IP-COM G3224P User Manual

is the registered trademark of IP-COM Networks Co., Ltd. All the products and product names

mentioned herein are the trademarks or registered trademarks of their respective holders. Copyright of the whole product as integration, including its accessories and software, belongs to IP-COM Networks Co., Ltd. No part of this publication can be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the prior written permission of IP-COM Networks Co., Ltd. If you would like to know more about our product information, please visit our website at www.ip-com.com.cn.

Disclaimer

Pictures, images and product specifications herein are for references only. To improve internal design, operational function, and/or reliability, IP-COM reserves the right to make changes to the products described in this document without obligation to notify any person or organization of such revisions or changes. IP-COM does not assume any liability that may occur due to the use or application of the product or circuit layout(s) described herein. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information and recommendations in this document do not constitute the warranty of any kind, express or implied.

Safety Guidelines

Observe the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage.

Basic Requirements

1. Keep the device completely dry and from fierce collision while storing, shipping and using;

2. Follow the instructions to install the switch;

3. Please contact the specified maintenance staff rather than dismantle the device on your own if any fault

happens.

Environmental Requirements

1. Temperature - Install the switch in a dry area, with ambient temperature between 0 and 40ºC (32 and 104ºF).

Keep the switch away from heat sources such as direct sunlight, warm air exhausts, hot-air vents, and heaters;

2. Operating humidity - The installation location should have a maximum relative humidity of 90%,

non-condensing;

3. Ventilation - Do not restrict airflow by covering or obstructing air inlets on the sides of the switch. Keep it at

least 10cm free on all sides for cooling. Be sure there is adequate airflow in the room or wiring closet where the switch is installed;

4. Operating conditions - Keep the switch away from electromagnetic noise, such as photocopy machines,

microwaves, cellphones, etc.

Use Notes

1. Use the provided accessories, such as the cable, mounting kit, etc.

2. Ensure the basic supply voltage standard is met;

3. Keep the power plug clean and dry in case electric shock or other dangers;

4. Keep your hands dry while cabling;

5. Shut down the device and power it off before unplugging the switch;

6. In a lightning day, disconnect the power supply and unplug all cables, such as the power cord, fiber, Ethernet

cable, etc.

7. Disconnect the power supply and pull out the plug if the device will be out of use for a long time;

8. Keep the device far from water or other liquids;

9. Contact the technical staff if any problem occurs;

10. Do not tread on, drag or excessively bend the cable;

11. Do not use worn or aged cables;

12. Do not look the fiber interface in your eyes in case of eye damage;

13. Prevent some matters, such as metal chips, from entering the device through the ventilation hole;

14. Do not scrape or fray the device’s housing shell, in case abnormal operation or human body allergic reaction;

15. Keep the device out of children’s reach.

Cleaning Notes

1. Shut down the device and pull out all cables before cleaning it;

2. Use soft cloth to clean the device’s housing shell.

Environmental Protection

1. Throw the discarded device or batteries into the specified recycling places;

2. Observe the local processing acts about relevant packages, wasted batteries and discarded device, and support

recycling.

iii

Contents

Chapter 1 Product Overview ....................................................................................................................................... 1

1.1 Overview ............................................................................................................................................................ 1

1.2 Physical Description ........................................................................................................................................... 1

1.2.1 Front Panel Overview .................................................................................................................................. 1

1.2.2 Back Panel Overview ................................................................................................................................... 1

1.3 Specifications ..................................................................................................................................................... 2

1.3.1 Hardware Specifications .............................................................................................................................. 2

1.3.2 Software Specifications ............................................................................................................................... 3

1.3.3 Package Contents ......................................................................................................................................... 4

1.4 Device Hardware Interfaces ............................................................................................................................... 4

1.4.1 Buttons ......................................................................................................................................................... 4

1.4.2 LEDs ............................................................................................................................................................ 4

1.4.3 Interfaces ...................................................................................................................................................... 5

1.4.4 Fan ............................................................................................................................................................... 6

1.5 Interface Serial Number ..................................................................................................................................... 6

Chapter 2 Installation ................................................................................................................................................... 7

2.1 Installing the Switch in a Rack ........................................................................................................................... 7

2.2 Installing the Switch on a Flat Workbench ........................................................................................................ 7

2.3 Connecting to Protective Grounding Line .......................................................................................................... 8

