INSTALLATION AND OPERATION MANUAL
CNGE3FE7MS3
ENVIRONMENTALLY HARDENED
MANAGED ETHERNET SWITCH WITH (7) 10/100TX +
(3) CONFIGURABLE 10/100/1000TX / 100/1000FX PORTS
The ComNet CNGE3FE7MS3 Managed Ethernet Switch provides robust transmission
of seven (7) 10/100BASE-T(X) and three (3) 10/100/1000T(X) or 100/1000FX combo
ports, of gigabit Ethernet data. It is available for use with either conventional CAT-5e
copper or optical transmission media. The 7 electrical ports support the 10/100Mbps
Ethernet IEEE 802.3 protocol, and auto-negotiating and auto-MDI/MDIX features
are provided for simplicity and ease of installation. Three ports are 10/100/1000
configurable for copper or fiber media for use with multimode or single mode optical
fiber, selected by optional SFP modules. These network managed layer 2 switches
are optically (100/1000BASE-FX) and electrically compatible with any IEEE 802.3
compliant Ethernet devices. The CNGE3FE7MS3 incorporates LED indicators for
monitoring the operating status of the managed switch and network. These units are
DIN-rail or wall mountable.
Rev. 8.25.15
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Contents
Regulatory Compliance Statement 6
Warranty 6
Disclaimer 6
Safety Information 6
Overview 7
Introduction 7
Software Features 8
Hardware Features 9
Safety Indications 9
Hardware Installation 10
Installing Switch on DIN-Rail 10
Mount Series on DIN-Rail 11
Wall Mounting Installation 12
Mounting the CNGE3FE7MS3 on a Wall 12
Hardware Overview 13
Front Panel 13
Front Panel LEDs 15
Top view Panel 16
Rear Panel 17
Cables 18
Ethernet Cables 18
10/100/1000BASE-T(X) Pin Assignments 18
SFP 20
Console Port Cable 20
WEB Management 22
TECH SUPPORT: 1.888.678.9427
Configuration by Web Browser 22
About Web-based Management 22
Preparing for Web Management 23
System Login 23
Main Interface 24
System Information 24
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 2
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
System Information 24
Enable Location Alert 24
Basic setting 25
Switch Setting 25
Admin & Password 25
IP Setting 26
Time Setting 27
PTP Client 29
LLDP 29
Auto Provision 30
Backup & Restore 30
Upgrade Firmware 31
HTTPS 31
Redundancy 32
DHCP Server 32
DHCP Server – Setting 32
DHCP Server – Client List 33
DHCP Server – Port and IP bindings 33
DHCP Server –DHCP Relay Agent 34
Port Setting 35
Port Control 35
Port Status 36
Rate Limit 36
Port Trunk 37
Port Trunk – Setting 37
Port Trunk – Status 38
C-Ring 38
Legacy Ring 40
COM-Ring 41
TECH SUPPORT: 1.888.678.9427
C-RSTP 42
RSTP 43
RSTP setting 43
MSTP 46
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 3
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Multicast 50
Static Multicast Filtering 51
VLAN 52
VLAN Setting - IEEE 802.1Q 52
VLAN Setting – Port Based 54
SNMP 56
SNMP – Agent Setting 56
SNMPV3 57
SNMP –Trap Setting 58
Traffic Prioritization 59
Qos policy 59
Port-base priority 60
COS/802.1p 61
TOS/DSCP 62
Security 63
Management Security 63
Static MAC Forwarding 64
MAC Blacklist 65
802.1x 66
802.1x - Radius Server 66
802.1x-Port Authorized Mode 68
802.1x-Port Authorized Mode 69
TACACS+ 69
Warning 70
Monitor and Diag 73
MAC Address Table 73
Port Overview 74
Port Monitoring 75
System Event Log 76
TECH SUPPORT: 1.888.678.9427
SFP Monitor 76
Save Configuration 77
Factory Default 77
System Reboot 77
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 4
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Appendix – A 78
Configuring an SSH Connection 78
Command Line Interface Management 83
About CLI Management 83
Commands Level 87
Symbol of Command Level 88
System Commands Set 88
Port Commands Set 90
Trunk command set 92
VLAN command set 93
Spanning Tree command set 94
QoS command set 95
IGMP command set 96
MAC/Filter Table command set 97
SNMP command set 98
Port Mirroring command set 99
802.1x command set 100
TFTP command set 101
SYSLOG, SMTP, EVENT command set 101
SNTP command set 103
C-Ring command set 104
Technical Specifications 105
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 5
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Regulatory Compliance Statement
Product(s) associated with this publication complies/comply with all applicable regulations. Please
refer to the Technical Specifications section for more details.
Warranty
ComNet warrants that all ComNet products are free from defects in material and workmanship
for a specified warranty period from the invoice date for the life of the installation. ComNet will
repair or replace products found by ComNet to be defective within this warranty period, with
shipment expenses apportioned by ComNet and the distributor. This warranty does not cover
product modifications or repairs done by persons other than ComNet-approved personnel, and
this warranty does not apply to ComNet products that are misused, abused, improperly installed,
or damaged by accidents.
Please refer to the Technical Specifications section for the actual warranty period(s) of the
product(s) associated with this publication.
Disclaimer
Information in this publication is intended to be accurate. ComNet shall not be responsible for its
use or infringements on third-parties as a result of its use. There may occasionally be unintentional
errors on this publication. ComNet reserves the right to revise the contents of this publication
without notice.
Safety Information
» Only ComNet service personnel can service the equipment. Please contact ComNet Technical
Support.
» The equipment should be installed in locations with controlled access, or other means of
security, and controlled by persons of authority.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 6
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Overview
Introduction
The CNGE3FE7MS3 is a powerful managed industrial Ethernet switch containing many unique
features. These switches can work under a wide temperature range, dusty environment and humid
condition.
WEB-based, TELNET, Console port or other third-party SNMP software can manage the
CNGE3FE7MS3 as well. The switch can be managed by a useful utility called eConsole. eConsole
is powerful network management software. With its user-friendly and powerful interface, multiple
switches can be easily configured at the same time, and switches’ statuses monitored.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 7
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Software Features
» World’s fastest Redundant Ethernet Ring: C-Ring (Recovery time <10ms over 250 units
connection)
» Supports Ring Coupling, Dual Homing over C-Ring
» Supports SNMPv1/v2/v3 & RMON & Port base/802.1Q VLAN Network Management
» Event notification by Email, SNMP trap and Relay Output
» Web-based, Telnet, Console, CLI configuration
» Enable/disable ports, MAC based port security
» Port based network access control (802.1x)
» VLAN (802.1Q) to segregate and secure network traffic
» Radius centralized password management
» SNMPv3 encrypted authentication and access security
» RS TP (8 02.1w)
» Quality of Service (802.1p) for real-time traffic
» VLAN (802.1Q) with double tagging and GVRP supported
» IGMP Snooping for multicast filtering
» Port configuration, status, statistics, mirroring, security
» Remote Monitoring (RMON)
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 8
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Hardware Features
» Two Redundant DC power inputs (12 to 48 VDC)
» Wide Operating Temperature Range: -40 to +75ºC
» Storage Temperature Range: -40 to +85ºC
» Operating Humidity: 5% to 95%, non-condensing
» Casing: Aluminum
» 10/100BASE-T(X) Ethernet port
» 10/100/1000BASE-T(X) Gigabit Ethernet por t (combo)
» 100/1000BASE-X on SFP port (combo)
» Console Port
» Dimensions (W × D × H):74.3mm × 109.2mm × 153.6mm
Safety Indications
Only ComNet service personnel can service the equipment. Please contact ComNet Technical
Support if your unit requires service.
The equipment should be installed in locations with controlled access, or other means of security,
and controlled by persons of authority.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 9
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Hardware Installation
Installing Switch on DIN-Rail
Metal Spring
Each switch has a Din-Rail kit on the rear panel. The DIN-Rail kit affixes the switch to the DIN-Rail.
It is easy to install the switch on the Din-Rail:
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 10
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Mount Series on DIN-Rail
Step 1: Tilt the switch and mount the metal spring to DIN-Rail.
Step 2: Push the switch toward the DIN-Rail until you hear the spring snap into place
.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 11
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Wall Mounting Installation
Each switch has another installation method for users to install the switch. A wall mount kit can be
found in the package. The following steps show how to mount the switch on the wall:
Mounting the CNGE3FE7MS3 on a Wall
Step 1: Remove Din-Rail kit if it is attached to the switch.
Step 2: Use the 6 included screws to attach the wall mount panel as shown in the diagram below.
In order to prevent switches from being damaged, use only the screws included with the mounting
kit for the CNGE3FE7MS3 switch.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 12
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Hardware Overview
Front Panel
The following table describes the labels on the CNGE3FE7MS3.
Port Description
10/100 RJ-45 fast
Ethernet ports
Gigabit RJ-45 ports 3 10/100/1000BASE-T(X) Gigabit ports (combo ports)
SFP ports 3 100/1000BASE-X on SFP port (combo)
Console Use RS-232 to RJ-45 connecter to manage switch.
7 10/100BASE-T(X) RJ-45 fast Ethernet ports support autonegotiation.
Default Setting :
Speed: auto
Duplex: auto
Flow control : disable
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 13
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
1
2
3
11
4
5
6
10
9
8
CNGE3FE7MS3
7
1. LED for PWR. When the PWR links, the green LED will be light on.
2. LED for PWR1. When the PWR1 links, the green LED will be light on.
3. LED for PWR2. When the PWR2 links, the green LED will be light on.
4. LED for R.M (Ring master). When the LED light is on, this switch is the C-Ring ring master.
5. LED for Ring. When the LED light on, it means the C-Ring is activated.
6. LED for Fault Relay. When the fault occurs, the amber LED will be light on.
7. Console port (RJ-45).
8. LED for Ethernet ports speed.
9. LED for Ethernet ports link status.
10. Gigabit COMBO ports with SFP
11. LED for SFP ports link/Act status.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 14
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Front Panel LEDs
LED Color Status Description
PWR Green On DC power ready
PW1 Green On DC power module 1 activated.
