DrayTek VigorSwitch G1085 Service Manual

Download

Page 1

Page 2

VigorSwitch G1085

Web Smart Gigabit Switch

User’s Guide

Version: 1.0

Firmware Version: V2.5.1

(For future update, please visit DrayTek web site)

Date: December 25, 2019

VigorSwit

ch G1085 User’s Guide

Page 3

Copyrights

© All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

Trademarks

The following trademarks are used in this document:

 Microsoft is a registered trademark of Microsoft Corp.  Windows, Windows 95, 98, Me, NT, 2000, XP, Vista, 7, 8, 10 and Explorer are trademarks of Microsoft Corp.  Apple and Mac OS are registered trademarks of Apple Inc.  Other products may be trademarks or registered trademarks of their respective manufacturers.

Caution

Circuit devices are sensitive to static electricity, which can damage their delicate electronics. Dry weather conditions or walking across a carpeted floor may cause you to acquire a static electrical charge.

To protect your device, always:  Touch the metal chassis of your computer to ground the static electrical charge before you pick up the circuit

device.

 Pick up the device by holding it on the left and right edges only.

Warranty

We warrant to the original end user (purchaser) that the device will be free from any defects in workmanship or materials for a period of one (1) year from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary tore-store the product to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modified, misused, tampered with, da maged by an act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed software of other vendors. Defects which do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes.

Be a Registered Owner

Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com.

Firmware & Tools Updates

Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

More update, please visit www.draytek.com.

VigorSwitch

G1085 User’s Guide

iii

Page 4

TTaabbllee ooff CCoonntteennttss

Part I Introduction..............................................................................................................1

I-1 Introduction ................................................................................................................................... 2

I-1-1 Key Features....................................................................................................................... 2

I-1-2 Specifications ...................................................................................................................... 3

I-1-3 Packing List......................................................................................................................... 4

I-1-4 LED Indicators and Connectors .......................................................................................... 4

I-2 Installation..................................................................................................................................... 6

I-2-1 Typical Applications............................................................................................................. 6

I-2-2 Installing Network Cables.................................................................................................... 8

I-2-3 Configuring the Management Agent of Switch.................................................................... 8

I-2-4 Managing VigorSwitch G1085 through Ethernet Port......................................................... 8

I-2-5 IP Address Assignment....................................................................................................... 9

I-3 Accessing Web Page of VigorSwitch.......................................................................................... 13

I-4 Dashboard................................................................................................................................... 14

I-5 Status.......................................................................................................................................... 15

I-5-1 Port Bandwidth Utilization ................................................................................................. 15

I-5-2 LLDP Statistics.................................................................................................................. 15

Part II Switch LAN............................................................................................................17

II-1 General Setup............................................................................................................................ 18

II-1-1 Management IP/VLAN...................................................................................................... 18

II-2 Port Setting ................................................................................................................................ 20

II-2-1 General Setting................................................................................................................. 20

II-2-2 Protected Ports................................................................................................................. 22

II-3 Mirror.......................................................................................................................................... 23

II-4 Link Aggregation........................................................................................................................ 24

II-4-1 LAG Setting...................................................................................................................... 24

II-4-2 LAG Management ............................................................................................................ 25

II-4-3 LAG Port Setting............................................................................................................... 26

II-4-4 LACP Setting.................................................................................................................... 27

II-4-5 LACP Port Setting ............................................................................................................ 28

II-5 VLAN Management.................................................................................................................... 29

II-5-1 Create VLAN .................................................................................................................... 29

II-5-2 Interface Settings.............................................................................................................. 30

II-5-3 Voice VLAN...................................................................................................................... 32

II-5-3-1 Properties.................................................................................32

II-5-3-2 Telephony OUI Setting ..................................................................33

II-5-3-3 Port Setting...............................................................................34

II-5-4 MAC VLAN....................................................................................................................... 35

II-5-4-1 MAC Group................................................................................35

VigorSwit

ch G1085 User’s Guide

Page 5

I-5-4-3 Group Binding .............................................................................36

II-5-5 Surveillance VLAN............................................................................................................ 37

II-5-5-1 Property...................................................................................37

II-5-6-1 Surveillance OUI..........................................................................39

II-6 EEE............................................................................................................................................ 40

II-7 Multicast..................................................................................................................................... 41

II-7-1 Properties......................................................................................................................... 41

II-7-2 IGMP Snooping................................................................................................................ 42

II-7-2-1 IGMP Setting..............................................................................42

II-7-2-2 IGMP Querier Setting....................................................................44

II-7-2-3 IGMP Static Group .......................................................................45

II-7-2-4 IGMP Group Table........................................................................46

II-7-2-5 IGMP Router Table.......................................................................47

II-8 Jumbo Frame............................................................................................................................. 48

II-9 STP............................................................................................................................................ 49

II-9-1 Properties......................................................................................................................... 49

II-9-2 Port Setting....................................................................................................................... 50

II-9-3 Bridge Setting................................................................................................................... 52

II-9-4 Port Advanced Setting...................................................................................................... 53

II-9-5 Statistics........................................................................................................................... 54

II-10 MAC Address Table.................................................................................................................. 55

II-10-1 Static MAC Setting ......................................................................................................... 55

II-10-2 Dynamic Address Setting............................................................................................... 56

II-10-3 Dynamic Learned ........................................................................................................... 56

II-11 Blocked Port Recover............................................................................................................... 58

Part III ONVIF Surveillance.............................................................................................. 59

III-1 Topology.................................................................................................................................... 60

III-1-1 Status .............................................................................................................................. 60

III-2-2 Throughput Threshold..................................................................................................... 64

III-2 Video......................................................................................................................................... 66

III-3 Device Maintenance ................................................................................................................. 67

III-3-1 General............................................................................................................................ 67

III-3-2 Network ........................................................................................................................... 69

III-3-3 Security............................................................................................................................ 70

Part IV Security................................................................................................................71

IV-1 Storm Control............................................................................................................................ 72

IV-1-1 Properties........................................................................................................................ 72

IV-1-2 Port Setting ..................................................................................................................... 73

IV-2 DoS........................................................................................................................................... 74

IV-2-1 Properties........................................................................................................................ 74

IV-2-2 DoS Port Setting ............................................................................................................. 76

IV-3 IP Source Guard....................................................................................................................... 77

VigorSwitch

G1085 User’s Guide

Page 6

IV-3-1 Port Settings.................................................................................................................... 77

IV-3-2 IMPV Binding .................................................................................................................. 78

IV-4 IP Conflict Prevention ............................................................................................................... 79

IV-5 Loop Protection......................................................................................................................... 83

Part V ACL Configuration................................................................................................85

V-1 Create ACL................................................................................................................................ 86

V-1-1 MAC ................................................................................................................................. 86

V-1-2 IPv4.................................................................................................................................. 86

V-1-3 IPv6.................................................................................................................................. 87

V-2 Create ACE................................................................................................................................ 89

V-2-1 MAC ................................................................................................................................. 89

V-2-2 IPv4.................................................................................................................................. 90

V-2-3 IPv6.................................................................................................................................. 92

V-3 ACL Binding ............................................................................................................................... 94

Part VI QoS Configuration...............................................................................................95

VI-1 General..................................................................................................................................... 96

VI-1-1 Properties........................................................................................................................ 96

VI-1-1-1 QoS General Setting ....................................................................96

VI-1-1-2 Trust Ports ...............................................................................97

VI-1-2 Port Settings.................................................................................................................... 98

VI-1-3 Queue Settings ............................................................................................................... 99

VI-1-4 CoS Mapping ................................................................................................................ 100

VI-1-5 DSCP Mapping ............................................................................................................. 101

VI-1-6 IP Precedence Mapping................................................................................................ 102

VI-2 Bandwidth............................................................................................................................... 103

VI-2-1 Ingress Rate Limit......................................................................................................... 103

VI-2-2 Egress Shaping Rate.................................................................................................... 104

VI-2-3 Egress Shaping Per Queue.......................................................................................... 105

Part VII System Maintenance........................................................................................107

VII-1 TR-069................................................................................................................................... 108

VII-2 OpenVPN................................................................................................................................110

VII-3 Webhook.................................................................................................................................111

VII-4 LLDP.......................................................................................................................................112

VII-4-1 Properties..................................................................................................................... 112

VII-4-2 LLDP Port Setting ........................................................................................................ 113

VII-4-3 LLDP Local Device....................................................................................................... 115

VII-4-4 LLDP Remote Device................................................................................................... 116

VII-4-7 LLDP Overloading........................................................................................................ 117

VII-5 SNMP .....................................................................................................................................118

VII-5-1 View ............................................................................................................................. 119

VigorSwit

ch G1085 User’s Guide

Page 7

VII-5-2 Group........................................................................................................................... 120

VII-5-3 Community................................................................................................................... 121

VII-5-4 User.............................................................................................................................. 122

VII-5-5 Engine ID ..................................................................................................................... 124

VII-5-5-1 Local Engine ID........................................................................ 124

VII-5-5-2 Remote Engine ID..................................................................... 125

VII-5-6 Trap Event.................................................................................................................... 126

VII-5-7 Notification ................................................................................................................... 127

VII-6 Access Manager.................................................................................................................... 129

VII-7 Time and Date....................................................................................................................... 130

VII-7-1 System Time Zone....................................................................................................... 130

VII-7-2 Time............................................................................................................................. 131

VII-8 Backup Manager.................................................................................................................... 132

VII-9 Upgrade Manager.................................................................................................................. 133

VII-10 Account Manager................................................................................................................. 134

VII-11 Factory Default..................................................................................................................... 136

VII-12 Reboot Switch...................................................................................................................... 137

Part VIII Diagnostics......................................................................................................139

VIII-1 Device Check........................................................................................................................ 140

VIII-2 Cable Diagnostics................................................................................................................. 141

VIII-3 Ping Test............................................................................................................................... 142

VIII-4 SysLog.................................................................................................................................. 143

VIII-4-1 SysLog Explorer.......................................................................................................... 143

VIII-4-2 SysLog Settings.......................................................................................................... 144

VIII-4-2-1 SysLog Service........................................................................ 144

VIII-4-2-2 Local SysLog .......................................................................... 145

VIII-4-2-3 Remote SysLog ....................................................................... 146

VIII-4-2-4 SysLog Mail ........................................................................... 147

Part IX Mail Alert ............................................................................................................149

IX-1 Alert Setting ............................................................................................................................ 150

Part X Telnet Commands...............................................................................................153

X-1 Accessing T elnet of VigorSwitch.............................................................................................. 154

X-2 Available Commands............................................................................................................... 156

X-2-1 Clear Configuration........................................................................................................ 156

X-2-2 Clock Configuration........................................................................................................ 162

X-2-3 Configure Configuration................................................................................................. 163

X-2-4 Copy Configuration ........................................................................................................ 232

X-2-5 Delete Configuration ...................................................................................................... 233

X-2-6 Disable Configuration..................................................................................................... 233

X-2-7 End Configuration .......................................................................................................... 234

X-2-8 Exit Configuration........................................................................................................... 234

VigorSwitch

G1085 User’s Guide

vii

Page 8

X-2-9 Hardware-Monitor Configuration.................................................................................... 235

X-2-10 Ping Configuration........................................................................................................ 235

X-2-11 Reboot Configuration................................................................................................... 236

X-2-12 Restore-defaults Configuration.................................................................................... 236

X-2-13 Save Configuration....................................................................................................... 237

X-2-14 Show Configuration...................................................................................................... 237

X-2-15 SSL Configuration........................................................................................................ 238

X-2-16 Terminal Configuration................................................................................................. 239

X-2-17 Traceroute Configuration............................................................................................. 239

Appendix: Reference.....................................................................................................241

A-1 What’s the Ethernet................................................................................................................. 241

A-2 Media Acce ss Control (MAC).................................................................................................. 244

A-3 Flow Control............................................................................................................................. 248

Index ...............................................................................................................................251

viii

VigorSwitch G1085 User’s Guide

Page 9

arrtt II II

nttrr

uccttii

VigorSwitch

G1085 User’s Guide

Page 10

II--11 IInnttrroodduuccttiioonn

VigorSwitch G1085, Web Smart Gigabit, is a standard switch that meets all IEEE 802.3/u/x/z Gigabit, Fast Ethernet specifications. The switch has 8 10/100/1000Mbps TP ports. It supports telnet, http, https, SSH and SNMP interface for switch management.