2.3.1 With Grounding Bar .................................................................................................................................... 8

2.3.2 Without Grounding Bar ............................................................................................................................... 8

2.4 Connecting the Power Cord ............................................................................................................................... 9

2.5 Connecting to Interface ...................................................................................................................................... 9

2.5.1 Connecting to Console Port ......................................................................................................................... 9

2.5.2 Connecting to RJ45 ports ............................................................................................................................. 9

2.5.3 Connecting to SFP Fiber Combo Ports ........................................................................................................ 9

2.5.4 Connecting to PDs ..................................................................................................................................... 10

2.6 Check the Installation ....................................................................................................................................... 10

Chapter 3 Login ......................................................................................................................................................... 11

3.1 Web Login ........................................................................................................................................................ 11

3.1.1 Preparation ................................................................................................................................................. 11

3.1.2 Configuration Preparation ......................................................................................................................... 11

3.2 Login via Console Port ..................................................................................................................................... 12

3.2.1 Preparation ................................................................................................................................................. 12

3.2.2 Configuration Preparation .......................................................................................................................... 12

3.3 Telnet Login ..................................................................................................................................................... 14

Chapter 4 WEB Configurations ................................................................................................................................. 15

4.1 Administration .................................................................................................................................................. 17

4.1.1 System Configuration ................................................................................................................................ 17

4.1.2 System Security ......................................................................................................................................... 21

4.2 Port Management ............................................................................................................................................. 25

4.2.1 Port Configuration ..................................................................................................................................... 25

4.2.2 Link Aggregation ....................................................................................................................................... 29

4.3 VLAN Management ......................................................................................................................................... 35

4.3.1 VLAN ........................................................................................................................................................ 35

4.3.2 MAC VLAN .............................................................................................................................................. 45

4.3.3 Protocol VLAN .......................................................................................................................................... 46

4.3.4 Voice VLAN .............................................................................................................................................. 50

4.4 PoE Management ............................................................................................................................................. 55

4.4.1 Global Setup .............................................................................................................................................. 55

4.4.2 Port Setup ................................................................................................................................................... 56

4.5 Time Range Management ................................................................................................................................ 58

4.5.1 Time Range ................................................................................................................................................ 58

4.6 Device Management ......................................................................................................................................... 59

4.6.1 MAC .......................................................................................................................................................... 59

4.6.2 STP ............................................................................................................................................................ 63

4.6.3 LLDP ......................................................................................................................................................... 72

4.6.4 IGSP ........................................................................................................................................................... 76

4.6.5 SNMP ........................................................................................................................................................ 78

4.6.6 DHCP Relay .............................................................................................................................................. 85

4.6.7 DHCP Snooping ........................................................................................................................................ 88

4.7 QoS ................................................................................................................................................................... 91

4.7.1 QoS Configuration ..................................................................................................................................... 91

4.7.2 Traffic Control ........................................................................................................................................... 96

4.7.3 ACL ........................................................................................................................................................... 98

4.8 Security .......................................................................................................................................................... 103

4.8.1 Attack Defense ......................................................................................................................................... 103

4.8.2 IP Filter .................................................................................................................................................... 110

4.8.3 MAC Filter ............................................................................................................................................... 113

4.8.4 802.1X ..................................................................................................................................................... 114

4.9 Smart Configuration ....................................................................................................................................... 118

4.9.1 For Hotel .................................................................................................................................................. 118

4.9.2 For Business ............................................................................................................................................. 120

4.10 Maintenance ................................................................................................................................................. 121

4.10.1 Syslog .................................................................................................................................................... 121

4.10.2 Network Diagnostics .............................................................................................................................. 123

4.11 Logout .......................................................................................................................................................... 125

4.12 Save Configurations ..................................................................................................................................... 126

Chapter 5 CLI Configuration ................................................................................................................................... 127

5.1 Login .............................................................................................................................................................. 127

5.2 Features of Command Interface ..................................................................................................................... 127

5.3 Command Line Configuration Guide ............................................................................................................. 127

5.3.1 Commands for Entering Common Views ................................................................................................ 127

5.3.2 Config System Info .................................................................................................................................. 128

5.3.3 Config IP Address Manually ................................................................................................................... 128

5.3.4 Enable DHCP Client to Obtain an IP Address ......................................................................................... 128

5.3.5 User Configuration .................................................................................................................................. 128

