Black Box LIG1014A, LIE1014A User Manual

Industrial Managed Gigabit Ethernet Switch

User Manual

LIG1014A

LIE1014A

Contact

Information

Order toll-free in the U.S. or for FREE technical support: Call 877-877-BBOX (outside U.S. call 724-746-5500) www.blackbox.com • info@blackbox.com

Industrial Managed Gigabit Ethernet Switch User Manual

Trademarks Used in this Manual

Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc.

Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners.

We‘re here to help! If you have any questions about your application

or our products, contact Black Box Tech Support at 877-877-2269

or go to blackbox.com and click on “Talk to Black Box.”

You’ll be live with one of our technical experts in less than 60 seconds.

Page 2

877-877-2269 | blackbox.com

Industrial Managed Gigabit Ethernet Switch User Manual

Federal Communications Commission and Industry Canada Radio Frequency Interference Statements

This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause inter ference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment. Operation of this equipment in a residential area is likely to cause interference, in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference.

Changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

This digital apparatus does not exceed the Class A limits for radio noise emis sion from digital apparatus set out in the Radio Interference Regulation of Industry Canada.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la classe A prescrites dans le Règlement sur le brouillage radioélectrique publié par Industrie Canada.

Disclaimer:

Black Box Network Services shall not be liable for damages of any kind, including, but not limited to, punitive, consequential or cost of cover damages, resulting from any errors in the product information or specifications set forth in this document and Black Box Network Services may revise this document at any time without notice.

877-877-2269 | blackbox.com

Page 3

Industrial Managed Gigabit Ethernet Switch User Manual

Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement)

1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado.

2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura.

3. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación deben ser respetadas.

4. Todas las instrucciones de operación y uso deben ser seguidas.

5. El aparato eléctrico no deberá ser usado cerca del agua—por ejemplo, cerca de la tina de baño, lavabo, sótano mojado o cerca de una alberca, etc.

6. El aparato eléctrico debe ser usado únicamente con carritos o pedestales que sean recomendados por el fabricante.

7. El aparato eléctrico debe ser montado a la pared o al techo sólo como sea recomendado por el fabricante.

8. Servicio—El usuario no debe intentar dar servicio al equipo eléctrico más allá a lo descrito en las instrucciones de operación. Todo otro servicio deberá ser referido a personal de servicio calificado.

9. El aparato eléctrico debe ser situado de tal manera que su posición no interfiera su uso. La colocación del aparato eléctrico sobre una cama, sofá, alfombra o superficie similar puede bloquea la ventilación, no se debe colocar en libreros o gabinetes que impidan el flujo de aire por los orificios de ventilación.

10. El equipo eléctrico deber ser situado fuera del alcance de fuentes de calor como radiadores, registros de calor, estufas u otros

aparatos (incluyendo amplificadores) que producen calor.

11. El aparato eléctrico deberá ser connectado a una fuente de poder sólo del tipo descrito en el instructivo de operación, o como

se indique en el aparato.

12. Precaución debe ser tomada de tal manera que la tierra fisica y la polarización del equipo no sea eliminada.

13. Los cables de la fuente de poder deben ser guiados de tal manera que no sean pisados ni pellizcados por objetos colocados

sobre o contra ellos, poniendo particular atención a los contactos y receptáculos donde salen del aparato.

14. El equipo eléctrico debe ser limpiado únicamente de acuerdo a las recomendaciones del fabricante.

15. En caso de existir, una antena externa deberá ser localizada lejos de las lineas de energia.

16. El cable de corriente deberá ser desconectado del cuando el equipo no sea usado por un largo periodo de tiempo.

17. Cuidado debe ser tomado de tal manera que objectos liquidos no sean derramados sobre la cubierta u orificios de ventilación.

18. Servicio por personal calificado deberá ser provisto cuando:

A: El cable de poder o el contacto ha sido dañado; u B: Objectos han caído o líquido ha sido derramado dentro del aparato; o C: El aparato ha sido expuesto a la lluvia; o D: El aparato parece no operar normalmente o muestra un cambio en su desempeño; o E: El aparato ha sido tirado o su cubierta ha sido dañada.

Page 4

877-877-2269 | blackbox.com

Industrial Managed Gigabit Ethernet Switch User Manual

Disclaimer:

Quick Study: Condensed Explanation of Terms Used in this Manual

Terms related to network access rights:

ACL (Access Control List): List of Access Control Entries (ACEs). Each ACE specifies the access rights of a device.

QoS (Quality of Service): Method to allocate priority of bandwidth per device on a network.

WRR (Weighted Round-Robin): Network scheduling method that gives each packet its own packet queue.

SP-WRR (Strict Priority Weighted Round-Robin): Packets identified by QoS class and priority queues. Helps to determine

which packets are transmitted first on a network.