The network administrator can login the switch to monitor, configure and control each port’s activity. In addition, the switch implements the QoS (Quality of Service), VLAN, and Trunking. It is suitable for office application.

II--11--11 KKeeyy FFeeaattuurreess

Below shows key features of this device:

QQooSS

The switch offers powerful QoS function. This function supports 802.1p V LAN tag pri ority an d DSCP on Layer 3 of network framework.

VVLLAANN

Support Port-based VLAN and IEEE802.1Q Tag VLAN. Support 24 active VLANs an d VLA N ID 1~4094.

PPoorrtt TTrruunnkkiinngg

Allows one or more links to be aggregated together to form a Link Aggregation Group by the static setting.

VigorSwitch

G1085 User’s Guide

Page 11

II--11--22 SSppeecciiffiiccaattiioonnss

The VigorSwitch G1085, a standalone off-the-shelf switch, provides the comprehensive features listed below for users to perform system network administration and efficiently and securely serve your network.

HHaarrddwwaarree

 8 10/100/1000Mbps Auto-negotiation Gigabit Ethernet TP ports  Jumbo frame support 9KB  Programmable classifier for QoS (Layer 2/Layer 3)  8K MAC address and support VLAN ID(1~4094)  Per-port shaping, policing, and Broadcast Storm Control  Full-duplex flow control (IEEE802.3x) and half-duplex backpressure  Hardware reset button for resetting configuration to factory default by pressing over 5

MMaannaaggeemmeenntt

 Supports per port traffic monitoring counters  Supports a snapshot of the system Information when you login

seconds

 Supports port mirror function  Supports the static trunk function  Supports 802.1Q VLAN  Supports user management and limits three users to login  Maximal packet length can be up to 9600 bytes for jumbo frame application  Supports Broadcasting Suppression to avoid network suspended or crashed  Supports to send the trap event while monitored events happened  Supports default configuration which can be restored to overwrite the current

configuration which is working on via Web UI and Reset button of the switch

 Supports on-line plug/unplug SFP modules  Supports Quality of Service (QoS) for real time applications based on the information

taken from Layer 2 to Layer 3

 Built-in web-based management and CLI management, providing a more convenient UI

for the user

VigorSwitch

G1085 User’s Guide

Page 12

II--11--33 PPaacckkiinngg LLiisstt

Before you start installing the switch, verify that the package contains the following:

 VigorSwitch G1085  AC Power Cord  Quick Start Guide  Rubber feet  Rack mount kit

Please notify your sales representative immediately if any of the aforementioned items is missing or damaged.

II--11--44 LLEEDD IInnddiiccaattoorrss aanndd CCoonnnneeccttoorrss

Before you use the Vigor device, please get acquainted with the LED indicators and connectors first. There are 8 Ethernet ports and SFP ports on the front panel of the switch. LED display area, locating on the front panel, contains an ACT, Power LED and ports working status of the switch.

LLEEDD EExxppllaannaattiioonn

LED Color Explanation

SYS

PWR

RJ45 LNK/ACT

Port 1 to Port 8

On Blinking The switch is powered on and starts system booting. Off On The device is powered on.

Off The device is powered off.

The switch finishes system booting and the system is ready.

The power is off or the system is not ready / malfunctioning.

Interface Description

RST

Factory reset button.  Press it to reboot the system. (<5 seconds) The SYS

LEDs will blink too.

 Press it to reset the system with factory default

VigorSwitch

G1085 User’s Guide

Page 13

settings. (5~20 seconds)

The SYS LED will be off if RST button is pressed between 5 seconds and 10 seconds.

RJ 45 LNK/ACT Port 1 ~ 8

Used for Ethernet connection. Power inlet for AC input (100~240V/AC, 50/60Hz).

VigorSwitch

G1085 User’s Guide

Page 14

II--22 IInnssttaallllaattiioonn

II--22--11 TTyyppiiccaall AApppplliiccaattiioonnss

The VigorSwitch implements 8 Gigabit Ethernet TP ports with auto MDIX and four slots for the removable module supporting comprehensive fiber types of connection, including LC and BiDi-LC SFP modules. The switch is suitable for the following applications:

CCaassee 11:: AAllll sswwiittcchh ppoorrttss aarree iinn tthhee ssaamme

Every port can access each other. (*The switch image is sample only.)

e llooccaall aarreeaa nneettwwoorrkk..

If VLAN is enabled and configured, each node in the network that can communicate each other directly is bounded in the same VLAN area.

CCaassee 22:: TThhee ssaammee VVLLAANN mmeemmbbeerrss ccaann bbee aatt ddiiffffeerreenntt sswwiittcchheess wwiitthh tth

ee ssaammee VVIIDD

VigorSwitch

G1085 User’s Guide

Page 15

CCaassee 33:: DDeesskkttoopp IInnssttaallllaattiioonn

1. Install the switch on a level surface that can support the weight of the unit and the relevant components.

2. Plug the switch with the female end of the provided power cord and plug the male end to the power outlet.

CCaassee 44:: RRaacckk--mmoouunntt IInnssttaallllaattiioonn

The switch may be standalone, or mounted in a rack. Rack mounting facilitate to an orderly installation when you are going to install series of networking devices.

Procedures to Rack-mount the switch:

1. Disconnect all the cables from the switch before continuing.

2. Place the unit the right way up on a hard, flat surface with the front facing you.

3. Locate a mounting bracket over the mounting holes on one side of the unit.

4. Insert the screws and fully

5. Repeat the two previous steps for the other side of the unit.

6. Insert the unit into the rack and secure with suitable screws.

7. Reconnect all the cables.

tighten with a suitable screwdriver.

VigorSwitch

G1085 User’s Guide

Page 16

II--22--22 IInnssttaalllliinngg NNeettwwoorrkk CCaabblleess

Crossover or straight-through cable: All the ports on the switch support Auto-MDI/MDI-X functionality. Both straight-through or crossover cables can be used as the media to connect the switch with PCs as well as other devices like switches, hubs or router.

Category 3, 4, 5 or 5e, 6 UTP/STP cable: To make a valid connection and obtain the optimal performance, an appropriate cable that corresponds to different transmitting/receiving speed is required. To choose a suitable cable, please refer to the following table.

Media Speed Wiring

10 Mbps Category 3,4,5 UTP/STP

10/100/1000 Mbps copper

100Mbps Category 5 UTP/STP 1000 Mbps Category 5e, 6 UTP/STP

II--22--33 CCoonnffiigguurriinngg tthhee MMaannaaggeemmeenntt AAggeenntt ooff SSwwiittcchh

Users can monitor and configure the switch through the following procedures. Configuring the Management Agent of VigorSwitch G1085 through the Ethernet Port. There are several ways to configure and monitor the switch through Ethernet port, includes

Web-UI and SNMP.

II--22--44 MMaannaaggiinngg VViiggoorrSSwwiittcchh GG11008855 tthhrroouugghh EEtthheerrnneett PPoorrtt

Before start using the switch, the IP address setting of the switch should be done, then perform the following steps:

1. Set up a physical path between the configured the switch and a PC by a qualified UTP Cat.

5e cable with RJ-45 connector. Note: If PC directly connects to the switch, you have to setup the same subnet mask

between them. But, subnet mask may be different for the PC in the remote site. Please refer to the above figure about the Web Smart Switch default IP address information.

VigorSwitch

G1085 User’s Guide

Page 17

2. After configuring correct IP address on your PC, open your web browser and access

switch's IP address.

Default system account is "admin", with password "admin" in default. Switch IP address is "192.168.1.224" by default with DHCP client enabled.

II--22--55 IIPP AAddddrreessss AAssssiiggnnmmeenntt

For IP address configuration, there are three parameters needed to be filled in. They are IP address, Subnet Mask, Default Gateway and DNS.

IP address:

The address of the network device in the network is used for internetworking communication. Its address structure looks is shown below. It is “classful” because it is s p lit into predefined address classes or categories.

Each class has its own network range between the network identifier and host identifier in the 32 bits address. Each IP address comprises two parts: network ide n tifier (address) and host identifier (address). The former indicates the network where the addressed host resides, and the latter indicates the individual host in the network which the address of host refers to. And the host identifier must be unique in the same LAN. Here the term of IP address we used is version 4, known as IPv4.

Network iden

With the classful addressing, it divides IP address into three classes, class A, class B and class C. The rest of IP addresses are for multicast and broadcast. The bit length of the network prefix is the same as that of the subnet mask and is denoted as IP address/X, for example,

192.168.1.0/24. Each class has its address range described below.

tifier Host identifier

32 bits

Class A:

Address is less than 126.255.255.255. There are a total of 126 networks can be defined because the address 0.0.0.0 is reserved for default route and 127.0.0.0/8 is reserved for loopback function.

Class B:

IP address range between 128.0.0.0 and 191.255.255.255. Each cl ass B network has a 16-bit network prefix followed 16-bit host address. There are 16,384 (2^14)/16 networks able to be defined with a maximum of 65534 (2^16 –2) hosts per network.

VigorSwitch

G1085 User’s Guide

Page 18

Class C:

IP address range between 192.0.0.0 and 223.255.255.255. Each class C network has a 24-bit network prefix followed 8-bit host address. There are 2,097,152 (2^ 21)/24 networks able to be defined with a maximum of 254 (2^8 –2) hosts per network.

Class D and E:

Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and is used for IP Multicast. See also RFC 1112. Class E is a class with first 4 MSB set to 1-1-1-1 and is used for I P broadcast.

According to IANA (Internet Assigned Numbers Authority), there are three specific IP address blocks reserved and able to be used for extending internal network. We call it Private IP address and list below:

Class A 10.0.0.0 --- 10.255.255.255 Class B 172.16.0.0 --- 172.31.255.255 Class C 192.168.0.0 --- 192.168.255.255

Please refer to RFC 1597 and RFC 1466 for more information.

