Edge-Core ECS4210-12P, ECS4210-12T, ECS4210-28P, ECS4210-28T Web Management Manual

Download

Page 1

12/28-Port Gigabit Ethernet Layer 2 Switch

ECS4210-12P ECS4210-12T ECS4210-28P ECS4210-28T

Software Release v1.0.0.24

Web Management Guide

www.edge-core.com

Page 2

Web Management Guide

ECS4210-12P

Layer 2 Managed PoE Switch with 8 10/100/1000BASE-T (RJ-45) PoE Ports, 2 10/100/1000BASE-T (RJ-45) Ports, and 2 Gigabit SFP Uplink Ports

ECS4210-12T

Layer 2 Managed Switch with 8 10/100/1000BASE-T (RJ-45) Ports, and 4 Gigabit SFP Uplink Ports

ECS4210-28P

Layer 2 Managed PoE Switch with 24 10/100/1000BASE-T (RJ-45) PoE Ports, and 4 Gigabit SFP Uplink Ports

ECS4210-28T

Layer 2 Managed Switch with 24 10/100/1000BASE-T (RJ-45) Ports, and 4 Gigabit SFP Uplink Ports

ECS4210-12P 149100000219A ECS4210-12T 149100000241A ECS4210-28P 149100000217H ECS4210-28T 149100000217H

E032014/ST-R03

Page 3

How to Use This Guide

This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.

Who Should Read This

Guide?

How This Guide is

Organized

Documentation

This guide is for network administrators who are responsible for operating and maintaining network equipment. The guide assumes a basic working knowledge of LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).

This guide describes the switch’s web management interface. An introduction to the switch’s key features is also provided. For information on initial configuration, refer to the CLI Reference Guide.

The guide includes these sections:

◆ Section I “Getting Started” — Includes an introduction to switch management.

◆ Section II “Web Configuration” — Includes all management options available

through the web interface.

◆ Section III “Ap pen di ce s” — Includes information on troubleshooting switch

management access.

This guide focuses on switch software configuration through the web interface.

For information on how to manage the switch through the Command Line Interface (CLI), see the following guide:

CLI Reference Guide

For information on how to install the switch, see the following guide:

Installation Guide

For all safety information and regulatory statements, see the following documents:

Quick Start Guide Safety and Regulatory Information

– 3 –

Page 4

How to Use This Guide

Conventions The following conventions are used throughout this guide to show information:

Note:

Emphasizes important information or calls your attention to related features

or instructions.

Caution:

Alerts you to a potential hazard that could cause loss of data, or damage

the system or equipment.

War ning:

Alerts you to a potential hazard that could cause personal injury.

Revision History This section summarizes the changes in each revision of this guide.

March 2014 Revision

This is the third version of this guide. This guide is valid for software release v1.0.0.24. It includes the following changes.

◆ Updated the maximum setting for aging time in "Changing the Aging Time" on

page 170.

◆ Added the section "MLD Snooping (Snooping and Query for IPv6)" on

page 494.

October 2013 Revision

This is the second version of this guide. This guide is valid for software release v1.0.0.18. It includes the following changes.

◆ Added the ECS4210-12T model.

◆ Updated parameter section for "Configuring Port Isolation" on page 111.

◆ Updated description of new configuration pages for "Traffic Segmentation" on

page 128.

◆ Added mask and priority parameters under "Configuring MAC-based VLANs"

on page 160.

◆ Updated description of Action field for Traffic > DiffServ > Add Rule page under

"Creating QoS Policies" on page 232.

◆ Updated parameters section under "Using the Ping Function" on page 427.

◆ Updated parametes section and added description of IGMP RADIUS

Authentication under "Filtering Multicast Data at Interfaces" on page 483

– 4 –

Page 5

How to Use This Guide

April 2013 Revision

This is the first version of this guide. This guide is valid for software release v1.0.0.12.