ToS (Type of Service): Specifies a data packet's priority for transmission over a network.

Terms related to location:

MAC (Media Access Control) Address: A computer's unique hardware identification number.

VLAN (Virtual Local Area Network: A network with flexible logical connections (vs. physical connections) between LANs.

Commonly used with IP cameras, VoIP phones, and wireless (Wi-Fi, Bluetooth) applications.

Dual Ring: A network redundant technology where nodes are connected using two rings with four branches. Use for small networks that are not frequently reconfigured.

IP (internet Protocol) Address: Number that identifies a host or or network interface location.

Terms related to data security:

802.1x Authentication: Ensures integrity of the data being transferred on a network.

Dual Homing: Provides a redundant network interface for added security.

Terms related to OSI layers:

Open Systems Interconnection (OSI): Lists the communication functions of a computing system without considering internal

structure and technology.

IGMP (Internet Group Management Protocol): Used to discover and manage multicast groups. IGMP is part of the Network layer in the OSI communication model.

Terms related to data traffic:

L4: In an L4 switch, data traffic is prioiritized by application, using a hardware-switching technology that can distinguish between

HT TP, FT P, o r V o IP.

POE (Power Over Ethernet): Technology that enables both data and power signals to be transmitted over one cable.

RSTP (Rapid Spanning Tree Protocol): Prevents loops on an Ethernet network. Protects your network from “hanging” caused

by endless data loops.

Multicast Group: Used for streaming media applications on the internet and private networks.

Ring Protection: A ring is a network with two paths between any two nodes on the network. Ring protection ensures that one

of the two paths are not broken if the other path fails.

SNMP (Simple Network Management Protocol): Internet standard protocol used to collect and organize information from managed devices on an IP network.

877-877-2269 | blackbox.com

Page 5

Table of Contents

1. Specifications ................................................................................................................................................... 8

2. Overview ..................................................................................................................................................11

2.1 Introduction ..........................................................................................................................................11

2.2 Features ................................................................................................................................................11

2.3 What's Included ................................................................................................................................... 12

2.4 Additional Items You May Need .......................................................................................................... 12

2.5 Hardware Description .......................................................................................................................... 12

2. 5.1 LI G1014A .................................................................................................................................. 12

2.5.2 LI E1014A ................................................................................................................................... 13

3. Connecting to Your Industrial Managed Gigabit Ethernet Switch .................................................................. 14

3.1 Connecting to Your Switch via a Serial Console .................................................................................. 14

3.2 Connecting to the Switch via Telnet .................................................................................................... 17

3.3 Connecting to the Switch via a Web Browser ..................................................................................... 18

4. Switch Functions ............................................................................................................................................ 19

4.1 VLAN Application Guide ..................................................................................................................... 19

4.1.1 Explanation of VLAN (Virtual LAN) ........................................................................................... 19

4.1.2 Example 1: Default VLAN Settings ............................................................................................ 19

4.1.3 Example 2: Port-Based VLANs .................................................................................................. 20

4.1.4 Example 3: IEEE 802.1Q Tagging ............................................................................................... 22

4.2 Security Application Guide .................................................................................................................. 24

4.2.1 Explanation of ACL (Access Control List) ................................................................................... 24

4.2.2 Case 1: ACL for MAC Addresses .............................................................................................. 24

4.2.3 Case 2: ACL for IP Addresses .................................................................................................... 35

4.2.4 Case 3: ACL for L4 Port ............................................................................................................ 35

4.2.5 Case 4: ACL for ToS .................................................................................................................. 35

4.3 Ring Protection Application Guide ....................................................................................................... 36

4.3.1 Explanation of Ring Protection .................................................................................................. 36

4.3.2 Configuration (Console) ............................................................................................................ 37

4.3.3 Configuration (Web GUI) .......................................................................................................... 38

4.3.4 Dual Ring .................................................................................................................................. 43

4.3.5 Dual Homing ............................................................................................................................. 46

4.4 QoS Application Guide ........................................................................................................................ 47

4.4.1 Explanation of QoS ................................................................................................................... 47

4.4.2 SP/SPWRR/WRR ........................................................................................................................ 47

4.4.3 Example 1: SPQ Without Shaping (Default Profile) ................................................................... 47

4.4.4 Example 2: SPQ With Shaping .................................................................................................. 50

4.4.5 Example 3: WRR ....................................................................................................................... 53

4.4.6 Example 4: SP-WRR .................................................................................................................. 57

4.5 IGMP Application Guide ...................................................................................................................... 64

4.5.1 Explanation of IGMP ................................................................................................................. 64

4.5.2 Configuring VLC on an IGMP Server......................................................................................... 68