Subnet mask:

It means the sub-division of a class-based network or a CIDR block. The subnet is used to determine how to split an IP address to the network prefix and the host address in bitwise basis. It is designed to utilize IP address more efficiently and ease to manage IP network.

For a class B network, 128.1.2.3, it may have a subnet mask 255.255.0.0 in default, in which the first two bytes is with all 1s. This means more than 60 thousands of nodes in flat IP address will be at the same network. It’s too large to manage practically. Now if we divide it into smaller network by extending network prefix from 16 bits to, say 24 bits, that’s using it s third byte to subnet this class B network. Now it has a subnet mask 255.255.255.0, in which each bit of the first three bytes is 1. It’s now clear that the first two bytes is used to identify the class B network, the third byte is used to identify the subnet within this class B network and, of course, the last byte is the host number.

Not all IP address is available in the sub-netted network. Two special addresses are reserved. They are the addresses with all zero’s and all one’s host number. For example, an IP address

128.1.2.128, what IP address reserved will be looked like? All 0s mean the network itself, a nd

all 1s mean IP broadcast.

VigorSwitch

G1085 User’s Guide

Page 19

In this diagram, you can see the subnet mask with 25-bit long, 255.255.255.1 28, contain s 126 members in the sub-netted network. Another is that the length of network prefix equals the number of the bit with 1s in that subnet mask. With this, you can easily count the number of IP addresses matched. The following table shows the result.

Prefix Length No. of IP matched No. of Addressable IP

/32 1 /31 2 /30 4 2 /29 8 6 /28 16 14 /27 32 30 /26 64 62 /25 128 126 /24 256 254 /23 512 510 /22 1024 1022 /21 2048 2046 /20 4096 4094 /19 8192 8190 /18 16384 16382 /17 32768 32766 /16 65536 65534

According to the scheme above, a subnet mask 255.255.255.0 will partition a network with the class C. It means there will have a maximum of 254 effective nodes existed in this sub-netted network and is considered a physical network in an autonomous network. So it owns a network IP address which may looks like 168.1.2.0.

With the subnet mask, a bigger network can be cut into small pieces of network. If we want to have more than two independent networks in a worknet, a partition to the network must be performed. In this case, subnet mask must be applied.

For different network applications, the subnet mask may look like 255.255.255.240. This means it is a small network accommodating a maximum of 15 nodes in the network.

VigorSwitch

G1085 User’s Guide

Page 20

For assigning an IP address to the switch, you just have to check what the IP address of the network will be connected with the switch. Use the same network address and append your host address to it.

 First, IP Address: as shown above, enter “192.168.1.224”, for instance. For sure, an

IP address such as 192.168.1.x must be set on your PC.

 Second, Subnet Mask: as shown above, enter “255.255.255.0”. Choose a subnet mask

suitable for your network.

Note: The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to the switch, check before accessing your switch is essential.

VigorSwitch

G1085 User’s Guide

Page 21

II--33 AAcccceessssiinngg WWeebb PPaaggee ooff VViiggoorrSSwwiittcchh

1. Open any browser (e.g., Firefox) and type “192.168.1.224” as URL.

2. Please type “admin/admin” as the Username/Password and click Login.

3. Now, the Main Screen will appear.

Info

VigorSwitch

G1085 User’s Guide

The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to VigorSwitch, checking before accessing VigorSwitch is essential.

Page 22

II--44 DDaasshhbbooaarrdd

Click Dashboard from the main menu on the left side of the main page.

A web page with default selections will be displayed on the screen. Refer to the following figure:

VigorSwitch

G1085 User’s Guide

Page 23

II--55 SSttaattuuss

II--55--11 PPoorrtt BBaannddwwiiddtthh UUttiilliizzaattiioonn

This page offers the traffic statistics inlcuding data information and data of interframe gap for each port (GE1 to GE8). In which, data of interframe gap can be displayed or hidden by choose Enable / Disable for IFG.

II--55--22 LLLLDDPP SSttaattiissttiiccss

This page offers the statistics of LLDP packets (in, out and error) of each port (GE1 to GE8).

VigorSwitch

G1085 User’s Guide

Page 24

This page is left blank.

VigorSwitch G1085 User’s Guide

Page 25

arrtt IIII

wiittcc

VigorSwitch G1085 User’s Guide

Page 26

IIII--11 GGeenneerraall SSeettuupp

General setup is used to configure settings for the switch network interface and offers how the switch connects to a remote server to get services.

IIII--11--11 MMaannaaggeemmeenntt IIPP//VVLLAANN

The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.224. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0.

Use the IP Address (IPv4/IPv6) screen to configure the switch IP address and the default gateway device. The gateway field specifies the IP address of the gateway (next hop) for outgoing traffic. In addition, this page allows the network administrator to change the VLAN ID of management access. Management access protocols such as http, https, SNMP and etc., are only accessible from the VLAN specified as management VLAN.

Info

If VigorSwitch has connected to Vigor router, it will use the IP address obtained from the DHCP server on Vigor router. Thus, the user must type the assigned IP as URL for accessing into the web user interface of VigorSwitch. If not, 192.168.1.224 shall be the default IP.

Available settings are explained as follows:

Item Description IPv4 Mode Select the mode of network connection.

 Static- Use static IPv4 address.  DHCP – Use DHCP provisioned IP address and Gateway if

feasible.

VigorSwitch

G1085 User’s Guide

Page 27

IP Address It is available when Static is selected as Mode.

Enter the IP address of your switch in dotted decimal notation for example 192.168.1.224. If static mode is enabled, enter IP address in this field.

Subnet Mask It is available when Static is selected as Mode.

Enter the IP subnet mask of your switch in dotted decimal notation for example 255.255.255.0. If static mode is enabled, enter subnet mask in this field.

Gateway It is available when Static is selected as Mode.

Enter the IP address of the gateway in dotted decimal notation. If static mode is enabled, enter gateway address in this field.

DNS Server 1 It is available when Static is selected as Mode.

If static mode is enabled, enter primary DNS server address in this field.

DNS Server 2 It is available when Static is selected as Mode.

If static mode is enabled, enter secondary DNS server address in this field.

IPv6 Auto Configuration Enable - Check it to let switch automatically configure IPv6

address.

IPv6 Address It is available when Auto Configuration is set as Disable.

Enter the IPv6 address of your switch. If auto configuration mode is disabled, enter IPv6 address in this field.

Link Local Address Display link local address. Gateway It is available when Auto Configuration is set as Disable.

Enter the IPv6 address of the router as your default IPv6 gateway to access IPv6 Internet or other IPv6 network.

DNS Server 1 It is available when Auto Configuration is set as Disable.

If static mode is enabled, enter primary DNS server address in this field.

DNS Server 2 It is available when Auto Configuration is set as Disable.

If static mode is enabled, enter secondary DNS server address in this field.

DHCPv6 Client It is available when Auto Configuration is set as Enable.

Enable this feature if there is a DHCPv6 server on your network for assigning IPv6 Address, instead of using Router Advertisement.

Management VLAN Management VLAN Select the VLAN ID as management VLAN. You can create

additional VLAN profiles by Switch LAN>>VLAN management>> Create VLAN.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 28

IIII--22 PPoorrtt SSeettttiinngg

IIII--22--11 GGeenneerraall SSeettttiinngg

Port Setting is used to configure settings for the switch ports, trunk, Layer 2 protocols and other switch features.

Available settings are explained as follows:

Item Description Ports Use the drop down list to selelct one or more LAN port(s). Enable State Enable –Click it to enable the port.

Disable – Click it to disable the port.

Speed Port speed capabilities:

 Auto: Auto speed with all capabilities.  Auto(10M): Auto speed with 10M ability only.  Auto(100M): Auto speed with 100M ability only.  Auto(1000M): Auto speed with 1000M ability only.  Auto(10/100M): Auto speed with 10/100M ability.  10M: Force speed with 10M ability.  100M: Force speed with 100M ability.  1000M: Force speed with 1000M ability.

Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the switch’s auto-negotiation is turned off, a port uses the pre-configured

VigorSwitch

G1085 User’s Guide

Page 29

speed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer port are the same in order to connect.

For SFP fiber module, you might need to manually configure the speed to match fiber module speed.

Duplex Port duplex capabilities:

 Auto: Auto duplex with all capabilities.  Half: Auto speed with 10/100M ability only.  Full: Auto speed with 10/100/1000M ability only.

Flow Control A concentration of traffic on a port decreases port bandwidth

and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill. Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later.

 Enable – Click it to enable such function.  Disable – Click it to disable such function.

Apply Apply the settings to the switch. Modify It is used to manually enter the description, state, speed,

duplex, flow control for the port.

VigorSwitch

G1085 User’s Guide

Page 30

IIII--22--22 PPrrootteecctteedd PPoorrttss

This page allows the network administrator to configure protected port setting to prevent the selected ports from communication with each other. Protected port is only allo wed to communicate with unprotected port.

For example, GE1 and GE3 are selected in Port List and Enable is clicked as Protected, then users behind GE1 and GE3 are separated and can not communicate with each other.

Available settings are explained as follows:

Item Description Protected Ports Settings  Port List – Use the drop down list to select the port(s)

(GE1 to GE8) for applying the settings configured in this page.

 Protected – Click Enable to activate the protected port

function.

 Apply - The modification made above can be applied on

to the selected GE port immediately.

Protected Port Status Display current status for each GE port.

VigorSwitch

G1085 User’s Guide

Page 31

IIII--33 MMiirrrroorr

This section provides ability to mirror packets coming in or going out on any port to a destination port. Through the packet duplication in the destination port, this feature is convinent for system administrator to monitor / understand the traffic operation.

Session ID 1 to 4 can be enabled simultaneously and operate independently.

Available settings are explained as follows:

Item Description Session ID Select the session ID (profile 1 to 4) of mirror operation you

wish to configure.

Monitor Session State  Enable – Enable specified mirror session.

 Disable - Disable specified mirror session.

Destination Port Specify the port where you wish to observe the mirrored

packets.

Allow Operation as Normal Port

Sniff Ports (RX) / (TX) Select the port(s) which you wish to mirror the traffic, Rx for

Apply Apply the settings to the switch.

 Enable – The destination port is able to function as a port

connecting to network, communicating with other network devices.

 Disable - Only observe the mirrored packets.

mirror the packets into the port, Tx for mirror the packets going out from the port.

VigorSwitch

G1085 User’s Guide

Page 32

IIII--44 LLiinnkk AAggggrreeggaattiioonn

LAG means Link Aggregation Group which groups some physical ports together to make a single high-bandwidth data path. Thus it can implement traffic load sharing among the member ports in a group to enhance the connection reliability.

IIII--44--11 LLAAGG SSeettttiinngg

This page allows to configure Load Balance Algorithm for Link Aggregation.

Available settings are explained as follows:

Item Description Load Balance Algorithm Select your Load balance algorithm.

 MAC address - Aggregated group will balance the traffic

based on different MAC addresses. Therefore, the packets from different MAC addresses will be sent to different links.