5.3.6 System Time Configuration ..................................................................................................................... 129

5.3.7 Reset and Reboot ..................................................................................................................................... 130

5.3.8 Firmware Update ..................................................................................................................................... 130

5.3.9 Web Login Timeout Configuration ......................................................................................................... 130

5.3.10 Config Port Settings ............................................................................................................................... 130

5.3.11 Port Mirroring Configuration ................................................................................................................. 131

5.3.12 View RX/TX Packet Statistics ............................................................................................................... 131

5.3.13 Config Port Rate Limit........................................................................................................................... 132

5.3.14 Config Link Aggregation ....................................................................................................................... 132

5.3.15 VLAN Configuration ............................................................................................................................. 133

5.3.16 MAC VLAN .......................................................................................................................................... 137

5.3.17 Protocol VLAN ...................................................................................................................................... 137

5.3.18 Voice VLAN .......................................................................................................................................... 138

5.3.19 MAC Configuration ............................................................................................................................... 139

5.3.20 QoS Configuration ................................................................................................................................. 140

5.3.21 STP Configuration ................................................................................................................................. 141

5.3.22 IGMP Configuration .............................................................................................................................. 144

5.3.23 Time Range Management ...................................................................................................................... 145

5.3.24 PoE Management ................................................................................................................................... 146

5.3.25 ACL Configuration ................................................................................................................................ 147

5.3.26 DoS Attack Defense Configuration ....................................................................................................... 149

5.3.27 Worm Attack Defense Configuration .................................................................................................... 150

5.3.28 ARP Attack Defense Configuration ...................................................................................................... 150

5.3.29 Config MAC Attack Defense ................................................................................................................. 151

5.3.30 IP Filter Configuration ........................................................................................................................... 152

5.3.31 DHCP Relay .......................................................................................................................................... 153

5.3.32 DHCP Snooping .................................................................................................................................... 155

5.3.33 SNMP Agent Configuration .................................................................................................................. 156

5.3.34 Log Configuration .................................................................................................................................. 158

5.3.35 802.1X Configuration ............................................................................................................................ 159

5.3.36 Save Configurations ............................................................................................................................... 160

Appendix 1 Glossary ............................................................................................................................................... 162

Appendix 2 Technical Support ................................................................................................................................ 167

Appendix 3 Safety and Emission Statement ............................................................................................................ 168

Chapter 1 Product Overview

1.1 Overview

Thank you for purchasing this IP-COM product. This switch, 24-port Gigabit with 4 Shared SFP PoE Managed Switch, provides 24 10/100/1000Mbps auto-negotiation RJ45 ports, 4 1000Mbps Combo (copper/fiber) ports and one Console interface. All its RJ45 ports are PoE-capable and it can connect up to 24 IEEE 802.3af–compliant PDs (15.4W) or up to 12 IEEE 802.3at-compliant PDs (30W). In addition, it supports VLAN, QoS, DHCP, IGMP snooping, ACL, STP, RSTP, MSTP, port mirroring, link aggregation and other features. Aiming at solving the safety problems in LAN, it provides user grading management, management VLAN, ARP attack defense, worm attack defense, DoS attack defense, MAC attack defense, IP+MAC+PORT+VLAN Bind, MAC filter and other safety settings through visual WEB interface operations. With high performance and low cost, it is ideal for hotels and enterprises.

1.2 Physical Description

1.2.1 Front Panel Overview

• 24 10/100/1000Mbps RJ45 ports

• Four SFP ports

• One Console interface

• RESET button

• Port LEDs

• System LEDs

• PoE-MAX LED

1.2.2 Back Panel Overview

 A grounding stud for lightning protection;  A 176-264VAC 50/60 Hz 6A power receptacle for accommodating the supplied power cord;  A power switch for turning on/off the device;

1.3 Specifications

1.3.1 Hardware Specifications

Item

Specification

Input Voltage

176 - 264VAC 50/60Hz 6A

Power Consumption

About 15W (no load); About 390W (full load);

PoE

24 10/100/1000Mbps auto-negotiation, PoE-capable RJ45 ports with up to 30W on each; It supports static or dynamic power allocation and can connect up to 24 IEEE 802.3af–compliant PDs (15.4W) or up to 12 IEEE

802.3at-compliant PDs (30W);

