Digisol DG-GS1500E series Management Manual
AZTECA 1000 Web Managed Switch Series
DG-GS1500E Series
Gigabit Ethernet Web Managed Switch
Management Guide
V1.0
2014-03-05
As our products undergo continuous development the specifications are subject to change without prior notice
M
ANAGEMENT
G
UIDE
DG-GS1510HPE GIGABIT ETHERNET SWITCH
Layer 2 Gigabit Ethernet PoE Switch
with 8 10/100/1000BASE-T Ports (RJ-45)
and 2 Gigabit SFP Ports
DG-GS1526HPE GIGABIT ETHERNET SWITCH
Layer 2 Gigabit Ethernet PoE Switch
with 24 10/100/1000BASE-T Ports (RJ-45)
and 2 Gigabit SFP Ports
DG-GS1526E GIGABIT ETHERNET SWITCH
Layer 2 Gigabit Ethernet Switch
with 24 10/100/1000BASE-T Ports (RJ-45)
and 2 Gigabit SFP Ports
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause loss of data, or
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
– 3 –
CONTENTS
ABOUT THIS GUIDE 3
C
ONTENTS 4
IGURES 10
F
T
ABLES 15
SECTION I GETTING STARTED 16
1INTRODUCTION 17
Key Features 17
Description of Software Features 18
System Defaults 22
2INITIAL SWITCH CONFIGURATION 25
SECTION II WEB CONFIGURATION 27
3USING THE WEB INTERFACE 28
Navigating the Web Browser Interface 28
Home Page 28
Configuration Options 29
Panel Display 29
Main Menu 29
4CONFIGURING THE SWITCH 39
Configuring System Information 39
Setting an IP Address 40
Setting an IPv4 Address 40
Setting an IPv6 Address 41
Configuring NTP Service 44
Configuring the Time Zone and Daylight Savings Time 45
Configuring Remote Log Messages 47
Configuring Power Reduction 48
– 4 –
C
ONTENTS
Reducing Power to Idle Queue Circuits 48
Configuring Port Connections 49
Configuring Security 52
Configuring User Accounts 52
Configuring User Privilege Levels 54
Configuring The Authentication Method For Management Access 56
Configuring SSH 59
Configuring HTTPS 60
Filtering IP Addresses for Management Access 61
Using Simple Network Management Protocol 62
Remote Monitoring 73
Configuring Port Limit Controls 78
Configuring Authentication Through Network Access Servers 81
Filtering Traffic with Access Control Lists 93
Configuring DHCP Snooping 103
Configuring DHCP Relay and Option 82 Information 106
Configuring IP Source Guard 107
Configuring ARP Inspection 111
Specifying Authentication Servers 114
Creating Trunk Groups 116
Configuring Static Trunks 116
Configuring LACP 119
Configuring Loop Protection 121
Configuring the Spanning Tree Algorithm 123
Configuring Global Settings for STA 125
Configuring Multiple Spanning Trees 129
Configuring Spanning Tree Bridge Priorities 131
Configuring
STP/RSTP/CIST Interfaces 132
Configuring MIST Interfaces 136
Multicast VLAN Registration 137
Configuring General MVR Settings 138
Configuring MVR Channel Settings 140
IGMP Snooping 142
Configuring Global and Port-Related Settings for IGMP Snooping 142
Configuring VLAN Settings for IGMP Snooping and Query 146
Configuring IGMP Filtering 148
– 5 –
C
ONTENTS
MLD Snooping 149
Configuring Global and Port-Related Settings for MLD Snooping 149
Configuring VLAN Settings for MLD Snooping and Query 152
Configuring MLD Filtering 154
Link Layer Discovery Protocol 155
Configuring LLDP Timing and TLVs 155
Configuring LLDP-MED TLVs 158
Power over Ethernet 164
Configuring the MAC Address Table 167
IEEE 802.1Q VLANs 169
Assigning Ports to VLANs 170
Configuring VLAN Attributes for Port Members 171
Configuring Private VLANs 174
Using Port Isolation 175
Configuring MAC-based VLANs 176
Protocol VLANs 177
Configuring Protocol VLAN Groups 178
Mapping Protocol Groups to Ports 179
Configuring IP Subnet-based VLANs 180
Managing VoIP Traffic 182