 IP/Mac Address - Aggregated group will balance the

traffic based on MAC addresses and IP addresses. Therefore, the packets from same MAC addresses but different IP addresses will be sent to different links.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 33

IIII--44--22 LLAAGG MMaannaaggeemmeenntt

There are eight LAG profiles allowed to group different physical ports. The system will assign certain port(s) as Active Member and Standby Member according to the GE selections.

Available settings are explained as follows:

Item Description Description Display the port description. Port Type Display the type of the LAG. Link Status Display LAG port link status. Active Member Display active member ports of the LAG. Standby Member Display inactive or candidate member ports of the LAG. Modify It is used to edit the name, type and port number for each link

aggregation profile.

Name- Enter a string as LAG name. Type – Use the drop down menu to specify the type for LAG.

 Static- The static aggregated port sends packets over

active member without detecting or negotiating with remote aggregated port.

 LACP- The LACP aggregated ports place member into

active only after negotiated with remote aggregated port for best reliability.

VigorSwitch

G1085 User’s Guide

Page 34

 Ports - Select the physical ports for this LAG profile.

IIII--44--33 LLAAGG PPoorrtt SSeettttiinngg

This page defines port setting for each LAG profile (LAG1 to LAG8), including data speed and enabling/disabling the flow control.

Available settings are explained as follows:

Item Description LAG Use the drop down list to selelct one or more LAG profiles. Enable  Enable –Click it to enable the profile.

 Disable – Click it to disable the profile.

Speed Port speed capabilities:

 Auto(10M/100M/1000M): Auto speed with all

capabilities.

 Auto(10M): Auto speed with 10M ability only.  Auto(100M): Auto speed with 100M ability only.  Auto(1000M): Auto speed with 1000M ability only.  Auto(10/100M): Auto speed with 10/100M ability.  10M: Force speed with 10M ability.  100M: Force speed with 100M ability.  1000M: Force speed with 1000M ability.

VigorSwitch

G1085 User’s Guide

Page 35

are the same in order to connect. For SFP fiber module, you might need to manually configure

the speed to match fiber module speed.

Duplex Port duplex capabilities:

 Auto: Auto duplex with all capabilities.  Half: Auto speed with 10/100M ability only.  Full: Auto speed with 10/100/1000M /10G ability only.

Flow Control A concentration of traffic on a port decreases port bandwidth

 Enable – Click it to enable such function.  Disable – Click it to disable such function.

Apply Apply the settings to the switch. Modify It is used to edit status, speed, and flow control for the LAG.

IIII--44--44 LLAACCPP SSeettttiinngg

This page allows the network administrator to enable or disable the LACP function.

Available settings are explained as follows:

Item Description LACP  Enable – Click it to enable such function.

 Disable – Click it to disable the function.

VigorSwitch

G1085 User’s Guide

Page 36

System Priority The priority is used to determine which switch (local or

remote) on the LAG connection is able to decide LACP activities. The lower the number is, the higher the priority for VigorSwitch will be. Therefore, the switch with the highest system priority (e.g., 1) can make decisions about which ports actively participate in LAG at a given time.

Apply Apply the settings to the switch.

IIII--44--55 LLAACCPP PPoorrtt SSeettttiinngg

This section provides few detailed configuration regarding to Ports under LACP protocol.

Available settings are explained as follows:

Item Description Ports Use the drop down list to specify LAN Port. Priority Enter a port priority number for the port. Timeout The timeout option decides how local switch of LAG

connection determines connection to be lost. Switch would also notify the remote switch about this setting value, so that remote switch can send LACP PDU in correct timing.

 Long - LACP PDU will be sent every 30 seconds. If port

member is not seen over 90 seconds, it will cause port member timeout.

 Short - LACP PDU will be sent per second. If port member

is not seen over 3 seconds, it will cause port member timeout.

Apply Apply the settings to the switch. Modify It is used to edit settings (priority and timeout) for LACP port.

VigorSwitch

G1085 User’s Guide

Page 37

IIII--55 VVLLAANN MMaannaaggeemmeenntt

A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections.

IIII--55--11 CCrreeaattee VVLLAANN

This page allows a user to add, edit or delete VLAN settings.

Available settings are explained as follows:

Item Description Action Select which action to perform, add VLANs or delete VLANs.

 Add – Create a new VLAN profile.  Delete – Delete an existed VLAN profile.

VLAN ID Enter the number as VLAN ID to be created or deleted. If you

want to create / delete multiple VLAN profiles, simply enter multiple VLAN ID separated by comma, and/or range of VLAN ID using hyphen.

VLAN Name Enter the prefix you wish to add followed by VLAN ID as VLAN

name. Leave it empty for using default "VLAN". After clicking Apply, you will see:

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 38

Modify

- Modify the name of the selected VLAN ID.

 New Name - Type a name for such VLAN profile.  OK - Apply the settings to the switch.  Cancel - Close the page and return to previous page.

- Delete the selected VALN ID.

IIII--55--22 IInntteerrffaaccee SSeettttiinnggss

This page allows a user to configure interface setting related to VLAN.

Available settings are explained as follows:

Item Description Port Select Select LAN ports to configure VLAN Settings. Interface VLAN Mode Select the VLAN mode of the interface.

 Hybrid – Support all functions as defined in IEEE 802.1Q

specification.

 Access – Accept only untagged frames and join an

VigorSwitch

G1085 User’s Guide

Page 39

untagged VLAN.

 Trunk - An untagged member of one VLAN at most, and is

a tagged member of zero or more VLANs.

PVID A PVID (Port VLAN ID) is a tag that adds to incoming untagged

frames received on a port so that the frames are forwarded to the VLAN group that the tag defines.

For port under Access Mode, VLAN ID provided as PVID would automatically be selected as the untagged VLAN.

Accepted Type Specify the acceptable-frame-type of the specified in terfaces.

It’s only available with Hybrid mode.  All - Accept frames regardless it's tagged with 802.1q or

not.

 Tag Only - Accept frames only with 802.1q tagged.  Untag Only - Accept frames untagged.

Ingress Filtering Enable the ingress filtering to filter out any packets not belong

to any VLAN members of this port. It is enabled automatically while operating in Access and Trunk mode.

 Enabled – Click it to enable the function.  Disabled - Click it to disable the function.

Tagged VLAN Specify the VLAN profile tagged in the VLAN. Untagged VLAN Specify the VLAN profile untagged in the VLAN. Forbidden VLAN Specify the VLAN profile forbidden in the VLAN. Apply Apply the settings to the switch. Modify

- It is used to edit settings for the selected port.

VigorSwitch

G1085 User’s Guide

Page 40

IIII--55--33 VVooiiccee VVLLAANN

With such feature, a VLAN will be created temporarily and when the specified OUI device delivers protocol packets related to “VoIP”, VigorSwitch will guide these packets into the specified Voice LAN with specified priorioty tag to speed up the packet transmission. Such voice VLAN is only active inside VigorSwitch for packet transmission. After these packets leave VigorSwitch, the Voice VLAN tag will be removed immediately.

IIII--55--33--11 PPrrooppeerrttiieess

This page allows a user to configure global and per interface setting of voice VLAN.

Available settings are explained as follows:

Item Description Voice VLAN State  Enabled – Click it to enable Voice VLAN.

 Disabled - Click it to disable Voice VLAN.

Voice VLAN Id Check the box of Enable first and then select Voice VLAN ID

profile.

Remark CoS/802.1p Click Enabled / Disabled to enable or disable 1p remarking. If

enabled, qualified packets will be remarked by this value.

Remark Value Specify the number of packets to be remarked.

Specify the CoS/802.1p number you wish ingress VoIP packets be tagged with, so that QoS can prioritize it correctly.

Aging Time Select value of aging time (30~65536 min).

Default is 1440 minutes. A voice VLAN entry will be age out after this time if without any packet pass through.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 41

IIII--55--33--22 TTeelleepphhoonnyy OOUUII SSeettttiinngg

This page allows a user to add, edit or delete OUI MAC addresses. Default has 8 pre-defined OUI MAC.

Available settings are explained as follows:

Item Description OUI Address Type OUI address. Description Enter a description of the specified MAC address to the voice

VLAN OUI table.

Add Click it to create a new voice OUI based on the settings

configured above.

Edit

- Modify OUI setting for voice VLAN.

- Click it to remove the selected OUI entry.

VigorSwitch

G1085 User’s Guide

Page 42

IIII--55--33--33 PPoorrtt SSeettttiinngg

This page allows a user to specify LAN port(s) as Voice LAN port.

Available settings are explained as follows:

Item Description Port Use the drop down list to specify one or more LAN ports. State  Enabled – Click it to enable the port settings for Voice

LAN.

 Disabled – Click it to disable the port settings for Voice

LAN.

Cos Mode If Remark CoS/802.1p is enabled in Voice VLAN>>Properties,

settings in this page shall be applied. Otherwise, this option will not take effect.

 All - Once this port is identified as Voice VLAN by frame

with matched OUI, remark CoS/802.1p shall tag for all ingress frame regardless of remarked frame matched with pre-configured OUI or not.

 Src (Source) - Once this port is identified as Voice VLAN

by frame with matched OUI, remark CoS/802.1p sh all tag for only the matched ingress frame with pre-configured OUI.

Apply Apply the settings to the switch. Edit Click the icon under Edit for one entry to modify port settings

(State, Cos Mode) for voice VLAN.

VigorSwitch

G1085 User’s Guide

Page 43

IIII--55--44 MMAACC VVLLAANN

IIII--55--44--11 MMAACC GGrroouupp

The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to define groups with specific MAC addresses for later binding with VLAN and Port.

Available settings are explained as follows:

Item Description Group ID It is a number for identification later, while chosen to be

bound with VLAN/Port.

MAC Address Enter the MAC address you wish to be classified in this group Mask The mask is the length of matching prefix you wish to have on

MAC address. For example, configure mask in 10. It means a host with

beginning of the 10-digit of MAC address will be checked, and classified into this group if matched.

Add Click it to create a new MAC group profile based on the

VigorSwitch

G1085 User’s Guide

Page 44

settings configured above.

Edit Click the icon under Edit for one entry to modify settings for

group ID.

II--55--44--33 GGrroouupp BBiinnddiinngg

The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you to configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to bind the group of specified MAC addresses with VLAN and Port.

Available settings are explained as follows:

Item Description Ports Select the ports you wish to be bound with specified MAC

address group.

Group ID Choose the group ID you have created in earlier section, which

specified a group of host by MAC address and its mask.

VLAN Enter the VLAN ID that you wish to be bound with. Add Click it to create a new MAC group binding profile based on the

settings configured above.

Edit Click the icon under Edit for one entry to modify settings for

selected port profile.

VigorSwitch

G1085 User’s Guide

Page 45

IIII--55--55 SSuurrvveeiillllaannccee VVLLAANN

Surveillance VLAN can be configured for VigorSwitch to identify the packets coming from an IP camera automatically and assign those traffics to a specific VLAN ID and CoS/8 02.1p value, this helps you to prioritize those traffics and improve video quality.

IIII--55--55--11 PPrrooppeerrttyy

This page is for setting up the VLAN to which the video traffic should be assigned and to enable/disable Surveillance VLAN on each port.

Available settings are explained as follows:

Item Description State  Enabled – Click it to enable the port settings for such

VLAN.

 Disabled – Click it to disable the port settings for such

VLAN.

VLAN ID Choose a VLAN profile (created in Switch LAN>>VLAN

Management>>Create Vlan) as Surveillance VLAN.

CoS/802.1p Remarking Specify the CoS/802.1p number you wish ingress packets be

tagged with, so that QoS can prioritize it correctly.  Enable - If enabled, qualified packets will be remarked

by this value.

Aging Time Unit is second.

Select value of aging time (30~65536 seconds). Default is 1440 seconds. VLAN entry will be aged out after this

time if no packet passes through.

Apply Apply the settings to the switch. Edit

- Click it to modify port setting status.

VigorSwitch

G1085 User’s Guide

Page 46

 State –Set it to enable surveillance VLAN function of

interface.

 Mode –Select port surveillance VLAN mode.

 Auto: Surveillance VLAN auto detect packets that

match OUI table and add received port into surveillance VLAN ID tagged member.

 Manual: User need add interface to VLAN ID tagged

member manually.

 QoS Policy - Select port QoS Policy mode.

 Video Packet: QoS attributes are applied to

packets with OUI in the source MAC address.

 All: QoS attributes are applied to packets that are

classified to the Surveillance VLAN.

 OK - Apply the settings to the switch.

 Cancel - Abandon the changes and return to previous

page.

VigorSwitch

G1085 User’s Guide

Page 47

IIII--55--66--11 SSuurrvveeiillllaannccee OOUUII

Filtering Surveillance traffic is based on the OUI of the IP cameras. Users can add, edit, and delete OUI on this page.

Available settings are explained as follows:

Item Description OUI Address Enter OUI MAC address of monitored IP camera. It can’t be

edited in edit dialog.

Description Enter a description of the specified MAC address to the

surveillance VLAN OUI table.

Add Click it to create a new voice OUI based on the settings

configured above.

Edit

- Modify OUI setting for surveillance VLAN.

- Click it to remove the selected OUI entry.

VigorSwitch

G1085 User’s Guide

Page 48

IIII--66 EEEEEE

This page allows a user to enable or disable port EEE (Energy Efficient Ethernet) function.

Available settings are explained as follows:

Item Description Port Select one or multiple ports to configure (GE1 to GE8). Enable  Enable –Click it to enable the EEE function.

 Disable - Click it to disable the EEE function.

Apply Apply the settings to the switch. Modify

- Click it to modify port setting status.

VigorSwitch

G1085 User’s Guide

Page 49

IIII--77 MMuullttiiccaasstt

IP multicast is a technique for one-to-many communication over an IP infrastructure in a network.

To avoid the incoming data broadcasting to all GE ports, multicast is useful to transfer the data/message to specified GE ports for IGMP snooping. When VigorSwitch receives a message “subscribed” by the client, it must decide to transfer the data to specified GE ports according to the location of the client (subscribed member).

IIII--77--11 PPrrooppeerrttiieess

For the multicast packets, This page allows the network administrator to choose actions for processing the unknown muliticast packets and for handling known packets with MAC address, IP address and VLAN ID.

VigorSwitch

Available settings are explained as follows:

Item Description Unknown Multicast

Action

IPv4 Forward Method Set the IPv4 multicast forward method.

Apply Apply the settings to the switch.

G1085 User’s Guide

Select an action for switch to handle with unknown multicast packet.

 Drop: Drop the unknown multicast data.  Flood: Flood the unknown multicast data.  Forward to Router port: Forward the unknown multicast

data to router port.

 Dst. MAC & VID: Forward using destination multicast MAC

address and VLAN IDs.

 Dst. IP & VID: Forward using destination multicast IP

address and VLAN ID.

Page 50

IIII--77--22 IIGGMMPP SSnnooooppiinngg

IGMP snooping is the process of listening to Internet Group Manag e ment Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a ma p of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.

IIII--77--22--11 IIGGMMPP SSeettttiinngg

This page allows the network administrator to enable/disable IGMP function, select snooping version, and enable/disable snooping report suppression.

Available settings are explained as follows:

Item Description

VigorSwitch

G1085 User’s Guide

Page 51

IGMP Snooping State  Enable – Click it to set enabling IGMP function.

 Disable - Click it to disable IGMP function.

IGMP Snooping Version Set the IGMP snooping version.

 v2 - Only support process IGMP v2 packet.  v3 (BISS) - Support v3 basic and v2.

IGMP Snoopign Report Suppression

Click Enable to allow the switch to handle IGMP reports between router and host, suppressing bandwidth used by IGMP.

Apply Apply the settings to the switch. Modify

- Click it to modify IGMP settings for selected profile. However, if IGMP Snooping State is not set as Enable, such option will be disabled.

 IGMP Snooping State –Choose Enable to enable IGMP

snooping function.

 Router Ports Auto Learn – Set the enabling status of

IGMP router port learning. Choose Enable to learn router port by IGMP query.

 Query Robustness – Set a number which allows tuning for

VigorSwitch

G1085 User’s Guide

Page 52

the expected packet loss on a subnet.

 Query Interval – Set the interval of querier send general

query.

 Query Response Interval – It specifies the maximum

allowed time before sending a responding report in units of 1/10 second.

 Last Member Query Counter – After quering for

specified times (defined here) and still not receiving any response from the subscribed member, VigorSwitch will stop transmitting data to the related GE port(s).

 Last Member Query Interval – The maximum time

interval between counting each member query message with no responses from any subscribed member.

 Immediate Leave – Leave the multicast group

immediately on the port & VLAN where leave message is sent from, regardless there is still a subscribed member or not. Click Enable to enable Fastleave function.

 OK - Apply the settings to the switch.  Cancel - Close the page and return to previous page.

IIII--77--22--22 IIGGMMPP QQuueerriieerr SSeettttiinngg

This page allows a user to configure querier settings on specific VLAN of IGMP Snooping.

Available settings are explained as follows:

Item Description VLAN ID Use the drop down list to specify a VLAN profile as IGMP

Snooping querier.

Querier State  Enable – Click Enable to set the enabling status of IGMP

Querier on the chosen VLAN profile.

 Disable – Click it to disable the function.

Querier Version Set the query version of IGMP Querier Election on the chosen

VLANs.

 v2 - Querier version 2.  v3 - Querier version 3.

VigorSwitch

G1085 User’s Guide

Page 53

Note: For maximum compatibility, it is suggested to use querier version lower than IGMP snooping version, for there is possibile network mixed with IGMP v2/v3 client and v2 query message is widerly understandable for those clients.

Apply Apply the settings to the switch.

IIII--77--22--33 IIGGMMPP SSttaattiicc GGrroouupp

The IGMP static group is allowed to assign a VLAN/port as a specific IPv4 multicast member. Every IPv4 multicast stream that belongs to the specified group IP address will be forwarded to the specified port/VLAN member.

Available settings are explained as follows:

Item Description VLAN ID Use the drop down list to specify a VLAN profile as IGMP Static

Group.

Group IP Address It is an identifier for the group member. Packets sent to such

address will be transferred to all interfaces defined in Member Ports.

Specify the IPv4 multicast address you wish to assign for the static group (defined in VLAN ID).

Member Ports Specify the port(s) that static group with given IPv4 multicast

address shall include.

Apply Apply the settings to the switch. Modify

- Click it to modify settings.

VigorSwitch

G1085 User’s Guide

Page 54

IIII--77--22--44 IIGGMMPP GGrroouupp TTaabbllee

This page shows currently known and dynamically learned by IGMP snooping or shows the assigned IPv4 multicast address group in operation.

Available settings are explained as follows:

Item Description VLAN ID Display the VLAN of this multicast group belongs to. Group IP Address Display the multicast address of this multicast group. Member Ports Display the port(s) where subscribing member of this multicast

group belongs to.

Type Display if it is dynamically learned or statically assigned. Life(sec.) Display the life time of this multicast member left if no

membership report sent again.

VigorSwitch

G1085 User’s Guide

Page 55

IIII--77--22--55 IIGGMMPP RRoouutteerr TTaabbllee

This page shows the IGMP querier router known to this switch.

Available settings are explained as follows:

Item Description VLAN ID Use the drop down list to specify a VLAN profile (created in

Switch LAN>>VLAN Management>>Create Vlan) that the MLD querier belongs to.

Port Display the static port member specified in Member Ports. Expire Time (sec.) Display the time before querier is considered no longer

existed.

VigorSwitch

G1085 User’s Guide

Page 56

IIII--88 JJuummbboo FFrraammee

This page allows a user to configure switch port jumbo frame settings.

Available settings are explained as follows:

Item Description Jumbo Frame (Bytes) Enter Jumbo frame size. The valid range is 1526 bytes – 10000

bytes.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 57

IIII--99 SSTTPP

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network.

Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning Tree Protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC (01:80:C2:00:00:00, or 01:00:0C:CC:C C:CD for Per VLAN Spanning Tree).

For STP algorithms to function, the switches need to share inf ormation about t hemsel ves an d their connections. What they share are bridge protocol data units (BPDUs).

BPDUs are sent out as multicast frames to which only other layer 2 switches or bridges are listening. If any loops (multiple possible paths between switches) are found in the network topology, the switches will co-operate to disable a port or ports to ensure that there are no loops; that is, from one device to any other device in the layer 2 network, only one path can be taken.

IIII--99--11 PPrrooppeerrttiieess

This page allows a user to configure and display Spanning Tree Protocol (STP) property configuration.

Available settings are explained as follows:

Item Description STP Mode Set the operating mode of Spanning Tree (STP).

 Disabled – Disable the STP operation.  STP - Enable the Spanning Tree (STP) operation.  RSTP - Enable the Rapid Spanning Tree (RSTP) operation.

BPDU Handling Specify the BPDU forward method when the STP is disabled.

 Filtering - Filter the BPDU when STP is disabled.  Flooding - Flood the BPDU when STP is disabled.

VigorSwitch

G1085 User’s Guide

Page 58

PathCost Method Specify the path cost method.

 Long - Specifies that the default port path costs are

within the range: 1~200,000,000.

 Short - Specifies that the default port path costs are

within the range: 1~65,535.

Apply Apply the settings to the switch.

IIII--99--22 PPoorrtt SSeettttiinngg

This page allows the user to configure and display Spanning Tree Protocol (STP) port settings.

Available settings are explained as follows:

Item Description Ports Use the drop down to specify the interface ID or the list of

interface IDs.

Path Cost (0=Auto) Path cost is the cost of transmitting a frame on to a LAN

through that port. It is recommended to assign this value according to the speed of the bridge. The slower the media, the higher the cost. Entering 0 means the switch will automatically assign a value.

Priority Specify a priority value for the switch. The smaller the priority

value, the higher the priority and greater chance of becoming the root.

Edge Port In the edge mode, the interface would be put into the

Forwarding state immediately upon link up. If the edge mode is enabled for the interface and there are BPDUs received on the interface, the loop might be occurred in the short time before the STP state change.

 Yes – Enable the function.  No – Disable the function.

P2P Option  Auto – VigorSwitch determines the STP of link type for

this port automatically.

 Yes – It means the STP of link type on this port is

VigorSwitch

G1085 User’s Guide

Page 59

full-duplex and directly connect to another switch or host.

 No - It means the STP of link type on this port is “not”

full-duplex and “does not” directly connect to another switch or host.

BPDU Filter Yes – Drop all BPDU packets and no BPDU will be sent. BPDU Guard Yes – BPDU Guard further protects your switch by turning this

port into error state and shutdown if any BPDU received from this port. Check it to enable such function.

Apply Apply the settings to the switch.

After clicking it, the settings configured above will be shown on the table below.

Ports Use the drop down to specify the interface(s) for applying the

function of Migrate.

Migrate Click it to force the port(s) specified above to send one RSTP

BPDU (Rapid Spanning Tree Protocol Bridge Protocol Data Unit).

Edit Click it to modify the settings for the selected GE port.

VigorSwitch

G1085 User’s Guide

Page 60

IIII--99--33 BBrriiddggee SSeettttiinngg

This page allows the network administrator to configure required information to negotiate with other VigorSwitch for determining the bridge switch.

Available settings are explained as follows:

Item Description Priority Specify the bridge priority. The valid range is from 0 to 61440,

and the value should be the multiple of 4096. It ensures the probability that the switch is selected as the root bridge, and the lower value has the higher priority for the switch to be selected as the root bridge of the topology.

Forward Delay Specify the STP forward delay time, which is the amount of

time that a port remains in the Listening and Learning states before it enters the Forwarding state. Its valid range is from 4 to 10 seconds.

Max Age Specify the time interval in seconds for a switch to wait the

configuration messages, without attempting to redefine its own configuration.

Tx Hold Count Specify the tx-hold-count used to limit the maximum numbers

of packets transmission per second. The valid range is from 1 to 10.

Hello Time Specify the STP hello time in second to broadcast its hello

message to other bridge by Designated Ports. Its valid range is from 1 to 10 seconds.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 61

IIII--99--44 PPoorrtt AAddvvaanncceedd SSeettttiinngg

This page allows user to edit general setting of STP CIST port and browser CIST port status.

Available settings are explained as follows:

Item Description Port Display the interface number for GE and LAG. Indentifier(Priority/ID) Display the spanning tree port identifier. Path Cost Conf/Oper Display current path cost of given port. Designated Root Bridge Display the identifier of designated root bridge. Root Path Cost Display the operational root path cost. Designated Bridge Display the identifier of next bridge on this port. Edge Port Conf/Oper Display if this port is configured as Edge of STP network, for

speed up link up.

P2P MAC Conf/Oper Display if this port is configured as point to point link to

another switch or host.

Port Role Display current port role on the specified port. The possible

values will be: “Disabled”, “Root”, “Designated”, “Alternative”, and “Backup”.

Port State Display current port state on the specified port. The possible

values will be: “Disabled”, “Discarding”, “Learning”, and “Forwarding”.

Edit Click it to modify the priority setting for the selected GE port /

LAG port.

VigorSwitch

G1085 User’s Guide

Page 62

IIII--99--55 SSttaattiissttiiccss

This page displays STP statistics.

Available settings are explained as follows:

Item Description Port Display the port number (GE / LAG). Configure BPDUs Rx. Display the counts of the received CONFIG BPDU. TCN BPDUs Rx. Display the counts of the received TCN BPDU. Configure BPDUs Tx. Display the counts of the transmitted CONFIG BPDU. TCN BPDUs Rx Display the counts of the transmitted TCN BPDU.

VigorSwitch

G1085 User’s Guide

Page 63

IIII--1100 MMAACC AAddddrreessss TTaabbllee

This section allows user to view the dynamic MAC address entries in the MAC table, change related setting, and assign MAC address into MAC table.

IIII--1100--11 SSttaattiicc MMAACC SSeettttiinngg

This section allows user to manually assign MAC address into MAC table. The configuration result will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

Item Description MAC Address Enter the MAC address that will be forwarded. VLAN This is the VLAN group to which the MAC address belongs. Port Select the port where received frame of matched destination

MAC address will be forwarded to.

Add Click it to add any port into the static MAC table. Delete Click it to remove the selected port from the static MAC table.

VigorSwitch

G1085 User’s Guide

Page 64

IIII--1100--22 DDyynnaammiicc AAddddrreessss SSeettttiinngg

This page allows a user to configure aging time for dynamic MAC address.

Available settings are explained as follows:

Item Description Aging Time Enter the Dynamic MAC address aging out value (5-32767

seconds).

Apply Apply the settings to the switch.

IIII--1100--33 DDyynnaammiicc LLeeaarrnneedd

This page displays the MAC address and port number automatically learned by VigorSwitch.

Available settings are explained as follows:

VigorSwitch

G1085 User’s Guide

Page 65

Item Description MAC Address Display the MAC address that will be forwarded. VLAN Display the VLAN group to which the MAC address belongs. Type Display whether the MAC address is Dynamic (learned by the

Switch) or Static Unicast (manually entered in the Static MAC Forwarding screen).

Port Display the port to which this MAC address belongs. Add to Static Click this button to add any port into the static MAC table.

VigorSwitch

G1085 User’s Guide

Page 66

IIII--1111 BBlloocckkeedd PPoorrtt RReeccoovveerr

This page is used for configuring settings to recover the port which is being blocked by the following functions after a defined period of time.

Available settings are explained as follows:

Item Description Recovery Interval The port being blocked will be able to receive and send traffic

after the time period configured here.

BPDU Guard Enable – Recover the port being blocked by BPDU Guard after

the time set in Recovery Interval.

Self Loop Enable – Recover the port being blocked by self loop Guard

after the time set in Recovery Interval.

Broadcast Flood Enable –Recover the port being blocked by broadcast flood

after the time set in Recovery Interval.

Unknown Multicast Flood Enable – Recover the port being blocked by unknown multicast

flood after the time set in Recovery Interval.

Unicast Flood Enable – Recover the port being blocke d by unicast flood after

the time set in Recovery Interval.

ACL Enable – Recover the port being blocked by ACL after the time

set in Recovery Interval.

Port Security Enable – Recover the port being blocked by port security after

the time set in Recovery Interval.

DHCP Rate Limit Enable – Recover the port being blo cked by DHCP rate limit

after the time set in Recovery Interval.

ARP Rate Limit Enable – Recover the port being blocked by ARP rate limit

after the time set in Recovery Interval.

Apply Apply the settings to the switch.

VigorSwitch G1085 User’s Guide

Page 67

arrtt IIIIII

VII

urrvv

eiillll

ncc

VigorSwitch

G1085 User’s Guide

Page 68

IIIIII--11 TTooppoollooggyy

ONVIF (Open Network Video Interface Forum), an International standard for current surveillance system industy, focuses on security products based o n network IP address.

With this feature, VigorSwitch can:

 Integrate the ONVIF device and surveillance network  Centralize management of IP video products  View video images directly on VigorSwitch WUI  Offer remote IP video products maintenance

ONVIF devices can be centralized and managed remotely via VigorSwitch. With a hierarchy view, the administrator can manage several ONVIF devices and check abnormal traffic detected by Vigor system.

IIIIII--11--11 SSttaattuuss

The status (including port enabled, traffic, downlink, etc.) of the IP cameras and NVRs (Network Video Recorders) can be seen on this page.

Available settings are explained as follows:

Item Description Discovery Enable - If enabled, VigorSwitch will automatically detect

ONVIF devices, recognize third party IP cameras and NVR and integrate ONVIF device(s) to form surveillance network.

Disable - Disable the function of Discovery.

Default Username / Default Password

Enter a name / password as the default value. In the entire ONVIF Surveillance menu, VigorSwitch will input

this value in advanced and retrieve data. System administrator can access the IP device in which the username and password are as same as the default values.

However, you can also input another username/password

VigorSwitch

G1085 User’s Guide

Page 69

manually if the IP device username/password is different from the one you enter in Default Username/Default Password.

Group Specify a group for displaying group information and device

information under the selected group. Or, choose the default setting, All, to display information for

all groups.

NVR Display the number of NVR device(s) connected to

VigorSwitch. The panel sketch on the screen will display which LAN port that the NVR device connected.

CAM Display the number of IP camera(s) connected to VigorSwitch.

The panel sketch on the screen will display which LAN port that the IP camera connected.

Group Information Total Group Display the total number of groups. +Add New Group A group can contain one (IP camera or NVR, as group leader) to

several devices (IP cameras as group devices). Click the button to create a new group for managing multiple

devices. Step (1) - The first page allows you to configure general

settings for a new group.

 Group Name - Enter the name of a group.  Group by - The system will detect the NVR or IP cameras,

and list them on the field of NVR or Group Leader.

 NVR/Group Leader - Select an IP device. For the vedio

from IP camera will be recorded on an NVR device, it is suggested to assign an NVR as the group leader.

 Group Device - This field lists all devices (IP cameras)

VigorSwitch

G1085 User’s Guide

Page 70

not included by other group. Select one IP device to multiple devices or select all the devices for managed by this group.

 ONVIF Device Admin Username/Password - When the

group members share the same username and password, enter the username and password in these two field for

administration.  Next - Click it to access into next page. Step (2) - The second page allows you to configure throughput

threshold for the group port. It is helpful for the system administrator to make the corresponding process if encountered abnormal situation.

 Apply to All Member Ports - Check the box to apply the

throughput threshold setting to all member ports.  GE# Ingress Threshold Mailalert - Click Enable to set the

ingress limit value. When the incoming traffic (packet) of

the GE port reaches the limit, the Vigor System will send

an alert email to the system administrator.

 GE# Ingress Rate - If enabling the ingress threshold

alert, enter the ingress rate as a threshold to send mail alert.

 GE# Egress Threshold Mailalert - Click Enable to set the

egress limit value. When the outgoing traffic (packet) of

the GE port reaches the limit, the Vigor System will send

an alert email to the system administrator.

 GE# Egress Rate - If enabling the egress threshold

alert, enter the egress rate as a threshold to send mail alert.

 OK - Save the configuration and exit the box.  Cancel - Exit the box without saving the configuration.

VigorSwitch

G1085 User’s Guide

Page 71

Device Information Modify Click it to modify the settings of the selected IP device.

VigorSwitch

G1085 User’s Guide

Page 72

IIIIII--22--22 TThhrroouugghhppuutt TThhrreesshhoolldd

This page is used for set throughput threshold for multiple ONVIF devices managed by VigorSwitch.

Available settings are explained as follows:

Item Description Ports Specify one to several GE ports which will be limited by the

threshold configured here.

Ingress Threshold Mailalert

Egress Threshold Mailalert

Apply Save the settings or changes to the switch. Modify Click it to modify the settings for the selected GE port / LAG

Disable - No mail alert will be sent out. Enable - When the ingress rate reaches the threshold

configured here, Vigor system will send alert mail to specified mail address.

 Ingress Rate (Kbps) - Enter a value as the threshold of

ingress packets.

Disable - No mail alert will be sent out. Enable - When the egress rate reaches the threshold

configured here, Vigor system will send alert mail to specified mail address.

Egress Rate (Kbps)- Enter a value as the threshold of engress packets.

port.

VigorSwitch

G1085 User’s Guide

Page 73

VigorSwitch

G1085 User’s Guide

Page 74

IIIIII--22 VViiddeeoo

On this page, users may directly view images captured from the specified IP camera.

Available settings are explained as follows:

Item Description Group Specify a group which contains the IP camera you want to

check.

Camera List Search - Enter the device name of the IP camera for searching

and displaying on this field.

Video Preview After authenticated with correct username and password, the

image of the specified IP camera (supported by VigorSwitch) will be shown immediately.

Usename / Password - The default username/passw ord will be input if it is configured on the Topology page. However, if the default input is not the correct username/password, enter the correct one of the IP camera instead.

Live Streaming - Display the streaming URI of the IP camera.

VigorSwitch

G1085 User’s Guide

Page 75

IIIIII--33 DDeevviiccee MMaaiinntteennaannccee

The system administrator can remotely configure time setting and rebo ot the devices (IP camers or NVRs) managed by VigorSwitch.

IIIIII--33--11 GGeenneerraall

This page displays the information (e.g., device online, device name, etc.), time and date and the device action for a selected IP device (e.g., IP camera). Meanwhile, this page allows configuring settings for ping check of IP camera or NVR.

Available settings are explained as follows:

Item Description Device List Search - Enter a string to search the IP device you want.

Username / Password - The default username/password will

be input if it is configured on the Topology page. However, if the default input is not the correct username/password, enter the correct one of the IP device instead.

Login - Click it to authenticate the username and password. Later, current network settings related to this device will be shown on the screen.

Device Information Display the information related to the selected device.

- Click it to modify the device name.

VigorSwitch

G1085 User’s Guide

Page 76

Time and Date Display the time and date information related to the selected

device.

- Click it to modify the time setting for the device.

Device Action Display the action performed by IP-based device.

Factory Default - Click the Apply button to rest the factory

default to the IP device. Reboot - Click the Apply button to reboot the IP device

immediately.

Device Ping Check -- Configure settings for ping check of IP camera or NVR. Port Display the port number of the IP device Enable Enable - Click it to enable the device ping check function.

Disable - Click it to disable the function.

Ping IP Address Add Device - Click it to add an IP address of the device to be

pinged by VigorSwitch. Up to 16 IP address(es) can be added and displayed in this field one by one (with the format of x.x.x.x, x.x.x.x, x.x.x.x...)

Del Device - Click it to remove the selected IP address.

Interval Time (sec) Set a time interval (15, 30, 60, 120) for pinging action. Retry Time Choose 1, 3, or 5 for Vigor system to retry the pinging action. Mail Alert Enable - When the device is offline, Vigor system will send an

alert mail to notify the receiptant.  Mail with Snapshot - If enabled, the switch will try to get

snapshot from the device per half hour. Before using this

feature, set the group authentication information when

adding group or configure Default Username/Password in

the Topology page first. Disable - When the device is offline, no action will be

performed.

Apply Save the settings or changes to the switch.

VigorSwitch

G1085 User’s Guide

Page 77

IIIIII--33--22 NNeettwwoorrkk

This page displays the network settings of the specified device (IP CAM or NVR).

Available settings are explained as follows:

Item Description Device List Search - Enter a string to search the device you want.

Username / Password - The default username/password will

be input if it is configured on the Topology page. However, if the default input is not the correct username/password, enter the correct one of the IP device instead.

Login - Click it to authenticate the username and password. Later, current network settings related to this device will be shown on the screen.

Mode Change the connection mode for this device.

Static - When it is selected, you have to enter value for

network setting manually for the IP device.

 IP Address - Enter an IPv4 address for the IP device.  Prefix Length - Specify the subnet mask for the IP

address.

 Gateway - Enter the IPv4 address for the gateway.  DNS Server1/2 - Enter the IP address for primary /

secondary DNS server. DHCP - When it is selected, the IP device will be assigned with

the settings by the network's DHCP server automatically to access the Internet.

 Hostname - Display the hostname of the DHCP server.

Zero Configuration Enable - The network settings for the IP device will be

configured automatically. Disable - The network settings for the IP devcie must be

configured manually.

Apply Save the settings or changes to the switch.

VigorSwitch

G1085 User’s Guide

Page 78

IIIIII--33--33 SSeeccuurriittyy

This page displays the security settings of the specified IP device (IP CAM or NVR).

Available settings are explained as follows:

Item Description Device List Search - Enter a string to search the device you want.

Username / Password - The default username/password will

be input if it is configured on the Topology page. However, if the default input is not the correct username/password, enter the correct one of the IP device instead.

Login - Click it to authenticate the username and password. Later, current network settings related to this device will be shown on the screen.

HTTP Ports Current HTTP port number of the IP device is shown in this

field. Enable - Click it to enable the HTTP port configuration and

enter a port value if required.

Disable - Disable the HTTP port configuration.

HTTPS Ports Current HTTPS port number of the IP device is shown in this

field. Enable - Click it to enable the HTTPS port configuration and

enter a port value if required. Disable - Disable the HTTPS port configuration.

RTSP Ports Current RTSP port number of the IP device is shown in this

field. Enable - Click it to enable the RTSP port configuration and

enter a port value if required. Disable - Disable the RTSP port configuration.

Apply Save the settings or changes to the switch.

VigorSwitch G1085 User’s Guide

Page 79

arrtt II

ecc

urriittyy

VigorSwitch

G1085 User’s Guide

Page 80

IIVV--11 SSttoorrmm CCoonnttrrooll

Storm Control helps to suppress possible broadcast, unknown multicast or unknown unicast storm by applying a rate limit on those packets.

IIVV--11--11 PPrrooppeerrttiieess

This page allows a user to configure general settings for Storm Control.

Available settings are explained as follows:

Item Description Storm Control Mode Select the mode of storm control.

 Packet/sec – Storm control rate will be calculated by

packet-based.  Kbits/sec - Storm control rate will be calculated by

octet-based.

Preamble & Inter Frame Gap

Apply Apply the settings to the switch.

Select the rate calculation with/without preamble & IFG (20 bytes).

 Excluded – Exclude preamble & IFG (20 bytes) when

count ingress storm control rate.  Included - Include preamble & IFG (20 bytes) when count

ingress storm control rate.

VigorSwitch

G1085 User’s Guide

Page 81

IIVV--11--22 PPoorrtt SSeettttiinngg

This page allows the network administrator to configure port settings for Storm Control. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

Item Description Ports Use the drop down list to select the port profile (GE1 to GE8). Storm Control  Disable – Disable the storm control configuration for the

selected port profile.  Enable – Enable the storm control configuration for the

selected port profile.

Limiting Rate Check the box(es) to enable strom control rate limited for

Broadcast, Unknown Multicast and/or Unknow Unicast packet.  Broadcast – Specify the storm control rate for Broadcast

packet. Value of storm control rate, Unit: Kbps (Kbits

per-second). The range is from 16 to 1000000.  Unknown Multicast – Specify the storm control rate for

unknown multicast packet. Value of storm control rate,

Unit: Kbps (Kbits per-second). The range is from 16 to

1000000.

 Unknown Unicast - Specify the storm control rate for

unknown multicast packet. Value of storm control rate,

Unit: Kbps (Kbits per-second). The range is from 16 to

1000000.

Action Select the state of setting.

 Drop – Packets exceed storm control rate will be

dropped.  Shutdown - Port exceeds storm control rate will be

shutdown.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 82

IIVV--22 DDooSS

A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users. DoS attacks saturate the device with external communication requests, so that it cannot respond to legitimate traffic. These attacks usually lead to a device CPU overload.

The DoS protection feature is a set of predefined rules that protect the network from malicious attacks. The DoS Security Suite Setting enables activating the security suite.

IIVV--22--11 PPrrooppeerrttiieess

This page allows a user to configure DoS setting to enable/disable DoS function for global setting.

Available settings are explained as follows:

Item Description Dst MAC=Src MAC Drop the packets if the destination MAC address is eq ual to the

source MAC address.

 Disabled – Disable the item function.  Enabled - Enable the item function.

LAND Drop the packets if the source IP address is equal to the

destination IP address.

 Disabled – Disable the item function.  Enabled - Enable the item function.

UDP Blat Drop the packets if the UDP source port equals to the UDP

destination port.

 Disabled – Disable the item function.  Enabled - Enable the item function.

TCP Blat Drop the packages if the TCP source port is equal to the TCP

destination port.

 Disabled – Disable the item function.  Enabled - Enable the item function.

VigorSwitch

G1085 User’s Guide

Page 83

Ping of Death Avoid ping of death attack.

Ping packets that length are larger than 65535 bytes.

 Disabled – Disable the item function.  Enabled - Enable the item function.

IPv6 Min Fragments Check the minimum size of IPv6 fragments, and drop the

packets smaller than the minimum size. The valid range is from 0 to 65535 bytes, and default value is 1240 bytes.

 Disabled – Disable the item function.  Enabled - Enable the item function.

ICMP Fragments Drop the fragmented ICMP packets.

 Disabled – Disable the item function.  Enabled - Enable the item function.

IPv4 Ping Max Size Determine the IPv4 PING packet with the length.

 Disabled – Disable the item function.  Enabled - Enable the item function.-

IPv6 Ping Max Size Determine the IPv6 PING packet with the length.

 Disabled – Disable the item function.  Enabled - Enable the item function.

Ping Max Size Setting Determine the IPv4/IPv6 PING packet with the length. Specify

the maximum size of the ICMPv4/ICMPv6 ping packets. The valid range is from 0 to 65535 bytes, and the default value is 512 bytes.

Smurf Attack Avoid smurf attack. The length range of the netmask is from 0

to 323 bytes, and default length is 0 byte.

 Disabled – Disable the item function.  Enabled - Enable the item function.

TCP Min Hdr Size Check the minimum TCP header and drops the TCP packets

with the header smaller than the minimum size. The length range is from 0 to 31 bytes, and default length is 20 bytes.

 Disabled – Disable the item function.  Enabled - Enable the item function.

TCP-SYN (SPORT<1024) Drop SYN packets with sport less than 1024.

 Disabled – Disable the item function.  Enabled - Enable the item function.

Null Scan Attack Drop the packets with NULL scan.

 Disabled – Disable the item function.  Enabled - Enable the item function.

X-mas Scan Attack Drop the packets if the sequence number is zero, and the FIN,

URG and PSH bits are set.

 Disabled – Disable the item function.  Enabled - Enable the item function.

TCP SYN-FIN Attack Drop the packets with SYN and FIN bits set.

 Disabled – Disable the item function.  Enabled - Enable the item function.-

TCP SYN-RST Attack Drop the packets with SYN and RST bits set.

 Disabled – Disable the item function.  Enabled - Enable the item function.

VigorSwitch

G1085 User’s Guide

Page 84

TCP Fragment (Offset=1) Drop the fragmented ICMP packets.

 Disabled – Disable the item function.  Enabled - Enable the item function.

Apply Apply the settings to the switch.

IIVV--22--22 DDooSS PPoorrtt SSeettttiinngg

This page allows a user to configure and display the state of DoS protection for interface s. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

Item Description Port Use the drop down list to select the port profile (GE1 to GE8)

or profiles.

DoS Protection  Disabled – Disable the function of DoS Protection.

 Enabled - Enable the function of DoS Protection.

Apply Apply the settings to the switch. Modify

- Click it to modify the port settings.

VigorSwitch

G1085 User’s Guide

Page 85

IIVV--33 IIPP SSoouurrccee GGuuaarrdd

By using the source IP address filtering function, IP source guard can prevent a malicious host from feigning a legal host with its IP address and performing malicious attack.

IIVV--33--11 PPoorrtt SSeettttiinnggss

IP source guard is a port-based feature. Therefore, it is necessary to configure detailed settings for each GE/LAG port interface separately.

Available settings are explained as follows:

Item Description Ports Use the drop down list to select the port (GE1 to GE8, LAG1 to

LAG8) or ports for applying IP source guard function.

State Enable – Check it to make the port(s) selected above apply the

settings configured in this page.

Verify Source Specify the type of source IP for the packet coming from.

 IP – Only the packet with specified IP address will be

verified.  IP-MAC – Only the packet with specified IP address and

MAC address will be verified.

Max Entry Define the number (0~50) for the port.

The default is 0 (no limit).

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 86

IIVV--33--22 IIMMPPVV BBiinnddiinngg

This page allows the network administrator to set the filtering conditions (binding type, M AC address, IPv4 address) for packets through the specified LAN port.

Available settings are explained as follows:

Item Description Ports Use the drop down list to select the port (GE1 to GE8, LAG1 to

LAG8) or ports for applying IMPV Binding function.

VLAN Choose a number as VLAN ID which is easy to be identified for

a packet containing with it. It is optional setting.

Binding Select the binding type for such feature.

 IP-MAC-Port-VLAN – Packets will be allowed to pass

through the port interface if they meet the conditions

specified by IP address, MAC address, Port setting and

VLAN ID setting.  IP-Port-VLAN – Packets will be allowed to pass through

the port interface if they meet the conditions specified

by IP address, Port setting and VLAN ID setting.

MAC Address Enter the MAC address of the device connecting to the port

interface selected above.

IPv4 Address Enter the IP address with mask address of the device

connecting to the port interface selected above.

Add Click it to create a new binding profile. Edit

- Click it to modify the settings for the selected entry.

VigorSwitch

G1085 User’s Guide

Page 87

- click it to remove the selected entry.

IIVV--44 IIPP CCoonnfflliicctt PPrreevveennttiioonn

A user can configure IP addresses for network devices manually. However, it might result in conflict between different devices due to using the same IP address, and cause the devices not working correctly.

This page allows you to prevent IP conflict by binding the port with the specified IP address.

Available settings are explained as follows:

Item Description IP Conflict Prevention Quick Start Wizard - The system will guide to bind server port

VigorSwitch

G1085 User’s Guide

Page 88

Setup Wizard with an IP address step by step.

Step 1

Step 2

Step 3

VigorSwitch

G1085 User’s Guide

Page 89

Step 4

After clicking OK, the IP address specified for the GE port will be unavailable for other network devices.

IP Prevention Enable - Click it to activate the function of IP prevention.

Disable - Click it to deactivate the function of IP prevention.

Apply Apply the settings to the switch. Clear Remove all settings of IP source guard DHCP snooping and

dynamic ARP inspection.

Modify

- Click it to modify the settings for the selected entry.

VigorSwitch

G1085 User’s Guide

Page 90

Port Type - There are four selections - DHCP Client, Static Binding, Multiple Hosts and DHCP Server. Each type will bring out different IP address(es) settings.

OK - Click it to save the settings.

- Click it to remove the selected entry.

VigorSwitch

G1085 User’s Guide

Page 91

IIVV--55 LLoooopp PPrrootteeccttiioonn

Loop event might be caused due to wrong hardware connection. VigorSwitch will periodically send packets out to check if they loopback or not. This page allows you to set conditions and perform an action when VigorSwitch detects the loopped packet.

Available settings are explained as follows:

Item Description State  Enable - VigorSwitch detects the loop event of GE

ports/LAG ports automaticlly.

 Disable - VigorSwitch will not detect the loop event.

Transmission Time When the loop event occurred, VigorSwitch will perform the

action after a period of time.

Action When the switch detects loop situation occurred to a port; it

will perform the action selected in this field.

 Log - The switch will reord such event as a log.  Shutdown Port - The switch will shut down the port.  Shutdown Port and Log - The switch will shut down the

port and record the event as a log. The system

administrator will view the content from system log.

Apply Apply the settings to the switch.

VigorSwitch

G1085 User’s Guide

Page 92

This page is left blank.

VigorSwitch G1085 User’s Guide

Page 93

arrtt

nffii

urr

attii

VigorSwitch

G1085 User’s Guide

Page 94

VV--11 CCrreeaattee AACCLL

An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific cr iteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon a s it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.

VV--11--11 MMAACC

The function is used to show the Access Control List (ACL) based on Layer 2 filtering, the MAC layer. The ACL is composed by many Access Control Element (ACE) rules. You can create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

Item Description ACL Profile Name Enter a name for creating a new ACL profile. Add Add a new ACL entry using given ACL name. Action

- click it to remove the selected entry.

VV--11--22 IIPPvv44

The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv4. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs.

VigorSwitch

G1085 User’s Guide

Page 95

Available settings are explained as follows:

Item Description ACL Profile Name Enter a name for creating a new ACL profile. Add Add a new ACL entry using given ACL name. Action

- click it to remove the selected entry.

VV--11--33 IIPPvv66

The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv6. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs.

VigorSwitch

Available settings are explained as follows:

G1085 User’s Guide

Page 96

Item Description ACL Profile Name Enter a name for creating a new ACL profile. Add Add a new ACL entry using given ACL name. Action

- click it to remove the selected entry.

VigorSwitch

G1085 User’s Guide

Page 97

VV--22 CCrreeaattee AACCEE

Since ACL based on MAC, IPv4 and/or IPv4 has been created on the section of IV-1, now you can add multiple ACE rules for each ACL.

VV--22--11 MMAACC

This page shows ACE based on MAC address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port.

You may provide filtering/matching criteria for one or more of p ack et character istic (such as Source/Destination MAC, Ethertype, VLAN, 802.1p) for this ACE to identify the packet.

Available settings are explained as follows:

Item Description ACL Profile Name Use the drop down list to selected one of the user defined ACL

profiles.

Sequence Assign a sequence number to this ACE. The sequence is used to

identify which one of ACEs in an ACL is firstly used to match ingress packets. The switch port bound with an ACL use the contained ACE rules, start with the one with lower sequence number to match the packet first.

Action Select the action applied to the packet matched this ACE.

Permit or deny the packets into switch core, or shutdown the port for stopping further transmission.

 Permit  Deny  Shutdown

Source MAC / Destination MAC

Specify the source and the destination MAC address for filtering.

Any – All packets will be filtered.

VigorSwitch

G1085 User’s Guide

Page 98

Or, enter the IP address to filter the packets coming from that address.

Ethertype Specify ethernet type for filtering.

Select Any. Or, enter the value with the format of “0x600 ~ 0xFFF”.

VLAN Specify VLAN profile for filtering.

Select Any. Or, enter a VLAN number. The packets coming from the VLAN

specified here will be filtered by Vigor device.

802.1p Specify the 802. 1p priority value for filtering. Select Any, or a number from 0 to 7.

Add Click it to create a new ACE rule. Modify

- click it to modify the settings for the selected entry.

- click it to remove the selected entry.

VV--22--22 IIPPvv44

This page shows ACE based on IPv4 address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port.

You may provide filtering/matching criteria for one or more of following packet characteristic (such as Protocol over the IP layer, Source/Destination IPv4 address, Type of Service, Source/Destination port number, TCP flags, ICMP Type, if chosen protocol contains ICMP), for this ACE to identify the packet.

Available settings are explained as follows:

Item Description ACL Profile Name Use the drop down list to selected one of the user defined ACL

profiles.

Sequence Assign a sequence number to this ACE. The sequence is used to

VigorSwitch

G1085 User’s Guide

Page 99

Action Select the action applied to the packet matched this ACE.

Permit or deny the packets into switch core, or shutdown the port for stopping further transmission.

 Permit  Deny  Shutdown

Protocol Specify the protocol for filtering.

 Any – All packets will be filtered.  Select – Choose one of the protocol (e.g., ICMP, IP in IP,

TCP, EGP, IGP…) from the drop down list. Packets passing through the selected protocol will be filtered.

 Define – Specify a type number (0 – 255) for ICMP code.

For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.

Source IP / Destination IP Specify the source and the destination IPv4 address for

filtering. Any – All packets will be filtered. Or, enter the IP address to filter the packets coming from that

address.

Service  Any – All packets will be filtered.

 DSCP – All IP traffic is mapped to queues based on the

DSCP field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue.

 IP Precedence - All IP traffic is mapped to queues based

on the IP Precedence field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue.

Source Port / Destination Port

Specify the source and destination port number for filtering the packets.

 Any – All packets will be filtered.  Single – Only the packets passing through the number

defined here will be filtered.

 Range – Only the packets passing through the port range

defined here will be filtered.

ICMP Type  Any – All packets will be filtered.

 Select – Choose one of the type (e.g., Destination

Unreachable Echo Reply, MLD Query….) from the drop down list.

 Define – Specify a type number (0 – 255) for ICMP code.

For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.

ICMP code Each ICMP type can be defined with different codes. For

example, if you define ICMP Type as “3”, then the available codes for Type 3 will be 0-15.

Any – All packets will be filtered. Or, enter 0 to 255 based on the ICMP type specifed.

Add Click it to create a new binding profile.

VigorSwitch

G1085 User’s Guide

Page 100

Modify

- click it to modify the settings for the selected entry.

- click it to remove the selected entry.

VV--22--33 IIPPvv66

This page allows the network administrator to create ACE based on IP v6 address.

Available settings are explained as follows:

Item Description ACL Profile Name Use the drop down list to selected one of the user defined ACL

profiles.

Sequence Assign a sequence number to this ACE. The sequence is used to

Action Select the action applied to the packet matched this ACE.

Permit or deny the packets into switch core, or shutdown the port for stopping further transmission.

 Permit  Deny  Shutdown

Protocol Specify the protocol for filtering.

 Any – All packets will be filtered.  Select – Choose one of the protocol (e.g., ICMP, TCP,

EGP…) from the drop down list. Packets passing through the selected protocol will be filtered.

 Define – Specify a type number (0 – 255) for ICMP code.

For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.

VigorSwitch

G1085 User’s Guide

DrayTek VigorSwitch G1085 Service Manual

Specifications and Main Features

Frequently Asked Questions

User Manual