– 5 –

Page 6

How to Use This Guide

– 6 –

Page 7

How to Use This Guide 3

Contents 7

Figures 17

Tables 29

Section I Getting Started 31

1 Introduction 33

Key Features 33

Description of Software Features 34

System Defaults 39

2 Using the Web Interface 43

Connecting to the Web Interface 43

Navigating the Web Browser Interface 44

Home Page 44

Configuration Options 45

Panel Display 46

Main Menu 47

Section II Web Configuration 63

3 Basic Management Tasks 65

Displaying System Information 66

Displaying Hardware/Software Versions 67

Configuring Support for Jumbo Frames 68

Displaying Bridge Extension Capabilities 69

– 7 –

Page 8

Contents

Managing System Files 71

Copying Files via FTP/TFTP or HTTP 71

Saving the Running Configuration to a Local File 73

Setting The Start-Up File 74

Showing System Files 74

Automatic Operation Code Upgrade 75

Setting the System Clock 79

Setting the Time Manually 79

Setting the SNTP Polling Interval 80

Configuring NTP 81

Configuring Time Servers 82

Setting the Time Zone 85

Configuring the Console Port 86

Configuring Telnet Settings 88

Displaying CPU Utilization 90

Displaying Memory Utilization 91

Resetting the System 91

4 Interface Configuration 95

Port Configuration 95

Configuring by Port List 95

Configuring by Port Range 97

Displaying Connection Status 98

Configuring Local Port Mirroring 99

Configuring Remote Port Mirroring 101

Showing Port or Trunk Statistics 105

Performing Cable Diagnostics 110

Configuring Port Isolation 111

Trunk Configuration 115

Configuring a Static Trunk 116

Configuring a Dynamic Trunk 118

Displaying LACP Port Counters 123

Displaying LACP Settings and Status for the Local Side 124

Displaying LACP Settings and Status for the Remote Side 126

– 8 –

Page 9

Contents

Traffic Segmentation 128

Enabling Traffic Segmentation 128

Configuring Uplink and Downlink Ports 129

VLAN Trunking 131

5 VLAN Configuration 135

IEEE 802.1Q VLANs 135

Configuring VLAN Groups 138

Adding Static Members to VLANs 140

Configuring Dynamic VLAN Registration 145

IEEE 802.1Q Tunneling 148

Enabling QinQ Tunneling on the Switch 152

Adding an Interface to a QinQ Tunnel 153

Protocol VLANs 154

Configuring Protocol VLAN Groups 155

Mapping Protocol Groups to Interfaces 156

Configuring IP Subnet VLANs 158

Configuring MAC-based VLANs 160

Configuring VLAN Mirroring 162

6 Address Table Settings 165

Setting Static Addresses 165

Configuring MAC Address Isolation 167

Changing the Aging Time 170

Displaying the Dynamic Address Table 171

Clearing the Dynamic Address Table 172

Configuring MAC Address Mirroring 173

Configuring Extended MAC Security 175

7 Spanning Tree Algorithm 179

Overview 179

Configuring Loopback Detection 182

Configuring Global Settings for STA 183

Displaying Global Settings for STA 189

Configuring Interface Settings for STA 190

Displaying Interface Settings for STA 194

– 9 –

Page 10

Contents

Configuring Multiple Spanning Trees 196

Configuring Interface Settings for MSTP 200

8 Congestion Control 203

Rate Limiting 203

Storm Control 204

Automatic Traffic Control 206

Setting the ATC Timers 208

Configuring ATC Thresholds and Responses 209

9 Class of Service 213

Layer 2 Queue Settings 213

Setting the Default Priority for Interfaces 213

Selecting the Queue Mode 214

Mapping CoS Values to Egress Queues 217

Layer 3/4 Priority Settings 220

Setting Priority Processing to DSCP or CoS 220

Mapping Ingress DSCP Values to Internal DSCP Values 221

Mapping CoS Priorities to Internal DSCP Values 224

10 Quality of Service 227

Overview 227

Configuring a Class Map 228

Creating QoS Policies 232

Attaching a Policy Map to a Port 241

11 VoIP Traffic Configuration 243

Overview 243

Configuring VoIP Traffic 244

Configuring Telephony OUI 245

Configuring VoIP Traffic Ports 246

12 Security Measures 249

AAA Authorization and Accounting 250

Configuring Local/Remote Logon Authentication 251

Configuring Remote Logon Authentication Servers 252

Configuring AAA Accounting 257

– 10 –

Page 11

Contents

Configuring AAA Authorization 262

Configuring User Accounts 265

Web Authentication 267

Configuring Global Settings for Web Authentication 267

Configuring Interface Settings for Web Authentication 268

Network Access (MAC Address Authentication) 270

Configuring Global Settings for Network Access 272

Configuring Network Access for Ports 273

Configuring Port Link Detection 275

Configuring a MAC Address Filter 276

Displaying Secure MAC Address Information 278

Configuring HTTPS 279

Configuring Global Settings for HTTPS 279

Replacing the Default Secure-site Certificate 281

Configuring the Secure Shell 282

Configuring the SSH Server 285

Generating the Host Key Pair 286

Importing User Public Keys 288

Access Control Lists 290

Setting A Time Range 291

Showing TCAM Utilization 294

Setting the ACL Name and Type 295

Configuring a Standard IPv4 ACL 297

Configuring an Extended IPv4 ACL 298

Configuring a Standard IPv6 ACL 300

Configuring an Extended IPv6 ACL 302

Configuring a MAC ACL 304

Configuring an ARP ACL 306

Binding a Port to an Access Control List 308

Configuring ACL Mirroring 309

Showing ACL Hardware Counters 311

ARP Inspection 312

Configuring Global Settings for ARP Inspection 313

Configuring VLAN Settings for ARP Inspection 315

Configuring Interface Settings for ARP Inspection 316

– 11 –

Page 12

Contents

Displaying ARP Inspection Statistics 317

Displaying the ARP Inspection Log 318

Filtering IP Addresses for Management Access 319

Configuring Port Security 321

Configuring 802.1X Port Authentication 323

Configuring 802.1X Global Settings 325

Configuring Port Authenticator Settings for 802.1X 326

Configuring Port Supplicant Settings for 802.1X 330

Displaying 802.1X Statistics 332

DoS Protection 335

IP Source Guard 341

Configuring Ports for IP Source Guard 341

Configuring Static Bindings for IP Source Guard 343

Displaying Information for Dynamic IP Source Guard Bindings 344

DHCP Snooping 346

DHCP Snooping Global Configuration 348

DHCP Snooping VLAN Configuration 349

Configuring Ports for DHCP Snooping 350

Displaying DHCP Snooping Binding Information 352

13 Basic Administration Protocols 355

Configuring Event Logging 355

System Log Configuration 355

Remote Log Configuration 358

Link Layer Discovery Protocol 359

Setting LLDP Timing Attributes 360

Configuring LLDP Interface Attributes 361

Configuring LLDP Interface Civic-Address 365

Displaying LLDP Local Device Information 367

Displaying LLDP Remote Device Information 371

Displaying Device Statistics 379

Power over Ethernet 381

Displaying the Switch’s Overall PoE Power Budget 382

Setting The Port PoE Power Budget 383

– 12 –

Page 13

Contents

Simple Network Management Protocol 385

Configuring Global Settings for SNMP 387

Setting the Local Engine ID 388

Specifying a Remote Engine ID 389

Setting SNMPv3 Views 390

Configuring SNMPv3 Groups 393

Setting Community Access Strings 398

Configuring Local SNMPv3 Users 399

Configuring Remote SNMPv3 Users 401

Specifying Trap Managers 403

Creating SNMP Notification Logs 407

Showing SNMP Statistics 409

Remote Monitoring 411

Configuring RMON Alarms 412

Configuring RMON Events 414

Configuring RMON History Samples 416

Configuring RMON Statistical Samples 419

Switch Clustering 421

Configuring General Settings for Clusters 422

Cluster Member Configuration 423

Managing Cluster Members 425

14 IP Configuration 427

Using the Ping Function 427

Address Resolution Protocol 429

Setting the ARP Timeout 429

Displaying ARP Entries 430

Setting the Switch’s IP Address (IP Version 4) 431

Setting the Switch’s IP Address (IP Version 6) 434

Configuring the IPv6 Default Gateway 434

Configuring IPv6 Interface Settings 435

Configuring an IPv6 Address 440

Showing IPv6 Addresses 442

Showing the IPv6 Neighbor Cache 444

Showing IPv6 Statistics 445

– 13 –

Page 14

Contents

Showing the MTU for Responding Destinations 451

15 IP Services 453

Domain Name Service 453

Configuring General DNS Service Parameters 453

Configuring a List of Domain Names 454

Configuring a List of Name Servers 456

Configuring Static DNS Host to Address Entries 457

Displaying the DNS Cache 458

Multicast Domain Name Service 459

Dynamic Host Configuration Protocol 460

Specifying A DHCP Client Identifier 460

Configuring DHCP Relay Option 82 461

16 Multicast Filtering 467

Overview 467

Layer 2 IGMP (Snooping and Query) 468

Configuring IGMP Snooping and Query Parameters 470

Specifying Static Interfaces for a Multicast Router 473

Assigning Interfaces to Multicast Services 476

Setting IGMP Snooping Status per Interface 478

Filtering Multicast Data at Interfaces 483

Displaying Multicast Groups Discovered by IGMP Snooping 484

Displaying IGMP Snooping Statistics 485

Filtering and Throttling IGMP Groups 489

Enabling IGMP Filtering and Throttling 489

Configuring IGMP Filter Profiles 490

Configuring IGMP Filtering and Throttling for Interfaces 492

MLD Snooping (Snooping and Query for IPv6) 494

Configuring MLD Snooping and Query Parameters 494

Setting Immediate Leave Status for MLD Snooping per Interface 496

Specifying Static Interfaces for an IPv6 Multicast Router 496

Assigning Interfaces to IPv6 Multicast Services 498

Showing MLD Snooping Groups and Source List 501

Multicast VLAN Registration 502

Configuring MVR Global Settings 504

– 14 –

Page 15

Contents

Configuring MVR Domain Settings 506

Configuring MVR Group Address Profiles 507

Configuring MVR Interface Status 510

Assigning Static MVR Multicast Groups to Interfaces 512

Displaying MVR Receiver Groups 514

Displaying MVR Statistics 515

Section III Appendices 521

A Software Specifications 523

Software Features 523

Management Features 524

Standards 525

Management Information Bases 525

B Troubleshooting 527

Problems Accessing the Management Interface 527

Using System Logs 528

C License Information 529

The GNU General Public License 529

Glossary 533

Index 541

– 15 –

Page 16

Contents

– 16 –

Page 17

Figures

Figure 1: Home Page 44

Figure 2: Front Panel Indicators 46

Figure 3: System Information 67

Figure 4: General Switch Information 68

Figure 5: Configuring Support for Jumbo Frames 69

Figure 6: Displaying Bridge Extension Configuration 70

Figure 7: Copy Firmware 72

Figure 8: Saving the Running Configuration 73

Figure 9: Setting Start-Up Files 74

Figure 10: Displaying System Files 75

Figure 11: Configuring Automatic Code Upgrade 78

Figure 12: Manually Setting the System Clock 80

Figure 13: Setting the Polling Interval for SNTP 81

Figure 14: Configuring NTP 82

Figure 15: Specifying SNTP Time Servers 82

Figure 16: Adding an NTP Time Server 83

Figure 17: Showing the NTP Time Server List 84

Figure 18: Adding an NTP Authentication Key 85

Figure 19: Showing the NTP Authentication Key List 85

Figure 20: Setting the Time Zone 86

Figure 21: Console Port Settings 88

Figure 22: Telnet Connection Settings 89

Figure 23: Displaying CPU Utilization 90

Figure 24: Displaying Memory Utilization 91

Figure 25: Restarting the Switch (Immediately) 93

Figure 26: Restarting the Switch (In) 94

Figure 27: Restarting the Switch (At) 94

Figure 28: Restarting the Switch (Regularly) 94

Figure 29: Configuring Connections by Port List 97

– 17 –

Page 18

Figures

Figure 30: Configuring Connections by Port Range 98

Figure 31: Displaying Port Information 99

Figure 32: Configuring Local Port Mirroring 99

Figure 33: Configuring Local Port Mirroring 100

Figure 34: Displaying Local Port Mirror Sessions 101

Figure 35: Configuring Remote Port Mirroring 101

Figure 36: Configuring Remote Port Mirroring (Source) 104

Figure 37: Configuring Remote Port Mirroring (Intermediate) 105

Figure 38: Configuring Remote Port Mirroring (Destination) 105

Figure 39: Showing Port Statistics (Table) 108

Figure 40: Showing Port Statistics (Chart) 109

Figure 41: Performing Cable Tests 111

Figure 42: Enabling Port Isolation Globally 112

Figure 43: Configuring Port Isolation Profiles 113

Figure 44: Displaying Port Isolation Profiles 113

Figure 45: Assigning Port Isolation Profiles 114

Figure 46: Configuring Static Trunks 116

Figure 47: Creating Static Trunks 117

Figure 48: Adding Static Trunks Members 117

Figure 49: Configuring Connection Parameters for a Static Trunk 118

Figure 50: Showing Information for Static Trunks 118

Figure 51: Configuring Dynamic Trunks 118

Figure 52: Configuring the LACP Aggregator Admin Key 121

Figure 53: Enabling LACP on a Port 121

Figure 54: Configuring LACP Parameters on a Port 122

Figure 55: Configuring Connection Parameters for a Dynamic Trunk 122

Figure 56: Displaying Connection Parameters for Dynamic Trunks 123

Figure 57: Showing Members of Dynamic Trunks 123

Figure 58: Displaying LACP Port Counters 124

Figure 59: Displaying LACP Port Internal Information 126

Figure 60: Displaying LACP Port Remote Information 127

Figure 61: Enabling Traffic Segmentation 129

Figure 62: Configuring Members for Traffic Segmentation 130

Figure 63: Showing Traffic Segmentation Members 131

Figure 64: Configuring VLAN Trunking 131

– 18 –

Page 19

Figures

Figure 65: Configuring VLAN Trunking 133

Figure 66: VLAN Compliant and VLAN Non-compliant Devices 136

Figure 67: Using GVRP 138

Figure 68: Creating Static VLANs 139

Figure 69: Modifying Settings for Static VLANs 140

Figure 70: Showing Static VLANs 140

Figure 71: Configuring Static Members by VLAN Index 143

Figure 72: Configuring Static VLAN Members by Interface 144

Figure 73: Configuring Static VLAN Members by Interface Range 144

Figure 74: Configuring Global Status of GVRP 146

Figure 75: Configuring GVRP for an Interface 147

Figure 76: Showing Dynamic VLANs Registered on the Switch 147

Figure 77: Showing the Members of a Dynamic VLAN 148

Figure 78: QinQ Operational Concept 149

Figure 79: Enabling QinQ Tunneling 153

Figure 80: Adding an Interface to a QinQ Tunnel 154

Figure 81: Configuring Protocol VLANs 156

Figure 82: Displaying Protocol VLANs 156

Figure 83: Assigning Interfaces to Protocol VLANs 158

Figure 84: Showing the Interface to Protocol Group Mapping 158

Figure 85: Configuring IP Subnet VLANs 160

Figure 86: Showing IP Subnet VLANs 160

Figure 87: Configuring MAC-Based VLANs 161

Figure 88: Showing MAC-Based VLANs 162

Figure 89: Configuring VLAN Mirroring 163

Figure 90: Showing the VLANs to Mirror 163

Figure 91: Configuring Static MAC Addresses 166

Figure 92: Displaying Static MAC Addresses 167

Figure 93: Setting Global Status for MAC Address Isolation 169

Figure 94: Configuring MAC Address Isolation 169

Figure 95: Displaying Interfaces Assigned a MAC Address Isolation Mode 170

Figure 96: Setting the Address Aging Time 171

Figure 97: Displaying the Dynamic MAC Address Table 172

Figure 98: Clearing Entries in the Dynamic MAC Address Table 173

Figure 99: Mirroring Packets Based on the Source MAC Address 174

– 19 –

Page 20

Figures

Figure 100: Showing the Source MAC Addresses to Mirror 174

Figure 101: Configuring Extended MAC Security on a VLAN 177

Figure 102: Configuring Extended MAC Security on a Port or Trunk 177

Figure 103: STP Root Ports and Designated Ports 180

Figure 104: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 181

Figure 105: Common Internal Spanning Tree, Common Spanning Tree,

Internal Spanning Tree 181

Figure 106: Configuring Port Loopback Detection 183

Figure 107: Configuring Global Settings for STA (STP) 187

Figure 108: Configuring Global Settings for STA (RSTP) 188

Figure 109: Configuring Global Settings for STA (MSTP) 188

Figure 110: Displaying Global Settings for STA 190

Figure 111: Configuring Interface Settings for STA 193

Figure 112: STA Port Roles 195

Figure 113: Displaying Interface Settings for STA 196

Figure 114: Creating an MST Instance 198

Figure 115: Displaying MST Instances 198

Figure 116: Modifying the Priority for an MST Instance 199

Figure 117: Displaying Global Settings for an MST Instance 199

Figure 118: Adding a VLAN to an MST Instance 200

Figure 119: Displaying Members of an MST Instance 200

Figure 120: Configuring MSTP Interface Settings 202

Figure 121: Displaying MSTP Interface Settings 202

Figure 122: Configuring Rate Limits 204

Figure 123: Configuring Storm Control 206

Figure 124: Storm Control by Limiting the Traffic Rate 206

Figure 125: Storm Control by Shutting Down a Port 207

Figure 126: Configuring ATC Timers 209

Figure 127: Configuring ATC Interface Attributes 211

Figure 128: Setting the Default Port Priority 214

Figure 129: Setting the Queue Mode (Strict) 216

Figure 130: Setting the Queue Mode (WRR) 216

Figure 131: Setting the Queue Mode (Strict and WRR) 217

Figure 132: Mapping CoS Values to Egress Queues 219

Figure 133: Showing CoS Values to Egress Queue Mapping 219

– 20 –

Page 21

Figures

Figure 134: Setting the Trust Mode 221

Figure 135: Configuring DSCP to DSCP Internal Mapping 223

Figure 136: Showing DSCP to DSCP Internal Mapping 223

Figure 137: Configuring CoS to DSCP Internal Mapping 225

Figure 138: Showing CoS to DSCP Internal Mapping 225

Figure 139: Configuring a Class Map 229

Figure 140: Showing Class Maps 230

Figure 141: Adding Rules to a Class Map 231

Figure 142: Showing the Rules for a Class Map 231

Figure 143: Configuring a Policy Map 239

Figure 144: Showing Policy Maps 239

Figure 145: Adding Rules to a Policy Map 240

Figure 146: Showing the Rules for a Policy Map 240

Figure 147: Attaching a Policy Map to a Port 242

Figure 148: Configuring a Voice VLAN 245

Figure 149: Configuring an OUI Telephony List 246

Figure 150: Showing an OUI Telephony List 246

Figure 151: Configuring Port Settings for a Voice VLAN 248

Figure 152: Configuring the Authentication Sequence 252

Figure 153: Authentication Server Operation 252

Figure 154: Configuring Remote Authentication Server (RADIUS) 255

Figure 155: Configuring Remote Authentication Server (TACACS+) 256

Figure 156: Configuring AAA Server Groups 256

Figure 157: Showing AAA Server Groups 257

Figure 158: Configuring Global Settings for AAA Accounting 259