Configuring VoIP Traffic 182
Configuring Telephony OUI 184
Quality of Service 185
Configuring Port Classification 186
Configuring Port Policiers 188
Configuring Egress Port Scheduler 189
Configuring Egress Port Shaper 192
Configuring Port Remarking Mode 193
Configuring Port DSCP Translation and Rewriting 196
Configuring DSCP-based QoS Ingress Classification 197
Configuring DSCP Translation 198
Configuring DSCP Classification 199
Configuring QoS Control Lists 200
Configuring Storm Control 204
Configuring Local Port Mirroring 205
Configuring Remote Port Mirroring 207
– 6 –
C
ONTENTS
Configuring UPnP 211
Configuring sFlow 213
5MONITORING THE SWITCH 216
Displaying Basic Information About the System 216
Displaying System Information 216
Displaying CPU Utilization 217
Displaying Log Messages 218
Displaying Log Details 220
Displaying Information About Ports 220
Displaying Port Status On the Front Panel 220
Displaying an Overview of Port Statistics 221
Displaying QoS Statistics 221
Displaying QCL Status 222
Displaying Detailed Port Statistics 223
Displaying Information About Security Settings 226
Displaying Access Management Statistics 226
Displaying Information About Switch Settings for Port Security 227
Displaying Information About Learned MAC Addresses 228
Displaying Port Status for Authentication Services 229
Displaying Port Statistics for 802.1X or Remote Authentication Service
230
Displaying ACL Status 234
Displaying Statistics for DHCP Snooping 236
Displaying DHCP Relay Statistics 237
Displaying MAC Address Bindings for ARP Packets 238
Displaying Entries in the IP Source Guard Table 239
Displaying Information on Authentication Servers 240
Displaying a List of Authentication Servers 240
Displaying Statistics for Configured Authentication Servers 241
Displaying Information on RMON 245
Displaying RMON Statistics 245
Displaying RMON Historical Samples 246
Displaying RMON Alarm Settings 247
Displaying RMON Event Settings 248
Displaying Information on LACP 249
Displaying an Overview of LACP Groups 249
Displaying LACP Port Status 249
– 7 –
C
ONTENTS
Displaying LACP Port Statistics 250
Displaying Information on Loop Protection 251
Displaying Information on the Spanning Tree 252
Displaying Bridge Status for STA 252
Displaying Port Status for STA 255
Displaying Port Statistics for STA 255
Displaying MVR Information 256
Displaying MVR Statistics 256
Displaying MVR Group Information 257
Displaying MVR SFM Information 258
Showing IGMP Snooping Information 259
Showing IGMP Snooping Status 259
Showing IGMP Snooping Group Information 260
Showing IPv4 SFM Information 261
Showing MLD Snooping Information 262
Showing MLD Snooping Status 262
Showing MLD Snooping Group Information 263
Showing IPv6 SFM Information 264
Displaying LLDP Information 265
Displaying LLDP Neighbor Information 265
Displaying LLDP-MED Neighbor Information 266
Displaying LLDP Neighbor PoE Information 268
Displaying LLDP Neighbor EEE Information 269
Displaying LLDP Port Statistics 271
Displaying PoE Status 272
Displaying the MAC Address Table 273
Displaying Information About VLANs 274
VLAN Membership 274
VLAN Port Status 275
Displaying Information About MAC-based VLANs 276
Displaying Information About Flow Sampling 277
6PERFORMING BASIC DIAGNOSTICS 279
Pinging an IPv4 or IPv6 Address 279
Running Cable Diagnostics 281
7PERFORMING SYSTEM MAINTENANCE 282
Restarting the Switch 282
– 8 –
C
ONTENTS
Restoring Factory Defaults 283
Upgrading Firmware 283
Activating the Alternate Image 284
Managing Configuration Files 285
Saving Configuration Settings 285
