/18/24/26/32/34/40/46/48/56): <dscp value>

[Modify]

Allows users to modify a policy action by specifying a policy ID and class ID.

CLI command:

qos policy add <policy id(1-56)> <class id(1-56)>

dscp (old dscp value): <new dscp value>

trafﬁc rate(old trafﬁc rate): <new trafﬁc rate>

trafﬁc burst size(old trafﬁc rate size): <new trafﬁc rate size>

exceed act(old exceed action): <new exceed action>

exceed dscp(old dscp value): <new dscp value>

[Remove]

Allows users to remove a policy action by specifying a policy ID and class ID. Users can remove all policy actions of a policy by specifying a policy ID and ʻ*ʼ.

CLI command:

qos policy remove <policy id(1-56)> <class id: * for all

classes>

[Policy ID]

[Attach/Detach]

To attach or detach a policy to ingress ports.

CLI command:

qos policy attach <policy id(1-56)> <port list/*>

qos policy detach <policy id(1-56)> <port list/*>

[Reload]

Restores the previous saved settings from conﬁguration ﬁle.

CLI command:

qos retrieve

[Scheduling Algorithm]

Page 97

[CoS Queue ][Weight]

Set the scheduler mode. The weight delay of queues only effective for weighted round robin and bounded delay. The range of weight delay is 1-255.

CLI command:

bounded delay)> <Q1-Q4: weight delay>

[Priority] [CoS Queue]

Allows user to map the CoS priority (with range of 0-7) for a buffer queue (total of 4, with queue ID of 1-4).

CLI command:

l2 cos sched <mode (1:strict 2:weighted round robin 3:

l2 cos map <queue id (1-4)> <cos (0-7)>

GigaX2024/2048 L2 Managed Switch User Manual

5.4 Miscellaneous Commands

sys time uptime:

sys time date:

sys time settime:

sys ﬁles conﬁg backup:

sys ﬁles conﬁg default:

sys baud:

net ping:

net route show:

ping remote host

show the time since the system boot up.

show the current date and time

set the current time

restore factory default conﬁguration ﬁles

set console baud rate

display the entries in the routing table

backup conﬁguration ﬁles

Page 98

GigaX2024/2048 L2 Managed Switch User Manual

Note

6 IP Addresses, Network Masks, and Subnets

6.1 IP Addresses

This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered.

This section assumes basic knowledge of binary numbers, bits, and bytes. For details on this subject, see Chapter 8.

IP addresses, the Internetʼs version of telephone numbers, are used to identify individual nodes (computers or devices) on the Internet. Every IP address contains four numbers, each from 0 to 255 and separated by dots (periods), e.g.

20.56.0.211. These numbers are called, from left to right, ﬁeld1, ﬁeld2, ﬁeld3, and ﬁeld4.

This style of writing IP addresses as decimal numbers separated by dots is called dotted decimal notation. The IP address 20.56.0.211 reads “twenty dot ﬁfty-six dot zero dot two-eleven.”

6.1.1 Structure of an IP address

IP addresses have a hierarchical design similar to that of telephone numbers. For example, a 7-digit telephone number starts with a 3-digit preﬁx that identiﬁes a group of thousands of telephone lines, and ends with four digits that identify one speciﬁc line in that group.

Similarly, IP addresses contain two kinds of information.

Network ID

Identiﬁes a particular network within the Internet or intranet

Host ID

Identiﬁes a particular computer or device on the network

The ﬁrst part of every IP address contains the network ID, and the rest of the address contains the host ID. The length of the network ID depends on the networkʼs class (see following section). Table 7 shows the structure of an IP address.

Table 8. IP address structure

Field1 Field2 Field3 Field4 Class A Network ID Host ID Class B Network ID Host ID Class C Network ID Host ID

Page 99

Definition

Following are examples of valid IP addresses:

Class A: 10.30.6.125 (network = 10, host = 30.6.125)

Class B: 129.88.16.49 (network = 129.88, host = 16.49)

Class C: 192.60.201.11 (network = 192.60.201, host = 11)

GigaX2024/2048 L2 Managed Switch User Manual

6.1.2 Network classes

The three commonly used network classes are A, B, and C. (There is also a class D but it has a special use beyond the scope of this discussion.) These classes have different uses and characteristics.

Class A networks are the Internetʼs largest networks, each with room for over 16 million hosts. Up to 126 of these huge networks can exist, for a total of over 2 billion hosts. Because of their huge size, these networks are used for WANs and by organizations at the infrastructure level of the Internet, e.g. your ISP.

Class B networks are smaller but still quite large, each being able to hold over 65,000 hosts. There can be up to 16,384 class B networks in existence. A class B network might be appropriate for a large organization such as a business or government agency.

Class C networks are the smallest, only able to hold 254 hosts at most, but the total possible number of class C networks exceeds 2 million (2,097,152 to be exact). LANs connected to the Internet are usually class C networks.

Some important notes regarding IP addresses:

The class can be determined easily from ﬁeld1:

ﬁeld1 = 1-126: Class A

ﬁeld1 = 128-191: Class B

ﬁeld1 = 192-223: Class C

(ﬁeld1 values not shown are reserved for special uses)

A host ID can have any value except all ﬁelds set to 0 or all ﬁelds set to 255, as those values are reserved for special uses.

6.2 Subnet masks

A mask looks like a regular IP address, but contains a pattern of bits that tells what parts of an IP address are the network ID and what parts are the host ID: bits set to 1 mean “this bit is part of the network ID” and bits set to 0 mean “this bit is part of the host ID.”

Page 100

GigaX2024/2048 L2 Managed Switch User Manual

Note

Subnet masks are used to deﬁne subnets (what you get after dividing a network into smaller pieces). A subnetʼs network ID is created by “borrowing” one or more bits from the host ID portion of the address. The subnet mask identiﬁes these host ID bits.

For example, consider a class C network 192.168.1. To split this into two subnets, you would use the subnet mask:

255.255.255.128

Itʼs easier to see whatʼs happening if we write this in binary:

11111111. 11111111. 11111111.10000000

As with any class C address, all of the bits in ﬁeld1 through ﬁeld 3 are part of the network ID, but note how the mask speciﬁes that the ﬁrst bit in ﬁeld 4 is also included. Since this extra bit has only two values (0 and 1), this means there are two subnets. Each subnet uses the remaining 7 bits in ﬁeld4 for its host IDs, which range from 0 to 127 (instead of the usual 0 to 255 for a class C address).

Similarly, to split a class C network into four subnets, the mask is:

255.255.255.192 or 11111111. 11111111. 11111111.11000000

The two extra bits in Field 4 can have four values (00, 01, 10, 11), so there are four subnets. Each subnet uses the remaining six bits in ﬁeld4 for its host IDs, ranging from 0 to 63.

Sometimes a subnet mask does not specify any additional network ID bits, and thus no subnets. Such a mask is called a default subnet mask. These masks are:

Class A: 255.0.0.0

Class B: 255.255.0.0

Class C: 255.255.255.0

These are called default because they are used when a network is initially conﬁgured, at which time it has no subnets.