4.5.3 Configuring VLC on an IGMP Client ......................................................................................... 71

4.6 801.1x Authentication Guide ............................................................................................................... 73

4.6.1 Explanation of 802.1x Authentication ....................................................................................... 73

4.6.2 802.1x Timer in Industrial Managed Gigabit Ethernet Switch .................................................... 73

4.6.3 Configuration in RADIUS Server ................................................................................................ 73

Page 6

877-877-2269 | blackbox.com

Table of Contents

5. Hardware Quick Setup Guide ........................................................................................................................77

5.1 What's Included ................................................................................................................................... 77

5.2 Mounting the Switch on a DIN Rail ..................................................................................................... 77

5.3 Mounting the Switch on a Wall ........................................................................................................... 78

5.4 Ethernet Interface ................................................................................................................................ 78

5.4.1 RJ - 45 ........................................................................................................................................ 78

5.4.2 Fiber SFP ................................................................................................................................... 79

5.5 Connecting the Power Terminal Block ................................................................................................. 79

5.6 Alarm Relay and Ground ..................................................................................................................... 80

5.7 Console Connection ............................................................................................................................ 81

5.8 Connect and Login to Managed Switch .............................................................................................. 81

5.9 CLI Initialization and Configuration ...................................................................................................... 81

5.10 Indicators ............................................................................................................................................. 82

877-877-2269 | blackbox.com

Page 7

Chapter 1: Specifications

1. Specifications

Ethernet

Operating Mode Store and forward, L2 wire-speed/non-blocking switching engine

MAC Addresses 8K

Jumbo Frames 9K Bytes

Copper RJ-45 Ports

Speed 10/100/1000 Mbps

MDI/MDIX Auto-Crossover Supports straight-through or cross-pinned cables

Auto-negotiating 10/100/1000 Mbps speed auto-negotiation; Full- and half-duplex

Ethernet isolation 1500 VRMS 1 minute

SFP (Pluggable) Ports

Port Types Supported SFP (pluggable) Ports 100/1000BASE SFP slot Supports 100/1000BASE-T SFP transceiver

Fiber Port Connector LC typically for fiber (depends on module)

Optimal Fiber Cable 50- or 62.5/125-μm for multimode (MM);

8- or 9/125-μm for single mode (SM)

Network Redundancy

Fast Failover Protection Rings Link loss recovery < 20 ms,

Single and multiple rings supported

Spanning Tree Protocol IEEE 802.1D STP, IEEE 802.1w RSTP, IEEE 802.1s MSTP

Port Trunk with LACP Static trunk or Dynamic via LACP (Link Aggregation Control Protocol)

Bridge, VLANs, and Protocols

Flow Control IEEE 802.3x (Full Duplex) and Back-Pressure (Half Duplex)

VLAN Types Port-based VLANs,

IEEE 802.1Q tag-based VLANs, IEEE 802.1ad Double Tagging (Q in Q)

Multicast Protocols IGMP v1, v2,

IGMP snooping and querying, Immediate leave and leave proxy, Throttling and filtering

LLDP IEEE 802.1ab Link layer Discovery Protocol (LLDP)

Traffic Management and QoS

Priority IEEE 802.1p QoS

Number of Queues per Port 8

Scheduling Schemes SPQ, WRR

Traffic Shaper Port-based shaping

Security

Port Security IP and MAC-based access control,

IEEE 802.1x authentication Network Access Control

Power

Power Input Redundant Input Terminals

Input Voltage Range LIG1014A, LIE1014A (without PoE): 12–58 VDC

LIE1014A (with PoE): 46–58 VDC

Maximum Power Consumption

LIG1014A: 17 W, LIE1014A (without PoE): 14 W, LIE1014A (with PoE): 265 W

Page 8

877-877-2269 | blackbox.com

Chapter 1: Specifications

Power (continued)

Reverse Power Protection Yes

Total PoE Output Power Budget 240 watts

PoE PSE Port Output Power Management

Transient Protection > 15,000 watts peak

Indicators (LEDs)

Power Status LED Indicates power input status

Ethernet Port LED Link and Speed

Management

User Management Interfaces CLI (command-line interface),

Management Security HTTPs, SSH,

Upgrade and Restore Configuration Import/Export,

Diagnostic Syslog,

MIBs RMON 1,2,3,9; Q-Bridge MIB,,

DHCP Client, Server, Relay, Snooping, Option 82

NTP/SNTP Yes

Environment

Operating Temperature Range -40 to +167° F (-40 to +75° C) (cold startup at -40° C)

Storage Temperature Range -40 to +185° F (-40 to +85° C)

