The ComNet™ CNGE12MS is a 12-port Managed Ethernet Switch designed to
reliably operate in harsh, environmentally challenging applications. It features
four (4) 1000BASE-X and eight (8) gigabit combo ports. The eight combo ports are
10/100/1000Mbps configurable for either CAT5-e copper, or multimode or singlemode optical fiber by the use of optional ComNet SFPs*. Exclusive to ComNet is C-Ring,
a feature that protects the network from interruptions or temporary malfunctions with
fast recovery technology. Legacy ring allows the switch to be used in an existing
ring of ComNet X-Ring enabled switches. Redundant DC inputs are included for
uninterrupted operation in the event of a power supply failure. The electrical ports
support the 10/100/1000Mbps Ethernet IEEE802.3 protocol, and auto-negotiating
and auto-MDi/MDiX features are provided. These network-managed layer 2 switches
are optically and electrically compatible with any IEEE802.3 compliant Ethernet device.
The CNGE12MS is DIN-rail or wall-mountable.
Rev. 12.17.12
Page 2
INSTALLATION AND OPERATION MANUAL CNGE12MS
Contents
Regulatory Compliance Statement 3
Warranty 3
Disclaimer 3
Safety Information 3
Overview 4
Introduction 4
Software Features 5
Hardware Features 5
Hardware Installation 6
Installing the Switch on DIN-Rail 6
Wall Mounting Installation 8
Hardware Overview 9
Front Panel 9
Front Panel LEDs 10
Top View Panel 10
Rear Panel 11
Cables 12
Ethernet Cables 12
SFP 14
Console Cable 14
WEB Management 16
Command Line Interface Management 85
About CLI Management 85
Technical Specifications 98
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 2
Page 3
INSTALLATION AND OPERATION MANUAL CNGE12MS
Regulatory Compliance Statement
Product(s) associated with this publication complies/comply with all applicable regulations. Please
refer to the Technical Specifications section for more details.
Warranty
ComNet warrants that all ComNet products are free from defects in material and workmanship
for a specified warranty period from the invoice date for the life of the installation. ComNet will
repair or replace products found by ComNet to be defective within this warranty period, with
shipment expenses apportioned by ComNet and the distributor. This warranty does not cover
product modifications or repairs done by persons other than ComNet-approved personnel, and
this warranty does not apply to ComNet products that are misused, abused, improperly installed,
or damaged by accidents.
Please refer to the Technical Specifications section for the actual warranty period(s) of the
product(s) associated with this publication.
Disclaimer
Information in this publication is intended to be accurate. ComNet shall not be responsible for its
use or infringements on third-parties as a result of its use. There may occasionally be unintentional
errors on this publication. ComNet reserves the right to revise the contents of this publication
without notice.
Safety Information
» Only ComNet service personnel can service the equipment. Please contact ComNet Technical
Support.
» The equipment should be installed in locations with controlled access, or other means of
security, and controlled by persons of authority.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 3
Page 4
INSTALLATION AND OPERATION MANUAL CNGE12MS
Overview
Introduction
The CNGE12MS is powerful managed Ethernet switch that has many features. These switches can work
under a wide temperature range, dusty environment and humidity condition They can be managed
by Windows Utility, WEB, TELNET and Console or other third-party SNMP software as well.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 4
Page 5
INSTALLATION AND OPERATION MANUAL CNGE12MS
Software Features
» Redundant Ethernet Ring (Recovery time < 30ms over 250 unit connection)
» Supports Ring Coupling, Dual Homing, RSTP over Ring
» Event notification by Email, SNMP trap and Relay Output
» Windows Utility, Web-based, Telnet and Console (CLI) configuration
» Enable/disable ports, MAC based port security
» Port based network access control (IEEE 802.1x)
» VLAN (IEEE 802.1q) to segregate and secure network traffic
» Radius centralized password management
» SNMPv3 encrypted authentication and access security
» RSTP (IEEE 802.1w)
» Quality of Service (IEEE 802.1p) for real-time traffic
» VLAN (IEEE 802.1q) with double tagging and GVRP supported
» IGMP Snooping for multicast filtering
» Port configuration, status, statistics, mirroring, security
» Remote Monitoring (RMON)
Hardware Features
» Redundant dual DC power inputs
» Wide Operating Temperature Range: -40º to 75ºC
» Storage Temperature: -40º to 85ºC
» Operating Humidity: 5% to 95%, non-condensing
» Casing: Aluminum
» 8 x Gigabit combo ports with 100/1000BASE-X SFP & 10/100/1000BASE–T(X)
» 4 x 1000BASE-X SFP
» Console Port
» Dimensions (W × D × H) 96.4 × 108.5 × 154 mm (3.8 × 4.2.7 × 6.06 in)
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 5
Page 6
INSTALLATION AND OPERATION MANUAL CNGE12MS
Hardware Installation
Installing the Switch on DIN-Rail
Metal Spring
Each switch has a Din-Rail kit on the rear panel. The DIN-Rail kit affixes the switch to the DIN-Rail.
It is easy to install the switch on the Din-Rail:
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 6
Page 7
INSTALLATION AND OPERATION MANUAL CNGE12MS
Mount Series on DIN-Rail
Step 1: Tilt the switch and mount the metal spring to DIN-Rail.
Step 2: Push the switch toward the DIN-Rail until you hear the spring snap into place
.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 7
Page 8
INSTALLATION AND OPERATION MANUAL CNGE12MS
Wall Mounting Installation
Each switch has another installation method for users to fix the switch. A wall mount panel can be
found in the package. The following steps show how to mount the switch on the wall:
Mounting the CNGE12MS on a Wall
Step 1: Remove Din-Rail kit.
Step 2: Use the 6 included screws to attach the wall mount panel as shown in the diagram below.
The screw specifications are shown in the following two pictures. In order to prevent switches from
being damaged, the screws should not be larger than the size that used in CNGE12MS switch.
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 8
Page 9
INSTALLATION AND OPERATION MANUAL CNGE12MS
Hardware Overview
Front Panel
PortDescription
SFP ports4 1000BASE-X on SFP port
Combo Port8 100/1000BASE-X on SFP port and 8 10/100/1000BASE-T(X)
ConsoleUse RS-232 with RJ-45 connector to manage switch.
1
2
12
3
4
5
6
7
11
10
CN GE12MS
8
9
1. LED for PWR. With PWR UP, the green LED will be light on
2. LED for PWR1
3. LED for PWR2
4. LED for R.M (Ring master). When the LED light is on, it means that this switch is the master.
5. LED for Ring. When the led light is on, it means that C-Ring is activated.
6. LED for Fault. When the light on, it means Power failure or Port down/fail.
7. Console port (RJ-45)
8. 100/1000BASE-X SFP ports (combo)
9. LED for SFP ports link status.
10. LED for Ethernet ports link status.
11. 10/100/1000BASE-T(X) ports (combo)
12. 1000 BASE-X SFP ports
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 9
Page 10
INSTALLATION AND OPERATION MANUAL CNGE12MS
Front Panel LEDs
LEDColorStatusDescription
PWRGreenOnDC power module up
PW1GreenOnDC power module 1 activated.
PW2GreenOnDC Power module 2 activated.
R.MGreenOnRing Master.
RingGreenOnRing enabled.
Slowly blinkingRing has only One link. (lack of one link to build the
ring.)
Fast blinkingRing is working normally.
FaultAmberOnFault relay. Power failure or Port down/fail.
Gigabit Ethernet ports
LNK /ACTGreenBlinkingData transmitted.
Full DuplexAmberOnPort works under full duplex.
Gigabit SFP ports
LNK /ACTGreenBlinkingData transmitted.
OnPort link up.
Top View Panel
The bottom panel component of CNGE12MS is shown as below:
The rear panel components of CNGE12MS are shown below:
1. Screw holes for wall mount kit.
2. Din-Rail kit
1
2
1
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 11
Page 12
INSTALLATION AND OPERATION MANUAL CNGE12MS
Cables
Ethernet Cables
The CNGE12MS switch has standard Ethernet ports. According to the link type, the switch uses
CAT3, CAT4, CAT5 or CAT5-e UTP cables to connect to any other network device (PCs, servers,
switches, routers, or hubs). Please refer to the following table for cable specifications.
CableTypeMax. LengthConnector
10BA SE-TCAT3, CAT4, CAT5 100ΩUTP 100m (328ft)RJ-45
100BASE-TXCAT5 100Ω UTPUTP 100m (328ft)RJ-45
1000BASE-TXCAT5/CAT5-e 100Ω UTPUTP 100m (328ft)RJ-45
Cable Types and Specifications
10/100BASE-T(X) Pin Assignments
With 10/100BASE-T(X) cable, pins 1 and 2 are used for transmitting data, and pins 3 and 6 are
used for receiving data.
Pin NumberAssignment
1TD+
2TD-
3RD+
4Not used
5Not used
6RD-
7Not used
8Not used
10/100 BASE-T RJ-45 Pin Assignments
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 12
Page 13
INSTALLATION AND OPERATION MANUAL CNGE12MS
Pin NumberAssignment
1BI_DA+
2BI_DA-
3BI_DB+
4BI _DC+
5BI_DC-
6BI_DB-
7BI_DD+
8BI_DD-
1000 BASE-T RJ-45 Pin Assignments
The CNGE12MS switch supports auto MDI/MDI-X operation. You can use a straight-through cable
to connect a PC to the switch. The table below shows the 10/100BASE-T(X) MDI and MDI-X port
pin outs.
Pin NumberMDI port MDI-X port
1TD+(transmit)RD+(receive)
2TD-(transmit)RD -(receive)
3RD+(receive)TD+(transmit)
4Not usedNot used
5Not usedNot used
6RD -(receive)TD-(transmit)
7Not usedNot used
8Not usedNot used
10/100 BASE-T MDI/MDI-X pins assignment
Pin NumberMDI port MDI-X port
1BI_DA+BI_DB+
2BI_DA-BI_DB-
3BI_DB+BI_DA+
4BI _DC+BI_DD+
5BI_DC-BI_DD-
6BI_DB-BI_DA-
7BI_DD+BI _DC+
8BI_DD-BI_DC-
1000 BASE-T MDI/MDI-X pins assignment
Note: “+” and “-” signs represent the polarity of the wires that make up each wire pair.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 13
Page 14
INSTALLATION AND OPERATION MANUAL CNGE12MS
SFP
The switch has fiber optic ports with SFP connectors. The fiber optical ports are available with
multi-mode and single-mode fiber with various distance and connector types. Please remember
that the TX port of Switch A should be connected to the RX port of Switch B.