PW2 Green On DC power module 2 activated.
R.M Green On C-Ring Master.
Ring Green On C-Ring enabled.
Slowly blinking C-Ring topology has fault
Fast blinking C-Ring works normally.
Fault Amber On Fault relay. Power failure or Port
down/fail.
10/100BASE-T(X) Fast Ethernet ports
LNK / ACT Green On Port link up.
Blinking Data transmitted.
Full Duplex Amber On Port works under full duplex.
Gigabit Ethernet ports
ACT Green On Port link up.
Blinking Data transmitted.
LNK Amber On Port link up.
SFP ports
LNK / ACT Green On Port link up.
Blinking Data transmitted.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 15
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Top view Panel
The top panel components of CNGE3FE7MS3 are shown as below:
1. Terminal block
2. Ground wire
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 16
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Rear Panel
The components in the rear of CNGE3FE7MS3 are shown as below:
1. Screw holes for wall mount kit.
2. DIN-Rail kit
1
2
1
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 17
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Cables
Ethernet Cables
The CNGE3FE7MS3 switch has standard Ethernet ports. According to the link type, the switches
use CAT 3, 4, 5, 5e UTP cables to connect to any other network device (PCs, servers, switches,
routers, or hubs). Please refer to the following table for cable specifications.
Cable Type Max. Length Connector
10BA SE-T CAT3, CAT4, CAT5 100Ω UTP 100m (328ft) RJ-45
100BASE-TX CAT5 100Ω UTP UTP 100m (328ft) RJ-45
1000BASE-TX CAT5/CAT5-e 100Ω UTP UTP 100m (328ft) RJ-45
Cable Types and Specifications
10/100/1000BASE-T(X) Pin Assignments
With 10/100BASE-T(X) cable, pins 1 and 2 are used for transmitting data, and pins 3 and 6 are
used for receiving data.
Pin Number Assignment
1 TD+
2 TD-
3 RD+
4 Not used
5 Not used
6 RD-
7 Not used
8 Not used
10/100BASE-TX RJ-45 Pin Assignments
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 18
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Pin Number Assignment
1 BI_DA+
2 BI_DA-
3 BI_DB+
4 BI _DC+
5 BI_DC-
6 BI_DB-
7 BI_DD+
8 BI_DD-
1000 BASE-T RJ-45 Pin Assignments
The CNGE3FE7MS3 switch will support auto MDI/MDI-X operation. You can use a straight-through
cable to connect a PC to the switch. The table below shows the 10BASE-T/ 100BASE-TX MDI and
MDI-X port pin outs.
Pin Number MDI port MDI-X port
1 TD+(transmit) RD+(receive)
2 TD-(transmit) RD -(receive)
3 RD+(receive) TD+(transmit)
4 Not used Not used
5 Not used Not used
6 RD-(receive) TD-(transmit)
7 Not used Not used
8 Not used Not used
10/100 BASE-TX MDI/MDI-X pins assignment
Pin Number MDI port MDI-X port
1 BI_DA+ BI_DB+
2 BI_DA- BI_DB-
3 BI_DB+ BI_DA+
4 BI _DC+ BI_DD+
5 BI_DC- BI_DD-
6 BI_DB- BI_DA-
7 BI_DD+ BI_ DC+
8 BI_DD- BI_DC-
1000 BASE-T MDI/MDI-X pin assignment
Note: “+” and “-” signs represent the polarity of the wires that make up each wire pair.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 19
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
SFP
The switch has fiber optic ports with SFP connectors. The fiber optical ports are available with
multi-mode and single-mode fiber with various distance and connector types. Please remember
that the TX port of Switch A should be connected to the RX port of Switch B.
Switch-A Switch-B
Console Port Cable
CNGE3FE7MS3 switches can be managed by the console port. The DB-9 to RJ-45 cable can
be found in the package. You can connect them to the PC via a RS-232 cable with DB-9 female
connector and the other end (RJ-45 connector) connects to console port of switch.
PC pin
out (male)
assignment
Pin #2 RD Pin #2 TD Pin #2
Pin #3 TD Pin #3 RD Pin #3
Pin #5 GD Pin #5 GD Pin #5
RS-232 with
DB9 female
connector
DB9 to RJ 45
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 20
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
5
9
DB9 Male
1
1
6
5
6
DB9 Female
Pin Male Connector Female Connector
1 Received Line Signal Detect (Received by DTE
Device)
2 Received Data (Received by DTE Device) Transmitted Data (Transmitted from DCE Device)
3 Transmitted Data (Transmitted from DTE Device) Received Data (Received by DCE Device)
4 DTE Ready (Transmitted from DTE Device) DTE Ready (Received by DCE Device)
5 Signal Ground Signal Ground
6 DCE Ready (Received by DTE Device) DCE Ready (Transmitted from DCE Device)
7 Request to Send (Transmitted from DTE Device) Clear to Send (Received by DCE Device)
8 Clear to Send (Received by DTE Device) Request to Send (Transmitted from DCE Device)
9 Ring Indicator (Received by DTE Device) Ring Indicator (Transmitted from DCE Device)
9
Received Line Signal Detect (Transmitted from
DCE Device)
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 21
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
WEB Management
Attention: While installing and upgrading firmware, please remove physical loop connection first.
DO NOT power off equipment while the firmware is upgrading!
Configuration by Web Browser
This section details configuration through the Web browser.
About Web-based Management
An embedded HTML web site resides in the flash memory on the CPU board. It contains
advanced management features and allows you to manage the switch from anywhere on the
network through a standard web browser such as Microsoft Internet Explorer.
The Web-Based Management function supports Internet Explorer 5.0 or later. It is based on Java
Applets with an aim to reduce network bandwidth consumption, enhance access speed and
present an easy viewing screen.
Note: By default, IE5.0 or later version does not allow Java Applets to open sockets. You need to
explicitly modify the browser setting in order to enable Java Applets to use network ports.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 22
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Preparing for Web Management
The default value is as below:
IP Address: 192.168 .10.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168 .10.25 4
User Name: admin
Password: admin
System Login
1. Launch Internet Explorer.
2. Type http://192.168.10.1 and the IP address of the switch. Press Enter.
3. The login screen appears.
4. Enter username and password. The default username and password is admin.
5. Select Enter or OK button, then the main interface of the Web-based management appears.
Login screen
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 23
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Main Interface
Main interface
System Information
System Information interface
System Information
The system information will display the configuration of Basic Setting/Switch Setting page.
Enable Location Alert
Select Enable Location Alert and observe that the PWR1, PWR2 and FAULT LEDs of the switch
will start to flash together. Select Disable Location Alert and the LEDs will stop flashing.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 24
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Basic setting
Switch Setting
Switch setting interface
Label Description
System Name Assign the name of switch. The maximum length is 64 bytes
System Description Display the description of switch.
System Location Assign the switch physical location. The maximum length is 64 bytes
System Contact Enter the name of contact person or organization
Admin & Password
This page allows you to configure the system password required to access the web pages.
Admin Password interface
Label Description
User name Key in the new username (The default is admin)
New Password Key in the new password (The default is admin)
Confirm password Re-type the new password.
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 25
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
IP Setting
You can configure the IP Settings and DHCP client function through IP configuration.
IP Configuration interface
Label Description
DHCP Client To enable or disable the DHCP client function. When DHCP client
function is enabling, the switch will be assigned the IP address
from the network DHCP server. The default IP address will be
replaced by the IP address that the DHCP server has assigned.
After selecting Apply button, a popup dialog shows up to inform
when the DHCP client is enabling. The current IP will lose and you
should find a new IP on the DHCP server.
IP Address Assign the IP address that the network is using. If the DHCP client
function is enabled, you do not need to assign the IP address. The
network DHCP server will assign the IP address for the switch and
it will be display in this column. The default IP is 192.168.10.1
Subnet Mask Assign the subnet mask of the IP address. If DHCP client function
is enabling, you do not need to assign the subnet mask
Gateway Assign the network gateway for the switch. The default gateway is
192.168 .10. 254
DNS1 Assign the primary DNS IP address
DNS2 Assign the secondary DNS IP address
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 26
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Time Setting
The SNTP (Simple Network Time Protocol) settings allow you to synchronize switch clocks from
the Internet.
SNTP Configuration interface
Label Description
SNTP Client Enable or disable SNTP function to get the time from the SNTP
server.
Daylight Saving Time Enable or disable daylight saving time function. When daylight
saving time is enabling, you need to configure the daylight saving
time period.
UTC Time zone Set the switch location time zone. The following table lists the
different location time zone for your reference.
Label Description
Daylight Saving Time Disable or Enable DST Time Adjustment.
Daylight Saving Period Set up the Daylight Saving beginning time and Daylight
Saving ending time. Both will be different each year.
Daylight Saving Offset Set up the offset time.
Select Apply to activate the configurations you set in this screen.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 27
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Local Time Zone Conversion from UTC Time at 12:00 UTC
November Time Zone - 1 hour 11 a m
Oscar Time Zone -2 hours 10 am
ADT - Atlantic Daylight -3 hours 9 am
AST - Atlantic Standard
-4 hours 8 am
EDT - Eastern Daylight
EST - Eastern Standard
-5 hours 7 am
CDT - Central Daylight
CST - Central Standard
-6 hours 6 am
MDT - Mountain Daylight
MST - Mountain Standard
-7 hours 5 am
PDT - Pacific Daylight
PST - Pacific Standard
-8 hours 4 am
ADT - Alaskan Daylight
ALA - Alaskan Standard -9 hours 3 am
HAW - Hawaiian Standard -10 hours 2 am
Nome, Alaska -11 hours 1 am
CET - Central European
+1 hour 1 pm
FWT - French Winter
MET - Middle European
MEWT - Middle European Winter
SWT - Swedish Winter
EET - Eastern European, USSR Zone 1 +2 hours 2 pm
BT - Baghdad, USSR Zone 2 +3 hours 3 pm
ZP4 - USSR Zone 3 +4 hours 4 pm
ZP5 - USSR Zone 4 +5 hours 5 pm
ZP6 - USSR Zone 5 +6 hours 6 pm
WAST - West Australian Standard +7 hours 7 pm
CCT - China Coast, USSR Zone 7 +8 hours 8 pm
JST - Japan Standard, USSR Zone 8 +9 hours 9 pm
EAST - East Australian Standard GST
+10 hours 10 pm
Guam Standard, USSR Zone 9
IDLE - International Date Line
+12 hours Midnight
NZST - New Zealand Standard
NZT - New Zealand
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 28
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
PTP Client
The Precision Time Protocol (PTP) is a time-transfer protocol defined in the IEEE 1588-2002
standard that allows precise synchronization of networks (e.g., Ethernet). Accuracy within
the nanosecond range can be achieved with this protocol when using hardware-generated
timestamps.