Humidity (non-condensing) 5 to 95% RH

Approvals

Certification Compliance CE / FCC; EN-50121- 4

Electrical Safety CSA C22, EN61010-1, CE

EMC FCC Part 15, CISPR 22 (EN55022) Class A,

MTBF > 25 years

RoHS and WEEE RoHS (Pb free) and WEEE compliant

Mechanical

Connectors LIG1014A: (10) RJ-45 10/100/1000BASE-T(X), (4) 100/1000BASE SFP;

Ingress Protection IP30

Installation Options DIN-Rail mounting, Wallmounting

Dimensions LIG1014A: 6"H x 2.4"W x 4.3"D (15.4 x 6 x 10.9 cm);

Weight LIG1014A: 2.4 lb. (1.1 kg);

Scheduling; power control; PoE PD power consumption monitoring

Web-based Management, SNMP v1, v2c, Telnet (5 sessions)

Radius Client for Management

Firmware Upgrade

Per VLAN mirroring, SFP with DDM (Digital Diagnostic Monitoring)

RFC 1213 MIB-II, RFC 4188 Bridge MIB

IEC61000-4-2, -3, -4, -5, -6

LIE1014A: (8) RJ-45 10/100/1000BASE-T(X), (4) 100/1000BASE SFP

LIE1014A: 6.1"H x 3.0"W x 5"D (15.4 x 7.7 x 12.8 cm)

LIE1014A: 3.1 lb. (1.4 kg)

877-877-2269 | blackbox.com

Page 9

Chapter 1: Specifications

System Statistics

Function Name System Maximum Value

VLAN ID 4096

VLAN Limitation 1024

Privilege Level of User 15

RMON Statistic Entry 65535

RMON Alarm Entry 65

RMON Event Entry 65535

IPMC Profile 64

IPMC Rule / Address Entry 128

ACE 256

ICMP Type / Code 255

RADIUS Server 5

TACACS + Server 5

MAC-based VLAN Entry 256

IP subnet-based VLAN Entry 128

Protocol-based VLAN Group 125

Voice VLAN OUI 16

QCE 256

IP Interface 8

IP Route 32

Security Access Management 16

MVR VLAN 4

MAC Learning table address 8k

IGMP Group 256

Page 10

877-877-2269 | blackbox.com

Chapter 2: Overview

2. Overview

2.1 Introduction

The Industrial Managed Gigabit Ethernet Switch is a high-quality switch that operates in a wide temperature range and an extended power input range. The switch features advanced VLAN and QoS features. It’s ideal for harsh environments and mission-critical applications.

Table 2-1. Available models

Component LIG1014A LIE1014A (PoE)

Total Gigabit Ethernet Ports

10/100 /1000BASE-T(X) 10 8

100/1000BASE SFP 4 4

Power over Ethernet

The LIE1014A switch supports Power over Ethernet compliant to the IEEE 802.3af and IEEE 802.3at standard on all copper ports. The switch can power standard PoE PD devices with up to 30 watts per port along with the Ethernet data on standard Ethernet cabling.

Multi-rate SFP slots

Multi-rate SFP slots enable you to mix-and-match 100-Mbps and 1-Gbps SFP Modules for either multi- or single-mode as needed. If requirements change, just replace the SFP module and protect your switch investment.

Power

The switches are powered from 12- to 58-VDC. The PoE model (LIE1014A) needs 48 VDC for 802.3af and a minimum of 53 VDC for 802.3at.

Extended temperature range

All models are tested and released for operating temperatures from -40° up to +75° Celsius. They passed shock, vibration, and freefall test and comply with the IEC600068-2-6, -27 and -32 standards.

Management

The switches offer powerful features including Layer 3 routing and management with all advanced filter and multicast algorithms needed today to easily prioritize, partition, and organize a reliable high-speed network.

14 12

2.2 Features

• Provide (8) or (10) 10/100/1000 ports plus (4) multi-rate SFP slots.

• LIE1014A model uses Power over Ethernet Plus to deliver 30 watts power per port to remote PD devices.

• Extended temperature range: -40° to +75°C.

• L2 wire speed switching.

• 12- to 58-VDC dual input, reverse polarity.

• IP30 industrial design.

• DIN-rail mountable.

• Shock, vibration and freefall test to IEC60068-2-6, -27, -32.

• EMC approval acc. to IEC61000-4-2, -3, -4, -5, -6 (Level 3).

877-877-2269 | blackbox.com

Pa g e 11

Chapter 2: Overview

2.3 What's Included

Your package should contain the following items. If anything is missing or damaged, contact Black Box Technical Support at 877-877-2269 or info@blackbox.com.

LIG1014A:

• Industrial Managed Gigabit Ethernet Switch with (10) 10/100/1000BASE-T(X) ports and (4) 100/1000BASE SFP ports.

• Printed Quick Start Guide

LIE1014A:

• Industrial Managed Gigabit PoE Ethernet Switch with (8) 10/100/1000BASE-T(X) ports and (4) 100/1000BASE SFP ports.

• Printed Quick Start Guide

2.4 Additional Items You Will Need

• SFP modules

Table 2-2 lists compatible SFP modules (ordered separately). These modules install in the SFP slots on the managed switch.

Table 2-2. Compatible SFP modules.

Part Number Description

LF P411 SFP/1250 Extended Diagnostics, LC multimode, 850 nm, 550 m

LFP412 SFP/1250 Extended Diagnostics, LC multimode, 1310 nm, 2 km

LFP413 SFP/1250 Extended Diagnostics, LC single-mode, 1310 nm, 10 km

LFP414 SFP/1250 Extended Diagnostics, LC single-mode, 1310 nm, 40 km

LFP401 SFP/155 Extended Diagnostics, LC multimode, 850 nm, 2 km

LFP403 SFP/155 Extended Diagnostics, LC single-mode, 1310 nm, 30 km

LFP404 SFP/155 Extended Diagnostics, LC single-mode, 1310 nm, 60 km

LFP402 SFP/155 Extended Diagnostics, LC multimode, 1310 nm, 2 km

LFP418 SFP/1250 Extended Diagnostics, LC single-mode, 1550 nm, 80 km

LFP420 Simplex SFP/1250, Extended Diagnostics, single-mode, 1550 nm TX, 1310 nm RX

2.5 Hardware Description

LIG1014A

3 4 5

Top

Figure 2-1. LIG1014A, Front Panel and Top Panel.

Page 12

Front

877-877-2269 | blackbox.com

Chapter 2: Overview

LIE1014A

Figure 2-2. LIE1014A, Front Panel and Top Panel.

Table 2-3. Components of the LIG1014A and LIE1014A.

Number in Figures

Component LIG1014A LIE1014A (PoE) Function

2-1 and 2-2

1 (2) Power LEDs (1) P1, (1) P2 (1) P1, (1) P2 Links to power

2 (1) Alarm LED (1) ALM (1) ALM

3 Gigabit Ethernet Copper Ports (10) RJ-45 (8) RJ-45

4 Link LEDs (10) (8)

5 Speed LEDs (10) (8)

6 Gigabit Ethernet SFP ports (4) SFP slots (4) SFP slots

7 Power Input (Dual) via 6-pin

Terminal Block

8 (1) Reset Button (1) Reset

9 Console (RS -232) RJ -45 (1) RJ-45 (1) RJ-45 Links to console

10 POE LED (LIE1014A only) POE port status

11 RR/RS LEDs Device info/status

3 4

Top

Front

(1) Power

877-877-2269 | blackbox.com

Page 13

Chapter 3: Connecting to Your Industrial Managed Gigabit Ethernet Switch

3. Connecting to Your Industrial Managed Gigabit Ethernet Switch

You can connect to your switch in three ways:

1. Via a serial console.

2. Via a Telnet console.

3. Via a Web browser.

NOTE: You can’t connect to a serial console and a Telnet console at the same time. You can connect to the Web console

and a serial or Telnet console at the same time, but we do NOT recommend this.

3.1 Connecting to Your Switch via a Serial Console

You will need:

• Switch

• An RJ-45 female to DB9 or DB25 female cable (not included)

• Serial PC or terminal (not included) with terminal emulation software installed

An example below is shown using the PuTTy terminal emulation program. PuTTy is an open-source SSH and Telnet client.

STEP 1: Physically connect the switch to the serial console.

Using the RJ-45 female to DB9 or DB25 female cable (not included), connect the DB9 or DB25 serial console port to the switch.

STEP 2: Check to see if a terminal emulation program is installed on the PC. If it is not, install it now.

Launch PuTTy. Select Terminal from the menu on the left side of the screen. Select the key sequences, application keypad settings, and extra keyboard features. Next, click Open.

Page 14

Figure 3-1. Select terminal screen.

877-877-2269 | blackbox.com

Chapter 3: Connecting to Your Industrial Managed Gigabit Ethernet Switch

STEP 3: Once you go back to the session, select the Connection type as Serial. Fill in the Serial line and Speed fields

with COM port and speed to be used. Click Only on clean exit, then click Open.

Figure 3-2. PuTTy options screen.

STEP 4: Select Connection —> Serial from the left-hand column. The screen below appears.

Figure 3-3. Local serial lines connections options.

877-877-2269 | blackbox.com

Page 15

Chapter 3: Connecting to Your Industrial Managed Gigabit Ethernet Switch

Enter these values in the screen:

• Serial line: the COM port you are using

• Speed (baud) rate: 115,200 bps

• Data bits: 8

• Stop bits: 1

• Parity: None

• Flow control: None

Once you are done, click Open and then press Enter.