Interface

24 RJ45 10/100/1000 auto-negotiation Gigabit switching ports; 4 1000Mbps SFP ports;

Management Interface

One Console port

Operating Temperature

0℃-40℃

Storage Temperature

-40℃-70℃

Operating Humidity

10% - 90% RH, non-condensing

Storage Humidity

5% - 90% RH, non-condensing

Safety

UL 60950-1 CAN/CSAC22.2 No 60950-1 IEC 60950-1 EN 60950-1/A11 AS/NZS 60950-1 EN 60825-1 EN 60825-2

EMC

EN 55024; 1998+A1:2001+A2:2003 EN 55022:2006 ICES-003:2004 EN 61000-3-2:2000+A1:2001+A2:2005 EN 61000-3-3:1995+A1:2001+A2:2005 AS/NZS CISPR 22:2004 FCC PART 15:2005 ETSI EN 300 386 V1.3.3:2005

MTBF

> 100,000h

Dimension

440mm * 284mm * 44mm

Weight

< 7.5kg

1.3.2 Software Specifications

Features

Specification

Switch Volume

(Full-duplex)

56Gbps

Packet Forwarding

Rate(full load)

35.7Mpps MAC Address Table

VLAN

 VLAN distribution based on ports. Up to 24 can be

configured; IEEE 802.1Q VLAN. Up to 128 can be configured;

 Protocol VLAN. Up to 16 can be configured;  MAC VLAN. Up to 64 can be configured;  Voice VLAN;

DHCP

DHCP Snooping and DHCP Relay;

Multicast

 IGMP Snooping V1/V2;  Up to 128 can be configured;  Fast leave;

Broadcast Storm

Constrain

 Broadcast storm constrain based on ports;  Multicast storm constrain based on ports;  Unknown unicast storm constrain based on ports;

STP

 IEEE 802.1d STP;  IEEE 802.1w FSTP;  IEEE 802.1s MSTP protocol. In MSTP mode, up to 16 STP

instances can be configured;

 Edge port;  P2P port;  STP BPDU packets statistics;

ACL

 MAC ACL. Up to 100 entries can be configured;  IPv4 ACL. Up to 100 entries can be configured;  Time range limit;

Safety

 ARP attack defense, worm attack defense, DoS attack defense

and MAC attack defense;

 User grading management and SSL certification;  Management VLAN;  IP+MAC+PORT+VLAN Bind. Up to 200 entries can be

configured;

 Interface isolation;

MAC Filter

 Unicast MAC filter;  Up to 1000 entries can be configured;

QoS

 802.1P port trust mode;  IP DSCP port trust mode;  Bandwidth control;  Up to 4-queue QoS mappings;

Certification

 IEEE 802.1X based on ports;  IEEE 802.1X based on MAC;  Up to 256 MAC can be certificated;

Upgrade

TFTP (Trivial File Transfer Protocol)

Management

 Telnet configuration;  Console interface configuration;  SNMP (Simple Network Management Protocol);  WEB;

PoE

 IEEE 802.3at and IEEE 802.3af;  Maximum power consumption: 385W;

Maintenance

Ping\Tracert\Cable check-up;

1.3.3 Package Contents

Please verify that the package contains the following items:

• 24-Port Gigabit with 4 Shared SFP PoE Managed Switch

• Power Cord

• Install Guide

• Console Cable

• Mounting Kit (2 brackets, screws)

• Four Footpads

1.4 Device Hardware Interfaces

1.4.1 Buttons

Button

Description

RESET

Pressing and holding this button for a while, SYS LED will be off, and POWER LED keeps solid; after 5 seconds, all LEDs will be on and the Switch reboots automatically. And the system resets to factory default settings after a successful reboot with a blinking SYS LED.

ON/OFF

The switch of the device, turning on/off the device.

1.4.2 LEDs

The following table explains LED designations.

LED

Number

Color

Status

Description

POWER

Green

Off

Improper connection to power supply

LED

Number

Color

Status

Description

Solid

Proper connection to power supply

SYS

Green

Off

System is functioning improperly.

Solid

System is functioning improperly.

Blinking

System is functioning properly.

PoE-MAX

Green

Off

Power available for additional PDs

Solid

Reaching max power budget (354.2W) and no more power available for another new PD

Link/Act 1-24

Orange

Off

An invalid link is established.

Solid

A valid link is established.

