How it Works
IP-COM
Loading...
G3210P
User Manual
138 pgs5.43 Mb0

IP-COM G3210P User Manual

Download
Copyright Statement
Copyright Statement
is the registered trademark of IP-COM Networks Co., Ltd. All the products and product names mentioned herein are the trademarks or registered trademarks of their respective holders. Copyright of the whole product as integration, including its accessories and software, belongs to IP-COM Networks Co., Ltd. No part of this publication can be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the prior written permission of IP-COM Networks Co., Ltd. If you would like to know more about our product information, please visit our website at www.ip-com.com.cn.
Disclaimer
Pictures, images and product specifications herein are for references only. To improve internal design, operational function, and/or reliability, IP-COM reserves the right to make changes to the products described in this document without obligation to notify any person or organization of such revisions or changes. IP-COM does not assume any liability that may occur due to the use or application of the product or circuit layout(s) described herein. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information and recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
Preface
Thank you for choosing IP-COM! Reading this manual will be helpful for you to configure this device.
Convention
If not specifically indicated, the switch, this product, or this device mentioned in this Install Guide stands for IP-COM 8GE+2SFP Managed PoE Switch G3210P.
Symbols in this Install Guide:
Symbol
Meaning
Note
Ignoring this type of note may result in a malfunction or damage to this device.
Tip
This format is used to highlight a procedure that will save time or resources.
Overview of this Install Guide
Chapter
Description
Chapter I Product Overview
Introduction to this switch’s package contents, physical appearance and features
Chapter II Installation
Introduction to this switch’s installation considerations and
installation procedures
Chapter III Device Management Introduction
Introduction to how to manage the switch via Web manager and fundamental operations about Web manager
Chapter IV Advanced Settings
Introduction to how to configure functions of the switch
Chapter V Appendix
Introduction to technical specifications, default settings and safety statement of the switch
Technical Support
Website: http://www.wirelessnetworkproducts.com Tel: 1.631.588.3877 Email: techs@hdcom.com
Contents
Contents
Copyright Statement ...................................................................................................................... i
Disclaimer ........................................................................................................................................ i
Preface ............................................................................................................................................. ii
Convention.......................................................................................................................................... ii
Overview of this Install Guide .......................................................................................................... ii
Technical Support .............................................................................................................................. ii
Contents ......................................................................................................................................... iii
Product Overview .......................................................................................................................... 1
Package Contents ............................................................................................................................. 2
Physical Appearance ........................................................................................................................ 2
Installation ...................................................................................................................................... 6
1 Installation Considerations ............................................................................................................ 7
2 Tools ................................................................................................................................................. 8
3 Installation ....................................................................................................................................... 8
4 Connect to Protective Grounding Cable ................................................................................... 10
5 Connect to Power Supply............................................................................................................ 11
6 Cable Connection ......................................................................................................................... 11
7 Power up the Device .................................................................................................................... 14
Device Management Introduction ............................................................................................. 15
1 Web Administration ...................................................................................................................... 16
2 Web Login ..................................................................................................................................... 16
3 Web Logout ................................................................................................................................... 18
4 Layout of Web Browser-Accessible Administrator Page ........................................................ 18
5 Commonly Used Elements on Web Browser-Accessible Administrator Page .................... 19
Advanced Settings ...................................................................................................................... 21
Administration .................................................................................................................................. 22
Port Management ............................................................................................................................ 31
VLAN Management ......................................................................................................................... 43
PoE Management ............................................................................................................................ 62
Time Range Management .............................................................................................................. 64
Device Management ....................................................................................................................... 66
Contents
QoS .................................................................................................................................................... 97
Security ........................................................................................................................................... 108
Maintenance ................................................................................................................................... 113
Logout ............................................................................................................................................. 119
Save Configurations ...................................................................................................................... 121
Appendix ..................................................................................................................................... 124
FAQs ................................................................................................................................................ 125
Technical Specifications ............................................................................................................... 125
Default Settings .............................................................................................................................. 129
Safety and Emission Statement .................................................................................................. 133
Product Overview
Package Contents
Physical Appearance
Product Overview
Package Contents
Open the package and verify the following items:
Switch (1)
Power Cord (1)
L-shaped Bracket (2)
Screw (6)
Footpad (4)
Install Guide (1)
If any item is missing or damaged, contact the place of purchase immediately.
Physical Appearance
1 Front Panel
The following parts are located on the front panel shown as below.
Reset Button With the switch powered on, pressing the Reset button for at least 5 seconds and then
releasing it, restores the switch to factory default settings. The switch will reboot automatically after reset and this process takes about 45 seconds.
While rebooting, the following will occur: All LEDs light upSYS LED is offAll LEDs are off except the Power LEDSYS is on and blinking.
LEDs The following table describes the LED designations
LED
Status
Description
Power Solid
Proper connection to power supply
Off
Improper connection to power supply or malfunction occurs.
SYS Blinking
The system is functioning properly.
Solid
The system is functioning improperly.
Off
The system is still rebooting.
Product Overview
Link/Act
Solid
A valid link is established on the corresponding RJ45 port.
Blinking
Data transmission is occurring on the corresponding RJ45 port.
Off
No link is established on the corresponding RJ45 port.
PoE/Status Solid
The PoE powered device (PD) is connected on the corresponding RJ45 port and the port is supplying power successfully.
Off
No PoE powered device (PD) connected.
SFP1&SFP2 Solid
A valid link is established or data transmission on the corresponding SFP port.
Off
No link is established on the corresponding SFP port.
RJ45 Ports This switch comes with eight 10/100/1000Mbps auto-negotiation RJ45 ports. Each port
has a corresponding Link/Act LED. Speeds and corresponding working modes of all RJ45 ports are described in the following table.
Speed
Working Mode
10Mbps (auto-negotiation)
Half/Full duplex auto-negotiation
100Mbps (auto-negotiation)
Half/Full duplex auto-negotiation
1000Mbps (auto-negotiation)
Full duplex auto-negotiation
All RJ45 ports are PoE-capable, and can connect up to eight IEEE 802.3af-compliant PDs (15.4W for each) or four IEEE 802.3at-compliant PDs (30W for each).
Tip:
As pair 1/2 and pair 3/6 are applying PoE power, it is advisable to use CAT 5 or higher UTP/STP cables. Note that Ethernet specifications limit the cable length between the switch and the attached device to 100 m (328 feet).
SFP Ports This switch comes with two 1000Mbps SFP fiber ports, accommodating a standard SFP
fiber module. SFP (Small Form-factor Pluggableis a compact, hot-pluggable transceiver mainly used
Product Overview
for implementing the switchover between fiber and electricity signals, including fiber rate control, modulation sending, signal detection, IV transformation and amplifier limiting judgment regeneration.
An optical fiber connector terminates the end of an optical fiber. The optical fiber connector (known as union), an indispensable passive device in optical fiber communication, is mainly used for detachable optical fiber connection, which is not only convenient for commissioning test and maintenance of the optical fiber system, but makes this system’s switch-over and scheduling more flexible.
G3210P only supports LC optical fiber connector as shown below:
Tip:
The optical fiber module or photoelectric converter is not included in the package and you need to prepare it by yourself.
2 Back Panel
The following parts are located on the back panel as shown below:
Power ON/OFF Used for controlling power supply of this device. Grounding Terminal Used for connecting the protective grounding cable for inductive lightning protection. As
Product Overview
for the method of connecting protective grounding cable, please refer to Connect to
Protective Grounding Cable.
Power Socket Used for connecting the included power cord for power supply.
6
Installation
Installation Considerations
Tools
Installation
Connect to Protective Grounding Cable
Connect to Power Supply
Cable Connection
Power Up the Device
Installation
7
1 Installation Considerations
To avoid any equipment damage or bodily injury caused by improper use, read the following safety recommendations before installing the switch. Note that the recommendations do not cover every possible hazardous condition.
Safety Caution
Do wear anti-static wrist straps and disable the power supply of this device while
installing this device
Use the included power cord for power supply Ensure operating power supply accords with rated input standard Ensure ventilation holes of the switch are in good condition Do not open or remove the housing of the switch Do disconnect power supply while cleaning the switch and do not use any liquid to
clean the switch
It's suggested to ground the switch to avoid strong inductive lightning. Keep the
switch away from power lines, electric lights, strong power grids, or anywhere the power grid with strong current is reachable, all for better performance.
Note:
There is an IP-COM seal on one of the screws. You should keep the seal unbroken before the technical staff maintains your switch. You should not open the housing of the device unless you get the local reseller’s permission, or you have the technical capabilities and are responsible for the results that occur because of unpermitted operation.
Site Requirements
1. Temperature & Humidity
Environment
Temperature
Humidity
Operating
-10ºC ~ 45ºC
10% ~ 90%RH (non-condensing)
Storage
-40 ~ 70
5%~90% RH (non-condensing)
2. Cleanliness Requirements In case that static electricity affects this device’s normal operation, please observe the
following guidelines:
Keep indoor environments clean and dust the switch regularly Keep the switch well-grounded for electrostatic transferring
Installation
8
3Inductive Lightning Protection In case a strong current does damage to the switch due to inductive lightning, verify that:
Power socket, rack, work bench and the grounding terminal of the switch are
well-grounded
The switch is cabled properly. When the switch is cabled outdoors, it is advisable to
use it along with the signal lightning arrester
4. Installation Site Requirements Whether you install the switch in a rack or on a flat work bench, please verify:
The rack or work bench is stable and sturdy The switch should be clean and well-ventilated. There is at least 10 centimeters free
on all sides for cooling
No articles, especially heavy articles, are placed on the switch There is more than 1.5 centimeters vertical distance free between devices that stack
up.
2 Tools
Before installing the switch, prepare the following tools:
Antistatic Gloves Phillips Screwdriver Ethernet Cable
3 Installation
The switch can be installed either in a rack or on a desktop, whatever suits your needs best.
A. Mount the switch in a rack
With the included L-shaped brackets and screws you can install it in a 19-inch standard
rack.
Step 1: Make sure the rack is well-earthed and stable Step 2: Attach the included mounting brackets to the two sides of the switch with the
included screws
Installation
9
Step 3: Insert screws through each bracket and into the rack to securely fix the switch onto the rack.
B. Mount the switch on a desktop
Without a 19-inch standard rack you can install the switch on a desktop.
Step 1: Place the switch bottom up on a flat desktop Step 2: Attach four footpads to the corresponding circular grooves on the bottom of the
switch
Installation
10
Step 3: Place the switch face up on the desktop.
4 Connect to Protective Grounding Cable
Proper connection of protective grounding cable is not only important for inductive lightning protection and anti-interference, but for your own personal safety. Please select the most suitable method to connect protective grounding cable according to your installation environment.
A. With grounding bar
Step 1: Connect one end of the protective grounding cable to the binding post on the
grounding bar. Step 2: Connect the other end of the protective grounding cable to the grounding terminal
and fix the screws.