STEP 5: The serial console prompts you to log in. Enter the default username and password:

Username: admin

Password: (none)

NOTE: The password is left blank. To login, simply type admin in the Username field, then press Enter. The cursor will jump to the

Password field. Press Enter again.

STEP 6: The CLI prompt of the Switch’s serial console appears. Use the CLI Guide to find your way around the CLI.

Table 3-1. Keyboard functions.

Key Function

Up, down, right, or left arrow keys, Tab Move the cursor on-screen

Enter Press this key to select options

Space Press to toggle between settings.

Esc Go to the previous menus

Page 16

877-877-2269 | blackbox.com

Chapter 3: Connecting to Your Industrial Managed Gigabit Ethernet Switch

3.2 Connecting to the Switch via Telnet

NOTE: The PC host and the switch must be on the same logical subnet. See the table below.

Table 3-2. Default IP addresses of the switch and PC host.

IP Address Subnet Mask

Switch 192.0.2.1 255.255.255

PC Host 192.0.2.xxx 255.255.255.0

NOTE: The switch’s default IP address is 192.0.2.1

STEP 1: Using a straight-through or crossover cable, connect the switch’s RJ-45 Ethernet port to your Ethernet LAN or to your PC’s Ethernet port.

NOTE: It does not matter if the Ethernet cable is pinned straight-through or cross-pinned; the switch supports Auto MDI-X.

STEP 2: From the Windows Run menu, click Start—>Run.

STEP 3: Type in the Switch’s default IP address: 192.0.2.1

STEP 4: A telnet prompt appears. Select the terminal type.

STEP 5: Log in using the switch’s default username and password:

Username: admin

Password: (none)

NOTE: The password is left blank. To login, simply type admin in the Username field, then press Enter. The cursor will jump to the

Password field. Press Enter again.

The main menu of the switch’s Telnet console appears.

877-877-2269 | blackbox.com

Page 17

Chapter 3: Connecting to Your Industrial Managed Gigabit Ethernet Switch

3.3 Connecting to the Switch via a Web Browser

NOTE: The PC host and the switch must be on the same logical subnet. See the table below.

Table 3-3. Default IP addresses of the switch and PC host.

IP Address Subnet Mask

Switch 192.0.2.1 255.255.255

PC Host 192.0.2.xxx 255.255.255.0

STEP 1: Using a straight-through or crossover cable, connect the switch’s RJ-45 Ethernet port to your Ethernet LAN or to your

PC’s Ethernet port.

STEP 2: Open the switch’s web console. Enter the switch’s IP address in the Address or URL field. The default IP address is 192.0.2.1.

STEP 3: The web console login screen will appear. Enter the usernameand password.

Username: admin

Password: (none)

NOTE: The password is left blank. To login, simply type admin in the Username field, then press Enter. The cursor will jump to the

Password field. Press Enter again. If you don’t want to create a password, just press Enter.

Page 18

877-877-2269 | blackbox.com

Chapter 4: Switch Functions

4. Switch Functions

4.1 VLAN Application Guide

4.1.1 Explanation of VLAN (Virtual LAN)

You can increase the efficiency of your network by dividing it into local segments (VLANs) instead of physical segments. A VLAN (Virtual LAN) is a group of devices that you can place anywhere on a network without being restricted by physical connections (a limitation of a traditional physical network). VLANs enable you to segment your network into groups, for example, departmental, hiercrchial, or usage groups. A VLAN segments a network to make it more flexible than a physical network. VLANs make it easy to relocate devices on networks (no physical cable moves). VLANs also give your network extra security and help control network traffic.

The Industrial Managed Gigabit Ethernet Switch supports up to 2048 VLANs. Ports are grouped into broadcast domains by assigning them to the same VLAN. Frames received on a VLAN can only be forwarded within that VLAN, and multicast frames and unknown unicast frames are flooded only to ports in the same VLAN.

4.1.2 Example 1: Default VLAN Settings

Each port in the LIG1014A/LIE1014A Switch has a configurable default VLAN number, known as its PVID. This places all ports on the same VLAN initially, although each port PVID is configurable to any VLAN number between 1 and 4094.

The default configuration settings for the switch have all ports set as untagged members of VLAN 1 with all ports configured as PVID =1. In default configuration example shown in the following figure, all incoming packets are assigned to VLAN 1 by the default port VLAN identifier (PVID=1).

Figure 4-1. Default VLAN Settings.

877-877-2269 | blackbox.com

Page 19

Chapter 4: Switch Functions

4.1.3 Example 2: Port-based VLANs

When the LIG1014/LIE1014A receives an untagged VLAN packet, it will add a VLAN tag to the frame according to the PVID setting on a port. As shown in the following figure, the untagged packet is marked (tagged) as it leaves the LIG1014/LIE1014A through Port 2, which is configured as a tagged member of VLAN100. The untagged packet remains unchanged as it leaves the LIG1014/LIE1014A through Port 7, which is configured as an untagged member of VLAN100.