Label Description
PTP Client Enable / Disable PTP Client
LLDP
LLDP (Link Layer Discovery Protocol) function allows the switch to advertise its information to
other nodes on the network and store the information it discovers.
LLDP configuration interface
Label Description
LLDP Protocol Enable or Disable LLDP function.
LLDP Interval The interval of resend LLDP (by default at 30 seconds)
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 29
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Auto Provision
Auto Provision allows you to automatically update the switch firmware. You can put the
firmware or configuration file on TFTP server. When you reboot the switch, it will upgrade
automatically. Before updating, make sure you have your TFTP server ready and the firmware
image and configuration file is on the TFTP server.
Auto Provision interface
Backup & Restore
You can save current EEPROM value from the switch to TFTP server, then go to the TFTP
restore configuration page to restore the EEPROM value.
Backup & Restore interface
Label Description
TFTP Server IP Address Fill in the TFTP server IP
Restore File Name Fill the file name
Restore Select Restore to restore the configurations
Form Local PC User can select file restore, requires no TFTP server
Restore File Name Fill in the file name
Restore Select Restore to restore the configurations
Backup Select Backup to backup the configurations.
To Local PC User can download config file to switch, requires no TFTP server
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 30
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Upgrade Firmware
Upgrade Firmware allows you to update the switch firmware. Before updating, make sure you
have your TFTP server ready and the firmware image is on the TFTP server.
Update Firmware interface
HTTPS
Allows you to use the switch’s default HTTPS Certification or to use your TFTP Server to upload
new Certification.
Label Description
TFTP Server IP Enter the IP Address of TFTP Server where the certification resides
Private Key File Name Input the “Private Key“ file name (via TFTP)
Pass Phrase for Private Key Input pass phrase for the Private Key
Certification File Name Input the “Certification“ file name (via TFTP)
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 31
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Redundancy
DHCP Server
DHCP Server – Setting
The system provides with DHCP server function. Enable the DHCP server function and the
switch system will be a DHCP server.
DHCP Server Configuration interface
Label Description
DHCP Server Enable or Disable the DHCP Server function. Enable – the switch will
be the DHCP server on your local network
Start IP Address The dynamic IP assignment range. Low IP address is the beginning
of the dynamic IP assignments range. For example: dynamic IP
assignment range is from 192.168.1.100 to 192.168.1.200. 192.168.1.100
will be the Start IP address.
End IP Address The dynamic IP assignment range. High IP address is the end of the
dynamic IP assignments range. For example: dynamic IP assignment
range is from 192.168.1.100 to 192.168.1.200. 192.168.1.200 will be the
End IP address
Subnet Mask The dynamic IP assignment range subnet mask
Gateway The gateway in your network.
DNS Domain Name Server IP Address in your network.
Lease Time (Hour)It is the period that system will reset the assigned dynamic IP to
ensure the IP address is in use.
Apply Select Apply to set the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 32
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
DHCP Server – Client List
When the DHCP server function is activated, the system will collect the DHCP client
information and display in here.
DHCP Server Client Entries interface
DHCP Server – Port and IP bindings
You can assign the specific IP address that is in the assigned dynamic IP range to the specific
port. When the device connects to the port and asks for dynamic IP assigning, the system will
assign the IP address that has been assigned before in the connected device.
TECH SUPPORT: 1.888.678.9427
DHCP Server Port and IP Binding interface
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 33
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
DHCP Server –DHCP Relay Agent
The DHCP relay agent relays DHCP messages between clients and servers for DHCP on different
subnet domains. DHCP relay agent use Option 82 to insert specific information into a request
that is being forwarded to a DHCP server and, according to Option 82, to remove the specific
information from a reply packet when forwarding server DHCP packets to a DHCP client.
Label Description
DHCP Relay Enable/Disable DHCP Relay Agent.
DHCP Server IP
Address and VID
DHCP Option 82
Remote ID
DHCP Option 82
Circuit-ID Table
Apply Select Apply to set the configurations.
TECH SUPPORT: 1.888.678.9427
Specify the IP address and VID of DHCP server. “0.0.0.0” means server
is inactive.
“Option 82 Remote ID” provides an identifier for the remote server.
There are 4 types supported: IP, MAC, Client-ID, and Other.
“Option 82 Circuit-ID” encodes an agent-local identifier of the circuit
from which a DHCP client-to-server packet was received. It is intended
for use by agents in relaying DHCP responses back to the proper circuit.
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 34
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Setting
Port Control
Set the state, speed/duplex, flow control, and security of the port.
Port Control interface
Label Description
Port No. Port number for setting.
State Enable/Disable the port.
Speed/Duplex Set Auto-negotiation, 100-full, 100-half, 10-full or 10-half mode.
Flow Control Support symmetric and asymmetric mode to avoid packet loss
when congestion occurred.
Security Enabling port security will disable MAC address learning in this
port. Only the frames with MAC addresses in the port security
list will be forwarded, otherwise the frames will be discarded.
Auto Detect 100/1000 Auto Detect SFP port SFP Module speed (100/1000Mbps)
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 35
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Status
The following information provides the current port status information.
Port Status interface
Rate Limit
Limit the traffic of all ports, including broadcast, multicast and flooded unicast. You can also
set Ingress or Egress to limit traffic received or transmitted bandwidth.
Label Description
Ingress Limit Frame
Type
Ingress The switch port received traffic. For no limit, set to zero (0).
Egress The switch port transmitted traffic. For no limit, set to zero (0).
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
Rate Limit interface
Set the mode of the Ingress port from:
All, Broadcast Only, Broadcast/Multicast or Broadcast/Multicast/
Flooded Unicast
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 36
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Trunk
Port Trunk – Setting
You can select static trunk or 802.3ad LACP to combine several physical links with a logical link
to increase the bandwidth.
Port Trunk - Setting interface
Label Description
Group ID Select port to join a trunk group.
Type Support static trunk and 802.3ad LACP
Work Port Select the number of active ports in dynamic group (LACP).
The default value of works ports is maximum number of the
group. If the number is not maximum number of ports, the
other inactive ports in dynamic group will be suspended (no
traffic). Once the active port is broken, the suspended port
will be active automatically.
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 37
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Trunk – Status
Port Trunk - Status interface
Label Description
Group ID Trunk Group number
Trunk Member Show Group port info
C-Ring
C-Ring is the most powerful Redundant Ring in the world. The recovery time is less than 10ms.
It can reduce unexpected damage caused by a network topology change. C-Ring supports
three Ring topologies: C-Ring, Coupling Ring and Dual Homing.
TECH SUPPORT: 1.888.678.9427
C-Ring interface
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 38
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Label Description
Enable Ring Mark to enable Ring.
Enable Ring Master There should be only one Ring Master in a ring. If there are
two or more switches that set Ring Master to enable, the switch
with the lowest MAC address will be the actual Ring Master and
others will be Backup Masters.
1st Ring Port The primary port, when this switch is Ring Master.
2nd Ring Port The backup port, when this switch is Ring Master.
Enable Coupling Ring Mark to enable the Coupling Ring. Coupling Ring can be used
to divide a big ring into two smaller rings to avoid affecting
all switches when network topology changes. It is a good
application for connecting two Rings.
Coupling Port Link to Coupling Port of the switch in another ring. Coupling
Ring need four switch to build an active and a backup link.
Set a port as coupling port. The coupled four ports of four
switches will be run at active/backup mode.
Control Port Link to Control Port of the switch in the same ring. Control Port
used to transmit control signals.
Enable Dual Homing Mark to enable Dual Homing. By selecting Dual Homing mode,
ComRing will be connected to normal switches through two
RSTP links (ex: backbone Switch). The two links work as active/
backup mode, and connect each ComRing to the normal
switches in RSTP mode.
Apply Select Apply to set the configurations.
Note: ComNet does not recommend setting one switch as a Ring Master and a Coupling Ring
at the same time due to heavy load.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 39
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Legacy Ring
Legacy Ring interface
Legacy ring provides support for the switch to be used in an existing ring of ComNet X-Ring
enabled switches.
X-Ring provides a faster redundant recovery than Spanning Tree topology. The action is similar
to STP or RSTP, but the algorithms between them are not the same. In the X-Ring topology, every
switch should be enabled with X-Ring or Legacy Ring function and two ports should be assigned
as the member ports in the ring. Only one switch in the X-Ring group would be set as the master
switch that one of its two member ports would be blocked, called backup port, and another port
is called working port. Other switches in the X-Ring group are called working switches and their
two member ports are called working ports. When the failure of network connection occurs,
the backup port of the master switch (Ring Master) will automatically become a working port to
recover from the failure.
The switch supports the function and interface for setting the switch as the ring master or not. The
ring master can negotiate and place command to other switches in the X-Ring group. If there are
2 or more switches in master mode, the software will select the switch with lowest MAC address
number as the ring master. The X-Ring master ring mode can be enabled by setting the Legacy
Ring configuration interface. Also, the user can identify whether the switch is the ring master by
checking the R.M. LED indicator on the front panel of the switch.