B. Without grounding bar
With soft grounds nearby capable of direct burial of the grounding bar, follow the steps below:
Installation
11
Step 1: Bury an angle iron or steel pipe (≥0.5m) into the ground; Step 2: Weld one end of the protective grounding cable to the angle iron or steel pipe and
embalm the welding point; Step 3: Connect the other end of the protective grounding cable to the grounding terminal.
If not allowed to bury the grounding bar, you can connect it to ground through the three-core PE cable of the AC power socket on the precondition that the PE cable in the switchgear room, or beside the AC power supply transformer, is well-grounded.
5 Connect to Power Supply
Please use the included power cord for power supply.
6 Cable Connection
Connect to RJ45 Ports
Installation
12
Connect the switch to remote Ethernet devices with Ethernet cables.
Tip:
All RJ45 ports of the switch are Auto MDI/MDIX-capable, which allows you to attach devices using twisted-pair Category 5 (or higher), either straight-through or crossover, cables.
Connect to SFP Fiber Ports Step 1: Insert the SFP module into the SFP module bay.
Step 2: Insert the LC optical fiber connector of the fiber into the SFP module.
Installation
13
Connect to PDs The PoE power supply feature on all RJ45 ports is enabled by default. You can connect
IEEE 802.3at-/802.3af-compliant APs, IP telephones, IP cameras or other powered devices to the switch.
Installation
14
Tip:
The PoE power supply mode is dynamic, i.e. the switch accommodates power supply for powered devices automatically.
7 Power up the Device
Check the device thoroughly before powering up the device.
7.1 Check the Device
Before applying power supply, perform the following:
The operating power supply should accord with rated input standard The power cord and grounding cable is correctly connected All cable connections (RJ45 ports, SFP ports) are correct If cabling outside, ensure the Ethernet port lightning arrester and AC power source
lightning arrester are connected
7.2 Power up the Device
Step 1: Turn on the power switch (Power ON/OFF) on the back panel to power up the
switch.
Step 2: After being powered on, the switch will be initialized automatically. Please ensure that following will occur to the LEDs one by one:
All LEDs (Power, SYS, PoE/Status, Link/Act, SFP1, SFP2) will light up for
self-checking.
SYS LED is off. All LEDs are off except the Power LED. After restart, the Power LED lights up, SYS LED is blinking, corresponding Link/Act
LED or SFP1/SFP2 LED is on or blinking and corresponding PoE/Status LED lights up.
Device Management
Introduction
Web Administration
Web Login
Web Logout
Layout of Web Browser-Accessible Administrator Page
Commonly Used Elements on Web Browser-Accessible Administrator Page
Device Management Introduction
1 Web Administration
This switch comes with the web administration feature, which helps you manage and maintain this switch intuitively via its web browser-accessible administrator page. The network topology of application scenario is shown below:
2 Web Login
The first time you use this device, you can log in to its web browser-accessible administrator page with following default login info.
Login Info
Default Settings
User Name
admin
Password
admin
IP Address
192.168.0.1
Web Login:
1 Connect the PC to an RJ45 port of the switch using an Ethernet cable.
2 Configure your PC’s IP, which should be in the same network segment but
different from the switch’s management IP. The default management IP of the
switch is 192.168.0.1, so you can set your PC’s IP to Use the following IP
address: IP address: 192.168.0.X (where X can be any number between 2 and
254); subnet mask: 255.255.255.0.
Device Management Introduction
3 Launch a web browser, input 192.168.0.1 in the address bar and press Enter. 4 Enter the default user name admin and default password admin, and click Login.
5 Go to the web browser-accessible administrator page to view or modify the
switch’s configuration info.
Device Management Introduction
3 Web Logout
Directly closing your web browser or clicking Logout exits the web browser-accessible administrator page. Configurations wont be saved automatically while logging out. It is advisable to save your configurations manually before logout.
Note:
Closing the web browser tab wont log out automatically.
4 Layout of Web Browser-Accessible Administrator Page
The Web browser-accessible administrator page can be divided into two parts: navigation bar and the configuration section.
Note:
Only web administration features that the switch supports will be displayed on the
navigation bars. Please refer to the actual software of your switch.
If features or parameters on the web browser-accessible administration page display
grey, they are not configurable.
Device Management Introduction
Sequence
Number
Name
Description
Navigation Bar
The navigation bar presents web administration functions to you in the form of navigation tree. This section allows you to select function menus here.
Configuration Section
This section allows you to configure and view settings here.
5 Commonly Used Elements on Web Browser-Accessible Administrator Page
Port Graphical Status Overview:
Commonly Used Elements
Description
Indicates this is an RJ45 port.
Indicates this is an SFP port.
Indicates a link has been established on this port.
Indicates this port can be chosen and configured.
Indicates this port has been chosen.
Indicates this port cannot be chosen and configured.
Commonly Used Buttons:
Commonly Used Elements
Description
Used for refreshing displayed contents on the current page.
Used for adding a new rule.
Used for adding a new rule.
Used for batch configuring a certain functions settings
Device Management Introduction
Used for canceling your settings on the current page and to go back to the previous page.
Used for deleting all rules on the page.
Used for deleting selected rules on the page.
Used for looking up rules which match the search criteria.
Used for clearing all statistics on the current page.
Used for exporting logging files of the switch.
Used for restoring all configurations of the switch to factory default values.
Used for restarting the switch.
Click it to acquire more help information.
Used for saving configurations on the page. Once the switch reboots, configurations saved, merely by clicking this button, will be lost.
Used for saving all configurations for the switch. When the switch reboots, configurations saved by clicking this button will not be lost.
Used for exporting configurations for the switch and saving these configurations to the local computer.
Used for restoring configurations which have been exported to the switch.
Used for upgrading the software version for the switch.
Used for selecting the file while upgrading or restoring the switch.
Device Management Introduction
Advanced Settings
Administration
Port Management
VLAN Management
PoE Management
Time Range Management
Device Management
QoS
Security
Maintenance
Logout
Save Configurations
Advanced Settings
Administration
This section helps you view and configure basic info for the switch and instructs you how to use system maintenance tools. Specifically, the following two parts are included:
System Configuration: This section describes how to configure switch system info/time,
reboot the switch, reset the switch and upgrade the software version of the switch.
System Security: This section describes how you can prevent non-administrators from
modifying configuration info, which ensures administration security for the switch.
1 System Configuration
System Configuration includes the following five parts: System Info, System Time,
Reset, Reboot and Firmware Updates.
1.1 System Info
Click Administration to enter the page below which displays connection status of the currently connected port and the system info.
Parameters on this page are described below:
Field
Description
Port Status
Displays all ports’ connection status. When it is filled with the green color, a link has been established on
this port. When it is filled with no color, no link is established on this port.
Advanced Settings
Firmware Version
Display the switch’s software version and release date.
Hardware Version
Display the switch’s hardware version. MAC Address
Display the switch’s physical address.
Management VLAN
Management 802.1Q VLAN ID of the switch (default: 1). If you want to change the management VLAN, click VLAN
Management > VLAN Configuration to create a management VLAN first. At this time, if you want to access the switch you need to reconnect to a certain port in the new management VLAN. (Note: only when this ports PVID is the same with its management VLAN can you have an access for the Internet).
Tip:
Only in 802.1Q VLAN mode, can this parameter be configurable.
System Name
By default, the system name is G3210P_EN. It is suggested to configure a designated name for the switch so that you can locate it quickly when you manage it in your network.
DHCP
Enable/Disable the DHCP server on the switch. Enable: In this status, the switch will obtain an (management) IP
address, subnet mask and gateway automatically and you can view the IP from DHCP clients list and use it to log in to the switch via Http or Telnet.
Disable: In this status, you need to configure the switchs IP address, subnet mask, and gateway manually.
IP Address
You can view and modify the switchs IP address here when the DHCP server is disabled. The default value is 192.168.0.1.
This IP address is also the management IP address of the switch. You can use it to log in to the switch via Http or Telnet.
Subnet Mask
You can view and modify the switchs subnet mask here when the DHCP server is disabled. The default value is 255.255.255.0.
Gateway
You can view and modify the switch’s default gateway here when the DHCP server is disabled.
Advanced Settings
MAC Age
Aging time of the switch’s dynamic MAC address (10~1000000s). The default value is 300s. When it is set to 0, MAC address wont be aged.
Tip:
This switch maintains an independent MAC address (forwarding) table for each VLAN.
1.2 System Time
This page displays and allows you to configure system time for the switch. Two methods are available here:
Acquire System Time via SNTP Server
The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Simple Network Time Protocol (SNTP) is another less complex implementation of NTP. It synchronizes time between time servers and clients so that clock-dependent devices on the network can consistently provide diverse time based applications.
Note:
If you want to acquire system time via SNTP server, you need to have an access to the Internet. Method: click Administration > System Configuration > System Info to configure proper IP address, subnet mask and gateway for the switch.
Set Time & Date Manually
Click Administration > System Configuration > System Time to enter page below and you can configure system time manually for the switch.
Advanced Settings
Configuration steps for acquiring system time via SNTP server:
1 Select a time zone from the Time Zone drop-down list; 2 Select Server Setup; 3 Enter proper SNTP server IP addresses in the Preferred / Alternate SNTP
Server field;
4 Enter the automatic update interval in the Update Interval field within a valid
range of 30 to 99999 seconds. The default value is 30s. Once configured, the switch will synchronize with the SNTP server accordingly;
5 Click OK.
Configuration steps for setting system time manually:
1 Select a time zone from the Time Zone drop-down list; 2 Select Set Time & Date Manually;
Advanced Settings
3 Set proper date and time manually; 4 Click OK.
When system time is configured successfully, you can view Current Time on this page to check whether your time settings are activated or not.
1.3 Reset
If you forgot your login info, like username/password or management VLAN, etc. or if you have a problem in surfing the Internet but cannot find out where the problem is, it is advisable to reset this device.
Reset the device by the hardware button:
1 When the device is functioning properly, press the Reset button on the front panel
of the device for at least 5 seconds and then release it
2 Wait for 45 seconds until the device restarts
Reset the device via web browser-accessible administrator page
1 Log in to this devices web browser-accessible administrator page; 2 Click Administrator > System Configuration > Reset to enter the Reset page;
Advanced Settings
3 Click Reset and then follow onscreen instructions.
Tip:
After resetting this device, the management VLAN of the switch will be set to 1, the default login IP address is 192.168.0.1 and the default login username and password will be admin for both.
1.4 Reboot
Rebooting the switch can release some caches so that the switch can work with high performance. And in some cases, if system halt occurs or you are unable to log in to its web browser-accessible administrator page, rebooting the switch may help you out. Click
Administration > System Configuration > Reboot to enter page below:
Note:
After reboot, configurations saved merely by clicking OK will be lost. If you do not
want to lose your configurations after reboot, please click Save Configurations > Save to save your configurations first.