Switch-A Switch-B
Console Cable
CNGE12MS switch can be managed by the console port. The DB-9 to RJ-45 cable can be found in
the package. You can connect them to the PC via a RS-232 cable with DB-9 female connector and
the other end (RJ-45 connector) connects to console port of switch.
PC pin
out (male)
assignment
Pin #2 RDPin #2 TDPin #2
Pin #3 TDPin #3 RDPin #3
Pin #5 GDPin #5 GDPin #5
RS-232 with
DB9 female
connector
DB9 to RJ 45
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 14
Page 15
INSTALLATION AND OPERATION MANUAL CNGE12MS
5
9
DB9 Male
1
1
6
5
6
DB9 Female
9
PinMale ConnectorFemale Connector
1Received Line Signal Detect (Received by DTE
Device)
Received Line Signal Detect (Transmitted
from DCE Device)
2Received Data (Received by DTE Device)Transmitted Data (Transmitted from DCE
Device)
3Transmitted Data (Transmitted from DTE Device)Received Data (Received by DCE Device)
4DTE Ready (Transmitted from DTE Device)DTE Ready (Received by DCE Device)
5Signal GroundSignal Ground
6DCE Ready (Received by DTE Device)DCE Ready (Transmitted from DCE Device)
7Request to Send (Transmitted from DTE Device)Clear to Send (Received by DCE Device)
8Clear to Send (Received by DTE Device)Request to Send (Transmitted from DCE
Device)
9Ring Indicator (Received by DTE Device)Ring Indicator (Transmitted from DCE Device)
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 15
Page 16
INSTALLATION AND OPERATION MANUAL CNGE12MS
WEB Management
Attention: While installing and upgrading firmware, please remove physical loop connection first.
DO NOT power off equipment while the firmware is upgrading!
Configuration by Web Browser
This section details configuration through the Web browser.
About Web-based Management
An embedded HTML web site resides in the flash memory on the CPU board. It contains
advanced management features and allows you to manage the switch from anywhere on the
network through a standard web browser such as Microsoft Internet Explorer.
The Web-Based Management function supports Internet Explorer 5.0 or later. It is based on Java
Applets with an aim to reduce network bandwidth consumption, enhance access speed and
present an easy viewing screen.
Note: By default, IE5.0 or later version does not allow Java Applets to open sockets. You need to
explicitly modify the browser setting in order to enable Java Applets to use network ports.
Preparing for Web Management
The default value is as below:
IP Address: 192.168 .10.1
Subnet Mask: 255.255.255.0
Default Gateway: 192 .168 .10 .254
User Name: admin
Password: admin
System Login
1. Launch Internet Explorer.
2. Type h t t p: //192 .16 8.10.1. Press Enter.
3. The login screen appears.
4. Key in the username and password. The default username and password is admin.
5. Select Enter or OK button, then the main interface of the Web-based management appears.
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 16
Page 17
INSTALLATION AND OPERATION MANUAL CNGE12MS
Login screen
Main Interface
Tech SupporT: 1.888.678.9427
Main interface
INS_CNGE12MS_REV–
09/12/12 PAGE 17
Page 18
INSTALLATION AND OPERATION MANUAL CNGE12MS
Basic Setting
System Information
The switch system information is provided here.
System Information interface
LabelDescription
System ContactThe textual identification of the contact person for this managed
node, together with information on how to contact this person. The
allowed string length is 0 to 255, and the allowed content is the ASCII
characters from 32 to 126.
System NameAn administratively assigned name for this managed node. By
convention, this is the node’s fully-qualified domain name. A domain
name is a text string drawn from the alphabet (A-Z, a-z), digits (0-9),
minus sign (-). No space characters are permitted as part of a name.
The first character must be an alpha character. And the first or last
character must not be a minus sign. The allowed string length is 0 to
255.
System LocationThe physical location of this node(e.g., telephone closet, 3rd floor).
The allowed string length is 0 to 255, and the allowed content is the
ASCII characters from 32 to 126.
Timezone Offset Enter the name of contact person or organization
Provide the time zone offset relative to UTC/GMT.
The offset is given in minutes east of GMT. The valid range is from
-720 to 720 minutes.
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 18
Page 19
INSTALLATION AND OPERATION MANUAL CNGE12MS
Admin & Password
This page allows you to configure the system password required to access the web pages or log
in from the CLI.
LabelDescription
Old PasswordEnter the current system password. If this is incorrect, the new
password will not be set.
New PasswordThe system password. The allowed string length is 0 to 31, and the
allowed content is the ASCII characters from 32 to 126.
Confirm New
Re-type the new password.
password
SaveSelect to save changes.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 19
Page 20
INSTALLATION AND OPERATION MANUAL CNGE12MS
IP Setting
Configure the managed switch IP information on this page.
LabelDescription
DHCP ClientEnable the DHCP client by checking this box. If DHCP fails and the
configured IP address is zero, DHCP will retry. If DHCP fails and the
configured IP address is non-zero, DHCP will stop and the configured
IP settings will be used. The DHCP client will announce the configured
System Name as hostname to provide DNS lookup.
IP AddressAssign the IP address that the network is using. If DHCP client function
is enabling, you do not need to assign the IP address. The network
DHCP server will assign the IP address for the switch and it will be
display in this column. The default IP is 192.168.10.1
IP MaskAssign the subnet mask of the IP address. If DHCP client function is
enabling, you do not need to assign the subnet mask
IP RouterAssign the network gateway for the switch. The default gateway is
192.168 .10 .254
VLAN IDProvide the managed VLAN ID. The allowed range is 1 through 4095.
SNTP ServerSNTP is an acronym for Simple Network Time Protocol, a network
protocol for synchronizing the clocks of computer systems. SNTP uses
UDP (datagrams) as transport layer.
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
RenewSelect to renew DHCP. This button is only available if DHCP is
enabled.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 20
Page 21
INSTALLATION AND OPERATION MANUAL CNGE12MS
HTTPS
LabelDescription
ModeIndicates the HTTPS mode operation. Possible modes are:
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 21
Page 22
INSTALLATION AND OPERATION MANUAL CNGE12MS
LLDP
LLDP Parameters
This page allows the user to inspect and configure the current LLDP port settings.
LabelDescription
Tx IntervalThe switch is periodically transmitting LLDP frames to its neighbors for
keeping the network discovery information up-to-date. The interval
between each LLDP frame is determined by the Tx Interval value. Valid
values are restricted to 5 - 32768 seconds.
Tx HoldEach LLDP frame contains information about how long the information
in the LLDP frame shall be considered valid. The LLDP information
valid period is set to Tx Hold multiplied by Tx Interval seconds. Valid
values are restricted to 2 - 10 times.
Tx DelayIf some configuration is changed (e.g. the IP address) a new LLDP
frame is transmitted, but the time between the LLDP frames will
always be at least the value of Tx Delay seconds. Tx Delay cannot be
larger than 1/4 of the Tx Interval value. Valid values are restricted to 1 8192 seconds.
Tx ReinitWhen a port is disabled, LLDP is disabled or the switch is rebooted
a LLDP shutdown frame is transmitted to the neighboring units,
signaling that the LLDP information isn’t valid anymore. Tx Reinit
controls the amount of seconds between the shutdown frame and a
new LLDP initialization. Valid values are restricted to 1 - 10 seconds.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 22
Page 23
INSTALLATION AND OPERATION MANUAL CNGE12MS
LLDP Port Configuration
LabelDescription
PortThe switch port number of the logical LLDP port.
ModeSelect LLDP mode.
Rx only The switch will not send out LLDP information, but LLDP information from
neighbor units is analyzed.
Tx only The switch will drop LLDP information received from neighbors, but will send
out LLDP information.
Disabled The switch will not send out LLDP information, and will drop LLDP information
received from neighbors.
Enabled The switch will send out LLDP information, and will analyze LLDP information
received from neighbors.
CDP AwareSelect CDP awareness.
The CDP operation is restricted to decoding incoming CDP frames (The switch doesn’t
transmit CDP frames). CDP frames are only decoded if LLDP for the port is enabled.
Only CDP TLVs that can be mapped into a corresponding field in the LLDP neighbors
table are decoded. All other TLVs are discarded (Unrecognized CDP TLVs and discarded
CDP frame are not shown in the LLDP statistic.). CDP TLVs are mapped into LLDP
neighbors table as shown below.
CDP TLV “Device ID” is mapped into the LLDP “Chassis ID” field.
CDP TLV “Address” is mapped into the LLDP “Management Address” field. The CDP
address TLV can contain multiple addresses, but only the first address is shown in the
LLDP neighbors table.
CDP TLV “Port ID” is mapped into the LLDP “Port ID” field.
CDP TLV “Version and Platform” is mapped into the LLDP “System Description” field.
Both the CDP and LLDP supports “system capabilities”, but the CDP capabilities cover
capabilities that are not part of the LLDP. These capabilities are shown as “others” in the
LLDP neighbors table.
If all ports have CDP awareness disabled the switch forwards CDP frames received from
neighbor devices. If at least one port has CDP awareness enabled all CDP frames are
terminated by the switch.
Note: When CDP awareness for a port is disabled the CDP information isn’t removed
immediately, but will be removed when the hold time is exceeded.
Port DescrOptional TLV: When checked the “port description” is included in LLDP information
transmitted.
Sys NameOptional TLV: When checked the “system name” is included in LLDP information
transmitted.
Sys DescrOptional TLV: When checked the “system description” is included in LLDP information
transmitted.
Sys CapaOptional TLV: When checked the “system capability” is included in LLDP information
transmitted.
Mgmt AddrOptional TLV: When checked the “management address” is included in LLDP
information transmitted.
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 23
Page 24
INSTALLATION AND OPERATION MANUAL CNGE12MS
LLDP Neighbor Information
This page provides a status overview for all LLDP neighbors. The displayed table contains a row
for each port on which an LLDP neighbor is detected. The columns hold the following information:
LabelDescription
Local PortThe port on which the LLDP frame was received.
Chassis IDThe Chassis ID is the identification of the neighbor’s LLDP frames.
Remote Port IDThe Remote Port ID is the identification of the neighbor port.
System NameSystem Name is the name advertised by the neighbor unit.
Port DescriptionPort Description is the port description advertised by the neighbor
unit.
System
Capabilities
System Capabilities describes the neighbor unit’s capabilities. The
possible capabilities are:
1. Other
2. Repeater
3. Bridge
4. WLAN Access Point
5. Router
6. Telephone
7. DOCSIS cable device
8. Station only
9. Reserved
When a capability is enabled, the capability is followed by (+). If the
capability is disabled, the capability is followed by (-).
Management
Address
Management Address is the neighbor unit’s address that is used
for higher layer entities to assist the discovery by the network
management. This could for instance hold the neighbor’s IP address.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 24
Page 25
INSTALLATION AND OPERATION MANUAL CNGE12MS
LLDP Statistics
This page provides an overview of all LLDP traffic.
Two types of counters are shown. Global counters are counters that refer to the whole stack,
switch, while local counters refer to counters for the currently selected switch.
Global Counters
LabelDescription
Neighbor
entries were last
changed at
Total Neighbors
Entries Added
Total Neighbors
Entries Deleted
Total Neighbors
Entries Dropped
Total Neighbors
Entries Aged Out
Shows the time for when the last entry was last deleted or added. It is
also shows the time elapsed since last change was detected.
Shows the number of new entries added since switch reboot.
Shows the number of new entries deleted since switch reboot.
Shows the number of LLDP frames dropped due to that the entry
table was full.
Shows the number of entries deleted due to Time-To-Live expiring.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 25
Page 26
INSTALLATION AND OPERATION MANUAL CNGE12MS
Local Counters
LabelDescription
Local PortThe port on which LLDP frames are received or transmitted.
Tx FramesThe number of LLDP frames transmitted on the port.
Rx FramesThe number of LLDP frames received on the port.
Rx ErrorsThe number of received LLDP frames containing some kind of error.
Frames DiscardedIf an LLDP frame is received on a port, and the switch’s internal table has run full, the
LLDP frame is counted and discarded. This situation is known as “Too Many Neighbors”
in the LLDP standard. LLDP frames require a new entry in the table when the Chassis ID
or Remote Port ID is not already contained within the table. Entries are removed from
the table when a given port links down, an LLDP shutdown frame is received, or when
the entry ages out.
TLVs DiscardedEach LLDP frame can contain multiple pieces of information, known as TLVs (TLV is short
for “Type Length Value”). If a TLV is malformed, it is counted and discarded.
TLVs
The number of well-formed TLVs, but with an unknown type value.
Unrecognized
Org. DiscardedThe number of organizationally TLVs received.
Age-OutsEach LLDP frame contains information about how long time the LLDP information is
valid (age-out time). If no new LLDP frame is received within the age out time, the LLDP
information is removed, and the Age-Out counter is incremented.
RefreshSelect to refresh the page immediately.
ClearClears the local counters. All counters (including global counters) are cleared upon
reboot.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular intervals.
Backup/Restore Configuration
You can save/view or load the switch configuration. The configuration file is in XML format with a
hierarchy of tags:
Firmware Update
This page facilitates an update of the firmware controlling the switch.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 26
Page 27
INSTALLATION AND OPERATION MANUAL CNGE12MS
DHCP Server
Setting
The system provides with DHCP server function. Enable the DHCP server function, the switch
system will be a DHCP server.
DHCP Dynamic Client List
When the DHCP server function is activated, the system will collect the DHCP client information
and display in here.
DHCP Client List
You can assign the specific IP address which is in the assigned dynamic IP range to the specific
port. When the device is connecting to the port and asks for dynamic IP assigning, the system will
assign the IP address that has been assigned before in the connected device.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 27
Page 28
INSTALLATION AND OPERATION MANUAL CNGE12MS
Port Setting
Port Control
This page displays current port configurations. Ports can also be configured here.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 28
Page 29
INSTALLATION AND OPERATION MANUAL CNGE12MS
LabelDescription
PortThis is the logical port number for this row.
LinkThe current link state is displayed graphically. Green indicates the link
is up and red that it is down.
Current Link
Provides the current link speed of the port.
Speed
Configured Link
Speed
Select any available link speed for the given switch port.
Auto Speed selects the highest speed that is compatible with a link
partner.
Disabled disables the switch port operation.
Flow ControlWhen Auto Speed is selected for a port, this section indicates the flow
control capability that is advertised to the link partner.
When a fixed-speed setting is selected, that is what is used. The
Current Rx column indicates whether pause frames on the port are
obeyed, and the Current Tx column indicates whether pause frames
on the port are transmitted. The Rx and Tx settings are determined by
the result of the last Auto-Negotiation.
Check the configured column to use flow control. This setting is
related to the setting for Configured Link Speed.
Maximum Frame Enter the maximum frame size allowed for the switch port, including
FCS. The allowed range is 1518 bytes to 9600 bytes.
Excessive
Collision Mode
Configure port transmit collision behavior.
Discard: Discard frame after 16 collisions (default).
Restart: Restart back-off algorithm after 16 collisions.
Power ControlThe Usage column shows the current percentage of the power
consumption per port. The Configured column allows for changing
the power savings mode parameters per port.
Disabled: All power savings mechanisms disabled.
ActiPHY: Link down power savings enabled.
PerfectReach: Link up power savings enabled.
Enabled: Both link up and link down power savings enabled.
Total Power
Usage
SelectSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
Auto-RefreshSelect to refresh the page. Any changes made locally will be undone.
Tech SupporT: 1.888.678.9427
Total power usage in board, measured in percent.
saved values.
INS_CNGE12MS_REV–
09/12/12 PAGE 29
Page 30
INSTALLATION AND OPERATION MANUAL CNGE12MS
Rate Limit
Configure the switch port rate limit for Policers and Shapers on this page.
LabelDescription
PortThe logical port for the settings contained in the same row.
Policer EnabledEnable or disable the port policer. The default value is “Disabled”.
Policer RateConfigure the rate for the port policer. The default value is “500”. This
value is restricted to 500-1000000 when the “Policer Unit” is “kbps”,
and it is restricted to 1-1000 when the “Policer Unit” is “Mbps”
Policer UnitConfigure the unit of measure for the port policer rate as kbps or
Mbps. The default value is “kbps”.
Shaper EnabledEnable or disable the port shaper. The default value is “Disabled”.
Shaper RateConfigure the rate for the port shaper. The default value is “500”. This
value is restricted to 500-1000000 when the “Policer Unit” is “kbps”,
and it is restricted to 1-1000 when the “Policer Unit” is “Mbps”
Shaper UnitConfigure the unit of measure for the port shaper rate as kbps or
Mbps. The default value is “kbps”.
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 30
Page 31
INSTALLATION AND OPERATION MANUAL CNGE12MS
Port Trunk
Trunk Configuration
This page is used to configure the Aggregation hash mode and the aggregation group.
LabelDescription
Source MAC
Address
The Source MAC address can be used to calculate the destination
port for the frame. Check to enable the use of the Source MAC
address, or uncheck to disable. By default, Source MAC Address is
enabled.
Destination MAC
Address
The Destination MAC Address can be used to calculate the
destination port for the frame. Check to enable the use of the
Destination MAC Address, or uncheck to disable. By default,
Destination MAC Address is disabled.
IP AddressThe IP address can be used to calculate the destination port for the
frame. Check to enable the use of the IP Address, or uncheck to
disable. By default, IP Address is enabled.
TCP/UDP Port
Number
The TCP/UDP port number can be used to calculate the destination
port for the frame. Check to enable the use of the TCP/UDP Port
Number, or uncheck to disable. By default, TCP/UDP Port Number is
enabled.
LabelDescription
Group IDIndicates the group ID for the settings contained in the same row.
Port MembersEach switch port is listed for each group ID. Select a radio button to
Tech SupporT: 1.888.678.9427
Group ID “Normal” indicates there is no aggregation. Only one group
ID is valid per port.
include a port in an aggregation, or clear the radio button to remove
the port from the aggregation. By default, no ports belong to any
aggregation group. Only full duplex ports can join an aggregation
and ports must be in the same speed in each group.
INS_CNGE12MS_REV–
09/12/12 PAGE 31
Page 32
INSTALLATION AND OPERATION MANUAL CNGE12MS
LACP Port Configuration
This page allows the user to inspect the current LACP port configurations, and possibly change
them as well.
LabelDescription
PortIndicates the group ID for the settings contained in the same row.
Group ID “Normal” indicates there is no aggregation. Only one group
ID is valid per port.
LACP EnabledEach switch port is listed for each group ID. Select a radio button to
include a port in an aggregation, or clear the radio button to remove
the port from the aggregation. By default, no ports belong to any
aggregation group. Only full duplex ports can join an aggregation
and ports must be in the same speed in each group.
KeyThe Key value incurred by the port, range 1-65535. The Auto setting
will set the key as appropriate by the physical link speed, 10Mb = 1,
100Mb = 2, 1Gb = 3. Using the Specific setting, a user-defined value
can be entered. Ports with the same Key value can participate in the
same aggregation group, while ports with different keys cannot.
RoleThe Role shows the LACP activity status. Active will transmit LACP
packets each second, while Passive will wait for a LACP packet from a
partner (speak if spoken to).
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 32
Page 33
INSTALLATION AND OPERATION MANUAL CNGE12MS
LACP System Status
This page provides a status overview for all LACP instances.
LabelDescription
Aggr IDThe Aggregation ID associated with this aggregation instance. For
LLAG the id is shown as ‘isid:aggr-id’ and for GLAGs as ‘aggr-id’
Partner
The system ID (MAC address) of the aggregation partner.
System ID
Partner KeyThe Key that the partner has assigned to this aggregation ID.
Last ChangedThe time since this aggregation changed.
Last ChangedShows which ports are a part of this aggregation for this switch/stack.
The format is: “Switch ID:Port”.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 33
Page 34
INSTALLATION AND OPERATION MANUAL CNGE12MS
LACP Status
This page provides a status overview for LACP status for all ports.
LabelDescription
PortThe switch port number.
LACP‘Yes’ means that LACP is enabled and the port link is up. ‘No’ means
that LACP is not enabled or that the port link is down. ‘Backup’ means
that the port could not join the aggregation group but will join if other
port leaves. Meanwhile it’s LACP status is disabled.
KeyThe key assigned to this port. Only ports with the same key can
aggregate together.
Aggr IDThe Aggregation ID assigned to this aggregation group.
Partner System ID The partners System ID (MAC address).
Partner PortThe partners port number connected to this port.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 34
Page 35
INSTALLATION AND OPERATION MANUAL CNGE12MS
LACP Statistics
This page provides an overview for LACP statistics for all ports.
LabelDescription
PortThe switch port number
LACP TransmittedShows how many LACP frames have been sent from each port
LACP ReceivedShows how many LACP frames have been received at each port.
DiscardedShows how many unknown or illegal LACP frames have been
discarded at each port.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
ClearClears the counters for all ports
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 35
Page 36
INSTALLATION AND OPERATION MANUAL CNGE12MS
Redundancy
C-Ring
C-Ring is the most powerful Ring in the world. The recovery time of C-Ring is less than 30ms. It
can reduce unexpected damage caused by network topology change. C-Ring Supports 3 Ring
topologies: C-Ring, Coupling Ring and Dual Homing.
Ring interface
LabelDescription
C-RingMark to enable C-Ring.
Ring MasterThere should be only one Ring Master in a ring. However if there are
two or more switches that set Ring Master to enable, the switch with
the lowest MAC address will be the actual Ring Master and others will
be Backup Masters.
1st Ring PortThe primary port, when this switch is Ring Master.
2nd Ring PortThe backup port, when this switch is Ring Master.
Coupling RingMark to enable Coupling Ring. Coupling Ring can be used to divide
a big ring into two smaller rings to avoid effecting all switches when
network topology change. It is a good application for connecting two
Rings.
Coupling PortLink to Coupling Port of the switch in another ring. Coupling Ring
need four switch to build an active and a backup link.
Set a port as coupling port. The coupled four ports of four switches
will be run at active/backup mode.
Dual HomingMark to enable Dual Homing. By selecting Dual Homing mode, Ring
will be connected to normal switches through two RSTP links (ex:
backbone Switch). The two links work as active/backup mode, and
connect each Ring to the normal switches in RSTP mode.
SaveSelect Save to set the configurations.
Note: We don’t suggest you to set one switch as a Ring Master and a Coupling Ring at the same
time due to heavy load.
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 36
Page 37
INSTALLATION AND OPERATION MANUAL CNGE12MS
Legacy Ring
Legacy ring provides support for the switch to be used in an existing ring of ComNet X-Ring
enabled switches.
X-Ring provides a faster redundant recovery than Spanning Tree topology. The action is similar
to STP or RSTP, but the algorithms between them are not the same. In the X-Ring topology, every
switch should be enabled with X-Ring or Legacy Ring function and two ports should be assigned
as the member ports in the ring. Only one switch in the X-Ring group would be set as the master
switch that one of its two member ports would be blocked, called backup port, and another port
is called working port. Other switches in the X-Ring group are called working switches and their
two member ports are called working ports. When the failure of network connection occurs,
the backup port of the master switch (Ring Master) will automatically become a working port to
recover from the failure.
The switch supports the function and interface for setting the switch as the ring master or not. The
ring master can negotiate and place command to other switches in the X-Ring group. If there are
2 or more switches in master mode, the software will select the switch with lowest MAC address
number as the ring master. The X-Ring master ring mode can be enabled by setting the Legacy
Ring configuration interface. Also, the user can identify whether the switch is the ring master by
checking the R.M. LED indicator on the front panel of the switch.
LabelDescription
Legacy RingTo enable the Legacy Ring (X-Ring) function, tick the checkbox beside
the Legacy Ring label. If this checkbox is not ticked, all the ring
functions are unavailable.
Ring MasterSelect Enable for this switch to be the ring master or Disable for this
switch to be a working switch.
1st Ring PortThe primary port, when this switch is Ring Master. Select a port to
assign from the pull down selection menu.
2nd Ring PortThe backup port, used when this switch is Ring Master and the
primary port fails. Select a port to assign from the pull down selection
menu.
SaveSelect to save changes.
RefreshSelect to refresh the page immediately.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 37
Page 38
INSTALLATION AND OPERATION MANUAL CNGE12MS
MSTP
Bridge Settings
This page allows you to configure RSTP system settings. The settings are used by all RSTP Bridge
instances in the Switch Stack.
LabelDescription
Protocol Version The STP protocol version setting. Valid values are STP, RSTP and
M S T P.
Forward DelayThe delay used by STP Bridges to transition Root and Designated
Ports to Forwarding (used in STP compatible mode). Valid values are
in the range 4 to 30 seconds.
Max AgeThe maximum age of the information transmitted by the Bridge when
it is the Root Bridge. Valid values are in the range 6 to 40 seconds,
and MaxAge must be <= (FwdDelay-1)*2.
Maximum Hop
Count
Transmit Hold
Count
SaveSelect to save changes.
This defines the initial value of remaining Hops for MSTI information
generated at the boundary of an MSTI region. It defines how many
bridges a root bridge can distribute its BPDU information. Valid
values are in the range 4 to 30 seconds, and MaxAge must be <=
(FwdDelay-1)*2.
The number of BPDU’s a bridge port can send per second. When
exceeded, transmission of the next BPDU will be delayed. Valid values
are in the range 1 to 10 BPDU’s per second.
ResetSelect to undo any changes made locally and revert to previously
Tech SupporT: 1.888.678.9427
saved values.
INS_CNGE12MS_REV–
09/12/12 PAGE 38
Page 39
INSTALLATION AND OPERATION MANUAL CNGE12MS
MSTI Mapping
This page allows the user to inspect the current STP MSTI bridge instance priority configurations,
and possibly change them as well.
LabelDescription
Configuration
Name
The name identifying the VLAN to MSTI mapping. Bridges must
share the name and revision (see below), as well as the VLAN-to-MSTI
mapping configuration in order to share spanning trees for MSTI’s.
(Intra-region). The name can have a maximum of 32 characters.
Configuration
Revision
The revision of the MSTI configuration named above. This must be an
integer between 0 and 65535.
MSTIThe bridge instance. The CIST is not available for explicit mapping, as
it will receive the VLANs not explicitly mapped.
VLANS MappedThe list of VLAN’s mapped to the MSTI. The VLANs must be separated
with comma and/or space. A VLAN can only be mapped to one MSTI.
An unused MSTI should just be left empty. (I.e. not having any VLANs
mapped to it.)
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 39
Page 40
INSTALLATION AND OPERATION MANUAL CNGE12MS
MSTI Priorities
This page allows the user to inspect the current STP MSTI bridge instance priority configurations,
and possibly change them as well.
LabelDescription
MSTIThe bridge instance. The CIST is the default instance, which is always
active.
PriorityControls the bridge priority. Lower numerical values have better
priority. The bridge priority plus the MSTI instance number,
concatenated with the 6-byte MAC address of the switch forms a
Bridge Identifier.
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 40
Page 41
INSTALLATION AND OPERATION MANUAL CNGE12MS
CIST Ports
This page allows the user to inspect the current STP CIST port configurations, and possibly change
them as well. This page contains settings for physical and aggregated ports. The aggregation
settings are stack global.
LabelDescription
PortThe switch port number of the logical STP port.
STP EnabledControls whether STP is enabled on this switch port.
Path CostControls the path cost incurred by the port. The Auto setting will
set the path cost as appropriate by the physical link speed, using
the 802.1D recommended values. Using the Specific setting, a
user-defined value can be entered. The path cost is used when
establishing the active topology of the network. Lower path cost ports
are chosen as forwarding ports in favor of higher path cost ports.
Valid values are in the range 1 to 200000000.
PriorityControls the port priority. This can be used to control priority of ports
having identical port cost. (See above).
OpenEdge (state
flag)
Operational flag describing whether the port is connecting directly to
edge devices. (No Bridges attached). Transitioning to the forwarding
state is faster for edge ports (having operEdge true) than for other
ports.
AdminEdgeControls whether the operEdge flag should start as being set or
cleared. (The initial operEdge state when a port is initialized).
AutoEdgeControls whether the bridge should enable automatic edge detection
on the bridge port. This allows operEdge to be derived from whether
BPDU’s are received on the port or not.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 41
Page 42
INSTALLATION AND OPERATION MANUAL CNGE12MS
Restricted RoleIf enabled, causes the port not to be selected as Root Port for the
CIST or any MSTI, even if it has the best spanning tree priority
vector. Such a port will be selected as an Alternate Port after the
Root Port has been selected. If set, it can cause lack of spanning
tree connectivity. It can be set by a network administrator to prevent
bridges external to a core region of the network influencing the
spanning tree active topology, possibly because those bridges are not
under the full control of the administrator. This feature is also known
as Root Guard.
Restricted TCNIf enabled, causes the port not to propagate received topology
change notifications and topology changes to other ports. If set it can
cause temporary loss of connectivity after changes in a spanning trees
active topology as a result of persistent incorrectly learned station
location information. It is set by a network administrator to prevent
bridges external to a core region of the network, causing address
flushing in that region, possibly because those bridges are not under
the full control of the administrator or is the physical link state for the
attached LANs transitions frequently.
Point-to-PointControls whether the port connects to a point-to-point LAN rather
than a shared medium. This can be automatically determined, or
forced either true or false. Transition to the forwarding state is faster
for point-to-point LANs than for shared media.
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 42
Page 43
INSTALLATION AND OPERATION MANUAL CNGE12MS
MSTI Ports
This page allows the user to inspect the current STP MSTI port configurations, and possibly
change them as well. A MSTI port is a virtual port, which is instantiated separately for each active
CIST (physical) port for each MSTI instance configured and applicable for the port. The MSTI
instance must be selected before displaying actual MSTI port configuration options.
This page contains MSTI port settings for physical and aggregated ports. The aggregation
settings are stack global.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 43
Page 44
INSTALLATION AND OPERATION MANUAL CNGE12MS
LabelDescription
PortThe switch port number of the corresponding STP CIST (and MSTI)
port.
Path CostControls the path cost incurred by the port. The Auto setting will
set the path cost as appropriate by the physical link speed, using
the 802.1D recommended values. Using the Specific setting, a
user-defined value can be entered. The path cost is used when
establishing the active topology of the network. Lower path cost ports
are chosen as forwarding ports in favor of higher path cost ports.
Valid values are in the range 1 to 200000000.
PriorityControls the port priority. This can be used to control priority of ports
having identical port cost. (See above).
SaveSelect to save changes.
Clear Select to undo any changes made locally and revert to previously
saved values.
STP Bridges
This page provides a status overview for all STP bridge instances.
The displayed table contains a row for each STP bridge instance, where the column displays the
following information:
LabelDescription
MSTIThe Bridge Instance. This is also a link to the STP Detailed Bridge Status.
Bridge IDThe Bridge ID of this Bridge instance.
Root IDThe Bridge ID of the currently elected root bridge.
Root PortThe switch port currently assigned the root port role.
Root CostRoot Path Cost. For the Root Bridge this is zero. For all other Bridges, it is
the sum of the Port Path Costs on the least cost path to the Root Bridge.
Topology FlagThe current state of the Topology Change Flag for this Bridge instance.
Topology Change
Last
The time since last Topology Change occurred.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
Tech SupporT: 1.888.678.9427
intervals.
INS_CNGE12MS_REV–
09/12/12 PAGE 44
Page 45
INSTALLATION AND OPERATION MANUAL CNGE12MS
STP Port Status
This page displays the STP CIST port status for port physical ports in the currently selected switch.
LabelDescription
PortThe switch port number of the logical STP port.
CIST RoleThe current STP port role of the CIST port. The port role can be
one of the following values: AlternatePort BackupPort RootPort
DesignatedPort.
StateThe current STP port state of the CIST port. The port state can be one
of the following values: Blocking Learning Forwarding.
UptimeThe time since the bridge port was last initialized.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 45
Page 46
INSTALLATION AND OPERATION MANUAL CNGE12MS
STP Statistics
This page displays the RSTP port statistics counters for bridge ports in the currently selected
switch.
LabelDescription
PortThe switch port number of the logical RSTP port.
RSTPThe number of RSTP Configuration BPDU’s received/transmitted on
the port.
STPThe number of legacy STP Configuration BPDU’s received/transmitted
on the port.
TCNThe number of (legacy) Topology Change Notification BPDU’s
received/transmitted on the port.
Discarded
Unknown
The number of unknown Spanning Tree BPDU’s received (and
discarded) on the port.
Discarded Illegal The number of illegal Spanning Tree BPDU’s received (and discarded)
on the port.
RefreshSelect to refresh the page immediately.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 46
Page 47
INSTALLATION AND OPERATION MANUAL CNGE12MS
VLAN
VLAN Membership Configuration
The VLAN membership configuration for the selected stack switch unit switch can be monitored
and modified here. Up to 64 VLANs are supported. This page allows for adding and deleting
VLANs as well as adding and deleting port members of each VLAN.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
VLAN IDThe VLAN ID for the entry.
MAC AddressThe MAC address for the entry.
Port MembersCheckmarks indicate which ports are members of the entry. Check or
uncheck as needed to modify the entry.
Adding a New
Static Entry
Select Add New VLAN to add a new VLAN ID. An empty row is added
to the table, and the VLAN can be configured as needed. Legal values
for a VLAN ID are 1 through 4095.
The VLAN is enabled on the selected stack switch unit when you
select on Save. The VLAN is thereafter present on the other stack
switch units, but with no port members.
A VLAN without any port members on any stack unit will be deleted
when you select Save.
The Delete button can be used to undo the addition of new VLANs.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 47
Page 48
INSTALLATION AND OPERATION MANUAL CNGE12MS
Example: Portbased VLAN Setting
(For ingress port)
1. VLAN Membership Configuration setting port 1 & VID=50
2. VLAN Port 1 Configuration-->Disable VLAN Aware
3. VLAN Port 1 Configuration-->Mode=specific, ID=50
(For egress port)
1. VLAN Membership Configuration setting port 2 & VID=50
2. VLAN Port 2 Configuration-->VLAN Aware has no effect
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 48
Page 49
INSTALLATION AND OPERATION MANUAL CNGE12MS
3. VLAN Port 2 Configuration-->Mode=specific, ID=50
(any packet can enter egress port)
802.1Q Access port Setting
(For ingress port)
1. VLAN Membership Configuration setting port & VID=50
2. VLAN Port Configuration-->Enable VLAN Aware
3. VLAN Port Configuration-->Mode=specific, ID=50
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 49
Page 50
INSTALLATION AND OPERATION MANUAL CNGE12MS
(For egress port)
1. VLAN Membership Configuration setting port & VID=50
2. VLAN Port Configuration-->Disable VLAN Aware
3. VLAN Port Configuration-->Mode=specific, ID=50
(untagged & tag=50 packet can enter egress port)
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 50
Page 51
INSTALLATION AND OPERATION MANUAL CNGE12MS
802.1Q Trunk port setting (multi-tag)
P1P2P6P5
PC
A
CNGE12MSCNGE12MS
(For ingress port)
1. VLAN Membership Configuration setting port & VID=11, 22, 33
2. VLAN Port Configuration-->Enable VLAN Aware
PC
B
3. VLAN Port Configuration-->Mode=specific, ID=11
(when entering packet is untagged frame, added tag = 11
When entering the tagged frame, only VID = 11, 22, 33 three kinds of packets can pass)
In addition, only tag=11 packet can enter egress port)
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 52
Page 53
INSTALLATION AND OPERATION MANUAL CNGE12MS
Q-in-Q VLAN Setting
PC
P3
P2
CNGE12MS
Tag=50 (tag=77) packet
P1
PC
Ingress Port 1------------------->Egress Port 2
(For ingress port-----Port 1)
1. VLAN Membership Configuration setting port 1, 2 and 3 & VID=50
2. VLAN Port Configuration-->Disable Port 1 VLAN Aware
3. VLAN Port Configuration-->Port 1 Mode=specific, ID=50
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 53
Page 54
INSTALLATION AND OPERATION MANUAL CNGE12MS
(For egress port ----Port 2)
1. VLAN Membership Configuration setting port & VID=50
2. VLAN Port Configuration-->Enable Port 2 and 3 VLAN Aware.
3. VLAN Port Configuration-->Mode=none
(only tag=50 packet can enter egress port)
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 54
Page 55
INSTALLATION AND OPERATION MANUAL CNGE12MS
Private VLAN
The Private VLAN membership configurations for the switch can be monitored and modified here.
Private VLANs can be added or deleted here. Port members of each Private VLAN can be added
or removed here. Private VLANs are based on the source port mask, and there are no connections
to VLANs. This means that VLAN IDs and Private VLAN IDs can be identical.
A port must be a member of both a VLAN and a Private VLAN to be able to forward packets. By
default, all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1.
A VLAN unaware port can only be a member of one VLAN, but it can be a member of multiple
Private VLANs.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
Private VLAN IDIndicates the ID of this particular private VLAN.
MAC AddressThe MAC address for the entry.
Port MembersA row of check boxes for each port is displayed for each private VLAN
ID. To include a port in a Private VLAN, check the box. To remove
or exclude the port from the Private VLAN, make sure the box is
unchecked. By default, no ports are members, and all boxes are
unchecked.
Adding a New
Static Entry
Select Add New Private VLAN to add a new private VLAN ID. An
empty row is added to the table, and the private VLAN can be
configured as needed. The allowed range for a private VLAN ID is
the same as the switch port number range. Any values outside this
range are not accepted, and a warning message appears. Select OK
to discard the incorrect entry, or select Cancel to return to the editing
and make a correction.
The Private VLAN is enabled when you select Save.
The Delete button can be used to undo the addition of new Private
VLANs.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 55
Page 56
INSTALLATION AND OPERATION MANUAL CNGE12MS
LabelDescription
Port MembersA check box is provided for each port of a private VLAN.
When checked, port isolation is enabled for that port.
When unchecked, port isolation is disabled for that port.
By default, port isolation is disabled for all ports.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 56
Page 57
INSTALLATION AND OPERATION MANUAL CNGE12MS
SNMP
SNMP-System
LabelDescription
ModeIndicates the SNMP mode operation. Possible modes are:
Enabled: Enable SNMP mode operation.
SNMP v2c: Set SNMP supported version 2c.
Disabled: Disable SNMP mode operation.
VersionIndicates the SNMP supported version. Possible versions are:
SNMP v1: Set SNMP supported version 1.
SNMP v3: Set SNMP supported version 3.
Read Community Indicates the community read access string to permit access to SNMP
agent. The allowed string length is 0 to 255, and the allowed content
is the ASCII characters from 33 to 126.
The field only suits to SNMPv1 and SNMPv2c. SNMPv3 is using
USM for authentication and privacy and the community string will
associated with SNMPv3 communities table
Write Community Indicates the community write access string to permit access to SNMP
agent. The allowed string length is 0 to 255, and the allowed content
is the ASCII characters from 33 to 126.
The field only suits to SNMPv1 and SNMPv2c. SNMPv3 is using
USM for authentication and privacy and the community string will
associated with SNMPv3 communities table.
Engine IDIndicates the SNMPv3 engine ID. The string must contain an even
number between 10 and 64 hexadecimal digits, but all-zeros and
all-’F’s are not allowed. Change of the Engine ID will clear all original
local users.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 57
Page 58
INSTALLATION AND OPERATION MANUAL CNGE12MS
LabelDescription
Trap ModeIndicates the SNMP trap mode operation. Possible modes are:
Trap VersionIndicates the SNMP trap supported version. Possible versions are:
SNMP v1: Set SNMP trap supported version 1.
SNMP v2c: Set SNMP trap supported version 2c.
SNMP v3: Set SNMP trap supported version 3.
Trap Community Indicates the community access string when send SNMP trap packet. The allowed string
length is 0 to 255, and the allowed content is the ASCII characters from 33 to 126.
Trap Destination
Address
Trap Destination
IPv6 Address
Indicates the SNMP trap destination address.
Trap Destination IPv6 Address
Provide the trap destination IPv6 address of this switch. IPv6 address is in 128-bit
records represented as eight fields of up to four hexadecimal digits with a colon
separating each field (:). For example, ‘fe80:215:c5ff:fe03:4dc7’. The symbol ‘::’ is a
special syntax that can be used as a shorthand way of representing multiple 16-bit
groups of contiguous zeros; but it can only appear once. It also used a following legally
IPv4 address. For example, ‘::192.1.2.34’.
Trap
Authentication
Failure
Indicates the SNMP entity is permitted to generate authentication failure traps. Possible
modes are:
Enabled: Enable SNMP trap authentication failure.
Disabled: Disable SNMP trap authentication failure.
Trap Link-up and
Link-down
Indicates the SNMP trap link-up and link-down mode operation. Possible modes are:
Enabled: Enable SNMP trap link-up and link-down mode operation.
Disabled: Disable SNMP trap link-up and link-down mode operation.
Trap Inform ModeIndicates the SNMP trap inform mode operation. Possible modes are:
Indicates the SNMP trap inform timeout. The allowed range is 0 to 2147.
Timeout(seconds)
Trap Inform Retry
Indicates the SNMP trap inform retry times. The allowed range is 0 to 255.
Times
Trap Probe
Security Engine
ID
Indicates the SNMP trap probe security engine ID mode of operation. Possible values
are:
Enabled: Enable SNMP trap probe security engine ID mode of operation.
Disabled: Disable SNMP trap probe security engine ID mode of operation.
Trap Security
Engine ID
Indicates the SNMP trap security engine ID. SNMPv3 sends traps and informs using
USM for authentication and privacy. A unique engine ID for these traps and informs
is needed. When “Trap Probe Security Engine ID” is enabled, the ID will be probed
automatically. Otherwise, the ID specified in this field is used. The string must contain
an even number between 10 and 64 hexadecimal digits, but all-zeros and all-’F’s are not
allowed.
Trap Security
Name
Indicates the SNMP trap security name. SNMPv3 traps and informs using USM for
authentication and privacy. A unique security name is needed when traps and informs
are enabled.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 58
Page 59
INSTALLATION AND OPERATION MANUAL CNGE12MS
SNMP-Communities
Configure SNMPv3 communities table on this page. The entry index key is Community.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
CommunityIndicates the community access string to permit access to SNMPv3
agent. The allowed string length is 1 to 32, and the allowed content is
the ASCII characters from 33 to 126.
Source IPIndicates the SNMP access source address.
Source MaskIndicates the SNMP access source address mask.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 59
Page 60
INSTALLATION AND OPERATION MANUAL CNGE12MS
SNMP-Users
Configure SNMPv3 users table on this page. The entry index keys are Engine ID and User Name.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
Engine IDAn octet string identifying the engine ID that this entry should belong to. The string
must contain an even number between 10 and 64 hexadecimal digits, but all-zeros
and all-’F’s are not allowed. The SNMPv3 architecture uses the User-based Security
Model (USM) for message security and the View-based Access Control Model (VACM)
for access control. For the USM entry, the usmUserEngineID and usmUserName
are the entry’s keys. In a simple agent, usmUserEngineID is always that agent’s own
snmpEngineID value. The value can also take the value of the snmpEngineID of a
remote SNMP engine with which this user can communicate. In other words, if user
engine ID equals system engine ID then it is local user; otherwise it is remote user.
User NameA string identifying the user name that this entry should belong to. The allowed string
length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126.
Security LevelIndicates the security model that this entry should belong to. Possible security models
are:
NoAuth, NoPriv: None authentication and none privacy.
Auth, NoPriv: Authentication and none privacy.
Auth, Priv: Authentication and privacy.
The value of security level cannot be modified if entry already exists. That means must
first ensure that the value is set correctly.
Authentication
Protocol
Indicates the authentication protocol that this entry should belong to. Possible
authentication protocols are:
None: None authentication protocol.
MD5: An optional flag to indicate that this user using MD5 authentication protocol.
SHA: An optional flag to indicate that this user using SHA authentication protocol.
The value of security level cannot be modified if entry already exists. That means must
first ensure that the value is set correctly.
Authentication
Password
A string identifying the authentication pass phrase. For MD5 authentication protocol,
the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string
length is 8 to 40. The allowed content is the ASCII characters from 33 to 126.
Privacy ProtocolIndicates the privacy protocol that this entry should belong to. Possible privacy
protocols are:
None: None privacy protocol.
DES: An optional flag to indicate that this user using DES authentication protocol.
Privacy Password A string identifying the privacy pass phrase. The allowed string length is 8 to 32, and
the allowed content is the ASCII characters from 33 to 126.
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 60
Page 61
INSTALLATION AND OPERATION MANUAL CNGE12MS
SNMP-Groups
Configure SNMPv3 groups table on this page. The entry index keys are Security Model and
Security Name.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
Security ModelIndicates the security model that this entry should belong to. Possible
security models are:
v1: Reserved for SNMPv1.
v2c: Reserved for SNMPv2c.
usm: User-based Security Model (USM).
Security NameA string identifying the security name that this entry should belong
to. The allowed string length is 1 to 32, and the allowed content is the
ASCII characters from 33 to 126.
Group NameA string identifying the group name that this entry should belong to.
The allowed string length is 1 to 32, and the allowed content is the
ASCII characters from 33 to 126.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 61
Page 62
INSTALLATION AND OPERATION MANUAL CNGE12MS
SNMP-Views
Configure SNMPv3 views table on this page. The entry index keys are View Name and OID
Subtree.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
View NameA string identifying the view name that this entry should belong to. The allowed string
length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126.
View Ty peIndicates the view type that this entry should belong to. Possible view types are:
included: An optional flag to indicate that this view subtree should be included.
excluded: An optional flag to indicate that this view subtree should be excluded.
Generally, if a view entry’s view type is ‘excluded’, it should be exist another view entry
which view type is ‘included’ and it’s OID subtree overstep the ‘excluded’ view entry.
OID SubtreeThe OID defining the root of the subtree to add to the named view. The allowed OID
length is 1 to 128. The allowed string content is a digital number or an asterisk(*).
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 62
Page 63
INSTALLATION AND OPERATION MANUAL CNGE12MS
SNMP-Accesses
Configure SNMPv3 accesses table on this page. The entry index keys are Group Name, Security
Model and Security Level.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
Group NameA string identifying the group name that this entry should belong to.
The allowed string length is 1 to 32, and the allowed content is the
ASCII characters from 33 to 126.
Security ModelIndicates the security model that this entry should belong to. Possible
security models are:
any: Accepted any security model (v1|v2c|usm).
v1: Reserved for SNMPv1.
v2c: Reserved for SNMPv2c.
usm: User-based Security Model (USM).
Security LevelIndicates the security model that this entry should belong to. Possible
security models are:
NoAuth, NoPriv: None authentication and none privacy.
Auth, NoPriv: Authentication and none privacy.
Auth, Priv: Authentication and privacy.
Read View Name The name of the MIB view defining the MIB objects for which this
request may request the current values. The allowed string length is 1
to 32, and the allowed content is the ASCII characters from 33 to 126.
Write View Name The name of the MIB view defining the MIB objects for which this
request may potentially SET new values. The allowed string length is 1
to 32, and the allowed content is the ASCII characters from 33 to 126.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 63
Page 64
INSTALLATION AND OPERATION MANUAL CNGE12MS
Traffic Prioritization
Port Configuration
This page allows you to configure QoS settings for each port.
Frames can be classified by 4 different QoS classes: Low, Normal, Medium, and High.
The classification is controlled by a QCL that is assigned to each port.
A QCL consists of an ordered list of up to 12 QCEs.
Each QCE can be used to classify certain frames to a specific QoS class.
This classification can be based on parameters such as VLAN ID, UDP/TCP port, IPv4/IPv6 DSCP or
Tag Priority.
Frames not matching any of the QCEs are classified to the default QoS class for the port.
Port QoS Configuration
LabelDescription
PortA check box is provided for each port of a private VLAN.
Default ClassConfigure the default QoS class for the port, that is, the QoS class for
QCL#Select which QCL to use for the port.
Tag PrioritySelect the default tag priority for this port when adding a Tag to the
Queuing ModeSelect which Queuing mode for this port.
Queue Weighted Setting Queue weighted (Low = Normal, Medium = High) if the
Tech SupporT: 1.888.678.9427
When checked, port isolation is enabled for that port.
When unchecked, port isolation is disabled for that port.
By default, port isolation is disabled for all ports.
frames not matching any of the QCEs in the QCL.
untagged frames.
“Queuing Mode” is “Weighted”.
INS_CNGE12MS_REV–
09/12/12 PAGE 64
Page 65
INSTALLATION AND OPERATION MANUAL CNGE12MS
QoS Control List
This page lists the QCEs for a given QCL.
Frames can be classified by 4 different QoS classes: Low, Normal, Medium, and High.
The classification is controlled by a QoS assigned to each port.
A QCL consists of an ordered list of up to 12 QCEs.
Each QCE can be used to classify certain frames to a specific QoS class.
This classification can be based on parameters such as VLAN ID, UDP/TCP port, IPv4/IPv6 DSCP or Tag
Priority. Frames not matching any of the QCEs are classified to the default QoS Class for the port.
LabelDescription
QCL#Select a QCL to display a table that lists all the QCEs for that particular QCL.
QCE TyepSpecifies which frame field the QCE processes to determine the QoS class of the frame.
The following QCE types are supported:
Ethernet Type: The Ethernet Type field. If frame is tagged, this is the Ethernet Type that
follows the tag header.
VLAN ID: VLAN ID. Only applicable if the frame is VLAN tagged.
TCP/UDP Port: IPv4 TCP/UDP source/destination port.
DSCP: IPv4 and IPv6 DSCP.
ToS: The 3 precedence bit in the ToS byte of the IPv4/IPv6 header (also known as DS
field).
Tag Priority: User Priority. Only applicable if the frame is VLAN tagged or priority
tagged.
Type ValueIndicates the value according to its QCE type.
Ethernet Type: The field shows the Ethernet Type value.
VLAN ID: The field shows the VLAN ID.
TCP/UDP Port: The field shows the TCP/UDP port range.
DSCP: The field shows the IPv4/IPv6 DSCP value.
Traffic ClassThe QoS class associated with the QCE.
Modification
Buttons
You can modify each QCE in the table using the following buttons:
+ : Inserts a new QCE before the current row.
e : Edits the QCE.
/|\ : Moves the QCE up the list.
\|/ : Moves the QCE down the list.
x : Deletes the QCE.
+ : The lowest plus sign adds a new entry at the bottom of the list of QCL.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 65
Page 66
INSTALLATION AND OPERATION MANUAL CNGE12MS
Storm Control
Storm control for the switch is configured on this page.
There is a unicast storm rate control, multicast storm rate control, and a broadcast storm rate
control. These only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present on
the MAC Address table.
The rate is 2^n, where n is equal to or less than 15, or “No Limit”. The unit of the rate can be
either pps (packets per second) or kpps (kilopackets per second). The configuration indicates the
permitted packet rate for unicast, multicast, or broadcast traffic across the switch.
(Note: Frames, which are sent to the CPU of the switch are always limited to approximately 4 kpps.
For example, broadcasts in the management VLAN are limited to this rate. The management
VLAN is configured on the IP setup page.)
LabelDescription
Fr ame TypeThe settings in a particular row apply to the frame type listed here:
unicast, multicast, or broadcast.
StatusEnable or disable the storm control status for the given frame type.
RateThe rate unit is packet per second (pps), configure the rate as 1, 2, 4,
8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K,
512K, or 1024K.
The 1 kpps is actually 1002.1 pps.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 66
Page 67
INSTALLATION AND OPERATION MANUAL CNGE12MS
Wizard
This handy wizard helps you set up a QCL quickly.
LabelDescription
Set up Port
Group ports into several types according to different QCL policies.
Policies
Set up Typical
Network
Set up the specific QCL for different typical network application
quality control.
Application Rules
Set up ToS
Precedence
Set up the traffic class mapping to the precedence part of ToS (3 bits)
when receiving IPv4/IPv6 packets.
Mapping
Set up VLAN Tag
Priority Mapping
Set up the traffic class mapping to the User Priority value (3 bits) when
receiving VLAN tagged packets.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 67
Page 68
INSTALLATION AND OPERATION MANUAL CNGE12MS
IGMP Snooping
This page provides IGMP Snooping related configuration.
IGMP QuerierEnable the IGMP Query in the VLAN. The Query will send out if no
Query received in 255 seconds after IGMP Query Enabled. Each
Querier’s interval is 125 seconds, and it will stop and act as an IGMP
Querier if received any Query from other devices.
Router PortSpecify which ports act as router ports. A router port is a port on the
Ethernet switch that leads towards the Layer 3 multicast device or
IGMP query.
If an aggregation member port is selected as a router port, the whole
aggregation will act as a router port.
Fast LeaveEnable the fast leave on the port.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 68
Page 69
INSTALLATION AND OPERATION MANUAL CNGE12MS
IGMP Snooping Status
LabelDescription
VLAN IDThe VLAN ID of the entry.
GroupsThe present IGMP groups. Max. are 128 groups for each VLAN.
Port MembersThe ports that are members of the entry.
Querier StatusShow the Querier status is “ACTIVE” or “IDLE”.
Querier ReceiveThe number of Transmitted Queries.
V1 Reports
The number of Received V1 Reports.
Receive
V2 Reports
The number of Received V2 Reports.
Receive
V3 Reports
The number of Received V3 Reports.
Receive
V2 Leave Receive The number of Received V2 Leave.
RefreshSelect to refresh the page immediately.
ClearClears all Statistics counters.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 69
Page 70
INSTALLATION AND OPERATION MANUAL CNGE12MS
Security
ACL
Configure the ACL parameters (ACE) of each switch port. These parameters will affect frames
received on a port unless the frame matches a specific ACE.
LabelDescription
PortThe logical port for the settings contained in the same row.
Policy IDSelect the policy to apply to this port. The allowed values are 1
through 8. The default value is 1.
ActionSelect whether forwarding is permitted (“Permit”) or denied (“Deny”).
The default value is “Permit”.
Rate Limiter IDSelect which rate limiter to apply to this port. The allowed values are
Disabled or the values 1 through 15. The default value is “Disabled”.
Port Copy Select which port frames are copied to. The allowed values are
Disabled or a specific port number. The default value is “Disabled”.
LoggingSpecify the logging operation of this port. The allowed values are:
Enabled: Frames received on the port are stored in the System Log.
Disabled: Frames received on the port are not logged.
The default value is “Disabled”. Please note that the System Log
memory size and logging rate is limited.
ShutdownSpecify the port shut down operation of this port. The allowed values
are:
Enabled: If a frame is received on the port, the port will be disabled.
Disabled: Port shut down is disabled.
The default value is “Disabled”.
CounterCounts the number of frames that match this ACE.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 70
Page 71
INSTALLATION AND OPERATION MANUAL CNGE12MS
802 .1x
This page allows you to configure how an administrator is authenticated when he logs into the
switch stack via TELNET, SSH or the web pages.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 71
Page 72
INSTALLATION AND OPERATION MANUAL CNGE12MS
Client Configuration
The table has one row for each Client and a number of columns, which are:
LabelDescription
ClientThe Client for which the configuration below applies.
Authentication
Method
Authentication Method can be set to one of the following values:
none: authentication is disabled and login is not possible.
local: use the local user database on the switch stack for
authentication.
radius: use a remote RADIUS server for authentication.
tacacs+ : use a remote TACACS+ server for authentication.
FallbackEnable fallback to local authentication by checking this box.
If none of the configured authentication servers are alive, the local
user database is used for authentication.
This is only possible if the Authentication Method is set to something
else than ‘none or ‘local’.
SaveSelect to save changes.
ResetSelect to undo any changes made locally and revert to previously
saved values.
Common Server Configuration
These setting are common for all of the Authentication Servers.
LabelDescription
TimeoutThe Timeout, which can be set to a number between 3 and 3600
seconds, is the maximum time to wait for a reply from a server.
If the server does not reply within this timeframe, we will consider it to
be dead and continue with the next enabled server (if any).
RADIUS servers are using the UDP protocol, which is unreliable by
design. In order to cope with lost frames, the timeout interval is
divided into 3 subintervals of equal length. If a reply is not received
within the subinterval, the request is transmitted again. This algorithm
causes the RADIUS server to be queried up to 3 times before it is
considered to be dead.
Dead TimeThe Dead Time, which can be set to a number between 0 and 3600
Tech SupporT: 1.888.678.9427
seconds, is the period during which the switch will not send new
requests to a server that has failed to respond to a previous request.
This will stop the switch from continually trying to contact a server that
it has already determined as dead.
Setting the Dead Time to a value greater than 0 (zero) will enable this
feature, but only if more than one server has been configured.
INS_CNGE12MS_REV–
09/12/12 PAGE 72
Page 73
INSTALLATION AND OPERATION MANUAL CNGE12MS
RADIUS Authentication Server Configuration
The table has one row for each RADIUS Authentication Server and a number of columns, which
are:
LabelDescription
#The RADIUS Authentication Server number for which the
configuration below applies.
EnableEnable the RADIUS Authentication Server by checking this box.
IP AddressEnable fallback to local authentication by checking this box.
If none of the configured authentication servers are alive, the local
user database is used for authentication.
This is only possible if the Authentication Method is set to something
else than ‘none or ‘local’.
PortThe UDP port to use on the RADIUS Authentication Server. If the
port is set to 0 (zero), the default port (1812) is used on the RADIUS
Authentication Server.
SecretThe secret - up to 29 characters long - shared between the RADIUS
Accounting Server and the switchstack.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 73
Page 74
INSTALLATION AND OPERATION MANUAL CNGE12MS
Warning
Fault Alarm
When any selected fault event is happened, the Fault LED in switch panel will light up and the
electric relay will signal at the same time.
The following table describes the labels in this screen.
LabelDescription
Power FailureMark the blank of PWR 1 or PWR 2 to monitor.
Port Link Down/
Broken
ApplySelect Apply to set the configurations.
Mark the blank of port 1 to port 8 to monitor.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 74
Page 75
INSTALLATION AND OPERATION MANUAL CNGE12MS
System Warning
The SYSLOG is a protocol to transmit event notification messages across networks. Please refer to
RFC 3164 - The BSD SYSLOG Protocol
The following table describes the labels in this screen.
LabelDescription
IP AddressThe remote SYSLOG Server IP address.
SaveSelect Save to set the configurations.
ResetSelect to reset the IP Address to the last saved entry.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 75
Page 76
INSTALLATION AND OPERATION MANUAL CNGE12MS
Monitor and Diag
MAC Table
The MAC Address Table is configured on this page. Set timeouts for entries in the dynamic MAC
Table and configure the static MAC table here.
Aging Configuration
By default, dynamic entries are removed from the MAC after 300 seconds. This removal is also
called aging.
Configure aging time by entering a value here in seconds; for example, Age time seconds.
The allowed range is 10 to 1000000 seconds.
Disable the automatic aging of dynamic entries by checking Disable automatic aging.
Static MAC Table Configuration
The static entries in the MAC table are shown in this table. The static MAC table can contain 64
entries.
The maximum of 64 entries is for the whole stack, and not per switch.
The MAC table is sorted first by VLAN ID and then by MAC address.
LabelDescription
DeleteCheck to delete the entry. It will be deleted during the next save.
VLAN IDThe VLAN ID for the entry.
MAC AddressThe MAC address for the entry.
Port MembersCheckmarks indicate which ports are members of the entry. Check or
Adding a New
Static Entry
Tech SupporT: 1.888.678.9427
uncheck as needed to modify the entry.
Select Add new static entry to add a new entry to the static MAC
table. Specify the VLAN ID, MAC address, and port members for the
new entry. Select “Save”.
INS_CNGE12MS_REV–
09/12/12 PAGE 76
Page 77
INSTALLATION AND OPERATION MANUAL CNGE12MS
Mirroring
Configure port Mirroring on this page.
To debug network problems, selected traffic can be copied, or mirrored, to a mirror port where a
frame analyzer can be attached to analyze the frame flow.
The traffic to be copied to the mirror port is selected as follows:
All frames received on a given port (also known as ingress or source mirroring).
All frames transmitted on a given port (also known as egress or destination mirroring).
Port to mirror also known as the mirror port. Frames from ports that have either source (rx) or
destination (tx) mirroring enabled are mirrored to this port. Disabled disables mirroring.
LabelDescription
PortThe logical port for the settings contained in the same row.
ModeSelect mirror mode:
Rx only: Frames received at this port are mirrored to the mirror port.
Frames transmitted are not mirrored.
Tx only: Frames transmitted from this port are mirrored to the mirror
port. Frames received are not mirrored.
Disabled: Neither frames transmitted nor frames received are
mirrored.
Enabled: Frames received and frames transmitted are mirrored to the
mirror port.
Note: For a given port, a frame is only transmitted once. It is therefore not possible to mirror Tx
frames for the mirror port. Because of this, mode for the selected mirror port is limited to
Disabled or Rx only.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 77
Page 78
INSTALLATION AND OPERATION MANUAL CNGE12MS
System Log Information
The switch system log information is provided here.
LabelDescription
IDThe ID (>= 1) of the system log entry.
LevelThe level of the system log entry. The following level types are
supported:
Info: Information level of the system log.
Warning: Warning level of the system log.
Error: Error level of the system log.
All: All levels.