Blinking

Transmitting packets

PoE 1-24

Green

Solid

The PoE powered device (PD) is connected and the port is supplying power successfully.

Off

No PoE-powered device (PD) connected

SFP1-SFP4

Green

Solid

Packet transmission or a valid link is established on the port.

Off

An invalid link is established on the port.

1.4.3 Interfaces

1.4.3.1 Console Interface

This switch, with an RS232 asynchronous console port, can be used for connecting PCs to test, configure, maintain and manage the system. The console cable is an 8-conductor cable. One end of the console cable, RJ45 plug, is connected to the Console port on the switch; while the other end, DB9 plug, is connected to 9-conductor console outlet.

1.4.3.2 Ethernet Interface

(1) Ethernet interface overview

This device has 24 RJ45 10/100/1000M auto negotiating Gigabit Ethernet switching ports and 4 1000M SFP fiber ports. Speed and working mode in RJ45 port mode:

Speed

Working Mode

10Mbps (auto-negotiation)

Half/Full duplex auto-negotiation

100Mbps (auto-negotiation)

Half/Full duplex auto-negotiation

1000Mbps (auto-negotiation)

Full duplex auto-negotiation

Note:

SFP fiber ports can only work in full-duplex auto-negotiation mode.

(2) RJ45 Connector

The RJ45 physical connector, adopting CAT.5 twisted-pair cable, is used for connecting 10/100/1000Mbps auto-negotiation RJ45 ports as shown below:

(3) SFP Connector

SFP connector, which is mainly for detachable connection between optical channels, is very convenient for the test and maintenance of the optical system. This device, with its 1000Mbps Combo (copper/fiber) ports, supports gigabit SFP connector.

1.4.4 Fan

This device has three fans for heat dissipation: one for mainboard and two for ensuring stable power supply.

1.5 Interface Serial Number

1-24: 24 10/100/1000Mbps auto-negotiation RJ45 ports 21-24/SFP1-SFP4: 1000Mbps SFP ports Console: RS232 asynchronous serial port

Chapter 2 Installation

The smart switch can be installed on a flat workbench or in a standard 19-inch rack.

2.1 Installing the Switch in a Rack

To install the switch in a rack, observe the following procedures. To perform this procedure, you need the 19-inch rack-mount kit supplied with switch.

1. Keep the kit well-earthed and stable;

2. Insert the screws provided into the bracket mounting holes to fix brackets onto the switch as shown below.

3. Tighten the screws with the Phillips screwdriver to secure the switch in the rack.

2.2 Installing the Switch on a Flat Workbench

If a standard 19-inch rack is not available, place the switch on a clean, flat workbench. Attach the 4 footpads to corresponding position of the switch bottom to avoid potential sliding and vibration, and ensure good ventilation and proper clearance around the switch for heat dissipation. See figure below:

Note:

1. Please keep the switch in a dry and well ventilated environment.

2. Keep the workbench stable and well-earthed.

3. Do not restrict airflow by covering or obstructing air inlets of the switch. Keep more than 10 centimeters free on all sides for cooling. Be sure there is adequate airflow in the room or wiring closet where the switch is installed.

4. Don’t put heavy objects on the Switch.

5. Make sure there is more than 1.5 centimeters vertical distance free between devices that stack each other.

2.3 Connecting to Protective Grounding Line

Proper connection of protective grounding line is important for lightning protection and anti-interference. Proper connection is as follows:

2.3.1 With Grounding Bar

Connect the yellow-green protective grounding cable to binding post on the grounding bar and fix the screws.

(1) AC power input (2) Grounding terminal connection (3) Grounding cable protection

Note:

Firefighting hoses and building lightning rods are not proper options for grounding bar. The grounding cable on the switch should be connected to the grounding bar in the IT room.

2.3.2 Without Grounding Bar

1) With mud land nearby and allowed to bury grounding bar Bury an angle iron or steel pipe (≥0.5m) into the mud land. The yellow-green protective grounding cable should be welded to the angle iron or steel pipe and the welding point should be embalmed.

2) Not allowed to bury grounding bar If the device supports AC power supply, you can connect it to the grounding bar through the PE line of the AC power and ensure the PE line in the switchgear room or beside the AC power supply transformer is well-grounded.

2.4 Connecting the Power Cord

Step1: Connect one end of the included power cord to the switch and the other end to a nearby AC power outlet. Step2: Verify the power LED on switch's front panel. An illuminated light indicates a proper power connection.