Operations such as powering up the switch after disconnecting its power supply,
resetting the switch, upgrading the switch, etc., will reboot this device.
1.5 Firmware Update
You can access the latest firmware updates at www.wirelessnetworkproducts.com. Download the latest software for upgrading, acquiring more value-added functions, and better performance for your switch.
Note:
While upgrading, do not cut off power supply of the switch, otherwise you may do damage to the switch! If sudden power failure occurs, please re-upgrade it; if sudden power failure occurs and you are unable to access the web browser-accessible administrator page, please contact our tech support.
Advanced Settings
Upgrading Procedures:
1 Log in to our website www.wirelessnetworkproducts.com to download the latest
software to your local computer;
2 Click Administration > System Configuration > Firmware Update to enter
page below:
3 Click Browse to select the software file you wish to upload from your local
computer; 4 Click Update to confirm your upgrading; 5 Wait for about 2 minutes until the prompt message Update OK appears. This
indicates the upgrading completed successfully.
2 System Security
Click Administration > System Security to manage access control for the switch.
Advanced Settings
Parameters on this page are described below:
Field
Description
Login Timeout
This field specifies how long the web manager is allowed to remain idle. When reaching the set time, the web manager will return to login window. The Login Timeout can be set to any value between 30 and 3600 seconds. The default setting is 300 seconds.
User Name
User name used for logging in to the switch via http or telnet.
Access Mode
Specify an access right for a corresponding user: Administrator: Has absolute rights to view and configure the
switch's settings and system info. Only one administrator is allowed to be configured. By default, an administrator admin already exists. You can’t add an additional administrator and delete or modify the existing administrator admin, but you can modify its login password.
Technician: Has the right to view and config switch's settings, except for “Firmware Update”, “User”, “Reset”, “Reboot” settings. Up to 5 technicians can be configured.
User: Has the right to view the switch's current settings but no right to manage/config them. Up to 10 users can be configured.
Telnet
Enable/Disable Telnet management. When enabled, you can manage the switch via Telnet. It is enabled by default.
Procedures for modifying password for the user name admin:
1 Click the user name admin;
2 Enter the new password in the New Password field; 3 Enter your password again in the Confirm Password field to confirm your
modification;
Advanced Settings
4 Click OK.
Once youve changed your password, the next time you log in to the switch remember to use the new password. If you forget the password, pressing the Reset button for over 5 seconds and releasing it will restore the device to its factory default and your login password will be the default admin.
Procedures for adding non-administrators:
1 Click Add;
2 Customize a user name in the User Name field 3 Select user or technician from the Access Mode drop-down list 4 Customize a password in the Password field 5 Enter your password again in the Confirm Password field to confirm your
password 6 Click OK.
Advanced Settings
Port Management
This section details packets forwarding on all ports. The following two parts are included:
Port Configuration: This section allows you to configure basic properties for all ports and
port mirroring. And you can also view port statistics here.
Link Aggregation: This section helps you increase link bandwidth and provides
redundancy backup for the switch.
1 Port Configuration
Port Setup, Port Mirroring and Port Statistics are included in this section.
1.1 Port Setup
Click Port Management > Port Configuration > Port Setup to enter page below to configure properties for all ports.
To configure properties for a certain port, click the corresponding port to enter the corresponding configuration page.
To batch configure port properties, click Config to enter the configuration page.
Advanced Settings
Parameters on this page are described below:
Field
Description
Link Status
Display actual link rates and duplex modes on corresponding ports. "--" is displayed if a port is not linked or link failure occurs.
Speed/Duplex
Three types of duplex modes are available on RJ45 ports: 10M, 100M, 1000M. 10M/100M: half duplex (HDX) and full duplex (FDX); 1000M: full duplex (FDX). Only one duplex mode is available on SFP ports: 1000M full duplex. You can select different duplex modes as you need.
If you want the port to send and receive packets concurrently
you can set this port to work in full duplex mode.
If you want the port to either send or receive packets you can
set this port to work in half duplex mode.
When you set the port to work in auto mode the duplex status
of the port will be determined via auto-negotiation.
By default, the speed/duplex mode for all ports is auto-negotiation.
Advanced Settings
Flow Control
With flow control enabled on both the switch and its link partner and full duplex mode enabled on the port, when congestion occurs the port will send flow control frames to notify the link partner of such. Upon receiving such frames, the link partner will temporarily stop sending packets to the switch, thus avoiding packets drop and ensuring a reliable network. Meanwhile, if a certain port receives Pause frame it will also stop sending packets out.
By default, the flow control feature is disabled.
Note:
This switch does not support half-duplex flow control Enabling full duplex mode can avoid data loss. However, this
will affect communication between source ports and other devices. Thus, it is not advisable to use this feature on ports which have Internet access.
Enable/Disable
Enable/Disable selected port(s). Once a certain port is disabled, the port wont forward packets.
Isolation
Enable/Disable port isolation. Only in 802.1Q VLAN mode, can this item be configured. By adding
ports into isolation groups, data isolation among ports in isolation groups will be implemented.
Port isolation not only ensures better security, but provides users with flexible networking solutions. By default, all ports are not isolated.
Note:
Only when ports in the same isolation group cannot
intercommunicate, will intercommunication between ports within an isolation group and ports outside this group not be affected.
When a port in an aggregation group joins or leaves an
isolation group, other ports in this aggregation group will join or leave the same isolation group automatically.
When a port in an aggregation group leaves an isolation group,
other ports in this aggregation group will remain in the same isolation group, namely, isolation properties for ports in an aggregation will not be affected.
When a non-isolated port joins an isolated aggregation group,
Advanced Settings
it will join the same isolation group automatically.
Jumbo Frame
Configure sizes of Jumbo Frames the switch has received. The valid range is 1518~9216. The default value is 1518, which is the longest one in IEEE802.3 standard.
Once Jumbo Frame size is configured, the system will deal with data that ports have received within the size length.
1.2 Port Mirroring
Port Mirroring allows you to copy packets on one or more ports to a mirroring destination port. You can attach a monitoring device to the mirroring destination port to view details about the packets passing through the copied port(s). This is useful for network monitoring and troubleshooting purposes.
The switch provides local port mirroring function. Namely, both mirrored ports and mirroring destination ports are located on the same device. Click Port Management > Port Configuration > Port Mirroring to enter page below:
Parameters on this page are described below:
Field
Description
Mirroring Destination Port
Select the mirroring destination port. None indicates port mirroring feature is disabled.
Note:
A port cannot be set as the mirroring destination port and the
mirroring source port simultaneously.
Only after a mirroring destination port is set, can you configure
mirroring source port(s).
A port in an aggregation group cannot be configured as a
mirroring destination port.
An STP-enabled and 802.1X authenticated port can't be
Advanced Settings
configured as a mirroring destination port.
Sniffer Mode
Select the mirroring source port. None indicates the corresponding port wont be mirrored.
Ingress: Only incoming packets on this port are copied to the mirroring destination port.
Egress: Only outgoing packets on this port are copied to the mirroring destination port.
Egress & Ingress: Both inbound and outbound packets on the corresponding port are copied to the mirroring destination port (monitor port).
Note:
When total bandwidth of the mirrored port exceeds that of the mirroring port, packets loss will occur.
Tip:
The mirroring destination port speed should be greater than that of the total speed of
all mirrored ports. We recommend you configure the mirrored port as the routing port, namely, the port connected to the Internet, to monitor all packets.
Only one copy is allowed for the same data flow. For example, if port 5 monitors
ingress of port 1 and egress of port 2, as for packets forwarded from port 1 to port 2, only one copy is allowed on port 5.
1.3 Port Statistics
Click Port Management > Port Configuration > Port Statistics to enter page below and it allows you to view and clear port statistics.
Advanced Settings
To view port statistics on a certain port, click the corresponding port number.
2 Link Aggregation
Link Aggregation groups multiple Ethernet ports together in parallel to act as a single logical link. Aggregation-enabled devices treat all physical links (ports) in an aggregation group entirely as a single logical link (port). Member ports in an aggregation group share egress/ingress traffic load, delivering a bandwidth that is multiple of a single physical link. Link aggregation provides redundancy in case one of the links fails, thus reliability could be maintained. For network diagram of link aggregation, see below:
Advanced Settings
In the same aggregation group, all member ports must be set to the same configurations with respect to STP, port priority, VLAN configuration and port management. The following are illustrations in detail:
Ports joining aggregation groups should share the following configurations: STP
settings (STP status, P2P port, edge port, port priority and path cost included), port priority configurations, port VLAN configurations (port type, PVID, allowed VLAN, and Untagged/Tagged VLAN included), and port settings (Jumbo frame, flow control, isolation settings included).
For ports having joined the aggregation group, following configurations are not
allowed: adding static MAC address, configuring mirroring destination port, enabling voice VLAN function and enabling 802.1X authentication.
The following ports cannot join the aggregation group: 802.1x-enabled port(s),
mirroring destination port(s).
In terms of different link aggregation methods, there are two aggregation modes: static aggregation and LACP aggregation.
Static Aggregation
For static aggregation, you must manually maintain the aggregation state of the member ports as the system does not allow adding a new port or deleting any existing member port. LACP is disabled on member ports in static LACP mode.
Ports in static aggregation group must all be of the same port speed and will stay in forwarding state. If a certain port is set to a different speed, packets on it will be forwarded at the actual connection speed. The bandwidth of the aggregation group equals the total bandwidth of its member ports.
Advanced Settings
LACP Aggregation
Based on IEEE 802.3ad, LACP (Link Aggregation Control Protocol) provides a method to implement link aggregation dynamically. Whether ports in LACP group are aggregation ports or not is determined by LLDPDU frame auto-negotiation. LACP is enabled on the member ports in LACP mode.
Ports in an LACP aggregation group may stay either in a forwarding status or a blocked status. Once LACP is shaped, ports will be in a forwarding status. If all ports in the aggregation group are not aggregated, only the first port will be in the forwarding status. Ports in forwarding status can send/receive both service packets and LACP frames; ports in blocked status can only send/receive LACP frames.
2.1 Link Aggregation
Click Port Management > Link Aggregation to enter page below:
Generally, there are four widely used aggregation algorithms. By default, the aggregation algorithm of the switch is Source & Destination MAC.
Parameters on the page are described below:
Algorithm
Meaning
Source MAC
Indicate member ports in a link aggregation group to share traffic load according to source MAC addresses.
Dest MAC
Indicate member ports in a link aggregation group to share traffic load according to destination MAC addresses.
Advanced Settings
Source & Dest MAC
Indicate member ports in a link aggregation group share traffic load according to source and destination MAC addresses.
Source & Dest IP
Indicate member ports in a link aggregation group share traffic load according to source and destination IP addresses.