Figure 4-2. Port-Based VLAN.

Configuration:

STEP 1: Go to Configuration -> VLANs -> Port VLAN configuration and configure PVID 100 on Port 1, Port 2, and Port 7.

Figure 4-3. Configure PVID.

STEP 2. Select Configuration -> VLAN -> Static VLAN. Create a VLAN with VLAN ID 100. Enter a VLAN name in the Name field.

STEP 3. Assign a VLAN tag setting to or remove it from a port by toggling the checkbox under an individual port number. The

tag settings determine if packets that are transmitted from the port tagged or untagged with the VLAN ID. The possible tag settings are:

• Tag All : Specifies that the egress packet is tagged for the port.

• Untag port vlan: Specifies that the egress packet is untagged for the port.

• Untag All: Specifies that all frames, whether classified to the Port VLAN or not, are transmitted without a tag.

Page 20

877-877-2269 | blackbox.com

Chapter 4: Switch Functions

Here we set tagged VLAN100 on Port 1 and Port 2, untagged VLAN100 on Port 7.

Figure 4-4. Set tagged and untagged VLAN on ports.

STEP 4: Transmit untagged unicast packets from Port 1 to Port 2 and Port 7. The LIG1014/LIE1014A should tag a packet with VID

100. The packet has access to Port 2 and Port 7. The outgoing packet is stripped of its tag to leave Port 7 as an untagged packet.

For Port 2, the outgoing packet leaves as a tagged packet with VID 100.

STEP 5: Transmit untagged unicast packets from Port 2 to Port 1 and Port 7. The LIG1014/LIE1014A should tag a packet with VID

100. The packet has access to Port 1 and Port 7. The outgoing packet is stripped of its tag to leave Port 7 as an untagged packet.

For Port 1, the outgoing packet leaves as a tagged packet with VID 100.

STEP 6: Transmit untagged unicast packets from Port 7 to Port 1 and Port 2. The LIG1014/LIE1014A should tag a packet with VID

100. The packet has access to Port 1 and Port 2. For Port 1 and Port 2, the outgoing packet leaves as a tagged packet with VID

100.

STEP 7: Repeat step 4 using broadcast and multicast packets.

CLI Commands

vlan 1 vlan 100 interface GigabitEthernet 1/1 switchport access vlan 100 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport trunk vlan tag native switchport mode trunk exit interface GigabitEthernet 1/2 switchport access vlan 100 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport trunk vlan tag native switchport mode trunk exit interface GigabitEthernet 1/7 switchport access vlan 100 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport mode trunk exit

877-877-2269 | blackbox.com

Page 21

Chapter 4: Switch Functions

4.1.4 Example 3: IEEE 802.1Q Tagging

LIG1014/LIE1014A is able to construct a layer-2 broadcast domain by identifying a VLAN ID specified by IEEE 802.1Q. It forwards a frame between bridge ports assigned to the same VLAN ID and can set multiple VLANs on each bridge port.

In the following figure, the tagged incoming packets are assigned directly to VLAN 100 and VLAN 200 because of the tag assignment in the packet. Port 2 is configured as a tagged member of VLAN 100, and Port 7 is configured as an untagged member of VLAN 200. Hosts in the same VLAN communicate with each other as if they were in a LAN. However, hosts in different VLANs cannot communicate with each other directly.

Figure 4-5. IEEE 801.1Q Tagging.

In this case:

1. The hosts from Group A can communicate with each other.

2. The hosts from Group B can communicate with each other.

3. The hosts of Group A and Group B can’t communicate with each other.

4. Both the Group A and Group B can go to the Internet through the LIE1014A/LIG1014A.

Page 22

877-877-2269 | blackbox.com

Chapter 4: Switch Functions

Configuration:

STEP 1: Go to Configuration -> VLANs -> Port VLAN configuration page and specify the VLAN membership as follows:

Figure 4-6. Specify VLAN membership.

STEP 2: Transmit unicast packets with VLAN tag 100 from Port 1 to Port 2 and Port 7. The LIG1014/LIE1014A should tag a packet with VID 100. The packet only has access to Port 2. For Port 2, the outgoing packet leaves as a tagged packet with VID 100.

STEP 3: Transmit unicast packets with VLAN tag 200 from Port 1 to Port 2 and Port 7. The LIG1014/LIE1014A should tag a packet with VID 200. The packet only has access to Port 7. The outgoing packet on Port 7 is stripped of its tag as an untagged packet.