Restoring Configuration Settings 285
SECTION III APPENDICES 287
ASOFTWARE SPECIFICATIONS 288
Software Features 288
Management Features 289
Standards 290
Management Information Bases 290
BTROUBLESHOOTING 292
Problems Accessing the Management Interface 292
Using System Logs 293
GLOSSARY 294
I
NDEX 301
– 9 –
FIGURES
Figure 1: Home Page 28
Figure 2: Front Panel Indicators 29
Figure 3: System Information Configuration 39
Figure 4: IP Configuration 41
Figure 5: IPv6 Configuration 43
Figure 6: NTP Configuration 44
Figure 7: Time Zone and Daylight Savings Time Configuration 46
Figure 8: Configuring Settings for Remote Logging of Error Messages 48
Figure 9: Configuring EEE Power Reduction 49
Figure 10: Port Configuration 51
Figure 11: Showing User Accounts 53
Figure 12: Configuring User Accounts 54
Figure 13: Configuring Privilege Levels 56
Figure 14: Authentication Server Operation 57
Figure 15: Authentication Method for Management Access 58
Figure 16: SSH Configuration 59
Figure 17: HTTPS Configuration 61
Figure 18: Access Management Configuration 62
Figure 19: SNMP System Configuration 67
Figure 20: SNMPv3 Community Configuration 68
Figure 21: SNMPv3 User Configuration 70
Figure 22: SNMPv3 Group Configuration 71
Figure 23: SNMPv3 View Configuration 72
Figure 24: SNMPv3 Access Configuration 73
Figure 25: RMON Statistics Configuration 74
Figure 26: RMON History Configuration 75
Figure 27: RMON Alarm Configuration 77
Figure 28: RMON Event Configuration 78
Figure 29: Port Limit Control Configuration 81
Figure 30: Using Port Security 82
Figure 31: Network Access Server Configuration 92
– 10 –
F
IGURES
Figure 32: ACL Port Configuration 94
Figure 33: ACL Rate Limiter Configuration 95
Figure 34: Access Control List Configuration 103
Figure 35: DHCP Snooping Configuration 105
Figure 36: DHCP Relay Configuration 107
Figure 37: Configuring Global and Port-based Settings for IP Source Guard 109
Figure 38: Configuring Static Bindings for IP Source Guard 110
Figure 39: Configuring Global and Port Settings for ARP Inspection 112
Figure 40: Configuring Static Bindings for ARP Inspection 113
Figure 41: Authentication Configuration 115
Figure 42: Static Trunk Configuration 119
Figure 43: LACP Port Configuration 121
Figure 44: Loop Protection Configuration 123
Figure 45: STP Root Ports and Designated Ports 124
Figure 46: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 124
Figure 47: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree125
Figure 48: STA Bridge Configuration 129
Figure 49: Adding a VLAN to an MST Instance 131
Figure 50: Configuring STA Bridge Priorities 132
Figure 51: STP/RSTP/CIST Port Configuration 135
Figure 52: MSTI Port Configuration 137
Figure 53: MVR Concept 137
Figure 54: Configuring General MVR Settings 140
Figure 55: Configuring MVR Channel Settings 141
Figure 56: Configuring Global and Port-related Settings for IGMP Snooping 145
Figure 57: Configuring VLAN Settings for IGMP Snooping and Query 148
Figure 58: IGMP Snooping Port Group Filtering Configuration 148
Figure 59: Configuring Global and Port-related Settings for MLD Snooping 152
Figure 60: Configuring VLAN Settings for MLD Snooping and Query 154
Figure 61: MLD Snooping Port Group Filtering Configuration 155
Figure 62: LLDP Configuration 158
Figure 63: LLDP-MED Configuration 164
Figure 64: Configuring PoE Settings 167
Figure 65: MAC Address Table Configuration 169
Figure 66: VLAN Membership Configuration 171
Figure 67: VLAN Port Configuration 174
– 11 –
F
IGURES
Figure 68: Private VLAN Membership Configuration 175
Figure 69: Port Isolation Configuration 176