Figure 159: Configuring AAA Accounting Methods 260

Figure 160: Showing AAA Accounting Methods 260

Figure 161: Configuring AAA Accounting Service for 802.1X Service 261

Figure 162: Configuring AAA Accounting Service for Exec Service 261

Figure 163: Displaying a Summary of Applied AAA Accounting Methods 261

Figure 164: Displaying Statistics for AAA Accounting Sessions 262

Figure 165: Configuring AAA Authorization Methods 263

Figure 166: Showing AAA Authorization Methods 264

Figure 167: Configuring AAA Authorization Methods for Exec Service 264

Figure 168: Displaying the Applied AAA Authorization Method 265

– 21 –

Page 22

Figures

Figure 169: Configuring User Accounts 266

Figure 170: Showing User Accounts 267

Figure 171: Configuring Global Settings for Web Authentication 268

Figure 172: Configuring Interface Settings for Web Authentication 269

Figure 173: Configuring Global Settings for Network Access 273

Figure 174: Configuring Interface Settings for Network Access 275

Figure 175: Configuring Link Detection for Network Access 276

Figure 176: Configuring a MAC Address Filter for Network Access 277

Figure 177: Showing the MAC Address Filter Table for Network Access 277

Figure 178: Showing Addresses Authenticated for Network Access 279

Figure 179: Configuring HTTPS 281

Figure 180: Downloading the Secure-Site Certificate 282

Figure 181: Configuring the SSH Server 286

Figure 182: Generating the SSH Host Key Pair 287

Figure 183: Showing the SSH Host Key Pair 288

Figure 184: Copying the SSH User’s Public Key 289

Figure 185: Showing the SSH User’s Public Key 290

Figure 186: Setting the Name of a Time Range 292

Figure 187: Showing a List of Time Ranges 293

Figure 188: Add a Rule to a Time Range 293

Figure 189: Showing the Rules Configured for a Time Range 294

Figure 190: Showing TCAM Utilization 295

Figure 191: Creating an ACL 296

Figure 192: Showing a List of ACLs 296

Figure 193: Configuring a Standard IPv4 ACL 298

Figure 194: Configuring an Extended IPv4 ACL 300

Figure 195: Configuring a Standard IPv6 ACL 302

Figure 196: Configuring an Extended IPv6 ACL 304

Figure 197: Configuring a MAC ACL 306

Figure 198: Configuring a ARP ACL 308

Figure 199: Binding a Port to an ACL 309

Figure 200: Configuring ACL Mirroring 310

Figure 201: Showing the VLANs to Mirror 310

Figure 202: Showing ACL Statistics 311

Figure 203: Configuring Global Settings for ARP Inspection 314

– 22 –

Page 23

Figures

Figure 204: Configuring VLAN Settings for ARP Inspection 316

Figure 205: Configuring Interface Settings for ARP Inspection 317

Figure 206: Displaying Statistics for ARP Inspection 318

Figure 207: Displaying the ARP Inspection Log 319

Figure 208: Creating an IP Address Filter for Management Access 320

Figure 209: Showing IP Addresses Authorized for Management Access 321

Figure 210: Configuring Port Security 323

Figure 211: Configuring Port Security 324

Figure 212: Configuring Global Settings for 802.1X Port Authentication 326

Figure 213: Configuring Interface Settings for 802.1X Port Authenticator 330

Figure 214: Configuring Interface Settings for 802.1X Port Supplicant 332

Figure 215: Showing Statistics for 802.1X Port Authenticator 334

Figure 216: Showing Statistics for 802.1X Port Supplicant 335

Figure 217: Configuring DoS Protection 340

Figure 218: Setting the Filter Type for IP Source Guard 342

Figure 219: Configuring Static Bindings for IP Source Guard 344

Figure 220: Displaying Static Bindings for IP Source Guard 344

Figure 221: Showing the IP Source Guard Binding Table 345

Figure 222: Configuring Global Settings for DHCP Snooping 349

Figure 223: Configuring DHCP Snooping on a VLAN 350

Figure 224: Configuring the Port Mode for DHCP Snooping 351

Figure 225: Displaying the Binding Table for DHCP Snooping 353

Figure 226: Configuring Settings for System Memory Logs 357

Figure 227: Showing Error Messages Logged to System Memory 358

Figure 228: Configuring Settings for Remote Logging of Error Messages 359

Figure 229: Configuring LLDP Timing Attributes 361

Figure 230: Configuring LLDP Interface Attributes 365

Figure 231: Configuring the Civic Address for an LLDP Interface 366

Figure 232: Showing the Civic Address for an LLDP Interface 367

Figure 233: Displaying Local Device Information for LLDP (General) 370

Figure 234: Displaying Local Device Information for LLDP (Port) 370

Figure 235: Displaying Local Device Information for LLDP (Port Details) 370

Figure 236: Displaying Basic LLDP Information for a Remote Device (Port) 376

Figure 237: Displaying Remote Device Information for LLDP (Port Details) 378

Figure 238: Displaying Remote Device Information for LLDP (End Node) 379

– 23 –

Page 24

Figures

Figure 239: Displaying LLDP Device Statistics (General) 380

Figure 240: Displaying LLDP Device Statistics (Port) 381

Figure 241: Showing the Switch’s PoE Budget 382

Figure 242: Setting a Port’s PoE Budget 384

Figure 243: Configuring Global Settings for SNMP 388

Figure 244: Configuring the Local Engine ID for SNMP 389

Figure 245: Configuring a Remote Engine ID for SNMP 390

Figure 246: Showing Remote Engine IDs for SNMP 390

Figure 247: Creating an SNMP View 391

Figure 248: Showing SNMP Views 392

Figure 249: Adding an OID Subtree to an SNMP View 392

Figure 250: Showing the OID Subtree Configured for SNMP Views 393

Figure 251: Creating an SNMP Group 397

Figure 252: Showing SNMP Groups 397

Figure 253: Setting Community Access Strings 398

Figure 254: Showing Community Access Strings 399

Figure 255: Configuring Local SNMPv3 Users 400

Figure 256: Showing Local SNMPv3 Users 401

Figure 257: Configuring Remote SNMPv3 Users 402

Figure 258: Showing Remote SNMPv3 Users 403

Figure 259: Configuring Trap Managers (SNMPv1) 406

Figure 260: Configuring Trap Managers (SNMPv2c) 406

Figure 261: Configuring Trap Managers (SNMPv3) 407

Figure 262: Showing Notification Managers 407

Figure 263: Creating SNMP Notification Logs 409

Figure 264: Showing SNMP Notification Logs 409

Figure 265: Showing SNMP Statistics 411

Figure 266: Configuring an RMON Alarm 413

Figure 267: Showing Configured RMON Alarms 414

Figure 268: Configuring an RMON Event 415

Figure 269: Showing Configured RMON Events 416

Figure 270: Configuring an RMON History Sample 417

Figure 271: Showing Configured RMON History Samples 418

Figure 272: Showing Collected RMON History Samples 418

Figure 273: Configuring an RMON Statistical Sample 420

– 24 –

Page 25

Figures

Figure 274: Showing Configured RMON Statistical Samples 420

Figure 275: Showing Collected RMON Statistical Samples 421

Figure 276: Configuring a Switch Cluster 423

Figure 277: Configuring Cluster Members 424

Figure 278: Showing Cluster Members 424

Figure 279: Showing Cluster Candidates 424

Figure 280: Managing a Cluster Member 425

Figure 281: Pinging a Network Device 428

Figure 282: Setting the ARP Timeout 430

Figure 283: Displaying ARP Entries 430

Figure 284: Configuring a Static IPv4 Address 432

Figure 285: Configuring an Auto IP Address 433

Figure 286: Configuring a Dynamic IPv4 Address 433

Figure 287: Configuring the IPv6 Default Gateway 435

Figure 288: Configuring General Settings for an IPv6 Interface 439

Figure 289: Configuring RA Guard for an IPv6 Interface 439

Figure 290: Configuring an IPv6 Address 442

Figure 291: Showing Configured IPv6 Addresses 443

Figure 292: Showing IPv6 Neighbors 445

Figure 293: Showing IPv6 Statistics (IPv6) 449

Figure 294: Showing IPv6 Statistics (ICMPv6) 450

Figure 295: Showing IPv6 Statistics (UDP) 450

Figure 296: Showing Reported MTU Values 451

Figure 297: Configuring General Settings for DNS 454

Figure 298: Configuring a List of Domain Names for DNS 455

Figure 299: Showing the List of Domain Names for DNS 455

Figure 300: Configuring a List of Name Servers for DNS 456

Figure 301: Showing the List of Name Servers for DNS 457

Figure 302: Configuring Static Entries in the DNS Table 457

Figure 303: Showing Static Entries in the DNS Table 458

Figure 304: Showing Entries in the DNS Cache 459

Figure 305: Configuring Multicast DNS 460

Figure 306: Specifying A DHCP Client Identifier 461

Figure 307: Layer 2 DHCP Relay Service 462

Figure 308: Configuring DHCP Relay Information Option 82 Service 465

– 25 –

Page 26

Figures

Figure 309: Multicast Filtering Concept 467

Figure 310: Configuring General Settings for IGMP Snooping 473

Figure 311: Configuring a Static Interface for a Multicast Router 475

Figure 312: Showing Static Interfaces Attached a Multicast Router 475

Figure 313: Showing Current Interfaces Attached a Multicast Router 476

Figure 314: Assigning an Interface to a Multicast Service 477

Figure 315: Showing Static Interfaces Assigned to a Multicast Service 477

Figure 316: Configuring IGMP Snooping on an Interface 482

Figure 317: Showing Interface Settings for IGMP Snooping 483

Figure 318: Dropping IGMP Query Packets 484

Figure 319: Showing Multicast Groups Learned by IGMP Snooping 485

Figure 320: Displaying IGMP Snooping Statistics – Query 487

Figure 321: Displaying IGMP Snooping Statistics – VLAN 488

Figure 322: Displaying IGMP Snooping Statistics – Port 488

Figure 323: Enabling IGMP Filtering and Throttling 490

Figure 324: Creating an IGMP Filtering Profile 491

Figure 325: Showing the IGMP Filtering Profiles Created 491

Figure 326: Adding Multicast Groups to an IGMP Filtering Profile 492

Figure 327: Showing the Groups Assigned to an IGMP Filtering Profile 492

Figure 328: Configuring IGMP Filtering and Throttling Interface Settings 493

Figure 329: Configuring General Settings for MLD Snooping 495

Figure 330: Configuring Immediate Leave for MLD Snooping 496

Figure 331: Configuring a Static Interface for an IPv6 Multicast Router 497

Figure 332: Showing Static Interfaces Attached an IPv6 Multicast Router 498

Figure 333: Showing Current Interfaces Attached an IPv6 Multicast Router 498

Figure 334: Assigning an Interface to an IPv6 Multicast Service 499

Figure 335: Showing Static Interfaces Assigned to an IPv6 Multicast Service 500

Figure 336: Showing Current Interfaces Assigned to an IPv6 Multicast Service 500

Figure 337: Showing IPv6 Multicast Services and Corresponding Sources 502

Figure 338: MVR Concept 503

Figure 339: Configuring Global Settings for MVR 505

Figure 340: Configuring Domain Settings for MVR 507

Figure 341: Configuring an MVR Group Address Profile 508

Figure 342: Displaying MVR Group Address Profiles 508

Figure 343: Assigning an MVR Group Address Profile to a Domain 509

– 26 –

Page 27

Figures

Figure 344: Showing the MVR Group Address Profiles Assigned to a Domain 509

Figure 345: Configuring Interface Settings for MVR 512

Figure 346: Assigning Static MVR Groups to a Port 513

Figure 347: Showing the Static MVR Groups Assigned to a Port 514

Figure 348: Displaying MVR Receiver Groups 515

Figure 349: Displaying MVR Statistics – Query 517

Figure 350: Displaying MVR Statistics – VLAN 518

Figure 351: Displaying MVR Statistics – Port 519

– 27 –

Page 28

Figures

– 28 –

Page 29

Tables

Table 1: Key Features 33

Table 2: System Defaults 39

Table 3: Web Page Configuration Buttons 45

Table 4: Switch Main Menu 47

Table 5: Port Statistics 106

Table 6: LACP Port Counters 123

Table 7: LACP Internal Configuration Information 124

Table 8: LACP Remote Device Configuration Information 126

Table 9: Traffic Segmentation Forwarding 129

Table 10: MAC Address Isolation Matrix 168

Table 11: Recommended STA Path Cost Range 191

Table 12: Default STA Path Costs 191

Table 13: IEEE 802.1p Egress Queue Priority Mapping 217

Table 14: CoS Priority Levels 218

Table 15: Mapping Internal Per-hop Behavior to Hardware Queues 218

Table 16: Default Mapping of DSCP Values to Internal PHB/Drop Values 222

Table 17: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 224

Table 18: Dynamic QoS Profiles 271

Table 19: HTTPS System Support 280

Table 20: ARP Inspection Statistics 317

Table 21: ARP Inspection Log 318

Table 22: 802.1X Statistics 332

Table 23: Logging Levels 356

Table 24: LLDP MED Location CA Types 365

Table 25: Chassis ID Subtype 367

Table 26: System Capabilities 368

Table 27: Port ID Subtype 369

Table 28: Remote Port Auto-Negotiation Advertised Capability 372

Table 29: SNMPv3 Security Models and Levels 386

– 29 –

Page 30

Tables

Table 30: Supported Notification Messages 394

Table 31: Address Resolution Protocol 429

Table 32: Show IPv6 Neighbors - display description 444

Table 33: Show IPv6 Statistics - display description 446

Table 34: Show MTU - display description 451

Table 35: RADIUS Server AVPs 484

Table 36: Troubleshooting Chart 527

– 30 –

Page 31

Section I

Getting Started

This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the menu structure for the management interface.

This section includes these chapters:

◆ "Introduction" on page 33

◆ "Using the Web Interface" on page 43

– 31 –

Page 32

Section I

| Getting Started

– 32 –

Page 33

1 Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

Key Features

Table 1: Key Features

Feature Description

Configuration Backup and Restore

Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+

General Security Measures AAA

Access Control Lists Supports up to 512 rules, 64 ACLs,

DHCP/DHCPv6 Client

DNS Client and Proxy service

Port Configuration Speed and duplex mode and flow control

Port Trunking Supports up to 8 trunks – static or dynamic trunking (LACP)

Using management station or FTP/TFTP server

Port – IEEE 802.1X, MAC address filtering SNMP v1/2c - Community strings SNMP version 3 – MD5 or SHA password Telnet – SSH Web – HTTPS

ARP Inspection DHCP Snooping IP Source Guard Port Authentication – IEEE 802.1X Port Isolation - by traffic type and protocol type Port Security – MAC address filtering Sticky Dynamic MAC – Prevents learned address move Traffic Segmentation - by port designation

and a maximum of 32 rules for an ACL

Port Mirroring 50 sessions, one or more source ports to one analysis port

Congestion Control Rate Limiting

Throttling for broadcast, multicast, unknown unicast storms

Address Table 16K MAC addresses in the forwarding table, 1K static MAC addresses,

256 L2 multicast groups

– 33 –

Page 34

Chapter 1

Description of Software Features

| Introduction

Table 1: Key Features (Continued)

Feature Description

IP Version 4 and 6 Supports IPv4 and IPv6 addressing, and management

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward Switching

Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and

Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based, voice VLANs,

Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence,

Qualify of Service Supports Differentiated Services (DiffServ)

Link Layer Discovery Protocol

Multicast Filtering Supports IGMP snooping and query for Layer 2, MLD snooping and

Switch Clustering Supports up to 36 member switches in a cluster

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications.

Supported to ensure wire-speed switching while eliminating bad frames

Multiple Spanning Trees (MSTP)

and QinQ tunnel

or Differentiated Services Code Point (DSCP)

Used to discover basic information about neighboring devices

query for Layer 3, and Multicast VLAN Registration

Some of the management features are briefly described below.

CONFIGURATION

BACKUP AND RESTORE

You can save the current configuration settings to a file on the management station (using the web interface) or an FTP/TFTP server (using the web or console interface), and later download this file to restore the switch configuration settings.

AUTHENTICATION This switch authenticates management access via the console port, Telnet, or a web

browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X protocol. This protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1X client, and then uses the EAP between the switch and the

– 34 –

Page 35

Chapter 1

Description of Software Features

authentication server to verify the client’s right to access the network via an authentication server (i.e., RADIUS or TACACS+ server).

Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web management access, and MAC address filtering and IP source guard also provide authenticated for port access. While DHCP snooping is provided to prevent malicious attacks from insecure ports.

| Introduction

ACCESS CONTROL LISTS ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP

port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can be used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.

PORT CONFIGURATION You can manually configure the speed, duplex mode, and flow control used on

specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).

RATE LIMITING This feature controls the maximum rate for traffic transmitted or received on an

interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Packets that exceed the acceptable amount of traffic are dropped.

PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port. You can

then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.

PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be manually set

up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE

802.3-2005). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 8 trunks.

STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents traffic from

overwhelming the network.When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.

– 35 –

Page 36

Chapter 1

Description of Software Features

| Introduction

STATIC MAC ADDRESSES A static address can be assigned to a specific interface on this switch. Static

addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.

IP ADDRESS FILTERING Access to insecure ports can be controlled using DHCP Snooping which filters

ingress traffic based on static IP addresses and addresses stored in the DHCP Snooping table. Traffic can also be restricted to specific source IP addresses or source IP/MAC address pairs based on static entries or entries stored in the DHCP Snooping table.

IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table facilitates

data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses.

STORE-AND-FORWARD

SWITCHING

SPANNING TREE

ALGORITHM

The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 8 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks.

The switch supports these spanning tree protocols:

◆ Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop

detection. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.

◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the

convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.

◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct

extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster

– 36 –

Page 37

Chapter 1

Description of Software Features

| Introduction

convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

VIRTUAL LANS The switch supports up to 256 VLANs. A Virtual LAN is a collection of network

nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:

◆ Eliminate broadcast storms which severely degrade performance in a flat

network.

◆ Simplify network management for node changes/moves by remotely

configuring VLAN membership for any port, rather than having to manually change the network connection.

◆ Provide data security by restricting all traffic to the originating VLAN.

◆ Use private VLANs to restrict traffic to pass only between data ports and the

uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.

◆ Use protocol VLANs to restrict traffic to specified interfaces based on protocol

type.

IEEE 802.1Q TUNNELING

(QINQ)

This feature is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. This is accomplished by inserting Service Provider VLAN (SPVLAN) tags into the customer’s frames when they enter the service provider’s network, and then stripping the tags when the frames leave the network.

TRAFFIC PRIORITIZATION This switch prioritizes each packet based on the required level of service, using four

priority queues with strict priority, Weighted Round Robin (WRR) scheduling, or a combination of strict and weighted queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can best-effort data.

be used to provide independent priorities for delay-sensitive data and

This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet using DSCP, or IP Precedence. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.

– 37 –

Page 38

Chapter 1

Description of Software Features

| Introduction

QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management mechanisms

used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.

MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it does not

interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query for IPv4 and MLD Snooping and Query for IPv6 to manage multicast group registration. It also supports Multicast VLAN Registration which allows common multicast traffic, such as television channels, to be transmitted across a single network-wide multicast VLAN shared by hosts residing in other standard or private VLAN groups, while preserving security and data isolation for normal traffic.

LINK LAYER

DISCOVERY PROTOCOL

LLDP is used to discover basic information about neighboring devices within the local broadcast domain. LLDP is a Layer 2 protocol that advertises information about the sending device and collects information gathered from neighboring network nodes it discovers.

Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings. Media Endpoint Discovery (LLDP-MED) is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches. The LLDP-MED TLVs advertise information such as network policy, power, inventory, and device location details. The LLDP and LLDPMED information can be used by SNMP applications to simplify troubleshooting, enhance network management, and maintain an accurate network topology.

– 38 –

Page 39

System Defaults

Chapter 1

| Introduction

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file.

The following table lists some of the basic system defaults.

Table 2: System Defaults

Func tion Parameter Default

Console Port Connection Baud Rate 115200 bps

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Authentication Privileged Exec Level Username “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled

TACACS+ Authentication Disabled

802.1X Port Authentication Disabled

Web Authentication Disabled

MAC Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

DHCP Snooping Disabled

IP Source Guard Disabled (all ports)

Web Management HTTP Server Enabled

Password “admin”

Password “guest”

Password “super”

HTTP Port Number 80

HTTP Secure Server Disabled

HTTP Secure Server Port 443

– 39 –

Page 40

Chapter 1

| Introduction

System Defaults

Table 2: System Defaults (Continued)

Func tion Parameter Default

SNMP SNMP Agent Enabled

Community Strings “public” (read only)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Congestion Control Rate Limiting Disabled

Storm Control Broadcast: Disabled

Address Table Aging Time 300 seconds

Spanning Tree Algorithm Status Enabled, RSTP

“private” (read/write)

Link-up-down events: enabled

Group: public (read only); private (read/write)

Multicast: Disabled Unknown Unicast: Disabled

(Defaults: RSTP standard)

Edge Ports Auto

LLDP Status Enabled

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode) Access

GVRP (global) Disabled

GVRP (port interface) Disabled

QinQ Tunneling Disabled

Traffic Prioritization Ingress Port Priority 0

Queue Mode Strict-WRR

Queue Weight Queue: 0 1 2 3 4 5 6 7

Weight: 1 2 4 6 8 10 12 14

Class of Service Enabled

IP Precedence Priority Disabled

IP DSCP Priority Disabled

– 40 –

Page 41

Chapter 1

Table 2: System Defaults (Continued)

Func tion Parameter Default

IP Settings Management. VLAN VLAN 1

IP Address DHCP

Subnet Mask 255.255.0.0

Default Gateway 0.0.0.0

DHCP Client: Disabled

DNS Proxy service

Multicast DNS Enabled

BOOTP Disabled

Multicast Filtering IGMP Snooping (Layer 2) Snooping: Disabled

Querier: Disabled

MLD Snooping (Layer 2 IPv6) Snooping: Enabled

Querier: Disabled

| Introduction

System Defaults

IGMP Proxy Reporting Disabled

System Log Status Enabled

Messages Logged to RAM Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SNTP Clock Synchronization Disabled

Switch Clustering Status Disabled

Commander Disabled

– 41 –

Page 42

Chapter 1

System Defaults

| Introduction

– 42 –

Page 43

2 Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 6.x or above, or Mozilla Firefox 4.x or above).

Note:

You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to “Using the Command Line Interface” in the CLI Reference Guide.

Connecting to the Web Interface

Prior to accessing the switch from a web browser, be sure you have first performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default gateway

using an out-of-band serial connection, BOOTP or DHCP protocol. (See “Setting an IP Address” in the CLI Reference Guide.)

2. Set user names and passwords using an out-of-band serial connection. Access

to the web agent is controlled by the same user names and passwords as the onboard configuration program. (See “Setting Passwords” in the CLI Reference Guide.)

3. After you enter a user name and password, you will have access to the system

configuration program.

Note:

You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated.

Note:

If you log into the web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page.

Note:

If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management

– 43 –

Page 44

Chapter 2

Navigating the Web Browser Interface

| Using the Web Interface

commands issued through the web interface. See “Configuring Interface Settings

for STA” on page 190.

Note:

input is detected for 300 seconds.

Note:

link local address.

Users are automatically logged off of the HTTP server or HTTPS server if no

Connection to the web interface is not supported for HTTPS using an IPv6

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”

Home Page When your web browser connects with the switch’s web agent, the home page is

displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.

Figure 1: Home Page

Note:

This manual covers the ECS4210-12P and ECS4210-28P Gigabit Ethernet PoE switches, as well as the ECS4210-12T and ECS4210-28T Gigabit Ethernet switches. Other than the number of ports and support for PoE, there are no other significant differences. Therefore nearly all of the screen display examples are based on the ECS4210-28T. The panel graphics for all switch types are shown on the following page.

– 44 –

Page 45

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

OTE

You can open a connection to the vendor’s web site by clicking on

the Edge-Core logo.

Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a

configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.

Table 3: Web Page Configuration Buttons

Button Action

Apply Sets specified values to the system.

Revert Cancels specified values and restores current

values prior to pressing “Apply.”

Save current configuration settings.

Displays help for the selected page.

Refreshes the current page.

Displays the site map.

Logs out of the management interface.

Links to the manufacture’s web site.

Sends mail to the manufacturer.

– 45 –

Page 46

Chapter 2

ECS4210-12P

ECS4210-28P

ECS4210-12T

ECS4210-28T

Navigating the Web Browser Interface

| Using the Web Interface

Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to

display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control).

Figure 2: Front Panel Indicators

– 46 –

Page 47

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Main Menu Using the onboard web agent, you can define system parameters, manage and

control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.

Table 4: Switch Main Menu

Menu Description Page

System

General Provides basic system description, including contact information

Switch Shows the number of ports, hardware version, power status, and

firmware version numbers

IP Sets the IPv4 address for management access

Capability Enables support for jumbo frames;

shows the bridge extension parameters

File

Copy Allows the transfer and copying files

Set Startup Sets the startup file

Show Shows the files stored in flash memory; allows deletion of files

Automatic Operation Code Upgrade Automatically upgrades operation code if a newer version is

found on the server

Time

Configure General

Manual Manually sets the current time

SNTP Configures SNTP polling interval

NTP Configures NTP authentication parameters

431

68, 69

Configure Time Server Configures a list of SNTP servers

Configure SNTP Server Sets the IP address for SNTP time servers

Add NTP Server Adds NTP time server and index of authentication key

Show NTP Server Shows list of configured NTP time servers

Add NTP Authentication Key Adds key index and corresponding MD5 key

Show NTP Authentication Key Shows list of configured authentication keys

Configure Time Zone Sets the local time zone for the system clock

Console Sets console port connection parameters

Tel net Sets Telnet con nectio n paramete rs

CPU Utilization Displays information on CPU utilization

Memory Status Shows memory utilization parameters

– 47 –

Page 48

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Reset Restarts the switch immediately, at a specified time, after a specified

Interface

Port

General

Configure by Port List Configures connection settings per port

Configure by Port Range Configures connection settings for a range of ports

Show Information Displays port connection status

Mirror

Add Sets the source and target ports for mirroring

Show Shows the configured mirror sessions

Statistics Shows Interface, Etherlike, and RMON port statistics

Chart Shows Interface, Etherlike, and RMON port statistics

Cable Test Performs cable diagnostics for selected port to diagnose any cable faults

(Continued)

delay, or at a periodic interval

(short, open etc.) and report the cable length

105

110

Isolation Restricts the traffic types or protocol types allowed to pass between

specified ports

Trunk

Static

Configure Trunk Creates a trunk, specifying port members

Configure General

Configure Configures trunk connection settings

Show Information Displays trunk connection settings

Dynamic

Configure Aggregator Configures administration key and timeout for LACP groups

Configure Aggregation Port

Configure

General Allows ports to dynamically join trunks

Actor Configures parameters for link aggregation group member s on the local

side

Partner Configures parameters for link aggregation group members on the

remote side

111

116

118

Show Information

Counters Displays statistics for LACP protocol messages

– 48 –

123

Page 49

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Internal Displays configuration settings and operational state for the local side of

Neighbors Displays configuration settings and operational state for the remote side

Configure Trunk

Show Displays trunk connection settings

Configure Configures trunk connection settings

Show Member Show port members of dynamic trunks

Statistics Shows Interface, Etherlike, and RMON port statistics

Chart Shows Interface, Etherlike, and RMON port statistics

RSPAN Mirrors traffic from remote switches for analysis at a destination port on

Traffic Segmentation

Configure Global Enables traffic segmentation globally

Configure Session Configures the uplink and down-link ports for a segmented group of

(Continued)

a link aggregation

of a link aggregation

the local switch

ports

124

126

118

105

101

128

129

VLAN Trunking Allows unknown VLAN groups to pass through the specified interface

VLAN Virtual LAN

Static

Add Configures VLAN groups, administrative status, and remote type

Show Displays configured VLAN groups

Modify Configures group name and administrative status

Edit Member by VLAN Specifies VLAN attributes per VLAN

Edit Member by Interface Specifies VLAN attributes per interface

Edit Member by Interface Range Specifies VLAN attributes per interface range

Dynamic

Configure General Enables GVRP VLAN registration protocol globally

Configure Interface Configures GVRP status and timers per interface

Show Dynamic VLAN

Show VLAN Shows the VLANs this switch has joined through GVRP

Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP

131

135

138

140

145

Tunnel IEEE 802.1Q (QinQ) Tunneling

Configure Global Sets tunnel mode for the switch

– 49 –

148

152

Page 50

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Configure Interface Sets the tunnel mode for any participating interface

Protocol

Configure Protocol

Add Creates a protocol group, specifying supported protocols

Show Shows configured protocol groups

Configure Interface

Add Maps a protocol group to a VLAN

Show Shows the protocol groups mapped to each VLAN

IP Subnet

Add Maps IP subnet traffic to a VLAN

Show Shows IP subnet to VLAN mapping

MAC-Based

Add Maps traffic with specified source MAC address to a VLAN

(Continued)

153

154

155

156

158

160

Show Shows source MAC address to VLAN mapping

Mirror

Add Mirrors traffic from one or more source VLANs to a target port

Show Shows mirror list

MAC Address

Static

Configure Global Enable MAC address isolation globally on the switch

Configure MAC Address

Add Configures static entries in the address table

Show Displays static entries in the address table

Dynamic

Configure Aging Sets timeout for dynamically learned entries

Show Dynamic MAC Displays dynamic entries in the address table

Clear Dynamic MAC Removes any learned entries from the forwarding database and clears

the transmit and receive counts for any static or system configured entries

160

162

165

167

165

170

171

172

Mirror

Add Mirrors traffic matching a specified source address from any port on the

switch to a target port

Show Shows mirror list

– 50 –

173

Page 51

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Extended MAC Security Configures the maximum number of MAC addresses that can be learned

Spanning Tree

Loopback Detection Configures Loopback Detection parameters

STA Spanning Tree Algorithm

Configure Global

Configure Configures global bridge settings for STP, RSTP and MSTP

Show Information Displays STA values used for the bridge

Configure Interface

Configure Configures interface settings for STA

Show Information Displays interface settings for STA

MSTP Multiple Spanning Tree Algorithm

Configure Global

(Continued)

on an interface, the movable-static function which allows a static address to be moved to another interface, and the sticky-dynamic function which prevents dynamic address already learned elsewhere from being learned at a specified interface.

175

179

182

183

189

190

194

196

Add Configures initial VLAN and priority for an MST instance

Show Shows configured MST instances

Modify Modifies priority for an MST instance

Add Member Adds VLAN members for an MST instance

Show Member Adds or deletes VLAN members for an MST instance

Show Information Shows global settings for an MST instance

Configure Interface

Configure Configures interface settings for an MST instance

Show Information Displays interface settings for an MST instance

Traffic

Rate Limit Sets the input and output rate limits for a port

Storm Control Sets the traffic storm threshold for each interface

Auto Traffic Control Sets thresholds for broadcast and multicast storms which can be used to

trigger configured rate limits or to shut down a port

Configure Global Sets the time to apply the control response after traffic has exceeded the

upper threshold, and the time to release the control response after traffic has fallen beneath the lower threshold

196

200

203

204

208

Configure Interface Sets the storm control mode (broadcast or multicast), the traffic

thresholds, the control response, to automatically release a response of rate limiting, or to send related SNMP trap messages

– 51 –

209

Page 52

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Priority

Default Priority Sets the default priority for each port or trunk

Queue Sets queue mode for the switch; sets the service weight for each queue

Trust Mode Selects IP Precedence, DSCP or CoS priority processing

DSCP to DSCP

Add Maps DSCP values in incoming packets to per-hop behavior and drop

Show Shows the DSCP to DSCP mapping list

CoS to DSCP

Add Maps CoS/CFI values in incoming packets to per-hop behavior and drop

Show Shows the CoS to DSCP mapping list

PHB to Queue

Add Maps internal per-hop behavior values to hardware queues

(Continued)

that will use a weighted or hybrid mode

precedence values for internal priority processing

precedence values for priority processing

213

214

220

221

224

217

Show Shows the PHB to Queue mapping list

DiffServ

Configure Class

Add Creates a class map for a type of traffic

Show Shows configured class maps

Modify Modifies the name of a class map

Add Rule Configures the criteria used to classify ingress traffic

Show Rule Shows the traffic classification rules for a class map

Configure Policy

Add Creates a policy map to apply to multiple interfaces

Show Shows configured policy maps

Modify Modifies the name of a policy map

Add Rule Sets the boundary parameters used for monitoring inbound traffic, and

the action to take for conforming and non-conforming traffic

Show Rule Shows the rules used to enforce bandwidth policing for a policy map

Configure Interface Applies a policy map to an ingress port

217

227

228

232

241

VoIP Voice over IP

Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and VLAN

aging time

– 52 –

243

244

Page 53

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Configure OUI

Add Maps the OUI in the source MAC address of ingress packets to the VoIP

Show Shows the OUI telephony list

Configure Interface Configures VoIP traffic settings for ports, including the way in which a

Security

AAA Authentication, Authorization and Accounting

System Authentication Configures authentication sequence – local, RADIUS, and TACACS

Server

Configure Server Configures RADIUS and TACACS server message exchange settings

Configure Group

Add Specifies a group of authentication servers and sets the priority

(Continued)

device manufacturer

port is added to the Voice VLAN, filtering of non-VoIP packets, the method of detecting VoIP traffic, and the priority assigned to the voice traffic

sequence

245

246

249

250

251

252

Show Shows the authentication server groups and priority sequence

Accounting Enables accounting of requested services for billing or security purposes

Configure Global Specifies the interval at which the local accounting service updates

information to the accounting server

Configure Method

Add Configures accounting for various service types

Show Shows the accounting settings used for various service types

Configure Service Sets the accounting method applied to specific interfaces for 802.1X, CLI

command privilege levels for the console port, and for Telnet

Show Information

Summary Shows the configured accounting methods, and the methods applied to

specific interfaces

Statistics Shows basic accounting information recorded for user sessions

Authorization Enables authorization of requested services

Configure Method

Add Configures authorization for various service types

Show Shows the authorization settings used for various service types

252

257

262

Configure Service Sets the authorization method applied used for the console port, and for

Tel ne t

Show Information Shows the configured authorization methods, and the methods applied

to specific interfaces

– 53 –

262

Page 54

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

User Accounts

Add Configures user names, passwords, and access levels

Show Shows authorized users

Modify Modifies user attributes

Web Authentication Allows authentication and access to the network when 802.1X or

Configure Global Configures general protocol settings

Configure Interface Enables Web Authentication for individual ports

Network Access MAC address-based network access authentication

Configure Global Enables aging for authenticated MAC addresses, and sets the time

Configure Interface

General Enables MAC authentication on a port; sets the maximum number of

Link Detection Configures detection of changes in link status, and the response (i.e.,

(Continued)

Network Access authentication are infeasible or impractical

period after which a connected MAC address must be reauthenticated

address that can be authenticated, the guest VLAN, dynamic VLAN and dynamic QoS

send trap or shut down port)

265

267

268

270

272

273

275

Configure MAC Filter

Add Specifies MAC addresses exempt from authentication

Show Shows the list of exempt MAC addresses

Show Information Shows the authenticated MAC address list

HTTPS Secure HTTP

Configure Global Enables HTTPs, and specifies the UDP port to use

Copy Certificate Replaces the default secure-site certificate

SSH Secure Shell

Configure Global Configures SSH server settings

Configure Host Key

Generate Generates the host key pair (public and private)

Clear Displays RSA and DSA host keys; deletes host keys

Configure User Key

Copy Imports user public keys from TFTP server

Show Displays RSA and DSA user keys; deletes user keys

276

278

279

281

282

285

286

288

– 54 –

Page 55

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

ACL Access Control Lists

Configure ACL

Show TCAM Shows utilization parameters for TCAM

Add Adds an ACL based on IP or MAC address filtering

Show Shows the name and type of configured ACLs

Add Rule Configures packet filtering based on IP or MAC addresses and other

Show Rule Shows the rules specified for an ACL

Configure Interface Binds a port to the specified ACL and time range

ARP Inspection

Configure General Enables inspection globally, configures validation of additional address

Configure VLAN Enables ARP inspection on specified VLANs

Configure Interface Sets the trust mode for ports, and sets the rate

(Continued)

packet attributes

components, and sets the log rate for packet inspection

limit for packet inspection

290

294

295

308

312

313

315

316

Show Information

Show Statistics Displays statistics on the inspection process

Show Log Shows the inspection log list

IP Filter

Add Sets IP addresses of clients allowed management access via the web,

SNMP, and Telnet

Show Shows the addresses to be allowed management access

Port Security Configures per port security, including status, response for security

breach, and maximum allowed MAC addresses

Port Authentication IEEE 802.1X

Configure Global Enables authentication and EAPOL pass-through

Configure Interface Sets authentication parameters for individual ports

Authenticator Sets port authenticator settings

Supplicant Sets port supplicant settings

Show Statistics Displays protocol statistics for the selected port

Authenticator Displays protocol statistics for port authenticator

317

318

319

321

323

325

326

330

332

Supplicant Displays protocol statistics for port supplicant

DoS Protection Protects against Denial-of-Service attacks

– 55 –

332

335

Page 56

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or

Port Configuration Enables IP source guard and selects filter type per port

Static Binding

Add Adds a static addresses to the source-guard binding table

Show Shows static addresses in the source-guard binding table

Dynamic Binding Displays the source-guard binding table for a selected interface

Administration

Log

System

Configure Global Stores error messages in local memory

Show Logs Shows logged error messages

Remote Configures the logging of messages to a remote logging process

LLDP

(Continued)

dynamic entries in the DHCP Snooping table

341

343

344

355

358

359

Configure Global Configures global LLDP timing parameters

Configure Interface

Configure General Sets the message transmission mode, enables SNMP notification, and

sets the LLDP attributes to advertise

Add CA-Type Specifies the location of the device attached to an interface

Show CA-Type Shows the location of the device attached to an interface

Modify CA-Type Modifies the location of the device attached to an interface

Show Local Device Information

General Displays general information about the local device

Port/Trunk Displays information about each interface

Show Remote Device Information

Port/Trunk Displays information about a remote device connected to a port on this

switch

Port/Trunk Details Displays detailed information about a remote device connected to this

switch

Show Device Statistics

General Displays statistics for all connected remote devices

360

361

365

367

371

379

Port/Trunk Displays statistics for remote devices on a selected port or trunk

– 56 –

379

Page 57

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

PoE

Configure Global Displays the power budget for the switch

Configure Interface Configures port power parameters

SNMP Simple Network Management Protocol

Configure Global Enables SNMP agent status, and sets related trap functions

Configure Engine

Set Engine ID Sets the SNMP v3 engine ID on this switch

Add Remote Engine Sets the SNMP v3 engine ID for a remote device

Show Remote Engine Shows configured engine ID for remote devices

Configure View

Add View Adds an SNMP v3 view of the OID MIB

Show View Shows configured SNMP v3 views

Add OID Subtree Specifies a part of the subtree for the selected view

(Continued)

Power over Ethernet

381

382

383

385

387

388

389

390

Show OID Subtree Shows the subtrees assigned to each view

Configure Group

Add Adds a group with access policies for assigned users

Show Shows configured groups and access policies

Configure User

Add Community Configures community strings and access mode

Show Community Shows community strings and access mode

Add SNMPv3 Local User Configures SNMPv3 users on this switch

Show SNMPv3 Local User Shows SNMPv3 users configured on this switch

Change SNMPv3 Local User Group Assign a local user to a new group

Add SNMPv3 Remote User Configures SNMPv3 users from a remote device

Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device

Configure Trap

Add Configures trap managers to receive messages on key events that occur

this switch

Show Shows configured trap managers

390

393

398

399

401

403

– 57 –

Page 58

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

RMON Remote Monitoring

Configure Global

Add

Alarm Sets threshold bounds for a monitored variable

Event Creates a response event for an alarm

Show

Alarm Shows all configured alarms

Event Shows all configured events

Configure Interface

Add

History Periodically samples statistics on a physical interface

Statistics Enables collection of statistics on a physical interface

Show

History Shows sampling parameters for each entry in the history group

(Continued)

411

412

414

412

414

416

419

416

Statistics Shows sampling parameters for each entry in the statistics group

Show Details

History Shows sampled data for each entry in the history group

Statistics Shows sampled data for each entry in the history group

Cluster

Configure Global Globally enables clustering for the switch; sets Commander status

Configure Member

Add Adds switch Members to the cluster

Show Candidate Shows cluster candidates

Show Member Shows cluster switch member; managed switch members

General

Ping Sends ICMP echo request packets to another node on the network

ARP Address Resolution Protocol

Configure General Sets the aging time for dynamic entries in the ARP cache

419

416

419

421

422

423

425

427

429

Show Information Shows entries in the Address Resolution Protocol (ARP) cache

IPv6 Configuration

Configure Global Sets an IPv6 default gateway for traffic with no known next hop

– 58 –

430

434

Page 59

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Configure Interface Configures IPv6 interface address using auto-configuration or link-local

Add IPv6 Address Adds an global unicast, EUI-64, or link-local IPv6 address to an interface

Show IPv6 Address Show the IPv6 addresses assigned to an interface

Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache

Show Statistics

IPv6 Shows statistics about IPv6 traffic

ICMPv6 Shows statistics about ICMPv6 messages

UDP Shows statistics about UDP messages

Show MTU Shows the maximum transmission unit (MTU) cache for destinations

IP Service

DNS Domain Name Service

General

(Continued)

address, and sets related protocol settings

that have returned an ICMP packet-too-big message along with an acceptable MTU to this switch

435

440

442

444

445

451

453

Configure Global Enables DNS lookup; defines the default domain name appended to

incomplete host names

Add Domain Name Defines a list of domain names that can

be appended to incomplete host names

Show Domain Names Shows the configured domain name list

Add Name Server Specifies IP address of name servers for dynamic lookup

Show Name Servers Shows the name server address list

Static Host Table

Add Configures static entries for domain name to address mapping

Show Shows the list of static mapping entries

Modify Modifies the static address mapped to the selected host name

Cache Displays cache entries discovered by designated

name servers

Multicast DNS Configures multicast DNS host name-to-address mapping on the local

network without the need for a dedicated DNS server

DHCP Dynamic Host Configuration Protocol

Client Specifies the DHCP client identifier for an interface

Relay Option 82 Specifies DHCP relay servers, including DHCP option 82 information

453

454

456

457

458

459

460

461

Snooping

Configure Global Enables DHCP snooping globally, MAC-address verification, information

option; and sets the information policy

– 59 –

346

348

Page 60

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Configure VLAN Enables DHCP snooping on a VLAN

Configure Interface Sets the trust mode for an interface

Show Information Displays the DHCP Snooping binding information

Multicast

IGMP Snooping

General Enables multicast filtering; configures parameters for multicast

Multicast Router

Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router

Show Static Multicast Router Displays ports statically configured as attached to a neighboring

Show Current Multicast Router Displays ports attached to a neighboring multicast router, either

IGMP Member

Add Static Member Statically assigns multicast addresses to the selected VLAN

(Continued)

snooping

multicast router

through static or dynamic configuration

349

350

352

467

468

470

473

476

Show Static Member Shows multicast addresses statically configured on the selected VLAN

Interface

Configure VLAN Configures IGMP snooping per VLAN interface

Show VLAN Information Shows IGMP snooping settings per VLAN interface

Configure Port Configures the interface to drop IGMP query packets

Configure Trunk Configures the interface to drop IGMP query packets

Forwarding Entry Displays the current multicast groups learned through IGMP Snooping

Filter

Configure General Enables IGMP filtering for the switch

Configure Profile

Add Adds IGMP filter profile; and sets access mode

Show Shows configured IGMP filter profiles

Add Multicast Group Range Assigns multicast groups to selected profile

Show Multicast Group Range Shows multicast groups assigned to a profile

Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action

476

478

483

484

489

490

492

Statistics

Show Query Statistics Shows statistics for query-related messages

Show VLAN Statistics Shows statistics for protocol messages, number of active groups

– 60 –

485

Page 61

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu

Menu Description Page

Show Port Statistics Shows statistics for protocol messages, number of active groups

Show Trunk Statistics Shows statistics for protocol messages, number of active groups

MLD Snooping

General Enables multicast filtering; configures parameters for IPv6 multicast

Interface Configures Immediate Leave status for a VLAN

Multicast Router

Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router

Show Static Multicast Router Displays ports statically configured as attached to a neighboring

Show Current Multicast Router Displays ports attached to a neighboring multicast router, either

MLD Member

Add Static Member Statically assigns multicast addresses to the selected VLAN

Show Static Member Shows multicast addresses statically configured on the selected VLAN

(Continued)

snooping

multicast router

through static or dynamic configuration

485

494

496

498

Show Current Member Shows multicast addresses associated with the selected VLAN, either

through static or dynamic configuration

Group Information Displays known multicast groups, member ports, the means by which

each group was learned, and the corresponding source list

MVR Multicast VLAN Registration

Configure Global Configures proxy switching and robustness value

Configure Domain Enables MVR for a domain, sets the MVR VLAN, forwarding priority, and

upstream source IP

Configure Profile

Add Configures multicast stream addresses

Show Shows multicast stream addresses

Associate Profile

Add Maps an address profile to a domain

Show Shows addresses profile to domain mapping

Configure Interface Configures MVR interface type and immediate leave mode; also displays

MVR operational and active status

Configure Static Group Member

Add Statically assigns MVR multicast streams to an interface

498

502

504

506

507

510

512

Show Shows MVR multicast streams assigned to an interface

Show Member Shows the multicast groups assigned to an MVR VLAN, and the source

address of the multicast services

– 61 –

512

514

Page 62

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Show Statistics

Show Query Statistics Shows statistics for query-related messages

Show VLAN Statistics Shows statistics for protocol messages and number of active groups

Show Port Statistics Shows statistics for protocol messages and number of active groups

Show Trunk Statistics Shows statistics for protocol messages and number of active groups

* ECS4210-12P, ECS4210-28P

515

– 62 –

Page 63

Section II

Web Configuration

This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser.

This section includes these chapters:

◆ “Basic Management Tasks” on page 65

◆ “Interface Configuration” on page 95

◆ “VLAN Configuration” on page 135

◆ “Address Table Settings” on page 165

◆ “Spanning Tree Algorithm” on page 179

◆ “Congestion Control” on page 203

◆ “Class of Service” on page 213

◆ “Quality of Service” on page 227

◆ “VoIP Traffic Configuration” on page 243

◆ “Security Measures” on page 249

◆ “Basic Administration Protocols” on page 355

◆ “IP Configuration” on page 427

◆ “IP Services” on page 453

◆ “Multicast Filtering” on page 467

– 63 –

Page 64

Section II

| Web Configuration

– 64 –

Page 65

3 Basic Management Tasks

This chapter describes the following topics:

◆ Displaying System Information – Provides basic system description, including

contact information.

◆ Displaying Hardware/Software Versions – Shows the hardware version, power

status, and firmware versions

◆ Configuring Support for Jumbo Frames – Enables support for jumbo frames.

◆ Displaying Bridge Extension Capabilities – Shows the bridge extension

parameters.

◆ Managing System Files – Describes how to upgrade operating software or

configuration files, and set the system start-up files.

◆ Setting the System Clock – Sets the current time manually or through specified

SNTP servers.

◆ Configuring the Console Port – Sets console port connection parameters.

◆ Configuring Telnet Settings – Sets Telnet connection parameters.

◆ Displaying CPU Utilization – Displays information on CPU utilization.

◆ Displaying Memory Utilization – Shows memory utilization parameters.

◆ Resetting the System – Restarts the switch immediately, at a specified time,

after a specified delay, or at a periodic interval.

– 65 –

Page 66

Chapter 3

Displaying System Information

| Basic Management Tasks

Displaying System Information

Use the System > General page to identify the system by displaying information such as the device name, location and contact information.

Parameters

These parameters are displayed:

◆ System Description – Brief description of device type.

◆ System Object ID – MIB II object ID for switch’s network management

subsystem. (ECS4210-12P: 1.3.6.1.4.1.259.10.1.42.104, ECS4210-12T: 1.3.6.1.4.1.259.10.1.42.103, ECS4210-28T: 1.3.6.1.4.1.259.10.1.42.101, ECS4210-28P: 1.3.6.1.4.1.259.10.1.42.102)

◆ System Up Time – Length of time the management agent has been up.

◆ System Name – Name assigned to the switch system.

◆ System Location – Specifies the system location.

◆ System Contact – Administrator responsible for the system.

◆ System EEE – Enables or disables Energy Efficient Ethernet. When supported

by devices on both ends of a link, each side of the link can disable portions of system functionality and save power during periods of low link utilization. Support for EEE is advertised during link-up auto-negotiation.

Web Interface

To configure general system information:

1. Click System, General.

2. Specify the system name, location, and contact information for the system

administrator.

3. Click Apply.

– 66 –

Page 67

Figure 3: System Information

Displaying Hardware/Software Versions

Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system.

Chapter 3

Displaying Hardware/Software Versions

| Basic Management Tasks

Parameters

The following parameters are displayed:

Main Board Information

◆ Serial Number – The serial number of the switch.

◆ Number of Ports – Number of built-in ports.

◆ Hardware Version – Hardware version of the main board.

◆ Internal Power Status – Displays the status of the internal power supply.

Management Software Information

◆ Role – Shows that this switch is operating as Master or Slave.

◆ EPLD Version – Version number of Erasable Programmable Logic Device.

◆ Loader Version – Version number of loader code.

◆ Diagnostics Code Version – Version of Power-On Self-Test (POST) and boot

code.

◆ Operation Code Version – Version number of runtime code.

– 67 –

Page 68

Chapter 3

Configuring Support for Jumbo Frames

| Basic Management Tasks

Web Interface

To view hardware and software version information.

1. Click System, then Switch.

Figure 4: General Switch Information

Configuring Support for Jumbo Frames

Use the System > Capability page to configure support for Layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.

Usage Guidelines

To use jumbo frames, both the source and destination end nodes (such as a computer or server) must support this feature. Also, when the connection is operating at full duplex, all switches in the network between the two end nodes must be able to accept the extended frame size. And for half-duplex connections, all devices in the collision domain would need to support jumbo frames.

Parameters

The following parameters are displayed:

◆ Jumbo Frame – Configures support for jumbo frames. (Default: Disabled)

– 68 –

Page 69

Chapter 3

Displaying Bridge Extension Capabilities

Web Interface

To configure support for jumbo frames:

1. Click System, then Capability.

2. Enable or disable support for jumbo frames.

3. Click Apply.

Figure 5: Configuring Support for Jumbo Frames

| Basic Management Tasks

Displaying Bridge Extension Capabilities

Use the System > Capability page to display settings based on the Bridge MIB. The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.

Parameters

The following parameters are displayed:

◆ Extended Multicast Filtering Services – This switch does not support the

filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).

◆ Traffic Classes – This switch provides mapping of user priorities to multiple

traffic classes. (Refer to “Class of Service” on page 213.)

◆ Static Entry Individual Port – This switch allows static filtering for unicast and

multicast addresses. (Refer to “Setting Static Addresses” on page 165.)

◆ VLAN Version Number – Based on IEEE 802.1Q, “1” indicates Bridges that

support only single spanning tree (SST) operation, and “2” indicates Bridges that support multiple spanning tree (MST) operation.

◆ VLAN Learning – This switch uses Independent VLAN Learning (IVL), where

each port maintains its own filtering database.

◆ Local VLAN Capable – This switch does not support multiple local bridges

outside of the scope of 802.1Q defined VLANs.

– 69 –

Page 70

Chapter 3

Displaying Bridge Extension Capabilities

| Basic Management Tasks

◆ Configurable PVID Tagging – This switch allows you to override the default

Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 135.)

◆ Max Supported VLAN Numbers – The maximum number of VLANs supported

on this switch.

◆ Max Supported VLAN ID – The maximum configurable VLAN identifier

supported on this switch.

◆ GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices

to register end stations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering.

Web Interface

To view Bridge Extension information:

1. Click System, then Capability.

Figure 6: Displaying Bridge Extension Configuration

– 70 –

Page 71

Managing System Files

This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files.

Chapter 3

| Basic Management Tasks

Managing System Files

Copying Files via FTP/

TFTP or HTTP

Use the System > File (Copy) page to upload/download firmware or configuration settings using FTP, TFTP or HTTP. By backing up a file to an FTP/TFTP server or management station, that file can later be downloaded to the switch to restore operation. Specify the method of file transfer, along with the file type and file names as required.

You can also set the switch to use new firmware or configuration settings without overwriting the current version. Just download the file using a different name from the current version, and then set the new file as the startup file.

Command Usage

When logging into an FTP server, the interface prompts for a user name and password configured on the remote server. Note that “Anonymous” is set as the default user name.

Parameters

The following parameters are displayed:

◆ Copy Type – The firmware copy operation includes these options:

■

FTP Upgrade – Copies a file from an FTP server to the switch.

■

FTP Download – Copies a file from the switch to an FTP server.

■

HTTP Upgrade – Copies a file from a management station to the switch.

■

HTTP Download – Copies a file from the switch to a management station

■

TFTP Upgrade – Copies a file from a TFTP server to the switch.

■

TFTP Download – Copies a file from the switch to a TFTP server.

◆ FTP/TFTP Server IP Address – The IP address of an FTP/TFTP server.

◆ User Name – The user name for FTP server access.

◆ Password – The password for FTP server access.

◆ File Type – Specify Operation Code or Loader.

◆ File Name –

The file name should not contain slashes (\ or /),

the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the switch or 128 characters for files on the server. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

– 71 –

Page 72

Chapter 3

Managing System Files

| Basic Management Tasks

Note:

Up to two copies of the system software (i.e., the runtime firmware) can be

stored in the file directory on the switch.

Note:

The maximum number of user-defined configuration files is limited only by

available flash memory space.

Note:

The file “Factory_Default_Config.cfg” can be copied to a TFTP server or management station, but cannot be used as the destination file name on the switch.

Web Interface

To copy firmware files:

1. Click System, then File.

2. Select Copy from the Action list.

3. Select FTP Upgrade, HTTP Upgrade, or TFTP Upgrade as the file transfer

method.

4. If FTP or TFTP Upgrade is used, enter the IP address of the file server.

5. If FTP Upgrade is used, enter the user name and password for your account on

the FTP server.

6. Set the file type to Operation Code or Loader.

7. Enter the name of the file to download.

8. Select a file on the switch to overwrite or specify a new file name.

9. Then click Apply.

Figure 7: Copy Firmware

If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu.

– 72 –

Page 73

Chapter 3

| Basic Management Tasks

Managing System Files

Saving the Running

Configuration to a

Local File

Use the System > File (Copy) page to save the current configuration settings to a local file on the switch. The configuration settings are not automatically saved by the system for subsequent use when the switch is rebooted. You must save these settings to the current startup file, or to another file which can be subsequently set as the startup file.

Parameters

The following parameters are displayed:

◆ Copy Type – The copy operation includes this option:

■

Running-Config – Copies the current configuration settings to a local file on the switch.

◆ Destination File Name – Copy to the currently designated startup file, or to a

new file.

The file name should not contain slashes (\ or /),

the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note:

The maximum number of user-defined configuration files is limited only by

available flash memory space.

Web Interface

To save the running configuration file:

1. Click System, then File.

2. Select Copy from the Action list.

3. Select Running-Config from the Copy Type list.

4. Select the current startup file on the switch to overwrite or specify a new file

name.

5. Then click Apply.

Figure 8: Saving the Running Configuration

– 73 –

Page 74

Chapter 3

Managing System Files

| Basic Management Tasks

If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu.

Setting The

Start-Up File

Use the System > File (Set Start-Up) page to specify the firmware or configuration file to use for system initialization.

Web Interface

To set a file to use for system initialization:

1. Click System, then File.

2. Select Set Start-Up from the Action list.

3. Mark the operation code or configuration file to be used at startup

4. Then click Apply.

Figure 9: Setting Start-Up Files

To start using the new firmware or configuration settings, reboot the system via the System > Reset menu.

Showing System Files Use the System > File (Show) page to show the files in the system directory, or to

delete a file.

Note:

Files designated for start-up, and the Factory_Default_Config.cfg file, cannot

be deleted.

Web Interface

To show the system files:

1. Click System, then File.

2. Select Show from the Action list.

– 74 –

Page 75

Chapter 3

3. To delete a file, mark it in the File List and click Delete.

Figure 10: Displaying System Files

| Basic Management Tasks

Managing System Files

Automatic Operation

Code Upgrade

Use the System > File (Automatic Operation Code Upgrade) page to automatically download an operation code file when a file newer than the currently installed one is discovered on the file server. After the file is transferred from the server and successfully written to the file system, it is automatically set as the startup file, and the switch is rebooted.

Usage Guidelines

◆ If this feature is enabled, the switch searches the defined URL once during the

bootup sequence.

◆ FTP (port 21) and TFTP (port 69) are both supported. Note that the TCP/UDP

port bindings cannot be modified to support servers listening on non-standard ports.

◆ The host portion of the upgrade file location URL must be a valid IPv4 IP

address. DNS host names are not recognized. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.

◆ The path to the directory must also be defined. If the file is stored in the root

directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp://

192.168.0.1/).

◆ The file name must not be included in the upgrade file location URL. The file

name of the code stored on the remote server must be ECS4210-Series.bix (using upper case and lower case letters exactly as indicated here). Enter the file name for other switches described in this manual exactly as shown on the web interface.

◆ The FTP connection is made with PASV mode enabled. PASV mode is needed to

traverse some fire walls, even if FTP traffic is not blocked. PASV mode cannot be disabled.

◆ The switch-based search function is case-insensitive in that it will accept a file

name in upper or lower case (i.e., the switch will accept ECS4210-SERIES.BIX

– 75 –

Page 76

Chapter 3

Managing System Files

| Basic Management Tasks

from the server even though ECS4210-SERIES.bix was requested). However, keep in mind that the file systems of many operating systems such as Unix and most Unix-like systems (FreeBSD, NetBSD, OpenBSD, and most Linux distributions, etc.) are case-sensitive, meaning that two files in the same directory, ecs4210-series.bix and ECS4210-SERIES.bix are considered to be unique files. Thus, if the upgrade file is stored as ECS4210-SERIES.bix on a case- sensitive server, then the switch (requesting ecs4210-series.bix) will not be upgraded because the server does not recognize the requested file name and the stored file name as being equal. A notable exception in the list of casesensitive Unix-like operating systems is Mac OS X, which by default is caseinsensitive. Please check the documentation for your server’s operating system if you are unsure of its file system’s behavior.

◆ Note that the switch itself does not distinguish between upper and lower-case

file names, and only checks to see if the file stored on the server is more recent than the current runtime image.

◆ If two operation code image files are already stored on the switch’s file system,

then the non-startup image is deleted before the upgrade image is transferred.

◆ The automatic upgrade process will take place in the background without

impeding normal operations (data switching, etc.) of the switch.

◆ During the automatic search and transfer process, the administrator cannot

transfer or update another operation code image, configuration file, public key, or HTTPS certificate (i.e., no other concurrent file management operations are possible).

◆ The upgrade operation code image is set as the startup image after it has been

successfully written to the file system.

◆ The switch will send an SNMP trap and make a log entry upon all upgrade

successes and failures.

◆ The switch will immediately restart after the upgrade file is successfully written

to the file system and set as the startup image.

Parameters

The following parameters are displayed:

◆ Automatic Opcode Upgrade – Enables the switch to search for an upgraded

operation code file during the switch bootup process. (Default: Disabled)

◆ Automatic Upgrade Location URL – Defines where the switch should search

for the operation code upgrade file. The last character of this URL must be a forward slash (“/”). The ECS4210-Series.bix filename must not be included since it is automatically appended by the switch. (Options: ftp, tftp)

– 76 –

Page 77

Chapter 3

| Basic Management Tasks

Managing System Files

The following syntax must be observed:

tftp://host[/filedir]/

■

tftp:// – Defines TFTP protocol for the server connection.

■

host – Defines the IP address of the TFTP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. DNS host names are not recognized.

■

filedir – Defines the directory, relative to the TFTP server root, where the upgrade file can be found. Nested directory structures are accepted. The directory name must be separated from the host, and in nested directory structures, from the parent directory, with a prepended forward slash “/”.

■

/ – The forward slash must be the last character of the URL.

ftp://[username[:password@]]host[/filedir]/

■

ftp:// – Defines FTP protocol for the server connection.

■

username – Defines the user name for the FTP connection. If the user name is omitted, then “anonymous” is the assumed user name for the connection.

■

password – Defines the password for the FTP connection. To differentiate the password from the user name and host portions of the URL, a colon (:) must precede the password, and an “at” symbol (@), must follow the password. If the password is omitted, then “” (an empty string) is the assumed password for the connection.

■

host – Defines the IP address of the FTP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. DNS host names are not recognized.

■

filedir – Defines the directory, relative to the FTP server root, where the upgrade file can be found. Nested directory structures are accepted. The directory name must be separated from the host, and in nested directory structures, from the parent directory, with a prepended forward slash “/”.

■

/ – The forward slash must be the last character of the URL.

Examples

The following examples demonstrate the URL syntax for a TFTP server at IP address 192.168.0.1 with the operation code image stored in various locations:

■

tftp://192.168.0.1/

The image file is in the TFTP root directory.

■

tftp://192.168.0.1/switch-opcode/

The image file is in the “switch-opcode” directory, relative to the TFTP root.

– 77 –

Page 78

Chapter 3

Managing System Files

| Basic Management Tasks

■

tftp://192.168.0.1/switches/opcode/

The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the TFTP root.

The following examples demonstrate the URL syntax for an FTP server at IP address 192.168.0.1 with various user name, password and file location options presented:

■

ftp://192.168.0.1/

The user name and password are empty, so “anonymous” will be the user name and the password will be blank. The image file is in the FTP root directory.

■

ftp://switches:upgrade@192.168.0.1/

The user name is “switches” and the password is “upgrade”. The image file is in the FTP root.

■

ftp://switches:upgrade@192.168.0.1/switches/opcode/

The user name is “switches” and the password is “upgrade”. The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the FTP root.

Web Interface

To configure automatic code upgrade:

1. Click System, then File.

2. Select Automatic Operation Code Upgrade from the Action list.

3. Mark the check box to enable Automatic Opcode Upgrade.

4. Enter the URL of the FTP or TFTP server, and the path and directory containing

the operation code.

5. Click Apply.

Figure 11: Configuring Automatic Code Upgrade

– 78 –

Page 79

If a new image is found at the specified location, the following type of messages will be displayed during bootup.

. . .

Automatic Upgrade is looking for a new image New image detected: current version 1.0.1.5; new version 1.1.2.0 Image upgrade in progress The switch will restart after upgrade succeeds Downloading new image Flash programming started Flash programming completed The switch will now restart .

. .

Setting the System Clock

Chapter 3

| Basic Management Tasks

Setting the System Clock

Setting the Time

Manually

Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock. If the clock is not set manually or via SNTP, the switch will only record the time from the factory default set at the last bootup.

When the SNTP client is enabled, the switch periodically sends a request for a time update to a configured time server. You can configure up to three time server IP addresses. The switch will attempt to poll each server in the configured sequence.

Use the System > Time (Configure General - Manually) page to set the system time on the switch manually without using SNTP.

Parameters

The following parameters are displayed:

◆ Current Time – Shows the current time set on the switch.

◆ Hours – Sets the hour. (Range: 0-23)

◆ Minutes – Sets the minute value. (Range: 0-59)

◆ Seconds – Sets the second value. (Range: 0-59)

◆ Month – Sets the month. (Range: 1-12)

◆ Day – Sets the day of the month. (Range: 1-31)

◆ Ye a r – Sets the year. (Range: 1970-2037)

– 79 –

Page 80

Chapter 3

Setting the System Clock

| Basic Management Tasks

Web Interface

To manually set the system clock:

1. Click System, then Time.

2. Select Configure General from the Step list.

3. Select Manually from the Maintain Type list.

4. Enter the time and date in the appropriate fields.

5. Click Apply

Figure 12: Manually Setting the System Clock

Setting the SNTP

Polling Interval

Use the System > Time (Configure General - SNTP) page to set the polling interval at which the switch will query the specified time servers.

Parameters

The following parameters are displayed:

◆ Current Time – Shows the current time set on the switch.

◆ SNTP Polling Interval – Sets the interval between sending requests for a time

update from a time server. (Range: 16-16384 seconds; Default: 16 seconds)

Web Interface

To set the polling interval for SNTP:

1. Click System, then Time.

2. Select Configure General from the Action list.

3. Select SNTP from the Maintain Type list.

4. Modify the polling interval if required.

– 80 –

Page 81

Chapter 3

| Basic Management Tasks

Setting the System Clock

5. Click Apply

Figure 13: Setting the Polling Interval for SNTP

Configuring NTP Use the System > Time (Configure General - NTP) page to configure NTP

authentication and show the polling interval at which the switch will query the specified time servers.

Parameters

The following parameters are displayed:

◆ Current Time – Shows the current time set on the switch.

◆ Authentication Status – Enables authentication for time requests and updates

between the switch and NTP servers. (Default: Disabled)

You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients. The key numbers and key values must match on both the server and client.

◆ Polling Interval – Shows the interval between sending requests for a time

update from NTP servers. (Fixed: 1024 seconds)

Web Interface

To set the clock maintenance type to NTP:

1. Click System, then Time.

2. Select Configure General from the Step list.

3. Select NTP from the Maintain Type list.

4. Enable authentication if required.

5. Click Apply

– 81 –

Page 82

Chapter 3

Setting the System Clock

| Basic Management Tasks

Figure 14: Configuring NTP

Configuring Time

Servers

Use the System > Time (Configure Time Server) pages to specify the IP address for NTP/SNTP time servers, or to set the authentication key for NTP time servers.

Specifying SNTP Time Servers

Use the System > Time (Configure Time Server) page to specify the IP address for up to three SNTP time servers.

Parameters

The following parameters are displayed:

◆ SNTP Server IP Address – Sets the IPv4 or IPv6 address for up to three time

servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.

Web Interface

To set the SNTP time servers:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Enter the IP address of up to three time servers.

4. Click Apply.

Figure 15: Specifying SNTP Time Servers

– 82 –

Page 83

Chapter 3

| Basic Management Tasks

Setting the System Clock

Specifying NTP Time Servers

Use the System > Time (Configure Time Server – Add NTP Server) page to add the IP address for up to 50 NTP time servers.

Parameters

The following parameters are displayed:

◆ NTP Server IP Address – Adds the IPv4 or IPv6 address for up to 50 time

servers. The switch will poll the specified time servers for updates when the clock maintenance type is set to NTP on the System > Time (Configure General) page. It issues time synchronization requests at a fixed interval of 1024 seconds. The switch will poll all the time servers configured, the responses received are filtered and compared to determine the most reliable and accurate time update for the switch.

◆ Version – Specifies the NTP version supported by the server. (Fixed: Version 3)

◆ Authentication Key – Specifies the number of the key in the NTP

Authentication Key List to use for authentication with the configured server. NTP authentication is optional. If enabled on the System > Time (Configure General) page, you must also configure at least one key on the System > Time (Add NTP Authentication Key) page. (Range: 1-65535)

Web Interface

To add an NTP time server to the server list:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Add NTP Server from the Action list.

4. Enter the IP address of an NTP time server, and specify the index of the

authentication key if authentication is required.

5. Click Apply.

Figure 16: Adding an NTP Time Server

– 83 –

Page 84

Chapter 3

Setting the System Clock

| Basic Management Tasks

To show the list of configured NTP time servers:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Show NTP Server from the Action list.

Figure 17: Showing the NTP Time Server List

Specifying NTP Authentication Keys

Use the System > Time (Configure Time Server – Add NTP Authentication Key) page to add an entry to the authentication key list.

Parameters

The following parameters are displayed:

◆ Authentication Key – Specifies the number of the key in the NTP

Authentication Key List to use for authentication with a configured server. NTP authentication is optional. When enabled on the System > Time (Configure General) page, you must also configure at least one key on this page. Up to 255 keys can be configured on the switch. (Range: 1-65535)

◆ Key Context – An MD5 authentication key string. The key string can be up to

32 case-sensitive printable ASCII characters (no spaces).

NTP authentication key numbers and values must match on both the server and client.

Web Interface

To add an entry to NTP authentication key list:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Add NTP Authentication Key from the Action list.

4. Enter the index number and MD5 authentication key string.

5. Click Apply.

– 84 –

Page 85

Chapter 3

| Basic Management Tasks

Figure 18: Adding an NTP Authentication Key

To show the list of configured NTP authentication keys:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Show NTP Authentication Key from the Action list.

Figure 19: Showing the NTP Authentication Key List

Setting the System Clock

Setting the Time Zone Use the System > Time (Configure Time Server) page to set the time zone. SNTP

uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is west (before) or east (after) of UTC. You can choose one of the 80 predefined time zone definitions, or your can manually configure the parameters for your local time zone.

Parameters

The following parameters are displayed:

◆ Direction: Configures the time zone to be before (west of) or after (east of)

UTC.

◆ Name – Assigns a name to the time zone. (Range: 1-29 characters)

◆ Hours – The number of hours before/after UTC. The maximum value before

UTC is 12. The maximum value after UTC is 13. (Range: 0-13 hours)

◆ Minutes – The number of minutes before/after UTC. (Range: 0-59 minutes)

– 85 –

Page 86

Chapter 3

Configuring the Console Port

| Basic Management Tasks

Web Interface

To set your local time zone:

1. Click System, then Time.

2. Select Configure Time Zone from the Action list.

3. Set the offset for your time zone relative to the UTC in hours and minutes.

4. Click Apply.

Figure 20: Setting the Time Zone

Configuring the Console Port

Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password (only configurable through the CLI), time outs, and basic communication settings. Note that these parameters can be configured via the web or CLI interface.

Parameters

The following parameters are displayed:

◆ Login Timeout – Sets the interval that the system waits for a user to log into

the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 10-300 seconds; Default: 300 seconds)

◆ Exec Timeout – Sets the interval that the system waits until user input is

detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)

– 86 –

Page 87

Chapter 3

◆ Password Threshold – Sets the password intrusion threshold, which limits the

| Basic Management Tasks

Configuring the Console Port

number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 1-120; Default: 3 attempts)

◆ Silent Time – Sets the amount of time the management console is inaccessible

after the number of unsuccessful logon attempts has been exceeded. (Range: 1-65535 seconds; Default: Disabled)

◆ Data Bits – Sets the number of data bits per character that are interpreted and

generated by the console port. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits)

◆ Stop Bits – Sets the number of the stop bits transmitted per byte.

(Range: 1-2; Default: 1 stop bit)

◆ Parity – Defines the generation of a parity bit. Communication protocols

provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None)

◆ Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive

(from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600 or 115200 baud, Auto; Default: 115200)

Note:

Due to a hardware limitation, the terminal program connected to the

console port must be set to 8 data bits when using Auto baud rate detection.

Note:

The password for the console connection can only be configured through

the CLI (see the “password” command in the CLI Reference Guide).

Note:

Password checking can be enabled or disabled for logging in to the console connection (see the “login” command in the CLI Reference Guide). You can select authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch.

Web Interface

To configure parameters for the console port:

1. Click System, then Console.

2. Specify the connection parameters as required.

3. Click Apply

– 87 –

Page 88

Chapter 3

Configuring Telnet Settings

| Basic Management Tasks

Figure 21: Console Port Settings

Configuring Telnet Settings

Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password. Note that the password is only configurable through the CLI.) These parameters can be configured via the web or CLI interface.

Parameters

The following parameters are displayed:

◆ Tel n et Statu s – Enables or disables Telnet access to the switch.

(Default: Enabled)

◆ TCP Port – Sets the TCP port number for Telnet on the switch. (Range: 1-65535;

Default: 23)

◆ Max Sessions – Sets the maximum number of Telnet sessions that can

simultaneously connect to this system. (Range: 0-8; Default: 8)

A maximum of eight sessions can be concurrently opened for Telnet and Secure Shell (i.e., both Telnet and SSH share a maximum number or eight sessions).

◆ Login Timeout – Sets the interval that the system waits for a user to log into

the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 10-300 seconds; Default: 300 seconds)

◆ Exec Timeout – Sets the interval that the system waits until user input is

detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)

– 88 –

Page 89

Chapter 3

◆ Password Threshold – Sets the password intrusion threshold, which limits the

| Basic Management Tasks

Configuring Telnet Settings

◆ Silent Time – Sets the amount of time the management interface is

inaccessible after the number of unsuccessful logon attempts has been exceeded. (Range: 1-65535 seconds; Default: Disabled)

Note:

Password checking can be enabled or disabled for login to the console connection (see “login” command in the CLI Reference Guide). You can select authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch.

Web Interface

To configure parameters for the console port:

1. Click System, then Telnet.

2. Specify the connection parameters as required.

3. Click Apply

Figure 22: Telnet Connection Settings

– 89 –

Page 90

Chapter 3

Displaying CPU Utilization

| Basic Management Tasks

Displaying CPU Utilization

Use the System > CPU Utilization page to display information on CPU utilization.

Parameters

The following parameters are displayed:

◆ Time Interval – The interval at which to update the displayed utilization rate.

(Options: 1, 5, 10, 30, 60 seconds; Default: 1 second)

◆ CPU Utilization – CPU utilization over specified interval.

Web Interface

To display CPU utilization:

1. Click System, then CPU Utilization.

2. Change the update interval if required. Note that the interval is changed as

soon as a new setting is selected.

Figure 23: Displaying CPU Utilization

– 90 –

Page 91

Displaying Memory Utilization

Use the System > Memory Status page to display memory utilization parameters.

Parameters

The following parameters are displayed:

◆ Free Size – The amount of memory currently free for use.

◆ Used Size – The amount of memory allocated to active processes.

◆ Tot a l – The total amount of system memory.

Web Interface

To display memory utilization:

1. Click System, then Memory Status.

Chapter 3

Displaying Memory Utilization

| Basic Management Tasks

Resetting the System

Figure 24: Displaying Memory Utilization

Use the System > Reset menu to restart the switch immediately, at a specified time, after a specified delay, or at a periodic interval.

Command Usage

◆ This command resets the entire system.

◆ To retain all configuration information stored in non-volatile memory, click the

Save button prior to resetting the system.

◆ When the system is restarted, it will always run the Power-On Self-Test. It will

also retain all configuration information stored in non-volatile memory as described under “Saving the Running Configuration to a Local File” on page 73.

– 91 –

Page 92

Chapter 3

| Basic Management Tasks

Resetting the System

Parameters

The following parameters are displayed:

System Reload Information

◆ Reload Settings – Displays information on the next scheduled reload and

selected reload mode as shown in the following example:

“The switch will be rebooted at March 9 12:00:00 2012. Remaining Time: 0 days, 2 hours, 46 minutes, 5 seconds. Reloading switch regularly time: 12:00 everyday.”

◆ Refresh – Refreshes reload information. Changes made through the console or

to system time may need to be refreshed to display the current settings.

◆ Cancel – Cancels the current settings shown in this field.

System Reload Configuration

◆ Reset Mode – Restarts the switch immediately or at the specified time(s).

■

Immediately – Restarts the system immediately.

■

In – Specifies an interval after which to reload the switch. (The specified time must be equal to or less than 24 days.)

■

hours – The number of hours, combined with the minutes, before the switch resets. (Range: 0-576)

■

minutes – The number of minutes, combined with the hours, before the switch resets. (Range: 0-59)

■

At – Specifies a time at which to reload the switch.

■

DD - The day of the month at which to reload. (Range: 01-31)

■

MM - The month at which to reload. (Range: 01-12)

■

YYYY - The year at which to reload. (Range: 1970-2037)

■

HH - The hour at which to reload. (Range: 00-23)

■

MM - The minute at which to reload. (Range: 00-59)

■

Regularly – Specifies a periodic interval at which to reload the switch.

Time

■

HH - The hour at which to reload. (Range: 00-23)

■

MM - The minute at which to reload. (Range: 00-59)

Period

■

Daily - Every day.

■

Weekly - Day of the week at which to reload. (Range: Sunday ... Saturday)

– 92 –

Page 93

■

Monthly

Chapter 3

- Day of the month at which to reload. (Range: 1-31)

| Basic Management Tasks

Resetting the System

Web Interface

To restart the switch:

1. Click System, then Reset.

2. Select the required reload mode.

3. For any option other than to reset immediately, fill in the required parameters

4. Click Apply.

5. When prompted, confirm that you want reset the switch.

Figure 25: Restarting the Switch (Immediately)

– 93 –

Page 94

Chapter 3

Resetting the System

| Basic Management Tasks

Figure 26: Restarting the Switch (In)

Figure 27: Restarting the Switch (At)

Figure 28: Restarting the Switch (Regularly)

– 94 –

Page 95

4 Interface Configuration

This chapter describes the following topics:

◆ Port Configuration – Configures connection settings, including auto-

negotiation, or manual setting of speed, duplex mode, and flow control.

◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local

switch.

◆ Remote Port Mirroring – Configures mirroring of traffic from remote switches

for analysis at a destination port on the local switch.

◆ Displaying Statistics – Shows Interface, Etherlike, and RMON port statistics in

table or chart form.

◆ Cable Test – Tests the cable attached to a port.

Port Configuration

Configuring by

Port List

◆ Trunk Configuration – Configures static or dynamic trunks.

◆ Traffic Segmentation – Configures the uplinks and down links to a segmented

group of ports.

◆ VLAN Trunking – Configures a tunnel across one or more intermediate switches

which pass traffic for VLAN groups to which they do not belong.

This section describes how to configure port connections, mirror traffic from one port to another, and run cable diagnostics.

Use the Interface > Port > General (Configure by Port List) page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.

Command Usage

◆ Auto-negotiation must be disabled before you can configure or force an RJ-45

interface to use the Speed/Duplex mode or Flow Control options.

◆ When using auto-negotiation, the optimal settings will be negotiated between

the link partners based on their advertised capabilities. To set the speed, duplex

– 95 –

Page 96

Chapter 4

| Interface Configuration

Port Configuration

mode, or flow control under auto-negotiation, the required operation modes must be specified in the capabilities list for an interface.

◆ The 1000BASE-T standard does not support forced mode. Auto-negotiation

should always be used to establish a connection over any 1000BASE-T port or trunk. If not used, the success of the link process cannot be guaranteed when connecting to other types of switches.

◆ The Speed/Duplex mode is fixed at 1000full on the Gigabit SFP ports. When

auto-negotiation is enabled, the only attributes which can be advertised include flow control and symmetric pause frames.

Parameters

These parameters are displayed:

◆ Port – Port identifier. (Range: 1-12/28)

◆ Typ e – Indicates the port type. (1000BASE-T, 1000BASE SFP)

◆ Name – Allows you to label an interface. (Range: 1-64 characters)

◆ Admin – Allows you to manually disable an interface. You can disable an

interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also disable an interface for security reasons.

◆ Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/

disabled. When auto-negotiation is enabled, you need to specify the capabilities to be advertised. When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.The following capabilities are supported.

■

10h - Supports 10 Mbps half-duplex operation

■

10f - Supports 10 Mbps full-duplex operation

■

100h - Supports 100 Mbps half-duplex operation

■

100f - Supports 100 Mbps full-duplex operation

■

1000f - Supports 1000 Mbps full-duplex operation

■

Sym (Gigabit only) - Check this item to transmit and receive pause frames.

■

FC - Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE

802.3-2005 (formally IEEE 802.3x) for full-duplex operation.

Default: Autonegotiation enabled; Advertised capabilities for 1000BASE-T – 10half, 10full, 100half, 100full, 1000full; 1000Base-SX/LX/LH – 1000full

– 96 –

Page 97

Chapter 4

◆ Speed/Duplex – Allows you to manually set the port speed and duplex mode.

(i.e., with auto-negotiation disabled)

◆ Flow Control – Allows automatic or manual selection of flow control.

Web Interface

To configure port connection parameters:

| Interface Configuration

Port Configuration

1. Click Interface, Port, General.

2. Select Configure by Port List from the Action List.

3. Modify the required interface settings.

4. Click Apply.

Figure 29: Configuring Connections by Port List

Configuring by

Port Range

Use the Interface > Port > General (Configure by Port Range) page to enable/ disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.

For more information on command usage and a description of the parameters, refer to “Configuring by Port List” on page 95.

Web Interface

To configure port connection parameters:

1. Click Interface, Port, General.

2. Select Configure by Port Range from the Action List.

3. Enter to range of ports to which your configuration changes apply.

4. Modify the required interface settings.

– 97 –

Page 98

Chapter 4

Port Configuration

| Interface Configuration

5. Click Apply.

Figure 30: Configuring Connections by Port Range

Displaying

Connection Status

Use the Interface > Port > General (Show Information) page to display the current connection status, including link state, speed/duplex mode, flow control, and autonegotiation.

Parameters

These parameters are displayed:

◆ Port – Port identifier.

◆ Typ e – Indicates the port type. (1000Base-T, 100Base SFP or 1000Base SFP)

◆ Name – Interface label.

◆ Admin – Shows if the port is enabled or disabled.

◆ Oper Status – Indicates if the link is Up or Down.

◆ Media Type – Not applicable for this switch.

◆ Autonegotiation – Shows if auto-negotiation is enabled or disabled.

◆ Oper Speed Duplex – Shows the current speed and duplex mode.

◆ Oper Flow Control – Shows the flow control type used.

– 98 –

Page 99

Web Interface

Source port(s)

Single target port

To display port connection parameters:

1. Click Interface, Port, General.

2. Select Show Information from the Action List.

Figure 31: Displaying Port Information

Chapter 4

| Interface Configuration

Port Configuration

Configuring

Local Port Mirroring

Use the Interface > Port > Mirror page to mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.

Figure 32: Configuring Local Port Mirroring

Command Usage

◆ Traffic can be mirrored from one or more source ports to a destination port on

the same switch (local port mirroring as described in this section), or from one or more source ports on remote switches to a destination port on this switch (remote port mirroring as described in “Configuring Remote Port Mirroring” on

page 101).

◆ Monitor port speed should match or exceed source port speed, otherwise

traffic may be dropped from the monitor port.

◆ When mirroring VLAN traffic (see “Configuring VLAN Mirroring” on page 162) or

packets based on a source MAC address (see “Configuring MAC Address

– 99 –

Page 100

Chapter 4

Port Configuration

| Interface Configuration

Mirroring” on page 173), the target port cannot be set to the same target ports

as that used for port mirroring by this command.

◆ When traffic matches the rules for both port mirroring, and for mirroring of

VLAN traffic or packets based on a MAC address, the matching packets will not be sent to target port specified for port mirroring.

◆ Note that Spanning Tree BPDU packets are not mirrored to the target port.

◆ The destination port cannot be a trunk or trunk member port.

Parameters

These parameters are displayed:

◆ Source Port – The port whose traffic will be monitored.

(Range: 1-12/28)

◆ Target Port – The port that will mirror the traffic on the source port.

(Range: 1-12/28)

◆ Typ e – Allows you to select which traffic to mirror to the target port, Rx

(receive), Tx (transmit), or Both. (Default: Both)

Web Interface

To configure a local mirror session:

1. Click Interface, Port, Mirror.

2. Select Add from the Action List.

3. Specify the source port.

4. Specify the monitor port.

5. Specify the traffic type to be mirrored.

6. Click Apply.

Figure 33: Configuring Local Port Mirroring

– 100 –

Edge-Core ECS4210-12P, ECS4210-12T, ECS4210-28P, ECS4210-28T Web Management Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

How to Use This Guide

Contents

Figures

Tables

Getting Started

1 Introduction

Key Features

Description of Software Features

System Defaults

2 Using the Web Interface

Connecting to the Web Interface

Navigating the Web Browser Interface

Home Page When your web browser connects with the switch’s web agent, the home page is

Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a

Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to

Main Menu Using the onboard web agent, you can define system parameters, manage and

Web Configuration

3 Basic Management Tasks

Displaying System Information

Displaying Hardware/Software Versions

Configuring Support for Jumbo Frames

Displaying Bridge Extension Capabilities

Managing System Files

Showing System Files Use the System > File (Show) page to show the files in the system directory, or to

Setting the System Clock

Configuring NTP Use the System > Time (Configure General - NTP) page to configure NTP

Specifying SNTP Time Servers

Specifying NTP Time Servers

Specifying NTP Authentication Keys

Setting the Time Zone Use the System > Time (Configure Time Server) page to set the time zone. SNTP

Configuring the Console Port

Configuring Telnet Settings

Displaying CPU Utilization

Displaying Memory Utilization

Resetting the System

4 Interface Configuration

Port Configuration