Note:

As for the power cord, different countries have different standards. Please determine whether to install the card slot to fix the power cord according to the actual situation.

2.5 Connecting to Interface

2.5.1 Connecting to Console Port

Follow below steps to connect a PC or terminal to the switch (The terminal can be the emulation program with RS232 console or a PC. Here take the PC for example): Connect the DB-9 plug on the console cable to a PC; Connect the RJ45 connector to the console port on the switch

2.5.2 Connecting to RJ45 ports

The switch provides auto MDI/MDIX feature on each RJ45 ports. PCs or other terminals can simply connect to any such ports of the switch via CAT.5, CAT.5e, or UTP cables.

1. Connect one end of the Ethernet cable to the Ethernet interface on the switch and the other end to the remote device;

2. Check PoE LED status. For LED status, please refer to 1.4.2 LEDs.

2.5.3 Connecting to SFP Fiber Combo Ports

The small form-factor pluggable (SFP) module is a compact, hot-pluggable transceiver used for optical signal transmission. The module bay is a combo port, sharing a connection with an RJ45 port. Being a combo port, only one type of connection can be active at any given time. For example, both copper and fiber port cannot be used at

the same time. If both connectors are plugged in at the same time, the fiber port becomes active. The SFP module accommodates a standard SFP module with an LC connector.

2.5.4 Connecting to PDs

Connect PDs (PoE powered devices, for example, 802.3at-/802.3af-compliant AP, IP telephone or IP camera) to switch. By default, the power supply mode is dynamic, PoE power supply is enabled and the power supply standard is 802.3at.

2.6 Check the Installation

Before applying power perform the following:

• Inspect the equipment thoroughly.

• Verify that all cables are installed correctly.

• Check cable routing to make sure cables are not damaged or creating a safety hazard.

• Ensure all equipments are mounted properly and securely.

Chapter 3 Login

3.1 Web Login

3.1.1 Preparation

Item

Description

Installed with a network Interface card

IP and Subnet Mask

The IP address of your PC and the switch should be in the same network segment (It can’t be 192.168.0.1).

Web Browser

Microsoft IE 8.0 or higher

Ethernet Cable

One CAT.5 RJ45 cable

3.1.2 Configuration Preparation

Launch a web browser, such as IE8, type in 192.168.0.1 and then press Enter. The login window would appear as shown below.

Enter the user name and password (both are ―admin‖ by default), and then click Login to log in to the switch’s configuration interface.

3.2 Login via Console Port

3.2.1 Preparation

Item

Description

With a Console port

Ethernet Cable

DB9-RJ45 Console Cable

3.2.2 Configuration Preparation

Step 1: Connect a terminal (PC) to the console port on the switch.

Step 2: Run terminal program (for example, terminal in Windows 3.X, Hyper Terminal in Windows 9X/Windows 2000/Windows XP, an example of Windows XP is described below) on PC, select the console port that is connected to the switch and configure as below: Bits per second: 115200; Data bits: 8; Parity: None; Stop bits: 1; Flow control: None.

Figure 3-1: New Connection

Figure 3-2: Connect To

Figure 3-3: Port Settings

Step 3: Power the switch, press Enter, input user name and password (admin/admin by default) and then press Enter again. Below screen will appear.

3.3 Telnet Login

Take Windows XP as an example, click Start > Run and enter ―telnet 192.168.0.1‖ as seen below:

Then press Enter, input the username and password ―admin/admin‖ and the following window will appear:

Chapter 4 WEB Configurations

This chapter instructs how to configure switch's functionalities and features on the Web manager. It includes below sections:

Submenu

Description

System

Configuration

System Info

This section displays the device’s system parameters.

System Time

This section allows you to configure system time either by synchronizing with SNTP server or specifying it manually.

Reset

Resets all settings to factory defaults.

Reboot

Configurations will be lost if you don’t save them before

rebooting.

Firmware Update

Update firmware.

System Security

SSL Setup

Allows you to encrypt information.

User

This section allows you to add new users and change password.

Port Management

Port

Configuration

Allows users to configure them a port and displays port status and statistics.

Link Aggregation

Displays static and LACP link aggregation settings and allows users to configure them.

VLAN Management

VLAN

Allows users to configure port VLAN and 802.1Q VLAN settings.