Figure 70: Configuring MAC-Based VLANs 177
Figure 71: Configuring Protocol VLANs 179
Figure 72: Assigning Ports to Protocol VLANs 180
Figure 73: Assigning Ports to an IP Subnet-based VLAN 181
Figure 74: Configuring Global and Port Settings for a Voice VLAN 184
Figure 75: Configuring an OUI Telephony List 185
Figure 76: Configuring Ingress Port QoS Classification 187
Figure 77: Configuring Ingress Port Tag Classification 188
Figure 78: Configuring Ingress Port Policing 189
Figure 79: Displaying Egress Port Schedulers 191
Figure 80: Configuring Egress Port Schedulers and Shapers 192
Figure 81: Displaying Egress Port Shapers 193
Figure 82: Displaying Port Tag Remarking Mode 194
Figure 83: Configuring Port Tag Remarking Mode 195
Figure 84: Configuring Port DSCP Translation and Rewriting 197
Figure 85: Configuring DSCP-based QoS Ingress Classification 198
Figure 86: Configuring DSCP Translation and Re-mapping 199
Figure 87: Mapping DSCP to CoS/DPL Values 200
Figure 88: QoS Control List Configuration 204
Figure 89: Storm Control Configuration 205
Figure 90: Mirror Configuration 207
Figure 91: Configuring Remote Port Mirroring 207
Figure 92: Mirror Configuration (Source) 210
Figure 93: Mirror Configuration (Intermediate) 210
Figure 94: Mirror Configuration (Destination) 211
Figure 95: UPnP Configuration 212
Figure 96: sFlow Configuration 215
Figure 97: System Information 217
Figure 98: CPU Load 218
Figure 99: System Log Information 219
Figure 100: Detailed System Log Information 220
Figure 101: Port State Overview 220
Figure 102: Port Statistics Overview 221
Figure 103: Queueing Counters 222
– 12 –
F
IGURES
Figure 104: QoS Control List Status 223
Figure 105: Detailed Port Statistics 225
Figure 106: Access Management Statistics 226
Figure 107: Port Security Switch Status 228
Figure 108: Port Security Port Status 229
Figure 109: Network Access Server Switch Status 230
Figure 110: NAS Statistics for Specified Port 234
Figure 111: ACL Status 235
Figure 112: DHCP Snooping Statistics 237
Figure 113: DHCP Relay Statistics 238
Figure 114: Dynamic ARP Inspection Table 239
Figure 115: Dynamic IP Source Guard Table 239
Figure 116: RADIUS Overview 240
Figure 117: RADIUS Details 244
Figure 118: RMON Statistics 246
Figure 119: RMON History Overview 247
Figure 120: RMON Alarm Overview 248
Figure 121: RMON Event Overview 248
Figure 122: LACP System Status 249
Figure 123: LACP Port Status 250
Figure 124: LACP Port Statistics 251
Figure 125: Loop Protection Status 252
Figure 126: Spanning Tree Bridge Status 254
Figure 127: Spanning Tree Detailed Bridge Status 254
Figure 128: Spanning Tree Port Status 255
Figure 129: Spanning Tree Port Statistics 256
Figure 130: MVR Statistics 257
Figure 131: MVR Group Information 258
Figure 132: MVR SFM Information 259
Figure 133: IGMP Snooping Status 260
Figure 134: IGMP Snooping Group Information 261
Figure 135: IPv4 SFM Information 262
Figure 136: MLD Snooping Status 263
Figure 137: MLD Snooping Group Information 264
Figure 138: IPv6 SFM Information 265
Figure 139: LLDP Neighbor Information 266
– 13 –
F
IGURES
Figure 140: LLDP-MED Neighbor Information 268
Figure 141: LLDP Neighbor PoE Information 269
Figure 142: LLDP Neighbor EEE Information 270
Figure 143: LLDP Port Statistics 272
Figure 144: Power over Ethernet Status 273
Figure 145: MAC Address Table 274
Figure 146: Showing VLAN Members 275
Figure 147: Showing VLAN Port Status 276
Figure 148: Showing MAC-based VLAN Membership Status 277
Figure 149: Showing sFlow Statistics 278
Figure 150: ICMP Ping 280
Figure 151: VeriPHY Cable Diagnostics 281
Figure 152: Restart Device 282
Figure 153: Factory Defaults 283
Figure 154: Software Upload 284
Figure 155: Software Image Selection 284
Figure 156: Configuration Save 285
Figure 157: Configuration Upload 286
– 14 –
TABLES
Table 1: Key Features 17
Table 2: System Defaults 22
Table 3: Web Page Configuration Buttons 29
Table 4: Main Menu 29
Table 5: HTTPS System Support 60
Table 6: SNMP Security Models and Levels 63
Table 7: Dynamic QoS Profiles 85
Table 8: QCE Modification Buttons 97
Table 9: Recommended STA Path Cost Range 133
Table 10: Recommended STA Path Costs 133
Table 11: Default STA Path Costs 133
Table 12: QCE Modification Buttons 201
Table 13: System Capabilities 265
Table 14: Troubleshooting Chart 292
– 15 –
S
ECTION
GETTING STARTED
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.
This section includes these chapters:
• "Introduction" on page 17
• "Initial Switch Configuration" on page 25
I
– 16 –
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
Configuration Backup
and Restore
Backup to management station using Web
Authentication Telnet, Web – user name/password, RADIUS, TACACS+
Web – HTTP S
Teln e t – S S H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
General Security
Measures
Access Control Lists Supports up to 256 rules
DHCP Client
DNS Client and Proxy service
Port Configuration Speed, duplex mode, flow control, MTU, response to excessive
Rate Limiting Input rate limiting per port (manual setting or ACL)
Port Mirroring 1 sessions, up to 10 source port to one analysis port per session
Port Trunking Supports up to 5 trunks – static or dynamic trunking (LACP)
Congestion Control Throttling for broadcast, multicast, unknown unicast storms
Address Table 8K MAC addresses in the forwarding table, 1000 static MAC
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS
Private VLANs
Port Authentication
Port Security
DHCP Snooping (with Option 82 relay information)
IP Source Guard
collisions, power saving mode
addresses, 1K L2 IGMP multicast groups and 128 MVR groups
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Supported to ensure wire-speed switching while eliminating bad
frames
– 17 –
C
HAPTER
Description of Software Features
1
| Introduction
Table 1: Key Features (Continued)
Feature Description
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private
Multiple Spanning Trees (MSTP)
VLANs, and voice VLANs, and QinQ tunnel
Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/
Quality of Service Supports Differentiated Services (DiffServ), and DSCP remarking
Link Layer Discovery
Protocol
Multicast Filtering Supports IGMP snooping and query, MLD snooping, and Multicast
DESCRIPTION OF SOFTWARE FEATURES
The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Storm suppression prevents broadcast,
multicast, and unknown unicast traffic storms from engulfing the network.
Untagged (port-based), tagged, and protocol-based VLANs provide traffic
security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across
the network. While multicast filtering provides support for real-time
network applications.
Some of the management features are briefly described below.
UDP port, DSCP, ToS bit, VLAN tag priority, or port
Used to discover basic information about neighboring devices
VLAN Registration
CONFIGURATION
BACKUP AND RESTORE
You can save the current configuration settings to a file on the
management station (using the web interface) or a TFTP server (using the
console interface through Telnet), and later download this file to restore
the switch configuration settings.
AUTHENTICATION This switch authenticates management access via a web browser. User
names and passwords can be configured locally or can be verified via a
remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol
uses Extensible Authentication Protocol over LANs (EAPOL) to request user
credentials from the 802.1X client, and then uses the EAP between the
switch and the authentication server to verify the client’s right to access
the network via an authentication server (i.e., RADIUS or TACACS+
server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access, and MAC address filtering for port access.
– 18 –
C
HAPTER
Description of Software Features
1
| Introduction
ACCESS CONTROL
LISTS
ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP
port number or frame type) or layer 2 frames (based on any destination
MAC address for unicast, broadcast or multicast, or based on VLAN ID or
VLAN tag priority). ACLs can by used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting
access to specific network resources or protocols. Policies can be used to
differentiate service for client ports, server ports, network ports or guest
ports. They can also be used to strictly control network traffic by only
allowing incoming frames that match the source MAC and source IP on
specific port.
PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control
used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Flow
control should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
RATE LIMITING This feature controls the maximum rate for traffic transmitted or received
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within
the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.
PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be
manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 5 trunks.
STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents
traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.
STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.
Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will
– 19 –
C
HAPTER
Description of Software Features
1
| Introduction
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.
IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table
facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 16K addresses.
STORE-AND-FORWARD
SWITCHING
SPANNING TREE
ALGORITHM
The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.
To avoid dropping frames on congested ports, the switch provides 8 MB for
frame buffering. This buffer can queue packets awaiting transmission on
congested networks.
The switch supports these spanning tree protocols:
• Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using the
STP backward compatible mode provided by RSTP. STP provides loop
detection. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure
that only one route exists between any two stations on the network.
This prevents the creation of network loops. However, if the chosen
path should fail for any reason, an alternate path will be activated to
maintain the connection.
• Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE
802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.
• Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for
even faster convergence than RSTP by limiting the size of each region,
and prevents VLAN members from being segmented from the rest of
the group (as sometimes occurs with IEEE 802.1D STP).
– 20 –
C
HAPTER
Description of Software Features
1
| Introduction
VIRTUAL LANS The switch supports up to 4096 VLANs. A Virtual LAN is a collection of
network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:
• Eliminate broadcast storms which severely degrade performance in a
flat network.
• Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
• Provide data security by restricting all traffic to the originating VLAN.
• Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.
IEEE 802.1Q
TUNNELING (QINQ)
TRAFFIC
PRIORITIZATION
• Use protocol VLANs to restrict traffic to specified interfaces based on
protocol type.
This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s
frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.
This switch prioritizes each packet based on the required level of service,
using four priority queues with strict or Weighted Round Robin queuing. It
uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
provide independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet or the number
of the TCP/UDP port. When these services are enabled, the priorities are
mapped to a Class of Service value by the switch, and the traffic then sent
to the corresponding output queue.
be used to
– 21 –
C
HAPTER
System Defaults
1
| Introduction
QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management
mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2,
Layer 3, or Layer 4 information contained in each packet. Based on
network policies, different kinds of traffic can be marked for different kinds
of forwarding.
MULTICAST
FILTERING
SYSTEM DEFAULTS
Specific multicast traffic can be assigned to its own VLAN to ensure that it
does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration for IPv4 traffic, and MLD Snooping for IPv6 traffic. It also
supports Multicast VLAN Registration (MVR) which allows common
multicast traffic, such as television channels, to be transmitted across a
single network-wide multicast VLAN shared by hosts residing in other
standard or private VLAN groups, while preserving security and data
isolation for normal traffic.
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should
be set as the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Authentication User Name “admin”
Password “admin”
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
802.1X Port Authentication Disabled
HTTPS Enabled
SSH Enabled
Port Security Disabled
IP Filtering Disabled
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Disabled
HTTP Secure Server Redirect Disabled
– 22 –
C
HAPTER
Table 2: System Defaults (Continued)
Function Parameter Default
SNMP SNMP Agent Disabled
1
| Introduction
System Defaults
Community Strings “public” (read only)
Traps Global: disabled
SNMP V3 View: default_view
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Rate Limiting Input and output limits Disabled
Port Trunking Static Trunks None
LACP (all ports) Disabled
Storm Protection Status Broadcast: Enabled (1 kpps)
Spanning Tree Algorithm Status Enabled, RSTP
Edge Ports Enabled
Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1
PVID 1
Acceptable Frame Type All
“private” (read/write)
Authentication traps: enabled
Link-up-down events: enabled
Group: default_rw_group
Multicast: disabled
Unknown unicast: disabled
(Defaults: RSTP standard)
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Access
Traffic Prioritization Ingress Port Priority 0
Queue Mode Strict
Weighted Round Robin Queue: 0 1 2 3 4 5 6 7
Weight: Disabled in strict mode
Ethernet Type Disabled
VLAN ID Disabled
VLAN Priority Tag Disabled
ToS P r i o r i t y D i sab l e d
IP DSCP Priority Disabled
TCP/UDP Port Priority Disabled
LLDP Status Enabled
– 23 –
C
HAPTER
1
| Introduction
System Defaults
Table 2: System Defaults (Continued)
Function Parameter Default
IP Settings Management. VLAN VLAN 1
IP Address 192.168.1.10
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
DHCP Client: Disabled
DNS Proxy service: Disabled
Multicast Filtering IGMP Snooping Snooping: Disabled
MLD Snooping Disabled
Multicast VLAN Registration Disabled
System Log
(console only)
NTP Clock Synchronization Disabled
Status Disabled
Messages Logged to Flash All levels
Snooping: Disabled
Querier: Disabled
– 24 –
2 INITIAL SWITCH CONFIGURATION
This chapter includes information on connecting to the switch and basic
configuration procedures.
To make use of the management features of your switch, you must first
configure it with an IP address that is compatible with the network in which
it is being installed. This should be done before you permanently install the
switch in the network.
Follow this procedure:
1. Place the switch close to the PC that you intend to use for configuration.
It helps if you can see the front panel of the switch while working on
your PC.
2. Connect the Ethernet port of your PC to any port on the front panel of
the switch. Connect power to the switch and verify that you have a link
by checking the front-panel LEDs.
3. Check that your PC has an IP address on the same subnet as the
switch. The default IP address of the switch is 192.168.1.10 and the
subnet mask is 255.255.255.0, so the PC and switch are on the same
subnet if they both have addresses that start 192.168.1.x. If the PC
and switch are not on the same subnet, you must manually set the PC’s
IP address to 192.168.1.x (where “x” is any number from 1 to 254,
except 10).
4. Open your web browser and enter the address http://192.168.1.10. If
your PC is properly configured, you will see the login page of the
switch. If you do not see the login page, repeat step 3.
5. Enter “admin” for the user name and password, and then click on the
Login button.
6. From the menu, click System, and then IP. To request an address from
a local DHCP Server, mark the DHCP Client check box. To configure a
static address, enter the new IP Address, IP Mask, and other optional
parameters for the switch, and then click on the Save button.
If you need to configure an IPv6 address, select IPv6 from the System
menu, and either submit a request for an address from a local DHCPv6
server by marking the Auto Configuration check box, or configure a
static address by filling in the parameters for an address, network
prefix length, and gateway router.
No other configuration changes are required at this stage, but it is
recommended that you change the administrator’s password before
– 25 –
C
HAPTER
2
| Initial Switch Configuration
logging out. To change the password, click Security and then Users. Select
“admin” from the User Configuration list, fill in the Password fields, and
then click Save.
– 26 –
S
ECTION
WEB CONFIGURATION
This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.
This section includes these chapters:
• "Using the Web Interface" on page 28
• "Configuring the Switch" on page 39
• "Monitoring the Switch" on page 216
• "Performing Basic Diagnostics" on page 279
II
• "Performing System Maintenance" on page 282
– 27 –
3 USING THE WEB INTERFACE
This switch provides an embedded HTTP web agent. Using a web browser
you can configure the switch and view statistics to monitor network
activity. The web agent can be accessed by any computer on the network
using a standard web browser (Internet Explorer 5.0, Mozilla Firefox
2.0.0.0, or more recent versions).
NAVIGATING THE WEB BROWSER INTERFACE
To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration
parameters and statistics. The default user name and password for the
administrator is “admin.”
HOME PAGE When your web browser connects with the switch’s web agent, the home
page is displayed as shown below. The home page displays the Main Menu
on the left side of the screen and an image of the front panel on the right
side. The Main Menu links are used to navigate to other menus, and display
configuration parameters and statistics.
Figure 1: Home Page
– 28 –
C
DG-GS1510HPE/DG-GS1526E/DG-GS1526HPE
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
CONFIGURATION
OPTIONS
Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Save button to confirm the new setting. The following table summarizes
the web page configuration buttons.
Table 3: Web Page Configuration Buttons
Button Action
Save Sets specified values to the system.
Reset Cancels specified values and restores current values prior to pressing
“Save.”
Logs out of the management interface.
Displays help for the selected page.
PANEL DISPLAY The web agent displays an image of the switch’s ports. The refresh mode is
disabled by default. Click Auto-refresh to refresh the data displayed on the
screen approximately once every 5 seconds, or click Refresh to refresh the
screen right now. Clicking on the image of a port opens the Detailed
Statistics page as described on page 223.
Figure 2: Front Panel Indicators
MAIN MENU Using the onboard web agent, you can define system parameters, manage
and control the switch, and all its ports, or monitor network conditions. The
following table briefly describes the selections available from this program.
Table 4: Main Menu
Menu Description Page
Basic Configuration
System 39
1
Information Configures system contact, name and location 39
IP Configures IPv4 and SNTP settings 40
IPv6 Configures IPv6 and SNTP settings 41
NTP Enables NTP, and configures a list of NTP servers 44
Time Configures the time zone and daylight savings time 45
– 29 –
39
C
HAPTER
3
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Main Menu (Continued)
Menu Description Page
Log Configures the logging of messages to a remote logging
Ports Configures port connection settings 49
Aggregation 116
Static Specifies ports to group into static trunks 116
LACP Allows ports to dynamically join trunks 119
Spanning Tree 123
Bridge Settings Configures global bridge settings for STP, RSTP and MSTP;
MSTI Mapping Maps VLANs to a specific MSTP instance 129
MSTI Priorities Configures the priority for the CIST and each MISTI 131
CIST Ports Configures interface settings for STA 132
MSTI Ports Configures interface settings for an MST instance 136
process, specifies the remote log server, and limits the type
of system log messages sent
also configures edge port settings for BPDU filtering, BPDU
guard, and port error recovery
47
125
MAC Table Configures address aging, dynamic learning, and static
VLANs Virtual LANs 169
VLAN Membership Configures VLAN groups 170
Ports Specifies default PVID and VLAN attributes 171
Mirroring & RSPAN Sets source and target ports for local or remote mirroring 205
Advanced Configuration
System
Power Reduction 48
Ports
Security 52
2
Information Configures system contact, name and location 39
IP Configures IPv4 and SNTP settings 40
IPv6 Configures IPv6 and SNTP settings 41
NTP Enables NTP, and configures a list of NTP servers 44
Time Configures the time zone and daylight savings time 45
Log Configures the logging of messages to a remote logging
EEE Configures Energy Efficient Ethernet for specified queues,
2
Switch 52
addresses
process, specifies the remote log server, and limits the type
of system log messages sent
and specifies urgent queues which are to transmit data after
maximum latency expires regardless queue length
Configures port connection settings 49
167
47
48
Users Configures user names, passwords, and access levels 52
Privilege Levels Configures privilege level for specific functions 54
Auth Method Configures authentication method for management access
via local database, RADIUS or TACACS+
– 30 –
56
Loading...