Procedures for adding static aggregation:
1 Click New;
2 On the appearing page type in a valid aggregation group number (1-2); 3 Select Static; 4 Select ports to join the aggregation group. Up to 8 ports and down to 2 ports can
be added to each; 5 Click OK.
Tip:
Once ports in static aggregation group are linked successfully they will be aggregated and wont be affected by port speed.
Procedures for adding LACP group:
1 Click New on the Link Aggregation page;
Advanced Settings
2 On the appearing page type in a valid aggregation group number (1-2); 3 Select LACP; 4 Select ports to join the aggregation group. Up to 8 ports and down to 2 ports can
be added to each; 5 Click OK.
2.2 LACP Protocol
Click Port Management > Link Aggregation > LACP Protocol to enter page below to configure system LACP priority and port LACP priority.
To configure LACP parameters on a single port, click the corresponding port number.
Advanced Settings
To batch configure LACP parameters, click Configure to enter page below:
Parameters on the page are described below:
Field
Description
System Priority
Configure system priority (0-65535). The default is 32768. The smaller the value is, the higher the system priority is. When data transferring among different systems, the system with higher priority can determine to which aggregation link the link belongs; The system with lower priority will join a proper aggregation link according to its partners choice.
LACP Status
Display whether the port has joined the LACP aggregation group or not.
Enable: The port has joined an LACP aggregation group. Disable: The port has joined a static aggregation group or has not
joined any LACP aggregation group.
LACP Port Priority
LACP port priority is used for port selection in LACP aggregation group. The port with a smaller priority value will be a member of dynamic aggregation group. With the same port priority, the port with smaller port number will be a member of dynamic aggregation group. The default value is 32768.
Advanced Settings
Timeout
Configure LACP timeout. If the LACP aggregation group is not aggregated, LACPDU frames will be re-sent for auto-negotiation. The default setting is long.
Group ID
Display the LACP aggregation group ID.
Advanced Settings
VLAN Management
In traditional medium sharing Ethernet and switched Ethernet, all users are in a broadcast domain. With more and more PCs appearing in the networking, broadcast packets increase, which greatly increases data flow among devices in the networking. Thus, network performance becomes worse. With networking expands, broadcast storm may occur and the entire network may be paralyzed.
A Virtual Local Area Network (VLAN) is a network topology which allows to logically instead of physically segment a LAN into several net segments. A VLAN combines a group of hosts with a common set of requirements logically instead of physically relocating devices or connections.
VLANs allow a network to be logically segmented into different broadcast domains. All members in a VLAN are treated as in the same broadcast domain and communicate as if they were on the same net segment, regardless of their physical locations. Logically, a VLAN can be equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated. Different VLANs cannot intercommunicate directly. Inter-VLAN communication can only be achieved using a router or other layer 3 devices that are able to perform Layer 3 forwarding. VLAN network topology can be shown as below:
Compared with the traditional Ethernet, VLAN enjoys the following advantages:
Better network performance. By restricting all broadcast traffic to a VLAN, it saves
network bandwidth and enhances network performance.
Reduced cost. The use of VLANs to create broadcast domains eliminates the need
for traditional routers to handle this function, permitting operation at lower latencies and cost compared to routers under heavy load and at high cost.
Ease of network management. Members of a VLAN group can be geographically
Advanced Settings
dispersed as they are logically related instead of physically on the same VLAN. Thus network administrators do not need to re-configure the network when a VLAN member changes its location.
Better network security. PCs in different VLANs cannot intercommunicate directly.
Inter-VLAN communication can only be achieved using a router or other layer 3 devices that are able to perform Layer 3 forwarding, which can ensure better security for different departments in enterprise networking.
This device supports 802.1Q VLAN, Port VLAN and voice VLAN. Next we will give explanations one by one.
1 802.1Q VLAN
Officially issued by IEEE in 1999, 802.1Q is used for regulating international VLAN standard and makes VLAN intercommunication among different vendors’ devices possible. As defined in IEEE 802.1Q, a four-byte VLAN tag is inserted after the source MAC field to identify frames of different VLANs.
Explanations for 802.1Q tag are described below:
Field
Description
TPID
A 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame.
Priority
A 3-bit field with a valid range of 0~7 to identify packet frame priority. When blocking occurs, packets with higher priority will be sent out preferentially.
CFI
A 1-bit field for identifying whether the MAC address is encapsulated in the standard format.
A value of 0 indicates that MAC addresses are encapsulated in the standard format. A value of 1 indicates that MAC addresses are encapsulated in a non-standard format. For Ethernet switches, it is set
Advanced Settings
to 0 by default.
VID
VLAN ID, a 12-bit field specifying the VLAN to which the frame belongs. The VLAN ID range is 0 to 4095. Usually, 0 and 4095 are reserved, so a VLAN ID actually ranges from 1 to 4094.
Three types of port link
When creating the 802.1Q VLAN, you should set the link type for the port according to its connected device. The link types of port include the following three types:
Trunk: A trunk port can carry multiple VLANs to receive and send traffic for them.
Usually, ports for switch cascade are configured as trunk ports.
Hybrid: Like a trunk port, a hybrid port can carry multiple VLANs to receive and send
traffic for them. It can be used for switch cascade or connecting to terminal devices.
Processing relationship between PVID and VLAN packets
PVID (Port VLAN ID) is the default VLAN ID that a port belongs to. PVID indicates the ID of a default VLAN that a port belongs to. The PVID for an access port is the ID of the VLAN it belongs to; the default PVID for a trunk/hybrid port is "1" and this value is configurable.
This switch does not support ingress filter. When only 802.1Q VLAN is configured, Tag packets of ingress ports will be forwarded to ports in the corresponding VLAN in terms of VID; Untagged packets of ingress ports will be forwarded to ports in the corresponding VLAN in terms of these ports PVID.
Different packets, tagged or untagged, will be processed in different ways, after being received by ports of different link types, which is illustrated in the following table:
Port Link
Type
Receiving Packets
Forwarding Packets
Receiving Tagged Packets
Receiving Untagged Packets
Access
Packets will be forwarded to other ports in the corresponding VLAN according to the VID in the Tag.
Packets will be forwarded to other ports in the corresponding VLAN according to PVID on this port.
Packets will be forwarded after removing VLAN tags.
Trunk
If the VID of packet is the same as its PVID, the packet will be forwarded after removing its VLAN tag; If the VID of packet is not the same as its PVID, the packet will be directly forwarded.
Advanced Settings
Hybrid
If the VID value of the packet belongs to Tagged VLAN, the packet will be forwarded with Tag; If the VID value of the packet belongs to Untagged VLAN, the packet will be forwarded after removing its VLAN tag.
802.1Q VLAN configuration
This section includes the following four parts: VLAN Mode Toggle, 802.1Q VLAN, Trunk Port and Hybrid Port.
VLAN Mode Toggle: Used for toggling 802.1Q VLAN and Port VLAN.
802.1Q VLAN: Used for configuring and displaying 802.1Q VLAN. Trunk Port: Used for configuring Trunk ports. Hybrid Port: Used for configuring Hybrid ports.
1.1 VLAN Mode Toggle
Click VLAN Management > VLAN Configuration > VLAN Mode Toggle to enter page below to set VLAN mode to 802.1Q VLAN.
Note:
Once VLAN mode is toggled from 802.1Q VLAN to Port VLAN, all configurations,
including MAC filter, static MAC address and port isolation, related to 802.1Q VLAN will be cleared.
If you want to enable Port VLAN, please ensure voice VLAN is disabled.
1.2 802.1Q VLAN
Click VLAN Management > VLAN Configuration > 802.1Q VLAN to enter page below to create 802.1Q VLAN.
Advanced Settings
Add 802.1Q VLAN:
1 Click New; 2 Type in the VLAN ID; 3 Select ports which belong to the VLAN ID;
4 Click OK.
Tip:
Up to 20 characters are allowed for VLAN ID. When multiple values are entered,
ports will be not selectable. And at this time, if you click OK, multiple empty VLANs will be created. For example, if you enter 2-10 in the VLAN ID field, 9 empty QVLANs will be configured; If you enter 2, 10 in the VLAN ID field, two empty QVLANs will be configured.
Advanced Settings
By default, all ports belong to 802.1Q VLAN1. If a VLAN ID is deleted, ports included
in this VLAN will belong to 802.1Q VLAN1 automatically.
Up to 64 802.1Q VLANs can be configured.
1.3 Trunk Port
In 802.1Q VLAN mode, port link type is Access by default. If you want to change the port link type to Trunk, click VLAN Management > VLAN Configuration > Trunk Port to enter page below:
Add Trunk ports:
1 Click New; 2 Enter the trunk port number you wish to configure; 3 Enter the Trunk ports PVID and the corresponding VLAN should already exist; 4 Configure VLANs the port belongs to. You can check VLAN ALL or enter specific
VLAN numbers in the VLAN field;
5 Click OK.
Advanced Settings
Edit Trunk ports:
To modify some parameters of Trunk ports, such as PVID, VLAN, see steps below:
1 Click the corresponding Trunk port number on the Trunk Port page;
2 Modify parameters on the appearing page;
Delete Trunk ports:
Firstly, click VLAN Management > VLAN Configuration > Trunk Port to enter Trunk port display page.
Advanced Settings
Click Delete behind the corresponding port number. To batch delete Trunk ports, check ports you wish to delete and click Batch Delete.
Tip:
A port cannot be configured to be the Hybrid port and Trunk port at the same time. If
you want to set a Hybrid port to be a Trunk port, you need to delete Hybrid port settings for this port first.
Deleted Trunk ports will be assigned to VLAN1 automatically and port link type will be
changed to Access ports.
1.4 Hybrid Port
In 802.1Q VLAN mode, port link type is Access by default. If you want to change the port link type to Hybrid, click VLAN Management > VLAN Configuration > Hybrid Port to enter page below:
Add Hybrid ports:
1 Click New; 2 Enter the Hybrid port number you wish to within the valid range of 1~10; 3 Enter the Hybrid port’s PVID and verify that the corresponding VLAN has already
existed; 4 Configure Tagged VLAN ( range: 1~4094, null); 5 Configure Untagged VLAN (range: 1~4094, null);
Advanced Settings
6 Click OK.
2 Port VLAN
Port VLAN may be the easiest and most effective solution for partitioning VLAN. Users in the same VLAN can intercommunicate with each other and the same user can belong to multiple VLANs. For example, if port 1 and port 2 join a VLAN, and port 1 and port 3 join another VLAN, all data on port 2 and port 3 will only be forwarded to port 1. In this way, a link has been established between port 1 and port 2, 3 and no link is established between port 2 and port 3.
Tip:
Port VLAN and 802.1Q VLAN can be toggled randomly. If you toggle 802.1Q VLAN to port VLAN, related VLAN configurations, such as MAC filter, static MAC addresses and port isolation, will be cleared.
This section includes two parts: VLAN Mode Toggle and Port VLAN.
VLAN Mode Toggle: Used for toggling 802.1Q VLAN and Port VALN. Port VLAN: Used for configuring and displaying Port VLAN.
Advanced Settings
2.1 VLAN Mode Toggle
To set VLAN mode to Port VLAN, click VLAN Management > VLAN Configuration > VLAN Mode Toggle to enter page below:
2.2 Port VLAN
To create port VLANs, click VLAN Management > VLAN Configuration > Port VLAN to enter page below:
Add Port VLAN:
1 Click New to enter page below; 2 Follow onscreen rules to enter VLAN IDs; 3 Select ports from the Available Port list and click to add them into Member
Ports list;
Advanced Settings
4 Click OK;
Edit port VLAN:
Click the corresponding port VLAN to enter the corresponding page to edit it. As mentioned above, Port 2 and port 3 are in VLAN1. If you want to isolate port 2, 3 from other ports, just delete port 2 and port 3 from VLAN1. Steps are as following:
1 Click VLAN1 on the Port VLAN page;
2 Select ports you wish to delete from the Member Ports list and click to add
them into the Available Port list;
3 Click OK.
Advanced Settings
Tip:
Up to 10 port VLANs can be configured. Port VLAN cannot achieve inter-switch communication. Only ports that belong to the
same VLAN on the same switch can intercommunicate.
3 Voice VLAN
With the development of voice technology, voice devices are becoming more and more widely used, especially in broadband resident districts. There are two kinds of traffic: voice traffic and business traffic. Usually, voice traffic boasts higher priority in transmission than business traffic to reduce delay and packets dropping.
Voice VLAN is a VLAN designed for voice data flow partition. By creating voice VLAN and adding ports connected to voice devices into the voice VLAN, you can centrally transmit data flow in the voice VLAN and it is very convenient to specifically configure QoS (Quality of Service), enhancing transmission priority of voice traffic and guaranteeing communication quality.
Voice Stream Recognition
According to the source MAC fields of the ingress packets, this device can distinguish whether the data flow is voice data flow or not. If the source MAC address conforms to the voice device’s OUI (Organizationally Unique Identifier) address, the packets will be regarded as voice data flow.
You can preset OUI address or use the default OUI address as the criteria. An Organizationally Unique Identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer, or other organization globally or worldwide. This device supports OUI mask. You can adjust MAC address’ matching depth by setting different masks.
Voice VLAN mode on different ports
Two voice VLAN modes are available on this device: auto and manual. Here auto or manual refers to how ports join voice VLAN.
Auto: In this mode, through untagged packets sent out by the IP telephone, the system can recognize source MACs of these packets to match OUI addresses. If matched successfully, the system will automatically add ingress ports into the voice VLAN and configure priority for these packets. Meanwhile, you can configure aging time of voice VLAN on this device. If within the aging time, the system does not receive any voice traffic from the ingress port, this port will be automatically removed from the voice VLAN. The whole add/remove process will be achieved automatically. The auto mode applies to PC-IP telephone serious connection, namely, voice traffic and business traffic are transmitted concurrently. See network topology below:
Advanced Settings
Manual: In this mode, you need to add the port connected to the IP telephone into voice
VLAN manually. Then the system will try to match OUI addresses by recognizing source MACs of packets. If matched successfully, the system will issue ACL rules and configure priority for these packets. The whole add/remove process is implemented manually and the manual mode applies to IP telephone access alone, namely, only voice traffic is transmitted on this port in voice VLAN. This can make the port dedicated to voice traffic transmission, thus avoiding business traffic influence on voice traffic transmission.
Voice VLAN supporting details on different link type ports
Voice VLAN supports transmitting voice data on Access, Trunk and Hybrid ports. Trunk and Hybrid ports of other VLANs on the switch can transmit voice and data traffic when voice VLAN feature is enabled. As IP phones vary, different ports need different supporting conditions. As for phones which obtain IP addresses and voice VLAN IDs automatically, supporting conditions on ports are described as below:
Voice VLAN Mode
Voice Traffic Type
Port Link Type
Auto
Tagged
Access: Not supported.
Trunk: Supported, but the default VLAN of the access port must already exist and can’t be voice VLAN. And the default VLAN is allowed on the access port.
Hybrid: Supported, but the default VLAN of the access port must already exist and can’t be voice VLAN. And the default VLAN should be in the allowed tagged VLAN list.
Advanced Settings
Untagged
Access, Trunk, Hybrid: Not supported.
Manual
Tagged
Access: Not supported.
Trunk: Supported, but the default VLAN of the access port must already exist and can’t be voice VLAN. And the default VLAN is allowed on the access port.
Hybrid: Supported, but the default VLAN of the access port must already exist and can’t be voice VLAN. And the voice VLAN should be in the allowed tagged VLAN list.
Untagged
Access: Supported, but the default VLAN of the access port must be voice VLAN.
Trunk: Supported, but the default VLAN of the access port must be voice VLAN and voice VLAN is allowed on the access port.
Hybrid: Supported, but the default VLAN of the access port must be voice VLAN and exist in allowed untagged VLAN list.
As for phones which require manually configured IP addresses and voice VLAN IDs, the matching relationship is relatively simple, for only tagged voice traffic can be sent.
Voice VLAN Mode
Port Link Type
Supporting Details
Auto
Access
Not supported.
Trunk
Supported, but the default VLAN of the access port
must already exist and can’t be voice VLAN. And the
default VLAN is allowed on the access port.
Hybrid
Supported, but the default VLAN of the access port
must already exist and can’t be voice VLAN. And the
default VLAN should be in the allowed tagged VLAN list.
Manual Access
Not supported.
Trunk
Supported, but the default VLAN of the access port
must already exist and can’t be voice VLAN. And the
Advanced Settings
default VLAN is allowed on the access port.
Hybrid
Supported, but the default VLAN of the access port
must already exist and can’t be voice VLAN. And
voice VLAN should be in the allowed tagged VLAN list.
Security Mode of Voice VLAN
Security Mode
Message Type
Process Mode
Disable
Untagged messages
No check for source MAC addresses of messages and all messages can be transmitted in voice VLAN.
Voice-VLAN tagged messages
Other VLAN tagged messages
Messages’ forwarding depends on their VIDs and won’t be affected by voice VLAN security mode.
Enable
Untagged messages
When source MAC address of the message is a recognizable OUI address, this message can be transmitted in voice VLAN, otherwise it will be dropped.
Voice-VLAN tagged messages
Other VLAN tagged messages
Messages’ forwarding depends on their VIDs and won’t be affected by voice VLAN security mode.
It is strongly not suggested to transmit both voice and business traffic in voice VLAN. If you have to, please disable Voice VLAN Mode.
3.1 Global Setup
Click VLAN Management > Voice VLAN > Global Setup to configure voice VLAN mode settings and voice VLAN aging time.
Note:
If you want to configure voice VLAN settings, please keep your VLAN mode in 802.1Q VLAN.
Advanced Settings
Parameters on the page are described below:
Field
Description
Voice VLAN Security Mode
Configure how ports forward messages. Disable: All messages will be forwarded. Enable: Only voice
traffic will be forwarded.
Voice VLAN Aging Time
As for the port joining voice VLAN under auto mode, if the system doesn't receive any voice message after ageing time, this port will be removed from voice VLAN automatically.
As for the port joining voice VLAN under manual mode, you need to delete it manually.
3.2 Port Setup
Click VLAN Management > Voice VLAN > Port Setup to enter VLAN port setup page.
To configure voice VLAN settings on a single port, click the corresponding port number on the Port Setup page.
Advanced Settings
To batch configure voice VLAN settings, click Config on the Port Setup page.
Parameters on the page are described below:
Field
Description
Port
Display port number.
Voice VLAN Port Mode
Select voice VLAN working mode: Auto or Manual. If it is Manual, age time of voice VLAN becomes invalid.
Voice VLAN Port Status
Enable/Disable port voice VLAN feature Voice VLAN ID
Configure port voice VLAN ID
3.3 OUI Setup
Click VLAN Management > Voice VLAN > OUI Setup to enter page below:
Advanced Settings
By default, recognizable OUI addresses of this switch are described as below:
ID
OUI Address
OUI Mask
Description
1
0001-E300-0000
FFFF-FF00-0000
Siemens
2
0003-6B00-0000
FFFF-FF00-0000
Cisco
3
0004-0D00-0000
FFFF-FF00-0000
Avaya
4
0060-B900-0000
FFFF-FF00-0000
Philips/NEC
5
00D0-1E00-0000
FFFF-FF00-0000
Pingtel
6
00E0-7500-0000
FFFF-FF00-0000
Polycom
7
00E0-BB00-0000
FFFF-FF00-0000
3com
You can also click Add on the OUI Setup page to add OUI addresses manually.
Parameters on the page are described below:
Field
Description
OUI Address
Used for recognizing source MAC addresses sent by voice devices.
Advanced Settings
Mask
Select the corresponding OUI mask from the drop-down list. The default is FFFF-FF00-0000, indicating only the top 24 bits must match the OUI address, can it be recognized as voice stream and the last 24 bits are arbitrary.
Description
Description of the corresponding manufacturer for a certain OUI address or other info.
Advanced Settings
PoE Management
In traditional networking, all terminal devices are applying power supply directly via power lines, leading to high expenses and complicated cabling work.
Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass electrical power along with data on Ethernet cabling. It not only ensures normal network operation, but greatly reduces expenses. PoE allows cable as long as 100m. This allows a single cable to provide both data connection and electrical power to devices such as network hubs, IP cameras, wireless APs and closed-circuit TV cameras, etc. The IEEE standard for PoE requires category 5 cable or higher for high power levels, but can operate with category 3 cable if less power is required.
8 10/100/1000M auto-negotiation RJ45 ports of this switch are IEEE 802.3af, IEEE
802.3at PoE capable, which allows it to connect to up to 8 IEEE 802.3 af PDs or 4 IEEE
802.3at PDs. The PoE power supply mode is dynamic, i.e. the switch accommodates power supply for powered devices automatically. Pair 1, 2 and pair 3, 6 are applying PoE power supply and Ethernet specifications limit the cable length between the switch and the attached device to 100 m (328 ft).
1 Global Display
If you want to have a glance of power utilization of this switch, click PoE Management > Global Display to enter page below:
2 Port Setup
By default, all RJ45 ports of this switch are PoE-enabled. Click PoE Management > Port Setup to view power utilization of all RJ45 ports or modify port PoE properties.
Advanced Settings
Parameters on this page are described below:
Field
Description
Enable PoE
Enable/Disable PoE feature. Only PoE feature is enabled on the port, can PoE function takes effect.
Transmission Power
Display PoE power on the corresponding port. The unit is W. Note that there may be errors on values displayed on the page.
Time Range
Configure the current port's specified time range ID (You need to configure time range on the Time Range Management page first). Unspecified means no time limit.
Advanced Settings
Time Range Management
Time range is used for describing a special time range, via which you can customize this switchs PoE power supply time range, achieving smart power management and saving resources.
Click Time Range Management to enter page below:
Parameters on this page are described below:
Field
Description
Time Range ID
The corresponding time range ID
Time Slices
Display total time slices of this time range. Up to 4 entries can be configured.
Periodic Time
Display this time range's periodic time (from Mon. to Sun.). If Absolute Time is selected, this option will display“--”.
Absolute Time
Display this time range's absolute time (from 2000, January 1st to 2035, December 31th). If Periodic Time is selected, this option will display “--”.
Create new time range:
1 Click New;
2 Specify the time range ID on the appearing page; 3 Check Absolute Time or Periodic Time and configure the corresponding date
info; 4 Select the beginning time and ending time for Time Slice; 5 Click Add to add the configured time slice into the time slice list;
Advanced Settings
6 Click OK to save your settings.
Edit time range:
If you want to modify a certain time range, click the corresponding time range ID to enter similar page below:
Advanced Settings
Device Management
This section helps you enhance the switchs traffic forwarding capacity and manage the switch efficiently. The following five parts are included:
MAC: Manage this switch’s MAC address forwarding table. STP: Eliminate physical loop in data link layer, avoid broadcast storm and provide link
backup redundancy. IGSP: Manage and control multicast groups to save network bandwidth, to ensure better
multicast security and to make each hosts separate billing convenient. SNMP: Manage the switch efficiently. DHCP Snooping: Protect the DHCP server in local area network, prevent the DHCP
server from being cheated and keep DHCP addresses from being used up.
1 MAC
The switch forwards frames in data link layer. In this process, by learning source MAC addresses of these frames, the switch will create the MAC address forwarding table, MAC address, VLAN ID (if there is), port number included.
When forwarding a frame, the device adopts the following forwarding modes based on the MAC address table:
Unicast mode: If an entry is available for the destination MAC address, the device will
forward the frame to the outgoing port indicated by the MAC address table entry.
Broadcast mode: If the device receives a frame with the destination address whose
lowest bit of the second byte is 1, or no entry is available for the destination MAC address, the device forwards the frame to all ports except the receiving port, i.e. broadcast packets, multicast packets and unknown unicast packets will be forwarded.
MAC Forwarding Table Aging Scheme
To adapt to network changes and prevent inactive entries from occupying limited table space, an aging mechanism is adopted for dynamic MAC address entries. This aging mechanism ensures that the MAC address table can quickly update to accommodate the latest network changes.
Each time a dynamic MAC address entry is obtained or created, an aging timer starts (To configure MAC age, click Administration > System Configuration > System info). If the entry has not updated when the aging timer expires, the device deletes the entry.
Types of MAC address table entries
In terms of configuration method and respective features, MAC address table entries can be divided into two categories:
Advanced Settings
Static MAC entries, also known as "Permanent Address", which are manually added
and never age out. For a small network with little change, adding static MAC address entry manually may effectively reduce broadcast traffic.
Dynamic MAC entries, which can be manually added or dynamically learned and
might age out.
1.1 MAC Address Display
Click Device Management > MAC > MAC Address Display to view dynamic MAC address entries of this switch.
Tip:
The MAC address length is 6 bytes. The format is XXXX-XXXX-XXXX and “X” is
hexadecimal.
The VLAN field displays "--" for port VLANs.
To display MAC address entries on a single port, click the corresponding port number.
Bind
If you want a certain MAC address entry not to be aged, you can bind it and make it static.
Advanced Settings
Click this button to bind corresponding MAC address to a specific port. And the same button changes to Bound after being clicked.
View MAC address entry:
Click View and specify a MAC and a VLAN ID to view MAC address entries.
To view MAC address entry, you must enter the MAC address while the VLAN ID is optional. In port VLAN mode, only the MAC address should be entered.
1.2 Static MAC Address
Click Device Management > MAC > Static MAC Address to view and configure MAC address entries.
Advanced Settings
Tip:
Each VLAN has a corresponding MAC address table. The same MAC address can be
added into different VLANs.
The MAC address entry in the Static Address Table cannot be added to the Filtering
Address Table.
Once VLAN mode is toggled, all current settings will be cleared. A certain port in the static MAC address table can receive packets whose source
MAC address matches its corresponding VLAN ID; Packets whose destination MAC address matches the corresponding VID can only be forwarded to the corresponding port.
2 STP
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
Spanning Tree Protocol (STP) is standardized as IEEE 802.1D. As the name suggests, it creates a spanning tree within a network of connected layer-2 bridges (typically Ethernet switches), and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes.
STP protocol packets
To implement spanning tree function, switches in the network transfer BPDUs between each other to exchange information. BPDUs carry the information that is needed for switches to figure out the spanning tree.
The network topology is determined by BPDU transmission among devices. There are two types of BPDUs in the original STP specification
Configuration BPDU: Configuration BPDU (CBPDU), used for Spanning Tree
computation and spanning tree topology maintenance.
Topology Change Notification (TCN) BPDU, used to announce changes in the
network topology
Basic concepts of STP
1Bridge ID The bridge ID contains both numbers combined together - Bridge priority + MAC, in which
Advanced Settings
the bridge priority is a configurable parameter. The smaller the bridge ID is, the higher the bridge priority is. The root bridge is the bridge with the lowest bridge ID.
2Root Bridge There is only one root bridge in the networking and it is changeable as the network
topology changes. Initially, all devices regard themselves as the root bridge and generate their own configuration BPDUs and send them out periodically. When the network topology becomes stable, only the root bridge device will send configuration BPDUs out and other devices will forward these BPDUs.
3Root Port The root bridge port is the port that has the lowest path cost from this bridge to the Root
Bridge and forwards packets to the root. There is only one root port on the non-root bridge device and no root port on the root bridge devices.
4Designated Bridge and Designated Port Designated bridge: As for a device, it is the device that connects to and forwards BPDUs
the host. As for a LAN, it is the device that forwards BPDUs to the network segment. Designated port: As for a device, it is the port that forwards BPDUs to the host. As for a
LAN, it is the port that forwards BPDUs to the network segment. 5Path Cost The parameter for choosing the link path by STP. By calculating the path cost, STP
chooses the better links and blocks the redundant links so as to disbranch the ring-network to form a tree-topological ring-free network.
BPDU Priority in STP mode
Assuming two BPDUs: BPDU X and BPDU Y If the root bridge ID of X is smaller than that of Y, X is superior to Y. If the root bridge ID of X equals that of Y, but the root path cost of X is smaller than that of
Y, X is superior to Y. If the root bridge ID and the root path cost of X equal those of Y, but the designated bridge
ID of X is smaller than that of Y, X is superior to Y. If the root bridge ID, the root path cost and designated bridge ID of X equal those of Y, but
the designated port ID of X is smaller than that of Y, X is superior to Y.
STP Computing Process
Initial Status
Initially, each switch regards itself as the root, and generates a configuration BPDU for each port on it as a root, with the root path cost being 0, the ID of the designated bridge being that of the switch, and the designated port being itself.
Advanced Settings
BPDU Comparison
Each switch sends out configuration BPDUs and receives a configuration BPDU on one of its ports from another switch. The following table shows the comparing operations.
Step
Operation
1
If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port.
If the priority of the BPDU is higher than that of the BPDU of the port itself, the switch replaces the BPDU of the port with the received one and compares it with those of other ports on the switch to obtain the one with the highest priority.
2
The switch selects the best BPDU by comparing BPDUs on all ports.
Select the root bridge
The root bridge is selected by BPDU comparing. The switch with the smallest root ID will be chosen as the root bridge.
Select the root port and designated port
The operation is taken in the following way:
Step
Operation
1
For each switch (except the one chosen as the root bridge) in a network, the port that receives the BPDU with the highest priority is chosen as the root port of the switch.
2
Using the root port BPDU and the root path cost, the switch generates a designated port BPDU for each of its ports.
Root ID is replaced with that of the root port; Root path is replaced with the sum of the root path cost of the root port
and the path cost between this port and the root port;
The ID of the designated bridge is replaced with that of the switch; The ID of the designated port is replaced with that of the port.
3
The switch compares the resulting BPDU with the BPDU of the desired port whose role you want to determine.
If the resulting BPDU takes the precedence over the BPDU of the port, the
port is chosen as the designated port and the BPDU of this port is replaced with the resulting BPDU. The port regularly sends out the
Advanced Settings
resulting BPDU;
If the BPDU of this port takes the precedence over the resulting BPDU,
the BPDU of this port is not replaced and the port is blocked. The port only can receive BPDUs.
Tip:
In a STP with stable topology, only the root port and designated port can forward data, and the other ports are blocked. The blocked ports can only receive BPDUs.
STP Timer 1 Hello Time Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It
is used to test the links. 2Max Age Max Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait
without receiving a BPDU before attempting to reconfigure. 3Forward Delay Forward Delay ranges from 4 to 30 seconds. It specifies the time for the port to transit its
state after the network topology is changed. When the STP regeneration caused by network malfunction occurs, the STP structure will
get some corresponding change. However, as the new configuration BPDUs cannot be spread in the whole network at once, the temporal loop will occur if the port transits its state immediately. Therefore, STP adopts a state transit mechanism, that is, the new root port and the designated port begins to forward data after twice forward delay, which ensures the new configuration BPDUs are spread in the whole network.
RSTP RSTP (Rapid Spanning Tree Protocol), evolved from the 802.1D STP standard, enable
Ethernet ports to transit their states rapidly (traditional STP: 50s; RSTP: 1s). The premises for the port in the RSTP to transit its state rapidly are as follows.
The condition for the root port to transit its port state rapidly: The old root port of the
switch stops forwarding data and the designated port of the upstream switch begins to forward data.
The condition for the designated port to transit its port state rapidly: The designated
port is an edge port or connecting to a point-to-point link. If the designated port is an edge port, it can directly transit to forwarding state; if the designated port is
Advanced Settings
connecting to a point-to-point link, it can transit to forwarding state after getting response from the downstream switch through handshake.
RSTP Elements 1Edge Port The edge port is a configurable designation port that is directly connected to a segment
where a loop cannot be created. Usually it would be a port connected directly to terminals. Ports that are designated as edge ports transition to a forwarding state immediately without going through the listening and learning states. An edge port loses its status if it receives a BPDU packet, immediately becoming a normal spanning tree port.
2P2P Port A P2P port is also capable of rapid transition. P2P ports may be used to connect to other
bridges. Under RSTP/MSTP, all ports operating in full-duplex mode are considered to be P2P ports, unless manually overridden through configuration.
2.1 STP Global Setup
Click Device Management > STP > STP Global Setup to configure and view global properties of STP.
Advanced Settings
Parameters on this page are described below:
Field
Description
STP Status
Enable/Disable STP feature on this device. By default, the STP feature is disabled.
STP Version
Select the desired version of STP version.
STP: Spanning-tree-compliant mode. RSTPRapid-spanning-tree-compliant mode.
BPDU Processing
Select a BPDU processing method when STP is disabled on this device.
Broadcast: Broadcast BPDU packets. This is the default option. Filter: Filter BPDU packets.
Priority
Configure priority for this switch. Priority is an important factor for root bridge. Under the same conditions, the switch with the higher priority will be selected as the root bridge. The smaller the value is, the higher the priority is. The Bridge priority default is 32768 and can only be configured in multiples of 4096.
Max Age
Configure a max aging time for BPDU packets to live. The default value is 20s. Max Age should meet below requirements:
Max Age >= 2 * (Hello Time + 1); Max Age <= 2 *(Forward Delay - 1).
Hello time
Configure the BPDU sending interval. The default value is 2s.
Forward Delay
Configure the delay time of port status transition when network topology changes. The default is 15s.
Specify Root Bridge
Display relevant info of STP feature.
2.2 STP Port Setup
Click Device Management > STP > STP Port Setup to configure STP parameters on all ports.
Advanced Settings
To configure STP parameters on a single port, click the corresponding port number.
To batch configure STP parameters, click Config.
Advanced Settings
Parameters on this page are described below:
Field
Description
STP Status
Enable/Disable STP feature on ports. By default, the STP feature is disabled. Enabling global and port STP
feature makes port STP feature effective.
Priority
Configure port priority, which is an important for selecting root port. Under the same conditions, the port with higher priority will be selected as the root port. The smaller the value is, the higher its priority is. The default value is 128 with a valid range of 0~240.
Default Path Cost
Enable/Disable port default path cost. You can customize the port path cost between 1 and 200,000,000 if you disable the default port path cost. When enabled, port path cost can be configured automatically and is 802.1t-compliant.
Path Cost
The default path cost is 200,000,000.
Tip:
Only if you disable the default path cost option, can path cost be configurable.
Edge Port
Select to enable or disable Edge Port. An edge port is a port that is connected to the terminal directly. Ports that are designated as edge ports transit rapidly from the blocked state to the forwarding state without delay. An edge port loses its status if it receives a BPDU packet, immediately becoming a non-edge port. By default, all ports are edge ports.
P2P Port
Select P2P link status for ports. If two ports are connected in P2P link, and they are root ports or designated ports, they can be rapidly transited to forwarding status, reducing unnecessary forwarding delay time. Under RSTP/MSTP, all ports operating in full-duplex mode are considered to be P2P ports. By default, port establishes a link automatically.
2.3 STP Port Statistics
Click Device Management > STP > STP Port Statistics to refresh and clear BPDU packets ports have received and sent.
Advanced Settings
3 IGSP
IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast constraint mechanism on layer 2 switches for managing and controlling multicast groups.
Principle of IGMP snooping
By analyzing IGMP packets, the IGMP-Snooping-enabled layer-2 device will establish a map of links for ports and multicast MAC addresses, and forward multicast data.
An IGMP-Snooping-disabled layer-2 device will flood multicast traffic to all the ports in a broadcast domain (or the VLAN equivalent).
With IGMP snooping disabled, known multicast traffic will be broadcast in layer 2. With IGMP snooping enabled, known multicast traffic wont be broadcast but
multicast to a designated receiver in layer 2. Unknown multicast traffic will still be broadcast in layer 2.
Multicast packet transmission on this switch with IGMP Snooping enabled/disabled:
Advanced Settings
How IGMP Snooping Works
A switch that runs IGMP snooping performs different actions when receiving different IGMP messages.
1Group query The IGMP querier periodically sends IGMP general queries to all hosts and routers on the
local subnet to query which multicast group members exist on the subnet. After receiving an IGMP general query, the switch forwards it through all ports in the VLAN (except the port that receives the query) and performs corresponding actions on the receiving port (mainly resets/enables the age timer on this port).
2Report membership After receiving an IGMP query, a multicast group member host responds with an IGMP
membership report. If the host wants to join a multicast group, it will send an IGMP membership report to the multicast router to announce that it wants to join the multicast group. After receiving an IGMP membership report, the switch forwards it through all the router ports in the VLAN, resolves the address of the reported multicast group and performs corresponding actions on the receiving port (mainly resets/enables the age timer). The switch does not forward an IGMP membership report through a non-router port.
Leave the multicast group When an IGMPv1 host leaves a multicast group, the host does not send an IGMP leaving
message. However, as the aging timer on the corresponding member port expires, the switch immediately deletes its forwarding entry from the forwarding table.
When an IGMPv2 or IGMPv3 host leaves a multicast group, it sends an IGMP leaving message to the multicast router to inform of such leave.
When receiving an IGMP leaving message from the last member port, the switch forwards it through all router ports in the VLAN and resets the aging timer on the receiving port instead of immediately deleting its corresponding forwarding entry from the forwarding table as it cannot know whether there are still other members of that multicast group attached to such port.
After receiving the IGMP leaving message from a host, the IGMP querier resolves the multicast group address in the message and sends an IGMP group-specific query to that multicast group through the receiving port. After receiving the IGMP group-specific query, the switch forwards it through all its router ports in the VLAN and all member ports in that multicast group.
The switch also performs the following actions on the port that receives the IGMP leaving message: If the port receives any IGMP membership report in response to the
Advanced Settings
group-specific query before the aging timer expires, it indicates there are still multicast group members of this port and the switch will reset the aging timer on the port.
If the port receives no IGMP membership report in response to the group-specific query before its aging timer expires, it indicates there are no multicast group members of this port and the switch will remove the multicast forwarding entry that the port corresponds to from the forwarding table when the aging timer expires.
3.1 IGMP Snooping
Click Device Management > IGSP > IGMP Snooping to enter page below:
Parameters on this page are described below:
Field
Description
IGSP Status
Select to enable or disable IGMP Snooping feature on this device.
Routing Port Age
Within the set routing port age, if the switch does not receive any query packet from the routing port, this routing port will be invalid. The default is 105s. Range: 1~1000s.
Group-general Query Max Response Time
Configure max amount of time in response to group-general query messages (1-25 sec). The default is 10s.
Group-specific Query Max Response Time
Configure max amount of time in response to group-specific query messages (1-5 sec). The default is 2s.
Host Port Age
Within the set host port age, if the switch does not receive any report packet sent from the host port, the host port will be
Advanced Settings
invalid. The default is 260s. Range: 200~1000s.
Unknown Multicast Drop
Enable/Disable the Unknown Multicast Drop feature. If enabled, the switch will drop unknown multicast packets it has received; If disabled, the switch will broadcast unknown multicast packets it has received.
Tip:
This feature is effective even if IGMP Snooping feature is disabled.
Multicast VLAN Status
Enable/Disable VLAN IGMP Snooping feature
Multicast VLAN ID
This option becomes visible when multicast VLAN is enabled. Typing the corresponding multicast VLAN ID makes multicast packets forwarded only in the corresponding VLAN.
3.2 Fast Leave
Click Device Management > IGSP > Fast Leave to configure port fast leave settings in IGSP/V2.
To configure such settings on a single port, click the corresponding port you wish to.
Advanced Settings
To batch configure such settings, click Config to enter page below:
4 SNMP
Simple Network Management Protocol (SNMP), the most widely used network management protocol in TCP/IP networking, is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices. Use SNMP to configure system features for proper operation, monitor performance and detect potential problems in the Switch, switch group or network.
SNMP, using polling scheme, is suitable for use in small-sized network environment demanding high speed and low cost. SNMP, implemented through the connectionless UDP, can seamlessly interoperate with multiple devices.
SNMP Framework
SNMP framework consists of three parts: SNMP manager, SNPM agent and MIB (Management Information Base).
SNMP manager: A system used for controlling and monitoring network nodes via
SNMP protocol. The most commonly used is NMS (Network Management System), which can be a server specially used for network management or an application program for executing management function on a certain network device.
Advanced Settings
SNMP agent: Software which runs on managed devices for maintaining management
information base and reporting management data to a SNMP management system when it is needed.
MIB: A management information base (MIB) is a database used for managing the
entities in a communications network. It defines a series of properties for those managed entities: object name, access right, data type, etc. every SNMP has its corresponding MIB and the SNMP manager can perform read/write action accordingly.
SNMP agent is managed by SNMP manager and they two interact with each other via SNMP protocol.
SNMP Actions
The following three basic actions are available on this switch to execute intercommunication between the SNMP manager and SNMP agent:
Get request: A manager-to-agent request to retrieve the value of a variable or list of
variables.
Set request: A manager-to-agent request to change the value of a variable or list of
variables in MIB.
Trap: Asynchronous notification from agent to manager. SNMP traps enable an agent
to notify the management station of significant events (such as reboot the managed device) by way of an unsolicited SNMP message.
SNMP Protocol Versions
Only SNMP manager and SNMP agent share the same SNMP version configurations can they access each other successfully. So far, this switch supports SNMPv3 and is compatible with SNMPv1 and SNMPv2c.
SNMPv1: The community name is used to define the relation between SNMP
Manager and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password.
SNMPv2c: SNMP v2c also adopts community name authentication. It is compatible
with SNMP v1 while enlarges the function of SNMP v1: provide more action types (GetBulk and InformRequest); support more statistics types (like Count64); provide more error codes for distinguishing errors.
SNMPv3: Based on SNMP v1 and SNMP v2c, SNMP v3 extremely enhances the
security and manageability. It adopts VACM (View-based Access Control Model) and USM (User-Based Security Model) authentication. The user can configure the authentication and the encryption functions. The authentication function is to limit the
Advanced Settings
access of the illegal user by authenticating the senders of packets. Meanwhile, the encryption function is used to encrypt the packets transmitted between SNMP Manager and SNMP Agent so as to prevent any information being stolen. The multiple combinations of authentication function and encryption function can guarantee a more reliable communication between SNMP Management station and SNMP Agent.
MIB Introduction To uniquely identify the management objects of the device in SNMP messages, SNMP
adopts the hierarchical architecture to identify the managed objects. It is like a tree, and each tree node represents a managed object, as shown in the following figure. Thus the object can be identified with the unique path starting from the root and indicated by a string of numbers. The number string is the Object Identifier of the managed object. In the following figure, the OID of the managed object B is {1.2.1.1}. While the OID of the managed object A is {1.2.1.1.5}.
SNMP Configuration Outline Configuration procedures for SNMPv3 are as following:
Step
Configuration Item
Note
Configuration Details
1
Enable SNMP agent
Required option
Click Device Management > SNMP > Agent Setup to enable SNMP function
2
Create MIB view
Required option
Click Device Management > SNMP > View to create view of the managed object.
3
Create SNMP group
Required option
Click Device Management > SNMP > Group to create SNMPv3 group and configure views with different access rights for the group.
Advanced Settings
4
Create SNMP user
Required option
Click Device Management > SNMP > User to create SNMPv3 users, and configure authentication and encryption settings for users.
5
Configure SNMP Trap
Required option
Click Device Management > SNMP > Enable
Trap to enable the Trap function, click Device Management > SNMP > Trap Setup to
configure Trap types and the destination host.
Configuration procedures for SNMPv1/SNMPv2c are as following:
Step
Configuration Item
Note
Configuration Details
1
Enable SNMP agent
Required option
Click Device Management > SNMP > Agent Setup to enable SNMP function.
2
Create MIB view
Required option
Click Device Management > SNMP > View to create view for the managed object.
3
Create SNMP community
Required option
Click Device Management > SNMP > Agent Setup to configure community name for SNMPv1 and SNMPv2c.
4
Configure SNMP Trap
Required option
Click Device Management > SNMP > Enable
Trap to enable the Trap function, click Device Management > SNMP > Trap Setup to
configure Trap types and the destination host.
4.1 Agent Setup
Click Device Management > SNMP > Agent Setup to enter page below:
Advanced Settings
Parameters on this page are described below:
Field
Description
SNMP Status
Enable/Disable the SNMP function.
Local Engine ID
Display the local SNMP engine ID. When SNMP Status is enabled, this field becomes unconfigurable.
Max Packet Size
Configure max packet size that the SNMP agent can receive/send. The default is 1500.
Contact Info
Configure contact info for the switch so that the SNMP manager can quickly locate the switch. Usually, it includes the domain name and IP address of the switch. The default contact info is www.ip-com.com.cn.
Physical Location
Configure physical location info for the switch so that the SNMP manager can quickly locate the switch. The default physical location is 3F, Moso Industrial Building, No. 1031, Liming Road, Xili Town, Nanshan District, ShenZhen, P.R. CHINA.
SNMP Version
Configure SNMP versions for the SNMP agent. It supports SNMP v1, SNMP v2 and SNMP v3.
Click Add to enter the Community Setup page. Note that you should create a view first before creating a community.
Parameters on this page are described below:
Field
Description
Community Name
Configure the community name here. You can select a standard community name or customize a community name.
Standard: Select public or private. Custom: Customize the community name. The length of the
Advanced Settings
community name should be within 31 characters.
Access Mode
Define the access rights of the community. Read only: Management right of the Community is restricted to
read-only, and changes cannot be made to the corresponding View. Read & write: Management right of the Community is read-write
and changes can be made to the corresponding View.
View
Select the MIB View for the community to access.
After creating a community, you can use the V1, or V2c community name to view or config node settings in the MIB.
4.2 User
The User in a SNMP Group can manage the switch via the SNMP manager software. The User and its Group have the same security level and access right.
Click Device Management > SNMP > User to enter page below:
Click Add to enter page below. Note that you must create a group before you can add a user.
Advanced Settings
Parameters on this page are described below:
Field
Description
User Name
Enter the user name here.
Group Name
Select the group name here. You need to go to the Device Management > SNMP > Group page to configure group settings first. The user is classified to the corresponding Group according to its Group Name and Security Level.
Security Level
Select security level from the drop-down list.
Authentication Mode
Select the authentication mode for SNMP v3 users. Only when the security level is auth/priv or auth/nopriv, can this parameter be configurable. None: not authenticated. MD5: message digest 5. SHA: secure harsh algorithm.
Password
Enter the authentication password.
Confirm Password
Enter the authentication password again.
Encryption Mode
Select the encryption mode for SNMP v3 users. Only when the security level is auth/priv, can this parameter be configurable. None: not encrypted. DES: data encryption standard.
Encryption Password
Enter the encryption password.
Confirm Encryption Password
Enter the encryption password again.
4.3 Group
On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Click Device Management > SNMP > Group to enter page below:
Advanced Settings
Click Add to enter page below. Note that you must create a view before you can add a group.
Parameters on this page are described below:
Field
Description
Group Name
Enter the SNMP Group name. The Group Name and Security Level compose the identifier of the SNMP Group. The Groups with these two items the same are considered to be the same.
Security Level
Select the security level for SNMP v3 group.
Read only View
Select the View to be the Read View. The management access is restricted to read-only.
Read & Write View
Select the View to be the Read & Write View. The View defined as the Read & Write View can be read and modified.
Notification View
Select the View to be the Notify View. The SNMP manager can receive trap messages of the assigned SNMP view generated by the switch's SNMP agent.
Advanced Settings
4.4 View
The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP manager to manage MIB objects.
Click Device Management > SNMP > View to enter page below:
Click Add to enter page below:
Parameters on this page are described below:
Field
Description
View Name
Give a name to the View for identification.
MIB Subtree OID
Enter the Object Identifier (OID) for the entry of View.
Rule
Select the OID rule for the view entry. Include: The view entry can be managed by the SNMP manager. Exclude: The view entry cannot be managed by the SNMP manager.
Advanced Settings
4.5 Enable Trap
Trap function is used to inform the SNMP manager of critical events for the switch. Click Device Management > SNMP > Enable Trap to enter page below:
By default, the SNMP Trap function is enabled on all ports. You can modify it as you need. Parameters on this page are described below:
Field
Description
SNMP Trap
Enable/ Disable SNMP Trap function.
State
Select the Trap message type.
Coldstart-Trap
Send Coldstart Trap to designated host when device is undergoing a coldstart (power disconnection or reboot).
Warmstart-Trap
Send Warmstart Trap to designated host when the SNMP is disabled on the switch.
Linkdown-Trap
Send Linkdown Trap to designated host when an up link becomes down.
Linkup-Trap
Send Linkup Trap to designated host when a down link becomes up.
Authentication-Trap
Send Authentication failure Trap to designated host when SNMP module encounters an authentication failure.
This page is only for enabling the SNMP Trap function. See the following for configuring the Trap Host to which Traps are to be sent.
4.6 Trap Setup
To enter the page for configuring the host to which Traps are to be sent, click Device Management > SNMP > Trap Setup as seen below.
Advanced Settings
Click Add to enter page below:
Parameters on this page are described below:
Field
Description
Destination Host IP
Enter an IP address for the destination host. Note that the host IP should be on the same IP net segment as the management IP of the switch.
Port NO.
Enter a UDP port number to which Traps are to be sent. The default is
162.
Community Name
Enter a custom community name for the SNMP manager. As for SNMP v3, enter user name of the SNMP manager.
Trap Version
Select v1, v2c or V3. By default, the switch interacts with NMS using the SNMP v1.
5 DHCP Snooping
DHCP Snooping Functions
In computer networking DHCP snooping is a series of techniques applied to ensure the
Advanced Settings
security of an existing DHCP infrastructure. When DHCP servers are allocating IP addresses to the clients on the LAN, DHCP snooping can be configured on LAN switches to harden the security on the LAN to allow only clients with specific IP/MAC addresses to have access to the network.
Ports which are connected to DHCP servers and other DHCP Snooping devices need to be configured as trusted ports and other ports need to be configured as untrusted ports, so that DHCP clients can only obtain IP addresses from legal DHCP clients.
Untrusted Port: The port is used for connecting to terminal devices. Clients on this
kind of ports can only send DHCP request packets.
Trusted Port: Port or Trunk port connecting to legal DHCP servers.
The switch can establish a user binding list via DHCP snooping. Once a client connected to an untrusted port obtains a legal IP address, the switch will automatically display an entry (including client IP/ MAC address, port number/belonging VLAN, lease time, etc.) in the user binding list for MAC source defense and Ping test.
DHCP Option 82
As Option 82 records location info of DHCP clients, you can use it to locate DHCP clients, thus implementing security and accounting control for clients.
The DHCP Snooping function of this device supports Option 82 and two sub-options are available: circuit ID sub-option and remote ID sub-option. By default, the circuit ID sub-option is made up of port belonging VLAN ID of received DHCP client request packets and port number. The remote ID sub-option is made up of the MAC address of the DHCP Snooping device which receives DHCP client request packets.
When the switch receives DHCP request packets, it will process these packets according to whether Option 82 included, processing strategy of user configuration and user-defined option status, and then forward them to the DHCP server. Three strategies are available: replace, keep and drop.
Option 82 included or not
Processing Strategy
User-defined Option Status
Description
Yes
Replace
Enable
Use user-defined circuit ID sub-option and remote ID sub-option to fill Option 82. Then the previous Option 82 information will be replaced and forwarded.
Advanced Settings
Disable
Use the default circuit ID sub-option and remote ID sub-option on this switch to fill Option 82. Then the previous Option 82 information will be replaced and forwarded.
Keep
Any
The previous Option 82 information will be kept and forwarded.
Drop
Any
The previous Option 82 information will be discarded.
No
Any
Enable
Use the user-defined circuit ID sub-option and remote ID sub-option on this switch to fill Option 82 and forward it.
Disable
Use the default circuit ID sub-option and remote ID sub-option on this switch to fill Option 82 and forward it.
When the switch receives response packets of the DHCP server, and if these packets contain Option 82, the switch will delete Option 82 and then forward these packets. If Option 82 not contained, packets will be forwarded directly.
5.1 Global Setup
Click Device Management > DHCP Snooping > Global Setup to enter page below:
Parameters on this page are described below:
Field
Description
DHCP Snooping
Enable/Disable DHCP snooping function globally. By default, this function is disabled.
Advanced Settings
Source MAC Address Check-up
Enable/Disable source MAC address check-up function. There are two fields in DHCP packets for storing client MAC addresses. Once this function is enabled, the switch will make a comparison between these two fields. If these two fields are different, packets will be dropped.
5.2 Port Setup
After finishing global DHCP snooping settings, you need to configure DHCP snooping port settings. Click Device Management > DHCP Snooping > Port Setup to enter page below:
Click a certain port number to enter the corresponding port setup page.
To batch configure port settings, click Config.
Advanced Settings
Parameters on pages are described below:
Field
Description
Port
Display the corresponding port number.
Port Properties
Configure the current port's DHCP snooping property: trust or untrust.
Option 82 Status
Enable/Disable option 82. Option 82 records DHCP clients' location info. To make Option82 strategy valid, you need to enable Option82 first.
Option 82 Strategy
When there are option 82 fields in DHCP packets, three strategies are available: replace, keep and drop.
Replace: Replace the previous option 82 info with default or user-defined option 82 info.
Keep: Reserve option 82 fields in DHCP packets. Drop: Discard packets which include option 82 fields.
Customized Option
Enable/Disable customized circuit/remote ID sub-option function.
Circuit ID Sub-option
Specify the user-defined circuit ID sub-option.
Remote ID Sub-option
Specify the user-defined remote ID sub-option.
5.3 User Binding
Click Device Management > DHCP Snooping > User Binding to enter page below:
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use