STEP 4: Transmit unicast packets with VLAN tag 100 from Port 2 to Port 1 and Port 7. The LIG1014/LIE1014A should tag a packet with VID 100. The packet only has access to Port 1. For Port 1, the outgoing packet leaves as a tagged packet with VID 100.

STEP 5: Transmit unicast packets with VLAN tag 200 from Port 7 to Port 1 and Port 2. The LIG1014/LIE1014A should tag a packet with VID 200. The packet only has access to Port 1. The outgoing packet on Port 1 will leave as a tagged packet with VID 200.

STEP 6: Repeat the above steps using broadcast and multicast packets.

CLI Command:

vlan 1 vlan 100

interface GigabitEthernet 1/1 switchport access vlan 100 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport trunk vlan tag native switchport mode trunk exit

interface GigabitEthernet 1/2 switchport access vlan 100 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport trunk vlan tag native switchport mode trunk exit

877-877-2269 | blackbox.com

Page 23

Chapter 4: Switch Functions

interface GigabitEthernet 1/7 switchport access vlan 100 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport mode trunk exit

4.2 Security Application Guide

4.2.1 Explanation of ACL (Access Control List)

Access Control List (ACL) is a traffic filter for ingress and egress packets. It checks each Ethernet packet and filters/forwards it to its destination. ACL settings might include the packet's source or destination IP address, packet's source or destination MAC address, IP protocols, and more. ACL examines these values to permit or access a packet.

The LIG1014A/LIE1014A's ACL function supports access control security for MAC address, IP address, Layer 4 Port, and Type of Service. Each has five actions: Deny, Permit, Queue Mapping, CoS Marking, and Copy Frame. You can set the default ACL rule to Permit or Deny. For details about the switch's ACL function, see the following table.

Table 4-1. Default ACL Rule Actions.

Deny Permit Queue Mapping CoS Marking Copy Frame

Permit (a) (b) (c) (d) (e)

Deny (f) (g) (h) (i) (j)

Below is a description of the ACL rules listed in Table 4-1 that the switch uses:

(a): Permit all frames, but deny frames set in ACL entry.

(b): Permit all frames.

(c): Permit all frames, and map queues of the transmitting frames.

(d): Permit all frames, and change the CoS value of the transmitting frames.

(e): Permit all frames, and copy a frame set in ACL entry to a defined GE port.

(f): Deny all frames.

(g): Deny all frames, but permit frames set in ACL entry.

(h): Deny all frames.

(i): Deny all frames.

(j): Deny all frames, but to copy frame which set in ACL entry to a defined GE port.

4.2.2 Case 1: ACL for MAC address

The MAC address ACL filters source MAC address, destination MAC address, or both. When it filters both MAC addresses, packets for both rules take effect. In other words, the switch does not filter MAC addresses if it only complies with the rule for one of the two MAC addresses.

To filter only one directional MAC address, set the other MAC address to all zeros. The switch can also filter VLAN and Ether type. If you don't want to filter VLAN and Ether type, set them both to all zeros.

Page 24

877-877-2269 | blackbox.com

Chapter 4: Switch Functions

• Case 1: Permit all frames, but deny frames set in ACL entry.

Set the default ACL Rule of GE port to “Permit”, then bind a suitable profile with “deny” for ACL. The GE port can pass through all packets except for the ACL entry of the bound profile.

Filter One MAC Address, but Deny Filtering for One VLAN

To filter one directional MAC address with one VLAN denied filtering, follow the steps listed next:

STEP 1: Create a new ACL Profile. (Profile Name: DenySomeMac)

Figure 4-7. Create new ACL profile screen.

STEP 2: Create a new ACL Entry rule under this ACL profile. (Deny MAC: 11 and VLAN: 4)

STEP 3: Bind this ACL profile to a GE port. (Port 4)

Figure 4-8. Bind the ACL profile to a Gigabit Ethernet port screen.

877-877-2269 | blackbox.com

Page 25

Chapter 4: Switch Functions

STEP 4: Send frames between Port 3 and Port 4, and see the test result.

LIE1014A

Figure 4-9. Test result: frames sent betwen Port 3 and Port 4.

CLI Commands:

access-list ace 1 ingress interface GigabitEthernet 1/4 policy 1 vid 4 frametype etype smac 00-00-00-00-00-11 action deny exit interface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native ! interface GigabitEthernet 1/4 switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativevlan 4 exit

Filter Two Directional MAC Addresses, with Filtering Denied to All VLANs

LIE1014A

Follow these steps:

STEP 1: Create a new ACL Profile. (Profile Name: DenySomeMac)

Figure 4-10. Create new ACL profile.

Page 26

877-877-2269 | blackbox.com

+ 58 hidden pages

Black Box LIG1014A, LIE1014A User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual