CNGE3FE7MS2 Series
Managed Industrial Switch
User Manual
V1.2
August – 2009
FCC Warning
This Equipment has been tested and found to comply with the limits for a
Class-A digital device, pursuant to Part 15 of the FCC rules. These limits
are designed to provide reasonable protection against harmful interference
in a residential installation. This equipment generates, uses, and can
radiate radio frequency energy. It may cause harmful interference to radio
communications if the equipment is not installed and used in accordance
with the instructions. However, there is no guarantee that interference will
not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct
the interference by one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to
which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
CE Mark Warning
This is a Class-A product. In a domestic environment this product may
cause radio interference in which case the user may be required to take
adequate measures.
Content
Chapter 1 Introduction ............................................ 1
1.1 Hardware Features ........................................ 1
1.2 Software Features.......................................... 4
1.3 Package Contents.......................................... 7
Chapter 2 Hardware Description............................ 8
2.1 Physical Dimension........................................ 8
2.2 Front Panel..................................................... 8
2.3 Top View........................................................ 9
2.4 LED Indicators.............................................. 10
Chapter 3 Hardware Installation........................... 12
3.1 Installation Steps.......................................... 12
3.2 DIN-Rail Mounting........................................ 13
3.3 Wall Mount Plate Mounting.......................... 15
3.4 Wiring the Power Inputs............................... 16
3.5 Wiring the Fault Alarm Contact.................... 17
3.6 Wiring the Digital Inputs/ Outputs................. 18
3.7 Cabling......................................................... 19
Chapter 4 Network Application ............................ 23
4.1 X-Ring Application........................................ 24
4.2 Coupling Ring Application............................ 25
4.3
Dual Homing Application.............................. 26
Chapter 5 Console Management.......................... 27
5.1
5.2
Connecting to the Console Port................... 27
Pin Assignment............................................ 27
5.3 Login in the Console Interface ..................... 28
5.4 CLI Management.......................................... 30
5.5 Commands Level......................................... 30
Chapter 6 Web-Based Management..................... 32
6.1 About Web-based Management .................. 32
6.2 Preparing for Web Management.................. 32
6.3 System Login ............................................... 33
6.4 System Information...................................... 34
6.5 IP Configuration ........................................... 35
6.6 DHCP Server ............................................... 37
6.6.1 System configuration...................................... 38
6.6.2 Client Entries .................................................. 39
6.6.3 Port and IP Bindings....................................... 40
6.7 TFTP............................................................ 41
6.7.1 Update Firmware............................................ 41
6.7.2 Restore Configuration..................................... 42
6.7.3 Backup Configuration ..................................... 43
6.8 System Event Log........................................ 44
6.8.1 Syslog Configuration....................................... 44
6.8.2 System Event Log—SMTP Configuration....... 46
6.8.3 System Event Log—Event Configuration ....... 48
6.9 Fault Relay Alarm......................................... 50
6.10 SNTP Configuration..................................... 51
6.11 IP Security.................................................... 55
6.12 Digital Input/Output ...................................... 57
6.13 User Authentication...................................... 60
6.14 Port Statistics ...............................................61
6.15 Port Control..................................................63
6.16 Port Trunk ....................................................65
6.16.1 Aggregator setting ........................................ 65
6.16.2 Aggregator Information................................. 67
6.16.3 State Activity................................................. 73
6.17 Port M irroring ............................................... 75
6.18 Rate Lim iting ................................................76
6.19 VLAN configuration ...................................... 78
6.19.1 Port-based VLAN.......................................... 79
6.19.2 802.1Q VLAN................................................ 82
6.20 Rapid Spanning Tree ................................... 88
6.20.1 RSTP System Configuration......................... 88
6.20.2 Port Configuration......................................... 90
6.21 SNM P Configuration .................................... 92
6.21.1 System Configuration ................................... 92
6.21.2 Trap Configuration........................................ 94
6.21.3 SNMPV3 Configuration................................. 95
6.22 QoS Configuration........................................98
6.22.1 QoS Policy and Priority Type........................ 98
6.22.2 Port-based Priority........................................ 99
6.22.3 COS Configuration...................................... 100
6.22.4 TOS Configuration...................................... 100
6.23 IGMP Configuration.................................... 101
6.24 X-Ring........................................................ 103
6.25 Security—802.1X/Radius Configuration..... 105
6.25.1
System Configuration ................................. 105
6.25.2 Port Configuration....................................... 107
6.25.3 Misc Configuration...................................... 108
6.26 MA C Address Table................................... 109
6.26.1 Static MAC Address.................................... 109
6.26.2 MAC Filtering.............................................. 111
6.26.3 All MAC Addresses..................................... 112
6.27 Factory Default........................................... 115
6.28 Save Configuration.................................... 115
6.29
System Reboot........................................... 115
Troubleshooting .................................................... 116
Appendix A—RJ-45 Pin Assignment................... 117
RJ-45 Pin Assignments........................................ 117
Appendix B—Command Sets............................... 121
System Commands Set....................................... 121
Port Commands Set............................................. 124
Trunk Commands Set.......................................... 126
VLAN Commands Set.......................................... 128
Spanning Tree Commands Set............................ 130
QOS Commands Set........................................... 133
IGMP Commands Set.......................................... 133
Mac / Filter Table Commands Set ....................... 134
SNMP Commands Set......................................... 135
Port Mirroring Commands Set ............................. 138
802.1x Commands Set ........................................ 138
TFTP Commands Set.......................................... 141
SystemLog, SMTP and Event Commands Set.... 141
SNTP Commands Set.......................................... 143
X-ring Commands Set.......................................... 145
Chapter 1 Introduction
The CNGE3FE7MS2 Managed Industrial Switch is a cost-effective solution and meets
the high reliability requirements demanded by industrial applications. The
CNGE3FE7MS2 Managed Industrial Switch can be easily managed through the Web
GUI and NS-View. Using the fiber ports can extend the connection distance that
increases the network elasticity and performance. It also provides the X-Ring function
that can prevent a network connection failure.
1.1 Hardware Features
Standard
Switch
Architecture
IEEE 802.3 10Base-T Ethernet
IEEE 802.3u 100Base-TX
IEEE802.3ab 1000Base-T
IEEE802.3z Gigabit fiber
IEEE802.3x Flow Control and Back Pressure
IEEE802.3ad Port trunk with LACP
IEEE802.1d Spanning Tree
IEEE802.1w Rapid Spanning Tree
IEEE802.1p Class of Service
IEEE802.1Q VLAN Tag
IEEE 802.1x User Authentication (Radius)
Back-plane (Switching Fabric): 7.4Gbps
Packet throughput ability(Full-Duplex): 11Mpps @64bytes
14,880pps for Ethernet port
Transfer Rate
Packet Buffer 1Mbits
MAC Address 8K MAC address table
148,800pps for Fast Ethernet port
1,488,000pps for Gigabit Fiber Ethernet port
1
Flash ROM 4M bytes
DRAM 32M bytes
10/100TX: 7 x RJ-45
10/100/1000T Mini-GBIC Combo: 3 x RJ-45 + 3 x
Connector
100/1000 SFP sockets
RS-232 connector: RJ-45 type
2 Digital Input (DI): Level 0 : -30~2V
Level 1 : 10~30V
DI/DO
Max. input current:8mA
2 Digital Output(DO): Open collector to 40VDC, 200mA
10Base-T: 2-pair UTP/STP Cat. 3, 4, 5/ 5E cable
EIA/TIA-568 100-ohm (100m)
100Base-T: 2-pair UTP/STP Cat. 5/ 5E cable
Network Cable
EIA/TIA-568 100-ohm (100m)
1000Base-T: 2-pair UTP/STP Cat. 5/ 5E cable
EIA/TIA-568 100-ohm (100m)
Multimode: 50/125um~62.5/125um
Single mode: 9/125um
Optical Fiber
Available distance: SFP Dependant
Wavelength: SFP Dependant
Protocol CSMA/CD
Per unit: Power (Green), Power 1 (Green), Power 2
(Green), Fault (Red), Master (Green)
10/100TX : Link/Activity (Green), Full duplex/Collision
LED
(Amber)
Power Supply
Gigabit Copper: Link/Activity (Green), Speed (1000Mbps
Green)
SFP: Link/Activity (Green)
DC 12 ~ 48V (Source Input should be lower than 240W),
Redundant power with polarity reverse protect function and
2
removable terminal block
Power
10.2Watts
Consumption
Operating
5% to 95% (Non-condensing)
Humidity
Operating
-40oC ~ 75oC
Temperature
Storage
-40oC ~ 85oC
Temperature
Case Dimension IP-30, 72mm (W) x 105mm (D) x 152mm (H)
Fan Number 0
Installation DIN rail and wall mount ear
FCC Class A, CE EN61000-4-2 (ESD), CE EN61000-4-3
(RS), CE EN-61000-4-4 (EFT), CE EN61000-4-5 (Surge),
EMI
CE EN61000-4-6 (CS), CE EN61000-4-8,
CE EN61000-4-12, CE EN61000-6-2, CE EN61000-6-4,
C-Tick
Safety UL, cUL, CE/EN60950-1
IEC60068-2-32 (Free fall), IEC60068-2-27 (Shock),
Stability Testing
IEC60068-2-6 (Vibration)
3
1.2 Software Features
Management SNMP v1 v2c, v3/ Web/Telnet/CLI/NS-View
RFC 1215 Trap, RFC1213 MIBII, RFC 1157 SNMP MIB,
SNMP MIB
VLAN
Port Trunk with
LACP
Spanning tree IEEE802.1w rapid spanning tree.
X-Ring
RFC 1493 Bridge MIB, RFC 2674 VLAN MIB, RFC 1643 ,
RFC 1757, RSTP MIB, Private MIB
Port Based VLAN
IEEE 802.1Q Tag VLAN (256 entries)/ VLAN ID (Up to 4K,
VLAN ID can be assigned from 1 to 4096.)
GVRP (256 Groups)
LACP Port Trunk: 4 Trunk groups/Maximum 4 trunk
members
Supports X-ring, Dual Homing, Couple Ring Topology
Provides redundant backup feature and the recovery time
below 20ms
The quality of service determined by port, Tag and IPv4
Quality of Service
Type of service, IPv4/IPv6 Different Service
Supports IEEE802.1p class of service, per port provides 4
Class of Service
priority queues
Supports 100 entries of MAC address for static MAC and
Port Security
another 100 for MAC filter
Port Mirror Supports 3 mirroring types: “RX, TX and Both packet”.
Supports IGMP snooping v1,v2
IGMP
256 multicast groups and IGMP query
4
Supports 10 IP addresses that have permission to access
IP Security
the switch management and to prevent unauthorized
intruder.
Login Security Supports IEEE802.1X Authentication/RADIUS
Supports ingress packet filter and egress packet limit
The egress rate control supports all of packet type and the
limit rates are 100K~250Mbps
Bandwidth
Control
Ingress filter packet type combination rules are
Broadcast/Multicast/Unknown Unicast packet,
Broadcast/Multicast packet, Broadcast packet only and all
of packet. The packet filter rate can be set from 100k to
250Mbps
Supports Flow Control for Full-duplex and Back Pressure
Flow Control
for Half-duplex
System Log Supports System log record and remote system log server
Supports SMTP Server and 6 e-mail accounts for receiving
SMTP
event alert
Provides one relay output for port breakdown, power fail
Relay Alarm
Alarm Relay current carry ability: 1A @ DC24V
Up to 3 Trap stations
Cold start, Port link up, Port link down, Authentication
SNMP Trap
Failure, Private Trap for power status, Port Alarm
configuration, Fault alarm, X-Ring topology change
Provides DHCP Client, DHCP Server and IP Relay
DHCP
functions
Provides DNS client feature and supports Primary and
DNS
Secondary DNS server
5
SNTP Supports SNTP to synchronize system clock in Internet
Firmware Update Supports TFTP firmware update, TFTP backup and restore.
Configuration
Upload/Download
ifAlias
Supports binary format file for configuration backup and
restore
Each port allows importing 128-bit of alphabetic string of
word on SNMP and CLI interface
6
1.3 Package Contents
Please refer to the package content list below to verify them against the checklist.
CNGE3FE7MS2 Managed Industrial Switch x 1
User manual x 1
Pluggable Terminal Block x 2
Mounting plate x 2
RJ-45 to DB9-Female cable x 1
Wall mount power supply
Compare the contents of the industrial switch with the standard checklist above. If any
item is damaged or missing, please contact your local representative for service.
7
Chapter 2 Hardware Description
In this paragraph, it will describe the Industrial switch’s hardware spec, port, cabling
information, and wiring installation.
2.1 Physical Dimension
CNGE3FE7MS2 Managed Industrial Switch dimensions (W x D x H) are 72mm x
105mm x 152mm.
2.2 Front Panel
The Front Panel of the CNGE3FE7MS2 Managed Industrial Switch is shown below:
Front Panel of the industrial switch
8
2.3 Top View
The Top panel of the CNGE3FE7MS2 Managed Industrial Switch has two terminal block
connectors—power connector and DI/DO connector. The power connector consists of
two DC power inputs and one fault alarm. As for DI/DO connector, it comprises two
digital inputs—DI0 and DI1and two digital outputs—DO0 and DO1.
Top Panel of the industrial switch
9
2.4 LED Indicators
The diagnostic LEDs that provide real-time information on system and operational status
are located on the front panel of the industrial switch. The following table provides the
description of the LED status and their meaning for the switch.
LED Color Status Meaning
On The switch is powered on
PWR Green
Off No power
The industrial switch is the master of X-Ring
On
R.M. Green
Off
group
The industrial switch is not a ring master in
X-Ring group
PWR1 Green
PWR2 Green
FAULT Red
Green
(Upper LED)
P7, P9, P10
(RJ-45)
Green
On Power 1 is active
Off Power 1 is inactive
On Power 2 is active
Off Power 2 is inactive
On Power or port failure
Off No failure
On A network device is detected.
The port is transmitting or receiving packets
Blinking
from the TX device.
Off No device attached
On 1000Mb
(Lower LED)
Off 10/100Mb
10
Link/Active
(P7, P9, P10
SFP)
Green
On The SFP port is linking
The port is transmitting or receiving packets
Blinks
from the TX device.
Off No device attached
On A network device is detected.
P1 ~ P6 &
P8
Green
Amber
The port is transmitting or receiving packets
Blinking
from the TX device.
Off No device attached
On
The port is operating in full-duplex mode.
Blinking Collision of Packets occurs.
The port is operating in half-duplex mode or
Off
no device is attached.
11
Chapter 3 Hardware Installation
In this paragraph, we will describe how to install the CNGE3FE7MS2 Managed Industrial
Switch.
3.1 Installation Steps
1. Unpack the Industrial switch
2. Check if the DIN-Rail is screwed on the Industrial switch or not. If the DIN-Rail is not
screwed on the Industrial switch, please refer to DIN-Rail Mounting section for DINRail installation. If users want to wall mount the Industrial switch, please refer to Wall
Mount Plate Mounting section for wall mount plate installation.
3. To hang the Industrial switch on the DIN-Rail track or wall.
4. Power on the Industrial switch. Please refer to the Wiring the Power Inputs section
for information about how to wire the power. The power LED on the Industrial switch
will light up. Please refer to the LED Indicators section for indication of LED lights.
5. Prepare the twisted-pair, straight through Category 5 cable for Ethernet connection.
6. Insert one side of RJ-45 cable (category 5) into the Industrial switch Ethernet port
(RJ-45 port) and another side of RJ-45 cable (category 5) to the network device’s
Ethernet port (RJ-45 port), ex: Switch, PC or Server. The UTP port (RJ-45) LED on
the Industrial switch will light up when the cable is connected with the network device.
Please refer to the LED Indicators section for LED light indication.
[NOTE] Make sure that the connected network devices support MDI/MDI-X. If it does not
support, use a crossover category-5 cable.
7. When all connections are set and LED lights all show normal, the installation is
complete.
12
3.2 DIN-Rail Mounting
The DIN-Rail is screwed on the industrial switch when shipped from the factory. If the
DIN-Rail is not screwed on the industrial switch, please see the following pictures to
screw the DIN-Rail on the switch. Follow the steps below to hang the industrial switch.
Back Side
13
1. First, insert the top of DIN-Rail into the track.
2. Then, lightly push the DIN-Rail into the track.
3. Check if the DIN-Rail is correctly mounted on the track or not.
4. To remove the industrial switch from the track, reverse above steps.
14
3.3 Wall Mount Plate Mounting
Follow the steps below to mount the industrial switch with wall mount plate.
1. Remove the DIN-Rail from the industrial switch; loosen the screws to remove the
DIN-Rail.
2. Place the wall mount plate on the rear panel of the industrial switch.
3. Use the screws to screw the wall mount plate on the industrial switch.
4. Use the hook holes at the corners of the wall mount plate to hang the industrial
switch on the wall.
5. To remove the wall mount plate, reverse the above steps.
15
3.4 Wiring the Power Inputs
Please follow the steps below to insert the power wires.
1. Insert DC power wires into the contacts 1 and 2 for power 1, or 5 and 6 for power 2.
Power inputs can support either polarity.
2. Tighten the wire-clamp screws to prevent the wires from becoming loose.
[NOTE] The wire gauge for the terminal block should be in the range between 12 ~ 24
AWG.
16
3.5 Wiring the Fault Alarm Contact
The fault alarm contacts are in the middle of the terminal block connector as the picture
shows below. Insert the wires, the switch will detect the fault status of the power failure,
or port link failure and then forms an open circuit. The following illustration shows an
application example for wiring the fault alarm contacts.
Insert the wires into the fault alarm contacts
[NOTE] The wire gauge for the terminal block should be in the range between 12 ~ 24
AWG.
17
3.6 Wiring the Digital inputs/ Outputs
There is another terminal block comprising two sets of digital input/output contacts on
the top side of this switch. Please refer to page 57 for how to configure Digital
Input/Output. The following illustration shows the pin assignment of the DIDO
connector. Please note do not connect DO0/DO1 to an external device using power
higher than 40V/200mA.
18
3.7 Cabling
10/100Tx RJ-45 port:
Use four twisted-pair, Category 5e or above cabling for RJ-45 port connection. The
cable between the switch and the link partner (switch, hub, workstation, etc.) must be
less than 100 meters (328 ft.) long.
Gigabit Copper/SFP (mini-GBIC) combo port:
The Industrial switch has auto-detection Gigabit ports—Gigabit Copper/SFP combo
ports. The Gigabit Copper (10/100/1000) ports should use Category 5e or above
UTP/STP cable for the connection up to 1000Mbps. The small form-factor pluggable
(SFP) is a compact optical transceiver used in optical communications for both
telecommunication and data communications. The SFP slots support dual mode and
can switch the connection speed between 100 and 1000Mbps. They are used for
connecting to the network segment with single or multi-mode fiber. You can choose
the appropriate SFP transceiver to plug into the slots. Then use the correct multimode or single-mode fiber according to the transceiver. With fiber optic, it transmits at
speeds up to 1000 Mbps and you can prevent noise interference from the system.
Note The SFP/Copper Combo port can’t both work at the same time. The
SFP port has the higher priority than copper port; if you insert the
1000Mb SFP transceiver (which has connected to the remote device
via fiber cable) into the SFP port, the connection of the accompanying
copper port will link down.
If you insert the 100Mb SFP transceiver into the SFP port even without
a fiber connection to the remote, the connection of the accompanying
copper port will link down immediately.
Please note that you must use class I optical transceivers which
conform to U.S. code of federal regulation, 21 CFR 1040.
19
To connect the transceiver and LC cable, please follow the steps shown as below:
First, insert the transceiver into the SFP slot. Notice that the triangle mark is on the
bottom of the module.
Transceiver to the SFP module
Make sure the module is aligned correctly and then slide the module into the SFP slot
until a click is heard.
Transceiver Inserted
Second, insert the fiber cable of LC connector into the transceiver.
20
LC connector to the transceiver
21
To remove the LC connector from the transceiver, please follow the steps shown below:
First, press the upper side of the LC connector from the transceiver and pull it out to
release.
Remove LC connector
Second, push down the metal loop and pull the transceiver out by the plastic part.
Pull out from the SFP module
22
Chapter 4 Network Application
This chapter provides some sample applications to help the user understand the
industrial switch function application. A sample application of the industrial switch is
shown below:
23
4.1 X-Ring Application
The industrial switch supports the X-Ring protocol that can help the network system to
recover from a network connection failure within 20ms or less, and make the network
system more reliable. The X-Ring algorithm is similar to spanning tree protocol (STP)
algorithm but its recovery time is faster than STP. The following figure is a sample XRing application.
24
4.2 Coupling Ring Application
In the network, it may have more than one X-Ring group. By using the coupling ring
function, it can connect each X-Ring for redundant backup. It can ensure the
transmissions between two ring groups do not fail. The following figure is a sample of
coupling ring application. The couple ring consists of four switches—switch 1 to switch
4—which are connected to each other via the paths in orange. Please note that the
Coupling Ring Backup Path between switch 1 and switch 3 is blocked; it will work only
when the path between switch 2 and switch 4 is broken or disconnected.
25
4.3 Dual Homing Application
Dual Homing function is to prevent a connection loss between X-Ring groups and upper
level/core switches. Assign two ports to be the Dual Homing port that is the backup port
in the X-Ring group. The Dual Homing function only works when the X-Ring function is
active. Each X-Ring group only has one Dual Homing port.
[NOTE] In Dual Homing application architecture, the upper level switches need to
enable the Rapid Spanning Tree protocol.
26
Chapter 5 Console Management
5.1 Connecting to the Console Port
The supplied cable which one end is RS-232 connector and the other end is RJ-45
connector. Attach the end of RS-232 connector to PC or terminal and the other end of
RJ-45 connector to the console port of the switch. The connected terminal or PC must
support a terminal emulation program.
5.2 Pin Assignment
DB9 Connector RJ-45 Connector
NC 1 Orange/White
2 2 Orange
3 3 Green/White
NC 4 Blue
5 5 Blue/White
NC 6 Green
NC 7 Brown/White
NC 8 Brown
27
5.3 Login in the Console Interface
When the connection between Switch and PC is ready, turn on the PC and run a
terminal emulation program or Hyper Terminal and configure its communication
parameters to match the following default characteristics of the console port:
Baud Rate: 9600 bps
Data Bits: 8
Parity: none
Stop Bit: 1
Flow control: None
The settings of comm unication parameters
Having finished the parameter settings, click ‘OK’. When the blank screen shows up,
press Enter key to have the login prompt appear. Key in ‘admin’ (default value) for both
User name and Password (use Enter key to switch), then press Enter and the Main
Menu of console management appears. Please see below figure for login screen.
28
Console login interface
29
5.4 CLI Management
The system supports the console management—CLI command. After you log in on to
the system, you will see a command prompt. To enter CLI management interface, type
in “enable” command.
CLI command interface
The following table lists the CLI commands and description.
5.5 Commands Level
Access
Modes
Method
Begin a
User EXEC
Privileged
EXEC
session with
your switch.
Enter the
enable
command
while in User
EXEC mode.
Prompt
switch>
switch#
Exit
Method
Enter
logout or
quit.
Enter
disable to
exit.
About This Mode1
The user commands
available at the user
level are a subset of
those available at the
privileged level.
Use this mode to
• Perform basic tests.
• Display system
information.
The privileged
command is the
advanced mode.
Use this mode to
• Display advanced
function status
30
Global
Configuration
VLAN
database
Enter the
configure
command
while in
privileged
EXEC mode.
Enter the
vlan
database
command
while in
privileged
switch
(config)#
switch
(vlan)#
To exit to
privileged
EXEC
mode, enter
exit or end.
To exit to
user EXEC
mode, enter
exit.
• Save configuration
Use this mode to
configure those
parameters that are
going to be applied to
your switch.
Use this mode to
configure VLANspecific parameters.
Interface
configuration
EXEC mode.
Enter the
interface of
fast Ethernet
command
(with a
specific
interface)
while in global
configuration
mode.
switch
(config-if)#
To exit to
global
configuratio
n mode,
enter exit.
To exit to
privileged
EXEC
mode, enter
exit or end.
Use this mode to
configure parameters
for the switch and
Ethernet ports.
31
Chapter 6 Web-Based Management
This section introduces the configuration and functions of the Web-Based management.
6.1 About Web-based Management
There is an embedded HTML web site residing in flash memory on CPU board of the
switch, which offers advanced management features and allows users to manage the
switch from anywhere on the network through a standard browser such as Microsoft
Internet Explorer.
The Web-Based Management supports Internet Explorer 6.0 or later version. And, it is
applied for Java Applets for reducing network bandwidth consumption, enhance access
speed and present an easy viewing screen.
6.2 Preparing for Web Management
Before using the web management, install the industrial switch on the network and make
sure that any one of the PCs on the network can connect with the industrial switch
through the web browser. The industrial switch default value of IP, subnet mask,
username and password are listed as below:
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.10.254
User Name: admin
Password: admin
32
6.3 System Login
1. Launch the Internet Explorer on the PC
2. Key in “http:// “+” the IP address of the switch”, as shown below, and then Press
“Enter”.
3. The login screen will appear right after
4. Key in the user name and password. The default user name and password are the
same as ‘admin’.
5. Press Enter or click the OK button, and then the home screen of the Web-based
management appears.
Login screen
33
6.4 System Information
User can assign the system name, description, location and contact personnel to identify
the switch. The version table below is a read-only field to show the basic information of
the switch.
System Name: Assign the system name of the switch (The maximum length is 64
bytes)
System Description: Describes the switch.
System Location: Assign the switch physical location (The maximum length is 64
bytes).
System Contact: Enter the name of contact person or organization.
Firmware Version: Displays the switch’s firmware version
Kernel Version: Displays the kernel software version
MAC Address: Displays the unique hardware address assigned by manufacturer
(default)
And then, click
.
Switch settings interface
34
6.5 IP Configuration
The switch is a network device which needs to be assigned an IP address for being
identified on the network. Users have to decide a means of assigning IP address to the
switch.
DHCP Client: Enable or disable the DHCP client function. When DHCP client
function is enabled, the switch will be assigned an IP address from the network
DHCP server. The default IP address will be replaced by the assigned IP address
on DHCP server. After the user clicks Apply, a popup dialog shows up to inform the
user that when the DHCP client is enabled, the current IP address will be lost and
user should find the new IP address on the DHCP server.
IP Address: Assign the IP address that the network is using. If DHCP client function
is enabled, this switch is configured as a DHCP client. The network DHCP server
will assign the IP address to the switch and display it in this column. The default IP
address is 192.168.10.1 or the user has to assign an IP address manually when
DHCP Client is disabled.
Subnet Mask: Assign the subnet mask to the IP address. If DHCP client function is
disabled, the user has to assign the subnet mask in this column field.
Gateway: Assign the network gateway for the switch. If DHCP client function is
disabled, the user has to assign the gateway in this column field. The default
gateway is 192.168.10.254.
DNS1: Assign the primary DNS IP address.
DNS2: Assign the secondary DNS IP address.
And then, click
.
35
IP configuration interface
36
6.6 DHCP Server
DHCP is the abbreviation of Dynamic Host Configuration Protocol that is a protocol for
assigning dynamic IP addresses to devices on a network. With dynamic addressing, a
device can have a different IP address every time it connects to the network. In some
systems, the device's IP address can even change while it is still connected. DHCP
also supports a mix of static and dynamic IP addresses. Dynamic addressing
simplifies network administration because the software keeps track of IP addresses
rather than requiring an administrator to manage the task. This means that a new
computer can be added to a network without the hassle of manually assigning it a
unique IP address.
The system provides the DHCP server function. Having enabled the DHCP server
function, the switch system will be configured as a DHCP server.
37
6.6.1 System configuration
DHCP Server: Enable or Disable the DHCP Server function. Enable—the switch
will be the DHCP server on your local network.
Low IP Address: Type in an IP address. Low IP address is the beginning of the
dynamic IP range. For example, dynamic IP is in the range between
192.168.10.100 ~ 192.168.10.200. In contrast, 192.168.10.100 is the Low IP
address.
High IP Address: Type in an IP address. High IP address is the end of the
dynamic IP range. For example, dynamic IP is in the range between
192.168.10.100 ~ 192.168.10.200. In contrast, 192.168.10.200 is the High IP
address.
Subnet Mask: Type in the subnet mask of the IP configuration.
Gateway: Type in the IP address of the gateway in your network.
DNS: Type in the Domain Name Server IP Address in your network.
Lease Time (sec): It is the time period that system will reset the dynamic IP
assignment to ensure the dynamic IP will not been occupied for a long time or the
server doesn’t know that the dynamic IP is idle.
And then, click .
DHCP Server Configuration interface
38
6.6.2 Client Entries
When the DHCP server function is enabled, the system will collect the DHCP client
information including the assigned IP address, the MAC address of the client device,
the IP assigning type, status and lease time.
DHCP Client Entries interface
39
6.6.3 Port and IP Bindings
Assign the dynamic IP address bound with the port to the connected client. The user is
allowed to fill each port column with one particular IP address. When the device is
connecting to the port and asks for IP assigning, the system will assign the IP address
bound with the port.
Port and IP Bindings interface
40
6.7 TFTP
It provides the functions allowing the user to update the switch firmware via the Trivial
File Transfer Protocol (TFTP) server. Before updating, make sure the TFTP server is
ready and the firmware image is located on the TFTP server.
6.7.1 Update Firmware
TFTP Server IP Address: Type in your TFTP server IP.
Firmware File Name: Type in the name of the firmware image file to be updated.
Click .
Update Firmware interface
41
6.7.2 Restore Configuration
You can restore a previous backup configuration from the TFTP server to recover the
settings. Before doing that, you must locate the image file on the TFTP server first and
the switch will download the flash image.
TFTP Server IP Address: Type in the TFTP server IP.
Restore File Name: Type in the correct file name for restoring.
Click .
Restore Configuration interface
42
6.7.3 Backup Configuration
You can back up the current configuration from flash ROM to the TFTP server for the
purpose of recovering the configuration later. It helps you to avoid wasting time on
configuring the settings by backing up the configuration.
TFTP Server IP Address: Type in the TFTP server IP.
Backup File Name: Type in the file name.
Click .
Backup Configuration interface
43
6.8 System Event Log
This page allows the user to decide whether to send the system event log, and select the
mode which the system event log will be sent to client only, server only, or both client
and server. What kind of event log will be issued to the client/server depends on the
selection on the Event Configuration tab. There are five types of event—Device Cold
Start, Device Warm Start, Authentication Failure, X-Ring Topology Change, and Port
Event—available to be issued as the event log.
6.8.1 Syslog Configuration
Syslog Client Mode: Select the system log mode—Client Only, Server Only, or
Both. ‘Client Only’ means the system event log will only be sent to this interface of the
switch, but on the other hand ‘Server Only’ means the system log will only be sent to
the remote system log server with its IP assigned. If the mode is set in ‘Both’, the
system event log will be sent to the remote server and this interface.
System Log Server IP Address: When the ‘Syslog Mode’ item is set as Server
Only/Both, the user has to assign the system log server IP address to which the log
will be sent.
Click to refresh the event log displaying area.
Click to clear all the current event logs.
Make sure the selected mode is correct, and click to have the
setting take effect.
44
Syslog Configuration interface
45
6.8.2 System Event Log—SMTP Configuration
Simple Mail Transfer Protocol (SMTP) is the standard for email transmissions across
the network. You can configure the SMTP server IP, mail subject, sender, mail
account, password, and the recipient email addresses which the e-mail alert will send
to. There are also five types of event—Device Cold Start, Device Warm Start,
Authentication Failure, X-Ring Topology Change, and Port Event—available to be
issued as the e-mail alert. Besides, this function provides the authentication
mechanism including an authentication step through which the client effectively logs in
to the SMTP server during the process of sending e-mail alert.
Email Alert: With this function being enabled, the user is allowed to configure the
detail settings for sending the e-mail alert to the SMTP server when the events
occur.
SMTP Server IP: Assign the mail server IP address (when Email Alert is
enabled, this function will then be available).
Sender: Type in an alias of the switch in complete email address format, e.g.
switch101@123.com, to identify where the e-mail alert comes from.
Authentication: Having ticked this checkbox, the mail account, password and
confirm password column fields will then show up. Configure the email account
and password for authentication when this switch logs in to the SMTP server.
Mail Account: Set up the email account, e.g. johnadmin, to receive the email
alert. It must be an existing email account on the mail server.
Password: Type in the password for the email account.
Confirm Password: Reconfirm the password.
Rcpt e-mail Address 1 ~ 6: You can also fill each of the column fields with up to
6 e-mail accounts to receive the email alert.
Click to have the configuration take effect.
46
SMTP Configuration interface
47
6.8.3 System Event Log—Event Configuration
Having ticked the Syslog/SMTP checkboxes, the event log/email alert will be sent to the
system log server and the SMTP server respectively. Also, Port event log/alert (link up,
link down, and both) can be sent to the system log server/SMTP server respectively by
setting the trigger condition.
System event selection: There are 4 event types—Device Cold Start, Device
Warm Start, Authentication Failure, and X-ring Topology Change. The checkboxes
are not available for ticking unless the Syslog Client Mode on the Syslog
Configuration tab and the E-mail Alert on the SMTP Configuration tab are enabled
first.
Device cold start: When the device executes cold start action, the system will
issue the event log/email alert to the system log/SMTP server respectively.
Device warm start: When the device executes warm start, the system will
issue the event log/email alert to the system log/SMTP server respectively.
Authentication Failure: When the SNMP authentication fails, the system will
issue the event log/email alert to the system log/SMTP server respectively.
X-ring topology change: When the X-ring topology has changed, the system
will issue the event log/email alert to the system log/SMTP server respectively.
Port event selection: Also, before the drop-down menu items are available, the
Syslog Client Mode selection item on the Syslog Configuration tab and the E-mail
Alert selection item on the SMTP Configuration tab must be enabled first. Those
drop-down menu items have 3 selections—Link UP, Link Down, and Link UP &
Link Down. Disable means no event will be sent to the system log/SMTP server.
Link UP: The system will only issue a log message when the link-up event of
the port occurs.
Link Down: The system will only issue a log message when the link-down
event of port occurs.
Link UP & Link Down: The system will issue a log message at the time when
port connection is link-up and link-down.
48
Event Configuration interface
49
6.9 Fault Relay Alarm
The Fault Relay Alarm function provides Power Failure and Port Link Down/Broken
detection. With both power input 1 and power input 2 installed and the check boxes of
power 1/power 2 ticked, the FAULT LED indicator will then be possible to light up when
any one of the power failures occurs. As for the Port Link Down/Broken detection, the
FAULT LED indicator will light up when the port failure occurs; the check box beside the
port must be ticked first. Please refer to the segment of ‘Wiring the Fault Alarm
Contact’ for the failure detection.
Power Failure: Tick the check box to enable the FAULT LED on the panel when
power fails.
Port Link Down/Broken: Tick the check box to enable the FAULT LED on the
panel when Ports’ states are link down or broken.
Fault Relay Alarm interface
50
6.10 SNTP Configuration
SNTP (Simple Network Time Protocol) is a simplified version of NTP which is an Internet
protocol used to synchronize the clocks of computers to some time reference. Because
time usually just advances, the time on different node stations will be different. With the
communicating programs running on those devices, it would cause time to jump forward
and back, a non-desirable effect. Therefore, the switch provides comprehensive
mechanisms to access national time and frequency dissemination services, organize the
time-synchronization subnet and the local clock in each participating subnet peer.
Daylight saving time (DST) is the convention of advancing clocks so that afternoons
have more daylight and mornings have less. Typically clocks are adjusted forward one
hour near the start of spring and are adjusted backward in autumn.
SNTP Client: Enable/disable SNTP function to get the time from the SNTP server.
Daylight Saving Time: This is used as a control switch to enable/disable daylight
saving period and daylight saving offset. Users can configure Daylight Saving
Period and Daylight Saving Offset in a certain period time and offset time while
there is no need to enable daylight saving function. Afterwards, users can just set
this item as enable without assign Daylight Saving Period and Daylight Saving
Offset again.
UTC Timezone: Universal Time, Coordinated. Set the switch location time zone.
The following table lists the different location time zone for your reference.
Local Time Zone
Conversion from UTC Time at 12:00 UTC
November Time Zone - 1 hour 11am
Oscar Time Zone - 2 hours 10 am
ADT - Atlantic Daylight - 3 hours 9 am
AST - Atlantic Standard
- 4 hours
EDT - Eastern Daylight
51
8 am
EST - Eastern Standard
CDT - Central Daylight
- 5 hours 7 am
CST - Central Standard
- 6 hours 6 am
MDT - Mountain Daylight
MST - Mountain
Standard
- 7 hours 5 am
PDT - Pacific Daylight
PST - Pacific Standard
- 8 hours 4 am
ADT - Alaskan Daylight
ALA - Alaskan Standard - 9 hours 3 am
HAW - Hawaiian
- 10 hours 2 am
Standard
Nome, Alaska - 11 hours 1 am
CET - Central European
FWT - French Winter
MET - Middle European
MEWT - Middle
+ 1 hour 1 pm
European Winter
SWT - Swedish Winter
EET - Eastern
+ 2 hours 2 pm
European, USSR Zone 1
BT - Baghdad, USSR
+ 3 hours 3 pm
Zone 2
ZP4 - USSR Zone 3 + 4 hours 4 pm
ZP5 - USSR Zone 4 + 5 hours 5 pm
ZP6 - USSR Zone 5
+ 6 hours
WAST - West Australian
+ 7 hours
Standard
6 pm
7 pm
52
CCT - China Coast,
+ 8 hours 8 pm
USSR Zone 7
JST - Japan Standard,
+ 9 hours 9 pm
USSR Zone 8
EAST - East Australian
Standard GST
+ 10 hours 10 pm
Guam Standard, USSR
Zone 9
IDLE - International Date
Line
NZST - New Zealand
+ 12 hours Midnight
Standard
NZT - New Zealand
SNTP Sever URL: Set the SNTP server IP address. You can assign a local network
time server IP address or an internet time server IP address.
Switch Timer: When the switch has successfully connected to the SNTP server
whose IP address was assigned in the column field of SNTP Server URL, the
current coordinated time is displayed here.
Daylight Saving Period: Set up the Daylight Saving beginning date/time and
Daylight Saving ending date/time. Please key in the value in the format of
‘YYYYMMDD’ and ‘HH:MM’ (leave a space between ‘YYYYMMDD’ and ‘HH:MM’).
YYYYMMDD: an eight-digit year/month/day specification.
HH:MM: a five-digit (including a colon mark) hour/minute specification.
For example, key in ‘20070701 02:00’ and ‘20071104 02:04’ in the two column
fields respectively to represent that DST begins at 2:00 a.m. on March 11, 2007
and ends at 2:00 a.m. on November 4, 2007.
Daylight Saving Offset (mins): For non-US and European countries, specify the
amount of time for day light savings. Please key in the valid figure in the range of
minute between 0 and 720, which means you can set the offset up to 12 hours.
Click to have the configuration take effect.
53
SNTP Configuration interface
54
6.11 IP Security
IP security function allows the user to assign 10 specific IP addresses that have
permission to manage the switch through the http and telnet services for securing switch
management. The purpose of giving the limited IP addresses permission is to allow only
the authorized personnel/device to perform the management tasks on the switch.
IP Security Mode: Having set this selection item in the Enable mode, the Enable
HTTP Server, Enable Telnet Server checkboxes and the ten security IP column
fields will then be available. If not, those items will appear in grey.
Enable HTTP Server: Having ticked this checkbox, the devices whose IP
addresses match any one of the ten IP addresses in the Security IP1 ~ IP10 table
will be given the permission to access this switch via HTTP service.
Enable Telnet Server: Having ticked this checkbox, the devices whose IP
addresses match any one of the ten IP addresses in the Security IP1 ~ IP10 table
will be given the permission to access this switch via telnet service.
Security IP 1 ~ 10: The system allows the user to assign up to 10 specific IP
addresses for access security. Only these 10 IP addresses can access and manage
the switch through the HTTP/Telnet service once IP Security Mode is enabled.
And then, click
to have the configuration take effect.
[NOTE] Remember to execute the “Save Configuration” action, otherwise the new
configuration will be lost when the switch powers off.
55
IP Security interface
56
6.12 Digital Input/Output
The CNGE3FE7MS2 Managed Industrial Switch contains two digital inputs and two
digital outputs. The digital inputs may be used to receive the voltage-changing signal of
remote equipment to sense the state of the remote equipment like heater, pump, and
other electrical equipment. Therefore the switch can be configured to send system log,
SMTP and SNMP traps to syslog server, SMTP server and SNMP trap station
respectively (please refer to System Event Log and SNMP configuration section).
Outputs are open-collector transistor switches used to connect to the external device like
alarm buzzer or LED to inform the user of the port/power status.
Digital Input
When First/Second Digital Input function is enabled, First Digital Input/Second
Digital Input will then be available respectively.
Digital Input: Choose the transition type to trigger DI0/DI1.
LowHigh: Having focused this radio button, DI0/DI1 will only report the
status when the external device’s voltage changes from low to high.
HighLow: Having focused this radio button, DI0/DI1 will only report the
status when the external device’s voltage changes from high to low.
Event description: Please fill in the description for the event.
Action: Tick the check boxes to decide whether or not to send the events via
Syslog, SMTP, or SNMP Trap.
57
Digital Input interface
Digital Output
When First/Second Digital Output function is enabled, First Digital Output/Second
Digital Output will then be available respectively.
Condition: The system will send an electrical Low-to-High or High-to-Low signal to
First Digital Output (DO0)/Second Digital Output (DO1) when the condition of ticked
checkbox is met.
Port Fail: Having ticked this checkbox, DO0/DO1 will output an electrical Low-
to-High or High-to-Low signal when port failure occurs.
Power Fail: Having ticked this checkbox, DO0/DO1 will output an electrical
Low-to-High or High-to-Low signal when power failure occurs.
Action: Choose the output type of electrical signal.
LowHigh: Having focused this radio button, DO0/DO1 will output an
electrical signal of Low-to-High when the condition of the ticked checkbox is
met (port/power failure occurs).
HighLow: Having focused this radio button, DO0/DO1 will output an
electrical signal of Low-to-High when the condition of the ticked checkbox is
met (port/power failure occurs).
58
Note: Besides ticking the checkboxes in the Condition column field, the power/port failure
checkboxes of Fault Relay Alarm have to be ticked as the pre-condition. Please refer to
Fault Relay Alarm section. Also, please note that the digital output can’t connect to the
external device using power higher than 40V/200mA.
Digital Output interface
59
6.13 User Authentication
Change web management login user name and password.
User name: Type in the new user name (The default is ‘root’)
Password: Type in the new password (The default is ‘root’)
Confirm password: Re-type the new password
And then, click
.
User Authentication interface
60
6.14 Port Statistics
The following chart provides the current statistic information which displays the real-time
packet transfer status for each port. The user might use the information to plan and
implement the network, or check and find the problem when a collision or heavy traffic
occurs.
Port: The port number.
Type: Displays the current speed of connection to the port.
Link: The status of linking—‘Up’ or ‘Down’.
State: It’s set by Port Control. When the state is disabled, the port will not transmit
or receive any packet.
Tx Good Packet: The counts of transmitting good packets via this port.
Tx Bad Packet: The counts of transmitting bad packets (including undersize [less
than 64 octets], oversize, CRC Align errors, fragments and jabbers packets) via this
port.
Rx Good Packet: The counts of receiving good packets via this port.
Rx Bad Packet: The counts of receiving good packets (including undersize [less
than 64 octets], oversize, CRC error, fragments and jabbers) via this port.
Tx Abort Packet: The aborted packet while transmitting.
Packet Collision: The counts of collision packet.
Packet Dropped: The counts of dropped packet.
Rx Bcast Packet: The counts of broadcast packet.
Rx Mcast Packet: The counts of multicast packet.
Click
button to clean all counts.
61
Port Statistics interface
62
6.15 Port Control
In Port control you can configure the settings of each port to control the connection
parameters, and the status of each port is listed beneath.
Port: Use the scroll bar and click on the port number to choose the port to be
configured.
State: Current port state. The port can be set to disable or enable mode. If the port
state is set as ‘Disable’, it will not receive or transmit any packet.
Negotiation: Auto and Force. Being set as Auto, the speed and duplex mode are
negotiated automatically. When you set it as Force, you have to set the speed and
duplex mode manually.
Speed: It is available for selecting when the Negotiation column is set as Force.
When the Negotiation column is set as Auto, this column is read-only.
Duplex: It is available for selecting when the Negotiation column is set as Force.
When the Negotiation column is set as Auto, this column is read-only.
Flow Control: Whether or not the receiving node sends feedback to the sending
node is determined by this item. When enabled, once the device exceeds the input
data rate of another device, the receiving device will send a PAUSE frame which
halts the transmission of the sender for a specified period of time. When disabled,
the receiving device will drop the packet if too much to process.
Security: When the Security selection is set as ‘On’, any access from the device
which connects to this port will be blocked unless the MAC address of the device is
included in the static MAC address table. See the segment of MAC Address
Table—Static MAC Addresses.
Click
to have the configuration take effect.
63
Port Control interface
64
6.16 Port Trunk
Port trunking is the combination of several ports or network cables to expand the
connection speed beyond the limits of any one single port or network cable. Link
Aggregation Control Protocol (LACP), which is a protocol running on layer 2, provides
a standardized means in accordance with IEEE 802.3ad to bundle several physical
ports together to form a single logical channel. All the ports within the logical channel
or so-called logical aggregator work at the same connection speed and LACP
operation requires full-duplex mode.
6.16.1 Aggregator setting
System Priority: A value which is used to identify the active LACP. The switch
with the lowest value has the highest priority and is selected as the active LACP
peer of the trunk group.
Group ID: There are 13 trunk groups to be selected. Assign the "Group ID" to
the trunk group.
LACP: When enabled, the trunk group is using LACP. A port which joins an
LACP trunk group has to make an agreement with its member ports first. Please
note that a trunk group, including member ports split between two switches, has
to enable the LACP function of the two switches. When disabled, the trunk group
is a static trunk group. The advantage of having the LACP disabled is that a port
joins the trunk group without any handshaking with its member ports; but member
ports won’t know that they should be aggregated together to form a logic trunk
group.
Work ports: This column field allows the user to type in the total number of
active ports up to four. With LACP static trunk group, e.g. you assign four ports
to be the members of a trunk group whose work ports column field is set as two;
the exceed ports are standby/redundant ports and can be aggregated if working
ports fail. If it is a static trunk group (non-LACP), the number of work ports must
equal the total number of group member ports.
Select the ports to join the trunk group. The system allows a maximum of four
65
ports to be aggregated in a trunk group. Click and the ports focused
in the right side will be shifted to the left side. To remove unwanted ports, select
the ports and click .
When LACP enabled, you can configure LACP Active/Passive status for each
port on the State Activity tab.
Click .
Use to delete Trunk Group. Select the Group ID and click .
Port Trunk—Aggregator Setting interface (four ports are added to the left field with LACP enabled)
66
6.16.2 Aggregator Information
LACP disabled
Having set up the aggregator setting with LACP disabled, you will see the local static
trunk group information on the tab of Aggregator Information.
Assigning 2 ports to a trunk group with LACP disabled
Static Trunking Group information
67
Group Key: This is a read-only column field that displays the trunk group ID.
Port Member: This is a read-only column field that displays the members of this
static trunk group.
68
LACP enabled
Having set up the aggregator setting with LACP enabled, you will see the trunking
group information between two switches on the tab of Aggregator Information.
Switch 1 configuration
1. Set System Priority of the trunk group. The default is 1.
2. Select a trunk group ID by pull down the drop-down menu bar.
3. Enable LACP.
4. Include the member ports by clicking the Add button after selecting the port
number and the column field of Work Ports changes automatically.
Switch 1 configuration interface
69
Aggregation Information of Switch 1
5. Click on the tab of Aggregator Information to check the trunked group
information as the illustration shown above after the two switches configured.
70
Switch 2 configuration
Switch 2 configuration interface
1. Set System Priority of the trunk group. The default is 1.
2. Select a trunk group ID by pull down the drop-down menu bar.
3. Enable LACP.
4. Include the member ports by clicking the Add button after selecting the port
number and the column field of Work Ports changes automatically.
71
Aggregation Information of Switch 2
5. Click on the tab of Aggregator Information to check the trunked group
information as the illustration shown above after the two switches configured.
72
6.16.3 State Activity
Having set up the LACP aggregator on the tab of Aggregator Setting, you can configure
the state activity for the members of the LACP trunk group. You can tick or cancel the
checkbox beside the state label. When you remove the tick mark of the port and click
, the port state activity will change to Passive.
Active: The port automatically sends LACP protocol packets.
Passive: The port does not automatically send LACP protocol packets, and
responds only if it receives LACP protocol packets from the opposite device.
[NOTE] A link having two passive LACP nodes will not perform dynamic LACP
trunk because both ports are waiting for an LACP protocol packet from
the opposite device.
State Activity of Switch 1
73
State Activity of Switch 2
74
6.17 Port Mirroring
Port mirroring is a method for monitoring traffic in switched networks. Traffic through
ports can be monitored by one specific port, which means traffic going in or out of
monitored (source) ports will be duplicated into mirror (destination) port.
Destination Port: Only one port can be selected to be destination (mirror) port for
monitoring both RX and TX traffic which come from source port(s). Or, use one of
two ports for monitoring RX traffic only and the other one for TX traffic only. User
can connect mirror port to LAN analyzer or Netxray.
Source Port: The ports that user wants to monitor. All monitored port traffic will be
copied to mirror (destination) port. User can select multiple source ports by checking
the RX or TX check boxes to be monitored.
And then, click
button.
Port Trunk – Port Mirroring interface
75
6.18 Rate Limiting
You can set up every port’s bandwidth rate and frame limitation type.
Ingress Limit Frame type: select the frame type that you want to filter. There are
four frame types for selecting:
All
Broadcast/Multicast/Flooded Unicast
Broadcast/Multicast
Broadcast only
Broadcast/Multicast/Flooded Unicast, Broadcast/Multicast and Bbroadcast
only types are only for ingress frames. The egress rate only supports All type.
Rate Limiting interface
All the ports support port ingress and egress rate control. For example, assume port
1 is 10Mbps, users can set it’s effective egress rate to 1Mbps, and ingress rate to
500Kbps. The switch performs the ingress rate by packet counter to meet the
76
specified rate
Ingress: Enter the port effective ingress rate (The default value is “0”).
Egress: Enter the port effective egress rate (The default value is “0”).
And then, click to apply the settings
77
6.19 VLAN configuration
A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain,
which would allow you to isolate network traffic, so only the members of the same
VLAN will receive traffic from the ones of the same VLAN. Basically, creating a VLAN
on a switch is logically equivalent of reconnecting a group of network devices to
another Layer 2 switch. However, all the network devices are still plugged into the
same switch physically.
This switch supports Port-based and 802.1Q (tagged-based) VLAN. The default
configuration of VLAN operation mode is “Disable”.
VLAN Configuration interface
78
6.19.1 Port-based VLAN
A port-based VLAN basically consists of its members—ports, which means the VLAN
is created by grouping the selected ports. This method provides the convenience for
users to configure a simple VLAN easily without complicated steps. Packets can go
among only members of the same VLAN group. Note all unselected ports are treated
as belonging to another single VLAN. If the port-based VLAN is enabled, the VLANtagging is ignored. The port-based VLAN function allows the user to create separate
VLANs to limit unnecessary packet flooding; however, for the purpose of sharing
resources, a single port called a common port can belong to different VLANs, which
all the member devices (ports) in different VLANs have the permission to access the
common port while they still cannot communicate with each other in different VLANs.
VLAN – Port Based interface
79
Pull down the selection item and focus on Port Based then press to set
the VLAN Operation Mode in Port Based mode.
Click to add a new VLAN group (The maximum VLAN groups are up to
64).
VLAN—Port Based Add interface
Enter the group name and VLAN ID. Add the selected port number into the right
field to group these members to be a VLAN group, or remove any of them listed
in the right field from the VLAN.
80
And then, click to have the configuration take effect.
You will see the VLAN list displayed.
VLAN—Port Based Edit/Delete interface
Use to delete the VLAN.
Use to modify group name, VLAN ID, or add/remove the members of
the existing VLAN group.
[NOTE] Remember to execute the “Save Configuration” action, otherwise the new
configuration will be lost when the switch powers off.
81
6.19.2 802.1Q VLAN
Virtual Local Area Network (VLAN) can be implemented on the switch to logically
create different broadcast domains.
When the 802.1Q VLAN function is enabled, all ports on the switch belong to default
VLAN of VID 1, which means they logically are regarded as members of the same
broadcast domain. The valid VLAN ID is in the range of numbers between 1 and 4094.
The amount of VLAN groups is up to 256 including default VLAN that cannot be
deleted.
Each member port of 802.1Q is on either an Access Link (VLAN-tagged) or a Trunk
Link (no VLAN-tagged). All frames on an Access Link carry no VLAN identification.
Conversely, all frames on a Trunk Link are VLAN-tagged. Besides, there is the third
mode—Hybrid. A Hybrid Link can carry both VLAN-tagged frames and untagged
frames. A single port is supposed to belong to one VLAN group, except it is on a
Trunk/Hybrid Link.
The technique of 802.1Q tagging inserts a 4-byte tag, including VLAN ID of the
destination port—PVID, in the frame. With the combination of Access/Trunk/Hybrid
Links, the communication across switches can also make the packet be sent through
tagged and untagged ports.
82
802.1Q Configuration
Pull down the selection item and focus on 802.1Q then press to set the
VLAN Operation Mode in 802.1Q mode.
Enable GVRP Protocol: GVRP (GARP VLAN Registration Protocol) is a protocol
that facilitates control of virtual local area networks (VLANs) within a larger network.
GVRP conforms to the IEEE 802.1Q specification, which defines a method of
tagging frames with VLAN configuration data. This allows network devices to
dynamically exchange VLAN configuration information with other devices. For
example, having enabled GVRP on two switches, they are able to automatically
exchange the information of their VLAN database. Therefore, the user doesn’t need
to manually configure whether the link is trunk or hybrid, the packets belonging to
the same VLAN can communicate across switches. Tick this checkbox to enable
GVRP protocol. This checkbox is available while the VLAN Operation Mode is in
802.1Q mode.
Management VLAN ID: Only when the VLAN members, whose Untagged VID
(PVID) equals to the value in this column, will have the permission to access the
switch. The default value is ‘0’ that means this limit is not enabled (all members in
different VLANs can access this switch).
Select the port you want to configure.
Link Type: There are 3 types of link type.
Access Link: A segment which provides the link path for one or more stations
to the VLAN-aware device. An Access Port (untagged port), connected to the
access link, has an untagged VID (also called PVID). After an untagged frame
gets into the access port, the switch will insert a four-byte tag in the frame. The
contents of the last 12-bit of the tag is untagged VID. When this frame is sent
out through any of the access port of the same PVID, the switch will remove the
Note:
tag from the frame to recover it to what it was. Those ports of the same
untagged VID are regarded as the same VLAN group members.
Because the access port doesn’t have an understanding of tagged frame, the
column field of Tagged VID is not available.
83
Trunk Link: A segment which provides the link path for one or more VLAN-
aware devices (switches). A Trunk Port, connected to the trunk link, has an
understanding of tagged frame, which is used for the communication among
VLANs across switches. Which frames of the specified VIDs will be forwarded
depends on the values filled in the Tagged VID column field. Please insert a
comma between two VIDs.
Note:
1. A trunk port doesn’t insert tag into an untagged frame, and therefore the
untagged VID column field is not available.
2. It’s not necessary to type ‘1’ in the tagged VID. The trunk port will forward
the frames of VLAN 1.
3. The trunk port has to be connected to a trunk/hybrid port of the other switch.
Both the tagged VID of the two ports have to be the same.
Hybrid Link: A segment which consists of Access and Trunk links. The hybrid
port has both the features of access and trunk ports. A hybrid port has a PVID
belonging to a particular VLAN, and it also forwards the specified taggedframes for the purpose of VLAN communication across switches.
Note:
1. It’s not necessary to type ‘1’ in the tagged VID. The hybrid port will forward
the frames of VLAN 1.
2. The trunk port has to be connected to a trunk/hybrid port of the other
switch. Both the tagged VID of the two ports have to be the same.
Untagged VID: This column field is available when Link Type is set as Access Link
and Hybrid Link. Assign a number in the range between 1 an 4094.
Tagged VID: This column field is available when Link Type is set as Trunk Link and
Hybrid Link. Assign a number in the range between 1 an 4094.
Click to have the configuration take effect.
You can see the link type, untagged VID, and tagged VID information of each port in
the table below on the screen.
84
802.1Q VLAN interface
Group Configuration
Edit the existing VLAN Group.
Select the VLAN group in the table list.
Click .
85
Group Configuration interface
You can modify the VLAN group name and VLAN ID.
86
Group Configuration interface
87
6.20 Rapid Spanning Tree
The Rapid Spanning Tree Protocol (RSTP) is an evolution of the Spanning Tree Protocol
and provides for faster spanning tree convergence after a topology change. The system
also supports STP and the system will auto-detect the connected device that is running
STP or RSTP protocol.
6.20.1 RSTP System Configuration
The user can view spanning tree information of Root Bridge.
The user can modify RSTP state. After modification, click .
RSTP mode: The user must enable the RSTP function first before configuring
the related parameters.
Priority (0-61440): The switch with the lowest value has the highest priority
and is selected as the root. If the value is changed, the user must reboot the
switch. The value must be a multiple of 4096 according to the protocol standard
rule.
Max Age (6-40): The number of seconds a switch waits without receiving
Spanning-tree Protocol configuration messages before attempting a
reconfiguration. Enter a value between 6 through 40.
Hello Time (1-10): The time that controls the switch to send out the BPDU
packet to check RSTP current status. Enter a value between 1 through 10.
Forward Delay Time (4-30): The number of seconds a port waits before
changing from its Rapid Spanning-Tree Protocol learning and listening states to
the forwarding state. Enter a value between 4 through 30.
[NOTE] Follow the rule as below to configure the MAX Age, Hello Time, and Forward
Delay Time.
2 x (Forward Delay Time value –1) > = Max Age value >= 2 x (Hello Time
value +1)
88
RSTP System Configuration interface
89
6.20.2 Port Configuration
This web page provides the port configuration interface for RSTP. You can assign higher
or lower priority to each port. Rapid spanning tree will have the port with the higher
priority in forwarding state and block other ports to make certain that there is no loop in
the LAN.
Select the port in the port column field.
Path Cost: The cost of the path to the other bridge from this transmitting bridge at
the specified port. Enter a number 1 through 200,000,000.
Priority: Decide which port should be blocked by setting its priority as the lowest.
Enter a number between 0 and 240. The value of priority must be the multiple of 16.
Admin P2P: The rapid state transitions possible within RSTP are dependent upon
whether the port concerned can only be connected to exactly another bridge (i.e. it
is served by a point-to-point LAN segment), or can be connected to two or more
bridges (i.e. it is served by a shared medium LAN segment). This function allows the
P2P status of the link to be manipulated administratively. True means the port is
regarded as a point-to-point link. False means the port is regarded as a shared link.
Auto means the link type is determined by the auto-negotiation between the two
peers.
Admin Edge: The port directly connected to end stations won’t create bridging loop
in the network. To configure the port as an edge port, set the port to “True” status.
Admin Non Stp: The port includes the STP mathematic calculation. True is not
including STP mathematic calculation. False is including the STP mathematic
calculation.
Click .
90
RSTP Port Configuration interface
91
6.21 SNMP Configuration
Simple Network Management Protocol (SNMP) is the protocol developed to manage
nodes (servers, workstations, routers, switches and hubs etc.) on an IP network. SNMP
enables network administrators to manage network performance, find and solve network
problems, and plan for network growth. Network management systems learn of
problems by receiving traps or change notices from network devices implementing
SNMP.
6.21.1 System Configuration
Community Strings
Here you can define the new community string set and remove the unwanted community
string.
String: Fill the name string.
RO: Read only. Enables requests accompanied by this community string to
display MIB-object information.
RW: Read/write. Enables requests accompanied by this community string to
display MIB-object information and to set MIB objects.
Click .
To remove the community string, select the community string that you defined
before and click . The strings of Public_RO and Private_RW are default
strings. You can remove them but after resetting the switch to default, the two
strings show up again.
Agent Mode: Select the SNMP version that you want to use it. And then click
to switch to the selected SNMP version mode.
92
SNMP System Configuration interface
93
Loading...