MAC VALN

Allows users to configure MAC VLAN and MAC VLAN settings. Up to 64 MAC VLANs can be configured.

Protocol VLAN

Three forms: Ethernet, LLC, and SNAP. Up to 16 protocol VLANs can be configured.

Voice VLAN

Allows users to configure voice VLAN (manual or auto).

PoE Management

Global Setup

Static and dynamic allocations are supported. The default is dynamic allocation.

Port Setup

Two power supply standards: 802.3at and 802.3af. By default, it is 802.3at.

Time Range

Management

Time Range

Allows users to configure absolute time, periodic time, time slices, etc.

Device

Management

MAC

Displays MAC table and allows users to manually add static MAC addresses and fast binding.

STP

Allows users to configure STP, RSTP and MSTP settings. Up to 16 instances can be configured.

LLDP

Allows users to configure LLDPBU settings and displays neighbor info.

IGSP

Allows users to configure V1/V2 IGSP settings.

SNMP

Allows users to configure V1/V2c/V3 SNMP settings.

DHCP Relay

Allows users to implement DHCP among multiple VLANs.

DHCP Snooping

Allows users to configure DHCP snooping settings, DHCP server trust settings and client access settings.

QoS

CoS

CoS priority 0-7 is supported. Default 0 and 3 correspond to queue 1; 1 and 2 correspond to 2; 4 and 5 correspond to queue 3; 6 and 7 correspond to queue 4.

DSCP

DSCP priority 0-63 is supported.

Scheduling

Scheme

SP and WRR are supported. By default, it is SP.

Port Priority

Port priority 0-7. The default is 0.

Rate Limit

Allows users to configure ingress and egress rate limit.

Storm Constrain

Allows users to configure broadcast, multicast, and unknown unicast constrain settings.

ACL

Allows users to configure MAC/IP ACL settings. Up to 100 entries can be configured.

Security

ARP Attack

Defense

Allows users to configure ARP attack defense settings.

Worm Attack

Defense

Allows users to configure TCP and UDP settings to filter packets.

DoS Attack

Defense

Allows users to configure DoS attack defense settings.

MAC Attack

Defense

Allows users to configure MAC attack defense settings.

IP Filter

Configure IP+MAC+Port+VLAN Binding, ARP filter and IP filter settings.

802.1X

Displays and allows you to configure 802.1X settings.

Smart Configuration

Corporate and hotel network administrators can use this section to easily configure file server port and router port. For details, please refer to 4.9 Smart Configuration.

Maintenance

Allows users to configure syslog settings and network diagnose settings.

Save Configurations

Save/backup/restore settings.

4.1 Administration

4.1.1 System Configuration

System Info

Click System Configuration > System Info to enter interface below:

Fields on the screen are described below:

Field

Description

Firmware Version

Displays switch's current firmware version and release date.

Hardware Version

Displays switch's current hardware version.

MAC Address

Displays switch’s physical address.

Management VLAN

Displays switch’s management VLAN ID. VLAN1 is preset to

management VLAN by default.

System Name

Customize a system name for locating the device quickly.

DHCP

Enable/disable the DHCP feature. When enabled, the switch can obtain an IP address automatically (provided that there is an active DHCP server on the network and switch is successfully connected to the network); when disabled, you must configure an IP address manually.

IP Address

Configure a static IP address, which will be used to access the switch's web manager. The default is 192.168.0.1.

Subnet Mask

Configure the corresponding subnet mask of the IP address specified above. The default is 255.255.255.0.

Gateway

Specify a gateway address for the switch.

MAC Age

This field specifies the length of time a learned dynamic MAC Address will remain in the forwarding table without being accessed (that is, how long a learned MAC Address is allowed to remain idle). The MAC Address Aging Time can be set to any value between 10 and 1000000 seconds. The default setting is 300 seconds.

Note:

To view the IP address obtained from a DHCP server on the network, access the DHCP server or type the "show ip" command on telnet interface.

System Time

1. Overview

The switch allows you to synchronize system time with SNTP server or configure time and date settings manually.

Sync with SNTP Server

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems

over packet-switched, variable-latency data networks. Simple Network Time Protocol (SNTP) is another less complex implementation of NTP. It synchronizes timekeeping between time servers and clients so that clock-dependent devices on the network can consistently provide diverse time based applications. Both SNTP server and client run over the User Datagram Protocol (UDP) on port 123. When BLAT UDP attack defense is enabled, it won’t be unable to acquire system time automatically.