TimeThe time of the system log entry.
MessageThe MAC Address of this switch.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
RefreshUpdates the system log entries, starting from the current entry ID.
Clear Flushes all system log entries.
|<< Updates the system log entries, starting from the first available entry
ID.
<< Updates the system log entries, ending at the last entry currently
displayed.
>> Updates the system log entries, starting from the last entry currently
displayed.
>>| Updates the system log entries, ending at the last available entry ID.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 78
Page 79
INSTALLATION AND OPERATION MANUAL CNGE12MS
Detailed Log
The switch system detailed log information is provided here.
LabelDescription
IDThe ID (>= 1) of the system log entry.
MessageThe detailed messages of the system log entry.
RefreshUpdates the system log entries, starting from the current entry ID.
Clear Flushes all system log entries.
|<< Updates the system log entries, starting from the first available entry
ID.
<< Updates the system log entries, ending at the last entry currently
displayed.
>> Updates the system log entries, starting from the last entry currently
displayed.
>>| Updates the system log entries, ending at the last available entry ID.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 79
Page 80
INSTALLATION AND OPERATION MANUAL CNGE12MS
Traffic Overview
This page provides an overview of general traffic statistics for all switch ports.
LabelDescription
PortThe logical port for the settings contained in the same row.
PacketsThe number of received and transmitted packets per port.
BytesThe number of received and transmitted bytes per port.
ErrorsThe number of frames received in error and the number of incomplete
transmissions per port.
DropsThe number of frames discarded due to ingress or egress congestion.
FilteredThe number of received frames filtered by the forwarding process.
Auto-RefreshCheck this box to enable an automatic refresh of the page at regular
intervals.
RefreshUpdates the counters entries, starting from the current entry ID.
ClearFlushes all counters entries.
Detailed Statistics
This page provides detailed traffic statistics for a specific switch port. Use the port select box to
select which switch port details to display.
The displayed counters are the totals for receive and transmit, the size counters for receive and
transmit, and the error counters for receive and transmit.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 80
Page 81
INSTALLATION AND OPERATION MANUAL CNGE12MS
Detailed Statistics-Receive & Transmit Total
LabelDescription
Rx and Tx Packets The number of received and transmitted (good and bad) packets.
Rx and Tx Octets The number of received and transmitted (good and bad) bytes. Includes FCS, but
excludes framing bits.
Rx and Tx Unicast The number of received and transmitted (good and bad) unicast packets.
Rx and Tx
The number of received and transmitted (good and bad) multicast packets.
Multicast
Rx and Tx
The number of received and transmitted (good and bad) broadcast packets.
Broadcast
Rx and Tx PauseA count of the MAC Control frames received or transmitted on this port that have an
opcode indicating a PAUSE operation.
Rx DropsThe number of frames dropped due to lack of receive buffers or egress congestion.
Rx CRC/
The number of frames received with CRC or alignment errors.
Alignment
Rx UndersizeThe number of short 1 frames received with valid CRC.
Rx OversizeThe number of long 2 frames received with valid CRC.
Rx FragmentsThe number of short 1 frames received with invalid CRC.
Rx JabberThe number of long 2 frames received with invalid CRC.
Rx FilteredThe number of received frames filtered by the forwarding process.
Tx DropsThe number of frames dropped due to output buffer congestion.
Tx Late / Exc.Coll. The number of frames dropped due to excessive or late collisions.
Short frames are frames that are smaller than 64 bytes.
Long frames are frames that are longer than the configured maximum frame length for this port.
INS_CNGE12MS_REV–
Tech SupporT: 1.888.678.9427
09/12/12 PAGE 81
Page 82
INSTALLATION AND OPERATION MANUAL CNGE12MS
Ping
This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues.
After you press Start, 5 ICMP packets are transmitted, and the sequence number and roundtrip
time are displayed upon reception of a reply. The page refreshes automatically until responses to
all packets are received, or until a timeout occurs.
PING6 server ::10.10.132.20
64 bytes from ::10.10.132.20: icmp_seq=0, time=0ms
64 bytes from ::10.10.132.20: icmp_seq=1, time=0ms
64 bytes from ::10.10.132.20: icmp_seq=2, time=0ms
64 bytes from ::10.10.132.20: icmp_seq=3, time=0ms
64 bytes from ::10.10.132.20: icmp_seq=4, time=0ms
Sent 5 packets, received 5 OK, 0 bad
You can configure the following properties of the issued ICMP packets:
LabelDescription
IP AddressThe destination IP Address.
Ping SizeThe payload size of the ICMP packet. Values range from 8 bytes to
1400 bytes.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 82
Page 83
INSTALLATION AND OPERATION MANUAL CNGE12MS
VeriPHY
This page is used for running the VeriPHY Cable Diagnostics.
Press Start to run the diagnostics. This will take approximately 5 seconds. If all ports are selected,
this can take approximately 15 seconds. When completed, the page refreshes automatically, and
you can view the cable diagnostics results in the cable status table. Note that VeriPHY is only
accurate for cables of length 7 - 140 meters.
10 and 100 Mbps ports will be linked down while running VeriPHY. Therefore, running VeriPHY
on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is
complete.
LabelDescription
PortThe port where you are requesting VeriPHY Cable Diagnostics.
Cable StatusPort: Port number.
Pair: The status of the cable pair.
Length: The length (in meters) of the cable pair.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 83
Page 84
INSTALLATION AND OPERATION MANUAL CNGE12MS
System Reboot
You can reset the stack switch on this page. After reset, the system will boot normally as if you had
powered-on the devices
LabelDescription
YesSelect to reboot device.
No Select to return to the Port State page without rebooting.
Factory Defaults
You can reset the configuration of the stack switch on this page. Only the IP configuration is
retained.
LabelDescription
Keep IPMark this box to retain current IP settings upon reset
Keep User/
Password
YesSelect to reset the configuration to Factory Defaults.
No Select to return to the Port State page without resetting the
Tech SupporT: 1.888.678.9427
Mark this box to retain current Username and Password
configuration
INS_CNGE12MS_REV–
09/12/12 PAGE 84
Page 85
INSTALLATION AND OPERATION MANUAL CNGE12MS
Command Line Interface Management
About CLI Management
Besides WEB-base management, CNGE12MS also support CLI management. You can use console
or telnet to management switch by CLI.
CLI Management by RS-232 Serial Console (115200, 8, none, 1, none)
Before Configuring by RS-232 serial console, use an RJ45 to DB9-F cable to connect the Switches’
RS-232 Console port to your PC’s COM port.
Follow the steps below to access the console via RS-232 serial cable.
Step 1. From the Windows desktop, select on Start -> Programs -> Accessories ->
Communications -> Hyper Terminal
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 85
Page 86
INSTALLATION AND OPERATION MANUAL CNGE12MS
Step 2. Input a name for new connection
Step 3. Select the COM port number
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 86
Page 87
INSTALLATION AND OPERATION MANUAL CNGE12MS
Step 4. The COM port properties setting, 115200 for Bits per second, 8 for Data bits, None for
Parity, 1 for Stop bits and none for Flow control.
Step 5. The Console login screen will appear. Use the keyboard to enter the Username and
Password (The same with the password for Web Browser), then press Enter.
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 87
Page 88
INSTALLATION AND OPERATION MANUAL CNGE12MS
CLI Management by Telnet
Users can use “TELNET” to configure the switches.
The default value is as below:
IP Address: 192.168 .10.1
Subnet Mask: 255.255.255.0
Default Gateway: 192 .168 .10 .254
User Name: admin
Password: admin
Follow the steps below to access the console via Telnet.
Step 1. Telnet to the IP address of the switch from the Windows “Run“ command (or from the
MS-DOS prompt) as below.
Step 2. The Login screen will appear. Use the keyboard to enter the Username and Password (The
same with the password for Web Browser), and then press Enter.
Gigabit Combo Port8 × 10/100/1000BASE-T(X) and 100/1000BASE-X SFP ports
1000BASE-X SFP Port4
Technology
Ethernet StandardsIEEE 802.3 for 10BASE-T,
IEEE 802.3u for 100BASE-T(X) and 100BASE-FX
IEEE 802.3z for 1000BASE-X
IEEE 802.3ab for 1000BASE-T,
IEEE 802.3x for Flow control
IEEE 802.3ad for LACP (Link Aggregation Control Protocol)
IEEE 802.1D for STP (Spanning Tree Protocol)
IEEE 802.1p for COS (Class of Service)
IEEE 802.1Q for VLAN Tagging
IEEE 802.1w for RSTP (Rapid Spanning Tree Protocol)
IEEE 802.1s for MSTP (Multiple Spanning Tree Protocol)
IEEE 802.1x for Authentication
IEEE 802.1AB for LLDP (Link Layer Discovery Protocol)
MAC Table8k
Priority Queues4
ProcessingStore-and-Forward
Switch PropertiesSwitching latency: 7 us
Switching bandwidth: 24Gbps
Max. Number of Available VLANs: 4096
IGMP multicast groups: 128 for each VLAN
Port rate limiting: User Define
Jumbo frameUp to 9K Bytes
Security FeaturesIP Police security feature
Enable/disable ports, MAC based port security
Port based network access control (IEEE 802.1x)
VLAN (IEEE 802.1Q) to segregate and secure network traffic
Radius centralized password management
SNMPv3 encrypted authentication and access security
Tech SupporT: 1.888.678.9427
INS_CNGE12MS_REV–
09/12/12 PAGE 98
Page 99
INSTALLATION AND OPERATION MANUAL CNGE12MS
Software FeaturesSTP/RSTP/MSTP (IEEE 802.1D/w/s)
Redundant ComRing C-Ring with recovery time < 30ms over 250 units
TOS/Diffserv supported
Quality of Service (IEEE 802.1p) for real-time traffic
VLAN (IEEE 802.1Q) with VLAN tagging and GVRP supported
IGMP Snooping
IP based bandwidth management
Application based QoS management
DOS/DDOS auto prevention
Port configuration, status, statistics, monitoring, security
DHCP Client/Server
Network RedundancyC-Ring
Legacy Ring
STP / RSTP / MSTP compatible
RS-232 Serial Console PortRS-232 in RJ45 connector with console cable. 115200bps, 8, N, 1
LED indicators
Power indicatorGreen : Power LED x 3
R.M. indicatorGreen : indicate system operated in ITS-Ring Master mode
Ring indicatorGreen : indicate system operated in ITS-Ring mode