Label Description
Legacy Ring To enable the Legacy Ring (X-Ring) function, tick the checkbox beside
the Legacy Ring label. If this checkbox is not ticked, all the ring
functions are unavailable.
Master Select Enable for this switch to be the ring master or Disable for this
switch to be a working switch.
1st Ring Port The primary port, when this switch is Ring Master. Select a port to
assign from the pull down selection menu.
2nd Ring Port The backup port, used when this switch is Ring Master and the primary
port fails. Select a port to assign from the pull down selection menu.
Save Select to save changes.
Refresh Select to refresh the page immediately.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 40
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
COM-Ring
You can add ComNet switches into a network constructed by another ring technology and
enable COM-Ring to cooperate with another vendor’s managed switch.
ComRing interface
Label Description
Enable Enable the COM-Ring function
Vendor Select the vendor whose ring you want to join
1st Ring Port Select the port that connects to the ring
2nd Ring Port Select the port that connects to the ring
The application of COM-Ring is shown as below.
ComNet Switch
Other Vendor’s
Switch
ComNet Switch
ComNet Switch
Other Vendor’s
Switch
Other Vendor’s
Switch
TECH SUPPORT: 1.888.678.9427
COM-Ring connection
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 41
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
C-RSTP
C-RSTP is proprietary redundant ring technology invented by ComNet. Different from standard
STP/RSTP, the recovery time of C-RSTP is <10ms and supports more nodes of connection in a
ring topology.
C-RSTP interface
The application of C-RSTP is shown as below.
PLC
IPC
CNGE3FE7MS3 CNGE3FE7MS3
CNGE3FE7MS3
CNGE3FE7MS3
CNGE3FE7MS3 ServerCNGE3FE7MS3CNGE3FE7MS3
TECH SUPPORT: 1.888.678.9427
C-RSTP connection
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 42
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
RSTP
The Rapid Spanning Tree Protocol (RSTP) is an evolution of the Spanning Tree Protocol. It
provides faster spanning tree convergence after a topology change. The system also supports
STP and the system will auto detect the connected device that is running STP or RSTP protocol.
RSTP setting
You can enable/disable RSTP function, and set parameters for each port.
RSTP Setting interface
Label Description
RSTP mode You must enable or disable the RSTP function before
configuring the related parameters.
Priority (0-61440) A value used to identify the root bridge. The bridge with
the lowest value has the highest priority and is selected
as the root. If the value changes, You must restart the
switch. The value must be a multiple of 4096 according
to the protocol standard rule.
Max Age Time(6-40) The number of seconds a bridge waits without receiving
Spanning-tree Protocol configuration messages before
attempting a reconfiguration. Enter a value from 6
through 40.
Hello Time (1-10) The time that controls switch sends out the BPDU packet
to check RSTP current status. Enter a value from 1
through 10.
Forwarding Delay Time
(4-30)
The number of seconds a port waits before changing
from its Rapid Spanning-Tree Protocol learning and
listening states to the forwarding state. Enter a value
from 4 through 30.
Apply Select Apply to activate the configurations.
NOTE: Follow the rule to configure the MAX Age, Hello Time, and Forward Delay Time.
2 × (Forward Delay Time value –1) ≥ Max Age value ≥ 2 × (Hello Time value +1)
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 43
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
View the RSTP algorithm results at this table
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 44
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Label Description
Path Cost (1-200000000) The cost of the path to the other bridge from this transmitting
bridge at the specified port. Enter a number 1 through
200,000,000.
Port Priority (0-240) Decide that port should be blocked by priority in LAN. Enter a
numerical value that is a multiple of 16, 0 through 240.
Admin P2P Some of the rapid state transactions that are possible within
RSTP are dependent upon whether the port concerned can
only be connected to exactly one other bridge (i.e. It is served
by a point-to-point LAN segment), or it can be connected to
two or more bridges (i.e. It is served by a shared medium LAN
segment). This function allows the P2P status of the link to be
manipulated administratively. True means P2P enabling. False
means P2P disabling.
Admin Edge The port directly connected to end stations, and it cannot
create bridging loop in the network. To configure the port as
an edge port, set the port to True.
Admin Non STP The port includes the STP mathematic calculation. True is not
including STP mathematic calculation. False is including the
STP mathematic calculation.
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 45
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
MSTP
Multiple Spanning Tree Protocol (MSTP) is a standard protocol base on IEEE 802.1s. The
function is that several VLANs can be mapped to a reduced number of spanning tree instances
because most networks do not need more than a few logical topologies. It supports loadbalancing schemes and the CPU is sparer than PVST (Cisco proprietary technology).
MSTP Setting interface
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 46
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Label Description
MSTP Enable Enable/disable MSTP function to configure the related parameters.
Force Version The Force Version parameter can be used to force a VLAN Bridge
that supports RSTP to operate in an STP-compatible manner.
Configuration Name The same MST Region must have the same MST configuration
name.
Revision Level
The same MST Region must have the same revision level.
(0-65535)
Priority (0-61440) A value used to identify the root bridge. The bridge with the
lowest value has the highest priority and is selected as the root. If
the value changes, you must reboot the switch. The value must be
a multiple of 4096 according to the protocol standard rule.
Max Age Time(6-40) Time, in seconds, a bridge will wait to receive Spanning-
tree Protocol configuration messages before attempting a
reconfiguration. Enter a value 6 through 40.
Hello Time (1-10) Follow the rule below to configure the MAX Age, Hello Time,
and Forward Delay Time a controlled switch sends out the BPDU
packet to check RSTP current status.
Enter a value between 1 through 10.
2 x (Forward Delay Time value –1) ≥ Max Age value ≥ 2 x (Hello
Time value +1)
Forwarding Delay
Time (4 -30)
Time, in seconds, a port will wait before changing from its Rapid
Spanning-Tree Protocol learning and listening states to the
forwarding state. Enter a value 4 through 30.
Max Hops (1-40) This parameter is additional to those specified for RSTP. A single
value applies to all Spanning Trees within an MST Region (the
CIST and all MSTIs) for that the Bridge is the Regional Root.
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 47
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
MSTP Port interface
Label Description
Port No. Select the port that you want to configure.
Priority (0-240) Select which port should be blocked by priority in LAN.
Enter a multiple of 16, 0 through 240.
Path Cost
(1-200000000)
The cost of the path to the other bridge from this transmitting
bridge at the specified port. Enter a number 1 through
200000000.
Admin P2P Some of the rapid state transactions that are possible within RSTP
are dependent upon whether the port in question can only be
connected to exactly one other bridge (i.e. It is served by a pointto-point LAN segment), or whether it can be connected to two or
more bridges (i.e. It is served by a shared medium LAN segment).
This function allows the P2P status of the link to be manipulated
administratively.
True - P2P enabled.
False - P2P disabled.
Admin Edge Label
Admin Non STP Label
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 48
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
MSTP Instance interface
Label Description
Instance Set the instance from 1 to 15
State Enable or disable the instance
VLANs Set that VLAN will belong that instance
Proprietary (0-61440) A value used to identify the root bridge. The bridge with the
lowest value has the highest priority and is selected as the root. If
the value changes, You must reboot the switch. The value must be
a multiple of 4096 according to the protocol standard rule.
Apply Select Apply to activate the configurations.
MSTP Instance Port interface
Label Description
Instance Set the instance’s information except CIST
Port Select the port that you want to configure.
Priority (0-240) Decide that port should be blocked by priority in LAN. Enter a
multiple of 16, 0 through 240.
Path Cost
(1-200000000)
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
The cost of the path to the other bridge from this transmitting
bridge at the specified port. Enter a number 1 through
200000000.
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 49
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Multicast
IGMP Snooping
Internet Group Management Protocol (IGMP) is used by IP hosts to register their dynamic
multicast group membership. IGMP has 3 versions, IGMP v1, v2 and v3. Please refer to RFC
1112, 2236 and 3376. IGMP Snooping improves the performance of networks that carry
multicast traffic. It provides the ability to prune multicast traffic so that it travels only to those
end destinations that require that traffic and reduces the amount of traffic on the Ethernet
LAN.
IGMP Snooping interface
Label Description
IGMP Snooping Table Show current IP multicast list
IGMP Protocol Enable/Disable IGMP snooping.
IGMP Query Set switch IGMP querier status. There should exist only one
IGMP querier in an IGMP application.
Auto - the querier will be the switch with the lowest IP address.
Apply Select Apply to activate the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 50
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Static Multicast Filtering
Static multicast filtering is the system by that end stations only receive multicast traffic if they
register to join specific multicast groups. With multicast filtering, network devices only forward
multicast traffic to the ports that are connected to registered end stations.
Multicast Filtering Interface
Label Description
IP Address Assign a multicast group IP address within the range of
224.0.0.0 through 239.255.255.255
Member Ports Select port numbers to include them as the member ports in
the specific multicast group IP address.
Add Show current IP multicast list
Delete Delete an entry from the table.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 51
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
VLAN
A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain that
allows you to isolate network traffic. Only the members of the VLAN will receive traffic from the
same members of VLAN. Basically, creating a VLAN from a switch is the logical equivalent of
reconnecting a group of network devices to another Layer 2 switch. However, all the network
devices are still physically plugged into the same switch.
The switch supports port-based and 802.1Q (tagged-based) VLAN. The default configuration
of VLAN operation mode is “802.1Q”.
VLAN Setting - IEEE 802.1Q
Tagged-based VLAN is an IEEE 802.1Q specification standard, and it is possible to create a
VLAN across devices from different switch vendors. IEEE 802.1Q VLAN uses a technique to
insert a “tag” into the Ethernet frames. The Tag contains a VLAN Identifier (VID) that indicates
the VLAN numbers.
You can create Tag-based VLAN, and enable or disable GVRP protocol. There are 256 VLAN
groups to provide configure. Enable 802.1Q VLAN, the all ports on the switch belong to default
VLAN, VID is 1. The default VLAN cannot be deleted.
GVRP allows automatic VLAN configuration between the switch and nodes. If the switch is
connected to a device with GVRP enabled, you can send a GVRP request by using the VID of a
VLAN defined on the switch; the switch will automatically add that device to the existing VLAN.
TECH SUPPORT: 1.888.678.9427
VLAN Configuration – 802.1Q interface
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 52
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Label Description
VLAN Operation Mode Select VLAN Operation Mode: Disable, Port Base, 802.1Q
GVRP Mode Enable/Disable GVRP function.
Management VLAN ID Management VLAN can provide network administrator a
secure VLAN to management Switch. Only the devices in the
management VLAN can access the switch.
Port Select the port to configure.
Link type Select Link Type from the following options:
Access Link: Single switch only, allows grouping of ports
by setting the same VID.
Trunk Link: Extended application of Access Link, allows
grouping of ports by setting the same VID
with 2 or more switches.
Hybrid Link: Both Access Link and Trunk Link are
available.
Hybrid(QinQ) Link: Allows one more VLAN tag in a original
VLAN frame.
Untagged VID Set the port default VLAN ID for untagged devices that connect
to the port. The range is 1 to 4094.
Tagged VIDs Set the tagged VIDs to carry different VLAN frames to other switch.
Apply Select Apply to activate the configurations.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 53
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
VLAN Setting – Port Based
Traffic is forwarded to the member ports of the same vlan group. vlan port based startup, set in
the same group of the port, can be a normal transmission packet, without restricting the types of
packets.
VLAN Configuration – Port Base interface-1
The following table describes the labels in this screen.
Label Description
Add Click “add” to enter VLAN add interface.
Edit Edit exist VLAN
Delete Delete exist VLAN
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 54
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
VLAN Configuration – Port Base interface-2
The following table describes the labels in this screen.
Label Description
Group Name VLAN name.
VLAN ID Specify the VLAN ID
Add Select port to join the VLAN group.
Remove Remove port of the VLAN group
Apply Click “Apply” to activate the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 55
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
SNMP
Simple Network Management Protocol (SNMP) is the protocol developed to manage nodes
(servers, workstations, routers, switches and hubs etc.) on an IP network. SNMP enables
network administrators to manage network performance, find and solve network problems,
and plan for network growth. Network management systems learn of problems by receiving
traps or change notices from network devices implementing SNMP.
SNMP – Agent Setting
You can set SNMP agent related information by Agent Setting Function.
SNMP – Agent setting interface
Label Description
SNMP agent
Version
SNMP V1/V2c
Community
Apply Select Apply to activate the configurations.
Help Show help file.
Three SNMP versions are supported such as SNMP V1/SNMP V2c, and
SNMP V3. SNMP V1/SNMP V2c agent uses a community string match
for authentication, that means SNMP servers access objects with
read-only or read/write permissions with the community default string
public/private. SNMP V3 requires an authentication level of MD5 or
DES to encrypt data to enhance data security.
SNMP Community should be set for SNMP V1/V2c. Four sets of
“Community String/Privilege” are supported. Each Community String
is maximum 32 characters. Keep empty to remove this Community
string.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 56
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
SNMPV3
Label Description
Context Table Configure SNMP v3 context table. Assign the context name of context
table. Select Apply to change context name
User Table Configure SNMP v3 user table.
User ID: set up the user name.
Authentication Password: set up the authentication password.
Privacy Password: set up the private password.
Select Add to add context name.
Select Remove to remove unwanted context name.
Group Table Configure SNMP v3 group table.
Security Name (User ID): assign the user name that you have set up in
user table.
Group Name: set up the group name.
Select Add to add context name.
Select Remove to remove unwanted context name.
Access Table Configure SNMP v3 access table.
Context Prefix: set up the context name.
Group Name: set up the group.
Security Level: select the access level.
Context Match Rule: select the context match rule.
Read View Name: set up the read view.
Write View Name: set up the write view.
Notify View Name: set up the notify view.
Select Add to add context name.
Select Remove to remove unwanted context name.
MIBview Table Configure MIB view table.
ViewName: set up the name.
Sub-Oid Tree: fill the Sub OID.
Type: select the type – exclude or included.
Select Add to add context name.
Select Remove to remove unwanted context name.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 57
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
SNMP –Trap Setting
A trap manager is a management station that receives traps, the system alerts generated by
the switch. If no trap manager is defined, no traps will be issued. Create a trap manager by
entering the IP address of the station and a community string. To define management stations
as a trap manager and enter SNMP community strings and select the SNMP version.
SNMP –Trap Setting interface
Label Description
Server IP The server IP address to receive Trap
Community Community for authentication
Trap Version Trap Version supports V1 and V2c and V3
Add Add trap server profile.
Remove Remove trap server profile.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 58
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Traffic Prioritization
Traffic Prioritization includes 3 modes: port base, 802.1p/COS, and TOS/DSCP. By traffic
prioritization function, you can classify the traffic into four classes for differential network
application. IGS-3044GP(GC) series support 4 priority queues.
Qos policy
Traffic Prioritization interface
Label Description
QOS Mode Port-base: the output priority is determined by ingress port.
COS only: the output priority is determined by COS only.
TOS only: the output priority is determined by TOS only.
COS first: the output priority is determined by COS and TOS, but COS first.
TOS first: the output priority is determined by COS and TOS, but TOS first.
QOS policy Using the 8,4,2,1 weight fair queue scheme: the output queues will follow
8:4:2:1 ratio to transmit packets from the highest to lowest queue.
For example: 8 high queue packets, 4 middle queue packets, 2 low queue
packets, and the one lowest queue packets are transmitted in one turn.
Use the strict priority scheme: always the packets in higher queue will be
transmitted first until higher queue is empty.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 59
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port-base priority
Port-based Priority interface
Priority Assign Port with one of four available priority queues:
High, Middle, Low, and Lowest.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 60
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
COS /8 02.1p
COS/802.1p interface
COS/802.1p COS (Class Of Service) is also known as 802.1p. It describes that the
output priority of a packet is determined by the user priority field in
802.1Q VLAN tag. The priority value is supported 0to7.COS value map
to 4 priority queues: High, Middle, Low, and Lowest.
COS Port Default When an ingress packet has no VLAN tag, a default priority value is
considered and determined by ingress port.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 61
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
TOS/DSCP
TOS/DSCP interface
TOS/DSCP TOS (Type of Service) is a field in the IP header of a packet. This TOS field
is also used by Differentiated Services and is called the Differentiated
Services Code Point (DSCP). This field can determine the output priority
of a packet and the priority value is supported 0to63. DSCP value map to
4 priority queues: High, Middle, Low, and Lowest.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 62
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Security
Five useful functions can enhance security of switch: IP Security, Port Security, MAC Blacklist,
and MAC address Aging and 802.1x protocol.
Management Security
Only IP in the Secure IP List can manage the switch through your defined management mode.
(WEB, Telnet, SNMP)
Label Description
IP security MODE Enable/Disable the IP security function.
Enable WEB Management Mark the blank to enable WEB Management.
Enable Telnet Management Mark the blank to enable Telnet Management.
Enable SNMP Management Mark the blank to enable MPSN Management.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
IP Security interface
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 63
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Static MAC Forwarding
Static MAC Forwarding is to add static MAC addresses to hardware forwarding database. If
port security is enabled at Port Control page, only the frames with MAC addresses in this list
will be forwarded, otherwise will be discarded.
Port Security interface
Label Description
MAC Address Input MAC Address to a specific port.
Port NO. Select port of switch.
Add Add an entry of MAC and port information.
Delete Delete the entry.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 64
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
MAC Blacklist
MAC Blacklist can eliminate the traffic forwarding to specific MAC addresses in list. Any frames
forwarding to MAC addresses in this list will be discarded. Thus the target device will never
receive any frame.
MAC Blacklist interface
Label Description
MAC Address Input MAC Address to add to MAC Blacklist.
Port NO. Select port of switch.
Add Add an entry to Blacklist table.
Delete Delete the entry.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 65
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
802 .1x
802.1x - Radius Server
802.1x makes the use of the physical access characteristics of IEEE802 LAN infrastructures in
order to provide a authenticated and authorized devices attached to a LAN port. Please refer
to IEEE 802.1X - Port Based Network Access Control.
802.1x Radius Server interface
Label Description
Radius Server Setting
802.1x Portocol Enable or Disable 802.1X Radius Server function
Radius Server IP The IP address of the authentication server.
Server port Set the UDP port number used by the authentication server to
authenticate.
Account port Set the UDP destination port for accounting requests to the
specified Radius Server.
Shared Key A key shared between this switch and authentication server.
NAS, Identifier A string used to identify this switch.
Advanced Setting
Quiet Period Set the time interval between authentication failure and the start
of a new authentication attempt.
Tx Period Set the time that the switch can wait for response to an EAP
request/identity frame from the client before resending the
request.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 66
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Supplicant Timeout Set the period of time the switch waits for a supplicant response
to an EAP request.
Server Timeout Set the period of time the switch waits for a Radius server
response to an authentication request.
Max Requests Set the maximum number of times to retry sending packets to the
supplicant.
Re-Auth Period Set the period of time after that clients connected must be
re-authenticated.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 67
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
802.1x-Port Authorized Mode
Set the 802.1x authorized mode of each port.
802.1x Port Authorize interface
Label Description
Port Authorized
Mode
Reject: force this port to be unauthorized.
Accept: force this port to be authorized.
Authorize: the state of this port was determined by the outcome of
the 802.1x authentication.
Disable: this port will not participate in 802.1x.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV–
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 68
12/20/12 PAGE 68
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
802.1x-Port Authorized Mode
Show 802.1x port authorized state.
802.1x Port Authorize State interface
TACACS+
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 69
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Warning
Warning: function is very important for managing the switch. You can manage the switch by
SYSLOG, E-MAIL, and Fault Relay. It helps monitor the switch status on remote site. When events
occur, the warning message will be sent to your appointed server, E-MAIL, or relay fault to switch
panel.
System alarm supports two warning modes: 1. SYSLOG. 2. E-MAIL. You can monitor the switch
through selected system events.
Warning – Fault Relay Alarm
When any selected fault event happens, the Fault LED in switch panel will light and the electric
relay will signal at the same time.
System Warning – SYSLOG Setting
The SYSLOG is a protocol to transmit event notification messages across networks. Please refer
to RFC 3164 - The BSD SYSLOG Protocol
System Warning – SYSLOG Setting interface
Label Description
SYSLOG Mode Disable: disable SYSLOG.
Client Only: log to local system.
Server Only: log to a remote SYSLOG server.
Both: log to both of local and remote server.
SYSLOG Server IP Address The remote SYSLOG Server IP address.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 70
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
System Warning – SMTP Setting
The SMTP is Short for Simple Mail Transfer Protocol. It is a protocol for e-mail transmission
across the Internet. Please refer to RFC 821 - Simple Mail Transfer Protocol.
System Warning – SMTP Setting interface
Label Description
E-mail Alart Enable/Disable transmission system warning events by Email.
SMTP Server IP Address Setting up the mail server IP address
Mail Subject The subject line of the Email
Sender Set up the Email account from which to send the alert.
Authentication Username: the authentication username.
Password: the authentication password.
Confirm Password: re-enter password.
Recipient E-mail Address The recipient Email address(es). Supports up to 6 recipients.
Apply Select Apply to set the configurations.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 71
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
System Warning – Event Selection
SYSLOG and SMTP are the two warning methods that supported by the system. Check the
corresponding box to enable system event warning method you wish to choose. Please note
that the checkbox cannot be checked when SYSLOG or SMTP is disabled.
System Warning – Event Selection interface
Label Description
Device cold start When the device executes cold start, the system will issue a log
event.
Device warm start When the device executes warm start, the system will issue a
log event.
Authentication Failure Alert when SNMP authentication failure.
ComRing topology
change
Port Event Disable
Apply Select Apply to set the configurations.
Help Show help file.
Alert when ComRing topology changes.
Link Up
Link Down
Link Up & Link Down
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 72
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Monitor and Diag
MAC Address Table
Refer to IEEE 802.1 D Sections 7.9. The MAC Address Table, that is Filtering Database, supports
queries by the Forwarding Process, as to whether a frame received by a given port with a given
destination MAC address is to be forwarded through a given potential transmission port.
Label Description
Port NO. : Show all MAC addresses mapping to a selected port in table.
Flush MAC Table Clear all MAC addresses in table
MAC Address
Aging Time
Auto Flush Table
When Ports Link
Down
MAC Address
Auto Learning
Apply Select Apply to set the configurations.
TECH SUPPORT: 1.888.678.9427
MAC Address Table interface
Assign aging time MUST be multiple of 15.
Enable this function, when port link down, the switch will Flush
MAC table.
Enable or Disable MAC Learning function.
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 73
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Overview
Port statistics show several statistics counters for all ports
Port Overview interface
Label Description
Type Show port speed and media type.
Link Show port link status.
State Show ports enable or disable.
TX GOOD Packet The number of good packets sent by this port.
TX Bad Packet The number of bad packets sent by this port.
RX GOOD Packet The number of good packets received by this port.
RX Bad Packet The number of bad packets received by this port.
TX Abort Packet The number of packets aborted by this port.
Packet Collision The number of times a collision detected by this port.
Clear Clear all counters.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 74
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Monitoring
Port monitoring function supports TX (egress) only, RX (ingress) only, and both TX/RX
monitoring. TX monitoring sends any data that egress out checked TX source ports to a
selected TX destination port as well. RX monitoring sends any data that ingress in checked
RX source ports out to a selected RX destination port as well as sending the frame where
it normally would have gone. Keep all source ports unchecked in order to disable port
monitoring.
Port monitoring interface
Label Description
Destination Port The port will receive a copied frame from the source port for
monitoring purposes.
Source Port The port will be monitored. Mark the blank of TX or RX to be
monitored.
TX The frames come into switch port.
RX The frames receive by switch port.
Apply Select Apply to activate the configurations.
Clear Disable the function by unchecking all ports.
Help Show help file.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 75
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
System Event Log
If system log client is enabled, the system event logs will be shown in this table.
System event log interface
Label Description
Page Select LOG page.
Reload To get the newest event logs and refresh this page.
Clear Clear log.
Help Show help file.
SFP Monitor
DDM function, can pass SFP module which supports DDM function, measure the temperature of
the apparatus and manage and set up event alarm module through DDM WEB
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 76
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Save Configuration
If any configuration is changed, visit this screen and save current configuration data to the
permanent flash memory. Otherwise, the current configuration will be lost when power is
turned off or the system is reset.
System Configuration interface
Label Description
Save Save all configurations.
Help Show help file.
Factory Default
Factory Default interface
Reset switch to default configuration. Select Reset to reset all configurations to the default
value. You can select Keep current IP address setting and Keep current username & password
to retain current IP and username and password after reset.
System Reboot
System Reboot interface
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 77
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Appendix – A
Configuring an SSH Connection
To configure an SSH connection to the switch an SSH tunnel must first be established and then the
switch can be accessed securely using Telnet.
The below example shows the configuration steps with PuTTY (Release 0.65) and requires the
CNGE3FE7MS3 switch is running Firmware Version 1.16 or above and Kernel Version 2.50 or
above.
Step 1. Open PuTTY and select Session from the Category menu. Enter the IP address of the
switch you wish to connect to. The Port should be 22 and the Connection type should be
set to SSH.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 78
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Step 2. Select SSH from the Connection menu. Tick the option for Don’t start a shell or command
at all and set the Preferred SSH protocol version to 2.
Step 3. Select Tunnels from the SSH menu. Enter a Source port of 5000 and set the Destination to
the switch IP address followed by :23 and then click the Add button.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 79
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Step 4. Select Session from the Category menu. Enter a name for the session in the Saved
Sessions box and then click on the Save button so you can easily open the secure tunnel
next time.
Step 5. You will receive a Security Alert warning if you have not cached this server before. You
can either select Yes to add the host to your local registry cache or you can select No to
continue with a one-time connection.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 80
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Step 6. A login window will be presented. Login using your username and password that is
configured on the switch.
Note: You will need to leave this window open while continuing to the next step.
St ep 7. Open another PuTTY session and select Session from the category menu. Enter localhost
for the Host Name and set the Port to 5000. Select Telnet as the Connection type.
Under Saved Sessions enter a descriptive name for this connection and then select Save.
Next Click on the Open button.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 81
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Step 8. The standard Telnet login window will appear. Login as normal to enter the Telnet
configuration of the switch. The connection is now secured with SSH.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 82
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Command Line Interface Management
About CLI Management
Besides WEB-base management, CNGE3FE7MS3 also supports CLI management. You can use
console or telnet to management switch by CLI.
CLI Management by RS-232 Serial Console (9600, 8, none, 1, none)
Before Configuring by the RS-232 serial console, use an RJ45 to DB9-F cable to connect the
Switch’s RS-232 Console port to your PCs’ COM port.
Follow the steps below to access the console via RS-232 serial cable.
Step 1. From the Windows desktop, select on Start -> Programs -> Accessories ->
Communications -> Hyper Terminal
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 83
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Step 2. Input a name for new connection
Step 3. Select to use COM port number
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 84
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Step 4. The COM port properties setting, 9600 for Bits per second, 8 for Data bits, None for Parity,
1 for Stop bits and none for Flow control.
Step 5. The Console login screen will appear. Use the keyboard to enter the Username and
Password (same as for accessing via Web Browser), and then press Enter.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 85
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
CLI Management by Telnet
Users can use telnet to configure the switches.
The default value is as below:
IP Address: 192.168.10.1
Subnet Mask: 255.255.255.0
Default Gateway: 192 .168.10.25 4
User Name: admin
Password: admin
Follow the steps below to access the console via Telnet.
Step 1. Telnet to the IP address of the switch from the Windows Run command (or from the
MS-DOS prompt).
Step 2. The Login screen will appear. Use the keyboard to enter the Username and Password
(same as for accessing via Web Browser), and then press Enter.
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 86
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Commands Level
Modes Access Method Prompt Exit Method About This Model
User EXEC Begin a session
with your switch.
Privileged
EXEC
Enter the enable
command while
in user EXEC
mode.
Global
configuration
Enter the
configure
command while
in privileged
EXEC mode.
VLAN
database
Enter the vlan
database
command while
in privileged
EXEC mode.
switch> Enter logout or
quit.
switch# Enter disable to
exit.
switch(config)#To exit to
privileged
EXEC mode,
enter exit or
end
switch(vlan)# To exit to user
EXEC mode,
enter exit.
The user command available
at the level of user is the
subset of those available at the
privileged level.
Use this mode to
• Enter menu mode.
• Display system information.
The privileged command is
advance mode
Privileged this mode to
• Display advance function
status
• save configures
Use this mode to configure
parameters that apply to your
Switch as a whole.
Use this mode to configure
VLAN-specific parameters.
Interface
configuration
Enter the
interface
command (with a
specific interface)
while in global
configuration
mode
TECH SUPPORT: 1.888.678.9427
switch(configif)#
To exit to global
configuration
mode,
enter exit.
To exist
privileged
EXEC mode or
end.
Use this mode to configure
parameters for the switch and
Ethernet ports.
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 87
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Symbol of Command Level
Mode Symbol of Command Level
User EXEC E
Privileged EXEC P
Global configuration G
VLAN database V
Interface configuration I
System Commands Set
Commands Level Description Example
show config E Show switch configuration switch>show config
show terminal P Show console information switch#show terminal
write memory P Save your configuration into
permanent memory (flash rom)
system name
[System Name]
system location
[System Location]
system description
[System Description]
system contact
[System Contact]
show system-info E Show system information switch>show system-info
ip address
[Ip-address] [Subnetmask] [Gateway]
ip dhcp G Enable DHCP client function of
show ip P Show IP information of switch switch#show ip
no ip dhcp G Disable DHCP client function of
G Configure system name switch(config)#system name xxx
G Set switch system location string switch(config)#system location xxx
G Set switch system description
string
G Set switch system contact
window string
G Configure the IP address of
switch
switch
switch
switch#write memory
switch(config)#system description xxx
switch(config)#system contact xxx
switch(config)#ip address 192.168.1.1
255.255.255.0 192.168.1.254
switch(config)#ip dhcp
switch(config)#no ip dhcp
reload G Halt and perform a cold restart switch(config)#reload
default G Restore to default Switch(config)#default
admin username
[Username]
admin password
[Password]
TECH SUPPORT: 1.888.678.9427
G Changes a login username.
(maximum 10 words)
G Specifies a password
(maximum 10 words)
switch(config)#admin username xxxxxx
switch(config)#admin password xxxxxx
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 88
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
show admin P Show administrator information switch#show admin
dhcpserver enable G Enable DHCP Server switch(config)#dhcpserver enable
dhcpserver lowip
[Low IP]
dhcpserver highip
[High IP]
dhcpserver subnetmask
[Subnet mask]
dhcpserver gateway
[Gateway]
dhcpserver dnsip
[DNS IP]
dhcpserver leasetime
G Configure low IP address for IP
pool
G Configure high IP address for IP
pool
G Configure subnet mask for DHCP
clients
G Configure gateway for DHCP
clients
G Configure DNS IP for DHCP
clients
G Configure lease time (in hour) switch(config)#dhcpserver leasetime 1
[Hours]
dhcpserver ipbinding
[IP address]
show dhcpserver
configuration
I Set static IP for DHCP clients by
port
P Show configuration of DHCP
server
show dhcpserver clients P Show client entries of DHCP
server
show dhcpserver
ip-binding
P Show IP-Binding information of
DHCP server
switch(config)# dhcpserver lowip
192.168 .1.1
switch(config)# dhcpserver highip
192.168 .1.5 0
switch(config)#dhcpserver subnetmask
255.255.255.0
switch(config)#dhcpserver gateway
192.168 .1.25 4
switch(config)# dhcpserver dnsip
192.168 .1.1
switch(config)#interface fastEthernet 2
switch(config-if)#dhcpserver ipbinding
192.168 .1.1
switch#show dhcpserver configuration
switch#show dhcpserver clinets
switch#show dhcpserver ip-binding
no dhcpserver G Disable DHCP server function switch(config)#no dhcpserver
security enable G Enable IP security function switch(config)#security enable
security http G Enable IP security of HTTP server switch(config)#security http
security telnet G Enable IP security of telnet server switch(config)#security telnet
security ip
[Index(1..10)] [IP Address]
show security P Show the information of IP
G Set the IP security list switch(config)#security ip 1
192.168 .1.55
switch#show security
security
no security G Disable IP security function switch(config)#no security
no security http G Disable IP security of HTTP serverswitch(config)#no security http
no security telnet G Disable IP security of telnet
switch(config)#no security telnet
server
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 89
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Commands Set
Commands Level Description Example
interface fastEthernet
[Portid]
duplex
[full | half]
speed
[10|100|1000|auto]
flowcontrol mode
[Symmetric|Asymmetric]
no flowcontrol I Disable flow control of interface switch(config-if)#no flowcontrol
security enable I Enable security of interface switch(config)#interface fastEthernet 2
no security I Disable security of interface switch(config)#interface fastEthernet 2
G Choose the port for modification. switch(config)#interface fastEthernet 2
I Use the duplex configuration
command to specify the duplex
mode of operation for Fast
Ethernet.
I Use the speed configuration
command to specify the speed
mode of operation for Fast
Ethernet., the speed can’t be set
to 1000 if the port isn’t a giga
port..
I Use the flowcontrol configuration
command on Ethernet ports
to control traffic rates during
congestion.
switch(config)#interface fastEthernet 2
switch(config-if)#duplex full
switch(config)#interface fastEthernet 2
switch(config-if)#speed 100
switch(config)#interface fastEthernet 2
switch(config-if)#flowcontrol mode
Asymmetric
switch(config-if)#security enable
switch(config-if)#no security
bandwidth type all I Set interface ingress limit frame
type to “accept all frame”
bandwidth type
broadcast-multicastflooded-unicast
bandwidth type
broadcast-multicast
bandwidth type
broadcast-only
bandwidth in
[Value]
I Set interface ingress limit frame
type to “accept broadcast,
multicast, and flooded unicast
frame”
I Set interface ingress limit frame
type to “accept broadcast and
multicast frame”
I Set interface ingress limit frame
type to “only accept broadcast
frame”
I Set interface input bandwidth.
Rate Range is from 100 kbps to
102400 kbps or to 256000 kbps
for giga ports, and zero means no
limit.
switch(config)#interface fastEthernet 2
switch(config-if)#bandwidth type all
switch(config)#interface fastEthernet 2
switch(config-if)#bandwidth type
broadcast-multicast-flooded-unicast
switch(config)#interface fastEthernet 2
switch(config-if)#bandwidth type
broadcast-multicast
switch(config)#interface fastEthernet 2
switch(config-if)#bandwidth type
broadcast-only
switch(config)#interface fastEthernet 2
switch(config-if)#bandwidth in 100
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 90
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
bandwidth out
[Value]
I Set interface output bandwidth.
Rate Range is from 100 kbps to
switch(config)#interface fastEthernet 2
switch(config-if)#bandwidth out 100
102400 kbps or to 256000 kbps
for giga ports,
and zero means no limit.
show bandwidth I Show interfaces bandwidth
control
state
[Enable | Disable]
I Use the state interface
configuration command to specify
switch(config)#interface fastEthernet 2
switch(config-if)#show bandwidth
switch(config)#interface fastEthernet 2
switch(config-if)#state Disable
the state mode of operation for
Ethernet ports. Use the disable
form of this command to disable
the port.
show interface
configuration
I show interface configuration
status
switch(config)#interface fastEthernet
2 switch(config-if)#show interface
configuration
show interface status I show interface actual status switch(config)#interface fastEthernet 2
switch(config-if)#show interface status
show interface
accounting
I show interface statistic counter switch(config)#interface fastEthernet
2 switch(config-if)#show interface
accounting
no accounting I Clear interface accounting
information
switch(config)#interface fastEthernet 2
switch(config-if)#no accounting
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 91
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Trunk command set
Commands Level Description Example
aggregator priority
[1to 65535]
aggregator activityport
[Port Numbers]
aggregator group
[GroupID] [Port-list]
lacp
workp
[Workport]
aggregator group
[GroupID] [Port-list]
nolacp
G Set port group system priority switch(config)#aggregator priority 22
G Set activity port switch(config)#aggregator activityport
2
G Assign a trunk group with LACP
active.
[GroupID] :1to3
[Port-list]:Member port list,
This parameter could be a port
range(ex.1-4) or a port list separate
by a comma(ex.2, 3, 6)
[Workport]: The amount of work
ports, this value could not be less
than zero or be large than the
amount of member ports.
G Assign a static trunk group.
[GroupID] :1to3
[Port-list]:Member port list,
This parameter could be a port
range(ex.1-4) or a port list separate
by a comma(ex.2, 3, 6)
switch(config)#aggregator group 1 1-4
lacp workp 2
or
switch(config)#aggregator group 2
1,4,3 lacp workp 3
switch(config)#aggregator group 1 2-4
nolacp
or
switch(config)#aggreator group 1 3,1,2
nolacp
show aggregator P Show the information of trunk
group
no aggregator lacp
[GroupID]
no aggregator group
[GroupID]
G Disable the LACP function of trunk
group
G Remove a trunk group switch(config)#no aggreator group 2
switch#show aggregator
switch(config)#no aggreator lacp 1
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 92
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
VLAN command set
Commands Level Description Example
vlan database P Enter VLAN configure mode switch#vlan database
vlan
[8021q | gvrp]
no vlan
[VID]
no gvrp V Disable GVRP switch(vlan)#no gvrp
IEEE 802.1Q VLAN
vlan 8021q port
[PortNumber]
access-link untag
[UntaggedVID]
vlan 8021q port
[PortNumber]
trunk-link tag
[TaggedVID List]
vlan 8021q port
[PortNumber]
hybrid-link untag
[UntaggedVID]
tag
[TaggedVID List]
V To set switch VLAN mode. switch(vlan)# vlanmode 802.1q
or
switch(vlan)# vlanmode gvrp
V Disable vlan group (by VID) switch(vlan)#no vlan 2
V Assign a access link for VLAN by
port, if the port belong to a trunk
group, this command can’t be
applied.
V Assign a trunk link for VLAN by
port, if the port belong to a trunk
group, this command can’t be
applied.
V Assign a hybrid link for VLAN by
port, if the port belong to a trunk
group, this command can’t be
applied.
switch(vlan)#vlan 802.1q port 3 access-
link untag 33
switch(vlan)#vlan 8021q port 3 trunk-
link tag 2,3,6,99
or
switch(vlan)#vlan 8021q port 3 trunk-
link tag 3-20
switch(vlan)# vlan 8021q port 3 hybrid-
link untag 4 tag 3,6,8
or
switch(vlan)# vlan 8021q port 3 hybrid-
link untag 5 tag 6-8
vlan 8021q aggreator
[TrunkID]
access-link untag
[UntaggedVID]
vlan 8021q aggreator
[TrunkID]
trunk-link tag
[TaggedVID List]
vlan 8021q aggreator
[PortNumber]
hybrid-link untag
[UntaggedVID]
tag
[TaggedVID List]
show vlan [VID]
or
show vlan
TECH SUPPORT: 1.888.678.9427
V Assign a access link for VLAN by
trunk group
V Assign a trunk link for VLAN by
trunk group
V Assign a hybrid link for VLAN by
trunk group
V Show VLAN information switch(vlan)#show vlan 23
switch(vlan)#vlan 8021q aggreator 3
access-link untag 33
switch(vlan)#vlan 8021q aggreator 3
trunk-link tag 2,3,6,99
or
switch(vlan)#vlan 8021q aggreator 3
trunk-link tag 3-20
switch(vlan)# vlan 8021q aggreator 3
hybrid-link untag 4 tag 3,6,8
or
switch(vlan)# vlan 8021q aggreator 3
hybrid-link untag 5 tag 6-8
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 93
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Spanning Tree command set
Commands Level Description Example
spanning-tree enable G Enable spanning tree switch(config)#spanning-tree enable
spanning-tree priority
[0to61440]
spanning-tree max-age
[seconds]
spanning-tree hellotime [seconds]
spanning-tree forwardtime [seconds]
G Configure spanning tree priority
parameter
G Use the spanning-tree max-age
global configuration command
to change the interval between
messages the spanning tree
receives from the root switch.
If a switch does not receive a
bridge protocol data unit (BPDU)
message from the root switch
within this interval, it recomputed
the Spanning Tree Protocol (STP)
topology.
G Use the spanning-tree hello-time
global configuration command
to specify the interval between
hello bridge protocol data units
(BPDUs).
G Use the spanning-tree forward-
time global configuration
command to set the forwardingtime for the specified spanningtree instances. The forwarding
time determines how long each of
the listening and
learning states last before the port
begins forwarding.
switch(config)#spanning-tree priority
32767
switch(config)# spanning-tree max-age
15
switch(config)#spanning-tree hello-
time 3
switch(config)# spanning-tree forward-
time 20
stp-path-cost
[1to200000000]
stp-path-priority
[Port Priority]
TECH SUPPORT: 1.888.678.9427
I Use the spanning-tree cost
interface configuration command
to set the path cost for Spanning
Tree
Protocol (STP) calculations. In the
event of a loop, spanning tree
considers the path cost when
selecting an interface to place into
the forwarding state.
I Use the spanning-tree port-
priority interface configuration
command to configure a port
priority that is used when two
switches tie for position as the
root switch.
switch(config)#interface fastEthernet 2
switch(config-if)#stp-path-cost 20
switch(config)#interface fastEthernet 2
switch(config-if)# stp-path-priority 127
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 94
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
stp-admin-p2p
[Auto|True|False]
stp-admin-edge
[True|False]
stp-admin-non-stp
[True|False]
Show spanning-tree E Display a summary of the
no spanning-tree G Disable spanning-tree. switch(config)#no spanning-tree
I Admin P2P of STP priority on this
interface.
I Admin Edge of STP priority on this
interface.
I Admin NonSTP of STP priority on
this interface.
spanning-tree states.
switch(config)#interface fastEthernet 2
switch(config-if)# stp-admin-p2p Auto
switch(config)#interface fastEthernet 2
switch(config-if)# stp-admin-edge True
switch(config)#interface fastEthernet 2
switch(config-if)# stp-admin-non-stp
False
switch>show spanning-tree
QoS command set
Commands Level Description Example
qos policy
[weighted-fair|strict]
qos prioritytype
[port-based|cos-only|tosonly|cos-first|tos-first]
G Select QOS policy scheduling switch(config)#qos policy weighted-
fair
G Setting of QOS priority type switch(config)#qos prioritytype
qos priority portbased
[Port]
[lowest|low|middle|high]
qos priority cos [Priority]
[lowest|low|middle|high]
qos priority tos [Priority]
[lowest|low|middle|high]
show qos P Display the information of QoS
no qos G Disable QoS function switch(config)#no qos
G Configure Port-based Priority switch(config)#qos priority portbased
1 low
G Configure COS Priority switch(config)#qos priority cos 22
middle
G Configure TOS Priority switch(config)#qos priority tos 3 high
switch>show qos
configuration
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 95
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
IGMP command set
Commands Level Description Example
igmp enable G Enable IGMP snooping function switch(config)#igmp enable
Igmp-query auto G Set IGMP query to auto mode switch(config)#Igmp-query auto
Igmp-query force G Set IGMP query to force mode switch(config)#Igmp-query force
show igmp configuration P Displays the details of an IGMP
configuration.
show igmp multi P Displays the details of an IGMP
snooping entries.
no igmp G Disable IGMP snooping function switch(config)#no igmp
no igmp-query G Disable IGMP query switch#no igmp-query
switch#show igmp configuration
switch#show igmp multi
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 96
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
MAC/Filter Table command set
Commands Level Description Example
mac-address-table static
hwaddr
[MAC]
mac-address-table filter
hwaddr
[MAC]
show mac-address-table P Show all MAC address table switch#show mac-address-table
show mac-address-table
static
show mac-address-table
filter
no mac-address-table
static hwaddr
[MAC]
no mac-address-table
filter hwaddr
[MAC]
no mac-address-table G Remove dynamic entry of MAC
I Configure MAC address table of
interface (static).
G Configure MAC address
table(filter)
P Show static MAC address table switch#show mac-address-table static
P Show filter MAC address table. switch#show mac-address-table filter
I Remove an entry of MAC address
table of interface (static)
G Remove an entry of MAC address
table (filter)
address table
switch(config)#interface fastEthernet 2
switch(config-if)#mac-address-table
static hwaddr 000012345678
switch(config)#mac-address-table filter
hwaddr 000012348678
switch(config)#interface fastEthernet 2
switch(config-if)#no mac-address-table
static hwaddr 000012345678
switch(config)#no mac-address-table
filter hwaddr 000012348678
switch(config)#no mac-address-table
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 97
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
SNMP command set
Commands Level Description Example
snmp agent-mode
[v1v2c | v3]
snmp-server host
[IP address]
community
[Community-string]
trap-version
[v1|v2c]
snmp community-strings
[Community-string]
right
[RO|RW]
snmp snmpv3-user
[User Name]
password
[Authentication
Password] [Privacy
Password]
show snmp P Show SNMP configuration switch#show snmp
G Select the agent mode of SNMP switch(config)#snmp agent-mode
v1v2c
G Configure SNMP server host
information and community string
G Configure the community string
right
G Configure the user profile for
SNMPV3 agent. Privacy password
could be empty.
switch(config)#snmp-server host
192.168.10.50 community public trap-
version v1
(remove)
Switch(config)#
no snmp-server host
192.168 .10. 50
switch(config)#snmp community-
strings public right RO
or
switch(config)#snmp community-
strings public right RW
switch(config)#snmp snmpv3-user
test01 password AuthPW PrivPW
show snmp-server P Show specified trap server
information
no snmp communitystrings [Community]
no snmp snmpv3-user
[User Name]
password
[Authentication
Password] [Privacy
Password]
no snmp-server host
[Host-address]
G Remove the specified community. switch(config)#no snmp community-
G Remove specified user of SNMPv3
agent. Privacy password could be
empty.
G Remove the SNMP server host. switch(config)#no snmp-server
switch#show snmp-server
strings public
switch(config)# no snmp snmpv3-user
test01 password AuthPW PrivPW
192.168 .10. 50
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 98
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
Port Mirroring command set
Commands Level Description Example
monitor rx G Set RX destination port of monitor
function
monitor tx G Set TX destination port of monitor
function
show monitor P Show port monitor information switch#show monitor
monitor
[RX|TX|Both]
show monitor I Show port monitor information switch(config)#interface fastEthernet 2
no monitor I Disable source port of monitor
I Configure source port of monitor
function
function
switch(config)#monitor rx
switch(config)#monitor tx
switch(config)#interface fastEthernet 2
switch(config-if)#monitor RX
switch(config-if)#show monitor
switch(config)#interface fastEthernet 2
switch(config-if)#no monitor
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 99
INSTALLATION AND OPERATION MANUAL CNGE3FE7MS3
802.1x command set
Commands Level Description Example
8021x enable G Use the 802.1x global
configuration command to enable
802.1x protocols.
8021x system radiousip
[IP address]
8021x system serverport
[port ID]
8021x system
accountport
[port ID]
8021x system sharekey
[ID]
8021x system nasid
[words]
8021x misc quietperiod
[sec.]
G Use the 802.1x system radious IP
global configuration command to
change the radious server IP.
G Use the 802.1x system server port
global configuration command to
change the radious server port
G Use the 802.1x system account
port global configuration
command to change the
accounting port
G Use the 802.1x system share key
global configuration command to
change the shared key value.
G Use the 802.1x system nasid
global configuration command to
change the NAS ID
G Use the 802.1x misc quiet period
global configuration command to
specify the quiet period value of
the switch.
switch(config)# 8021x enable
switch(config)# 8021x system radiousip
192.168 .1.1
switch(config)# 8021x system
serverport 1815
switch(config)# 8021x system
accountport 1816
switch(config)# 8021x system sharekey
123456
switch(config)# 8021x system nasid
test1
switch(config)# 8021x misc quietperiod
10
8021x misc txperiod
[sec.]
8021x misc
supportimeout [sec.]
8021x misc
servertimeout [sec.]
8021x misc maxrequest
[number]
8021x misc
reauthperiod [sec.]
G Use the 802.1x misc TX period
global configuration command to
set the TX period.
G Use the 802.1x misc supp timeout
global configuration command to
set the supplicant timeout.
G Use the 802.1x misc server
timeout global configuration
command to set the server
timeout.
G Use the 802.1x misc max request
global configuration command to
set the MAX requests.
G Use the 802.1x misc reauth period
global configuration command to
set the reauth period.
switch(config)# 8021x misc txperiod 5
switch(config)# 8021x misc
supportimeout 20
switch(config)#8021x misc
servertimeout 20
switch(config)# 8021x misc maxrequest
3
switch(config)# 8021x misc
reauthperiod 3000
TECH SUPPORT: 1.888.678.9427
INS_CNGE3FE7MS3_REV– Rev. 8.25.15 PAGE 100
Loading...