Config time and date settings manually

Manually configured time will not be updated or synchronized with other devices and will be restored to factory defaults after system reboot.

2. System Time -- Config Click System Configuration > System Time to enter interface below:

Steps to sync with SNTP server

1. Select a proper time zone from the Time Zone pull-down list;

2. Click Server Setup and enter SNTP server IP address;

3. Specify an Update Interval value between 30 and 99999 seconds. The default is 30 seconds.

4. Click OK. Now switch will update system time from SNTP.

Steps to config time and date settings manually

1. Select a proper time zone from the Time Zone pull down list;

2. Click Set Time & Date Manually to configure the time and date.

3. Click OK. Now the Switch will work with the configured time.

Reset

Click System Configuration > Reset to enter below interface. Clicking the Reset… button restores the switch to the factory default settings.

Note:

1. Current settings will be lost after reset. So if you want to retain current settings, please click Save Configurations in the lower left concern of the page.

2. Do not operate the device while reset is in process; otherwise it may be damaged.

Reboot

Click System Configuration > Reboot to enter the below screen and click the Reboot… button here to restart the switch.

Firmware Update

Click System Configuration > Firmware Update to enter the interface below:

This section displays current firmware version. To update the switch's firmware, click Browse… to locate and select the latest firmware and click Update. The process takes 1-2 minutes to finish.

Note:

1. Do not disconnect from power while upgrade is in process.

2. If power supply is disconnected, please upgrade it again; if unable to enter the management interface, contact

maintenance personnel.

4.1.2 System Security

SSL Overview

Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide communication security over the Internet. It is widely applied in E-commerce and Internet banking areas.

SSL Security

Privacy: Adopting asymmetrical encryption technology and RSA (Rivest Shamir and Adleman), SSL uses key pair to encrypt information. Authentication: Authenticate the users and the servers based on the certificates to ensure the data are transmitted to the correct users and servers. SSL server and clients obtain CA certificates via PKI (Public Key Infrastructure). Integrality: Maintain the integrality of the data based on Message Authentication Code (MAC) to prevent data being altered in the transmission. A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

SSL Protocol Structure

SSL protocol can be divided into 2 layers: the bottom layer is SSL record protocol; the top layer includes SSL handshake protocol, SSL change cipher spec protocol and SSL alert protocol.

SSL handshake protocol

SSL change cipher spec protocol

SSL alert protocol

HTTP, FTP…

SSL record protocol

TCP

SSL record protocol: mainly applied for data partition, data calculation, MAC adding, encryption and record block transmission. SSL handshake protocol: it is a very important part of SSL protocol, mainly used for cryptography negotiation and authentication. A session will be established between clients and the server. Session ID, certificate of the other side, cryptography algorithm and primary security key are included in the session. SSL change cipher spec protocol: clients and the server inform remote devices via SSL change cipher spec protocol and packets will adopt the newly negotiated cryptography algorithm and security key for protection and transmission. SSL alert protocol: mainly used for reporting alert info, and severity and description are included in messages.

SSL Setup

Click Administration > System Security > SSL Setup to enter interface as below:

Fields on the screen are described below:

Field

Description

SSL

Enable/disable SSL.

SSL Certificate

Select the desired certificate to download to the switch.

SSL Key

Select the desired SSL Key to download to the switch for encryption.

Certificate Import

Import the downloaded certificate

Key Import

Import the downloaded key

User

Click Administration > System Security > User to enter interface below:

Fields on the screen are described below:

Field

Description

This field specifies how long the web manager is allowed to remain idle. When reaching the set time, the web manager will return to login window. The Login Timeout can be set to any value between 30 and 3600 seconds. The default setting is 300 seconds.

User Name

Specify a user name for login authentication.

Access Mode

Specify an access right for a corresponding user: Administrator: Has absolute rights to view and configure switch's settings and system info. Technician: Has the right to view and configure switch's settings, except for ―Firmware Update‖, ―User‖, ―Reset‖, ―Reboot‖ settings. User: Has the right to view switch's current settings but no right to manage/configure them.

Telnet

Enable/disable Telnet management. When enabled, you can manage the switch via Telnet.

+ 145 hidden pages

IP-COM G3224P User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual