KTI Networks KGS-2421, KGS-1620 User Manual

KGS-2421 KGS-1620

Web Management Interface

User

s Manual

,

DOC.110616

-1-

TRADEMARKS

Ethernet is a registered trademark of Xerox Corp.

Vitesse Switch Software. Copyright (c) 2002-2009
Vitesse Semiconductor Corporation "Vitesse". All Rights Reserved.
Unpublished rights reserved under the copyright laws of the United States of America, other countries and
international treaties. Permission to use, copy, store and modify, the software and its source code is granted.
Permission to integrate into other products, disclose, transmit and distribute the software in an absolute
machine readable format (e.g. HEX file) is also granted. The software may only be used in products utilizing
the Vitesse switch products.

(C) 2010 KTI Networks Inc. All rights reserved. No part of this documentation may be reproduced in any form
or by any means or used to make any directive work (such as translation or transformation) without permission
from KTI Networks Inc.

-2-

KTI Networks Inc. reserves the right to revise this documentation and to make changes in content from time to
time without obligation on the part of KTI Networks Inc. to provide notification of such revision or change.

For more information, contact:

United States KTI Networks Inc.
P.O. BOX 631008
Houston, Texas 77263-1008

Phone: 713-2663891
Fax: 713-2663893
E-mail: kti@ktinet.com
URL: http://www.ktinet.com/

International Fax: 886-2-26983873
E-mail: kti@ktinet.com.tw
URL: http://www.ktinet.com.tw/

-3-

Table of Contents

1. Web Management.......................................................................................................................................8

1.1 Start Browser Software and Making Connection ...............................................................8

1.2 Login to the Switch Unit .....................................................................................................8

1.3 Main Management Menu .................................................................................................10

2. Configuration............................................................................................................................................12

2.1 System.............................................................................................................................12

2.1.1 Information....................................................................................................................12

2.1.2 IP & Time ......................................................................................................................13

2.2 Ports.................................................................................................................................14

2.3 Security............................................................................................................................16

2.3.1 Switch ...........................................................................................................................16

2.3.1.1 Password ...................................................................................................................16

2.3.1.2 Auth Method...............................................................................................................17

2.3.1.3 SSH............................................................................................................................18

2.3.1.4 HTTPS .......................................................................................................................19

2.3.1.5 SNMP.........................................................................................................................20

2.3.1.5.1 System....................................................................................................................20

2.3.1.5.2 Communities...........................................................................................................23

2.3.1.5.3 Users.......................................................................................................................24

2.3.1.5.4 Groups ....................................................................................................................26

2.3.1.5.5 Views ......................................................................................................................27

2.3.1.5.6 Accesses.................................................................................................................28

2.3.2 Network.........................................................................................................................29

2.3.2.1 NAS............................................................................................................................29

2.3.2.2 ACL............................................................................................................................33

2.3.2.2.1 Ports........................................................................................................................33

2.3.2.2.2 Rate Limiters...........................................................................................................34

2.3.2.2.3 Access Control Lists................................................................................................35

2.3.3 Auth Server...................................................................................................................37

2.4 Aggregation......................................................................................................................39

2.4.1 Static.............................................................................................................................39

-4-

2.4.2 LACP.............................................................................................................................41

2.5 Spanning Tree .................................................................................................................43

2.5.1 Bridge Settings..............................................................................................................43

2.5.2 MSTI Mapping...............................................................................................................45

2.5.3 MSTI Priorities ..............................................................................................................46

2.5.4 CIST Ports ....................................................................................................................47

2.5.5 MSTI Ports....................................................................................................................48

2.6 IGMP Snooping................................................................................................................51

2.6.1 Basic Configuration.......................................................................................................51

2.6.2 VLAN Configuration ......................................................................................................52

2.7 LLDP................................................................................................................................53

2.7.1 LLDP.............................................................................................................................53

2.7.2 LLDP-MED....................................................................................................................55

2.8 MAC Table.......................................................................................................................61

2.8.1 Static MAC Address Configuration................................................................................63

2.9 VLANs..............................................................................................................................64

2.9.1 VLAN Membership........................................................................................................64

2.9.2 VLAN Port Configuration...............................................................................................66

2.10 Private VLANs................................................................................................................68

2.10.1 PVLAN Memberships..................................................................................................69

2.10.2 Port Isolation...............................................................................................................71

2.11 QoS................................................................................................................................72

2.11.1 Ports............................................................................................................................73

2.11.2 QoS Control List..........................................................................................................74

2.11.3 Rate Limiters...............................................................................................................76

2.11.4 Storm Control..............................................................................................................77

2.11.5 Wizard.........................................................................................................................78

2.11.6 Wizard – Port Policies.................................................................................................79

2.11.7 Wizard – Typical Network Application Rules...............................................................81

2.11.8 Wizard – ToS Precedence Mapping ...........................................................................82

2.11.9 Wizard – VLAN Tag Priority Mapping .........................................................................83

2.12 Mirroring.........................................................................................................................84

-5-

3. Monitor ......................................................................................................................................................86

3.1 System.............................................................................................................................86

3.1.1 Information....................................................................................................................86

3.1.2 CPU Load .....................................................................................................................87

3.1.3 Log................................................................................................................................88

3.1.4 Detailed Log..................................................................................................................89

3.2 Ports.................................................................................................................................90

3.2.1 State..............................................................................................................................90

3.2.2 Traffic Overview............................................................................................................91

3.2.3 QoS Statistics ...............................................................................................................93

3.2.4 Detailed Statistics..........................................................................................................95

3.3 Security............................................................................................................................97

3.3.1 Network.........................................................................................................................97

3.3.1.1 Port Security ..............................................................................................................98

3.3.1.1.1 Switch .....................................................................................................................98

3.3.1.1.2 Port .........................................................................................................................99

3.3.1.2 NAS..........................................................................................................................100

3.3.1.2.1 Switch ...................................................................................................................100

3.3.1.2.2 Port .......................................................................................................................100

3.3.1.3 ACL Status...............................................................................................................101

3.3.2 Auth Server.................................................................................................................102

3.3.2.1 RADIUS Overview....................................................................................................102

3.3.2.2 RADIUS Details .......................................................................................................103

3.4 LACP..............................................................................................................................105

3.4.1 System Status.............................................................................................................105

3.4.2 Port Status ..................................................................................................................106

3.4.3 Port Statistics..............................................................................................................108

3.5 Spanning Tree ...............................................................................................................109

3.5.1 Bridge Status ..............................................................................................................109

3.5.2 Port Status ..................................................................................................................111

3.5.3 Port Statistics..............................................................................................................112

3.6 IGMP Snooping..............................................................................................................113

-6-

3.7 LLDP..............................................................................................................................114

3.7.1 Neighbors....................................................................................................................114

3.7.2 LLDP-MED Neighbors.................................................................................................115

3.7.3 Port Statistics..............................................................................................................118

3.8 MAC Table.....................................................................................................................120

3.9 VLAN..............................................................................................................................121

3.9.1 VLAN Membership......................................................................................................121

3.9.2 VLAN Port...................................................................................................................122

4. Diagnostics.............................................................................................................................................124

4.1 SFP DDM.......................................................................................................................124

4.2 Ping................................................................................................................................126

4.3 Copper Cable.................................................................................................................127

5. Maintenance............................................................................................................................................128

5.1 Reset Device..................................................................................................................128

5.2 Factory Defaults.............................................................................................................129

5.3 Software Upload ............................................................................................................129

5.4 Configuration..................................................................................................................129

Glossary ......................................................................................................................................................131

-7-

1. Web Management

The switch features an http server which can serve the management requests coming from any web browser
software over TCP/IP network.

Web Browser

Compatible web browser software with JAVA script support
Microsoft Internet Explorer 4.0 or later
Netscape Communicator 4.x or later

Set IP Address for the System Unit

Before the switch can be managed from a web browser software, make sure a unique IP address is configured
for the switch.

1.1 Start Browser Software and Making Connection

Start your browser software and enter the IP address of the switch unit to which you want to connect. The IP
address is used as URL for the browser software to search the device.

URL: http://xxx.xxx.xxx.xxx/

Factory default

IP address: 192.168.0.2

1.2 Login to the Switch Unit

When browser software connects to the switch unit successfully, a Login screen is provided for you to login to
the device as the left display below:

-8-

The switch will accept more than one successful management connection at the same time. A switch image
icon is displayed as follows after a successful login. The following example shows an image of a 24-port
switch model.

Image of 24-Port Switch Model

Image of 16-Port Switch Model

-9-

1.3 Main Management Menu

Main Menu:

Sub-menus:

Configuration

System Switch information, IP configuration,

SNTP setting, and Password setting

Ports Port operation related configuration, frame size, and power saving control
Security Switch & UI authentication configuration, Port access security control
Aggregation Static and
Spanning Tree
IGMP Snooping
LLDP

STP bridge, MSTI and CIST configuration
IGMP basic and port configuration
LLDP configuration

LACP port link aggregation related configuration

MAC Table MAC address learning settings and static MAC address port configuration
VLANs
Private VLANs
QoS QoS port ingress, egress and

VLAN groups and VLAN port-related configuration
PVLAN groups and port isolation configuration

QCL configuration, Port rate control, QCL wizard

Mirroring Port mirroring settings

Monitor

System System information and system log information
Ports Port link status, traffic statistics, QoS statistics
Security Switch & UI authentication, Port access security status
LACP

LACP system and port status

Spanning Tree Bridge status, Port status and
IGMP Snooping

IGMP groups learned, Router ports, Statistics

RSTP/STP/MSTP statistics

-10-

LLDP LLDP neighbors information, Port statistics
MAC Table Display of MAC address table
VLAN Display VLAN membership and VLAN port status

Diagnostics

SFP DDM SFP
Ping

DDM information

ICMP ping utility

Copper Cable Copper cable diagnostics for all copper ports

Maintenance

Reset Device Command to reboot the switch
Factory Defaults Command to restore the switch with factory default settings
Software Upload Command to update the switch firmware
Configuration Command to save or upload the system configuration

-11-

2. Configuration

2.1 System

2.1.1 Information

Configuration Description

System Contact The textual identification of the contact person for this managed node, together with

information on how to contact this person. The allowed string length is 0 to 255, and

the allowed content is the ASCII characters from 32 to 126.
System Name An administratively assigned name for this managed node. By convention, this is the

node's fully-qualified domain name. A domain name is a text string drawn from the

alphabet (A-Za-z), digits (0-9), minus sign (-). No space characters are permitted as

part of a name. The first character must be an alpha character. And the first or last

character must not be a minus sign. The allowed string length is 0 to 255.
System Location The physical location of this node(e.g., telephone closet, 3rd floor). The allowed

string length is 0 to 255, and the allowed content is the ASCII characters from 32 to

126.

System Timezone Offset Provide the time zone offset relative to UTC/GMT. The offset is given in minutes

east of GMT. Valid range: -720 to 720 minutes.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

Note:

1. It is suggested to give each switch unit a system name as an alternative unique identification beside IP

address.

-12-

2. The system Name, Contact, and Location settings are also used as SNMP MIBs.

2.1.2 IP & Time

Configuration Description

DHCP Client Enable the DHCP client by checking this box.
IP Address Provide the
IP Mask Provide the
IP Router Provide the

IP address of this switch unit.
IP mask of this switch unit.

IP address of the default router for this switch unit.

VLAN ID Provide the managed VLAN ID. The allowed range is 1 through 4095.
SNTP Server Provide the

IP address of the SNTP Server.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.
Renew Click to renew DHCP. This button is only available if DHCP is enabled.

Note:

1. If DHCP fails and the configured IP address is zero, DHCP will retry. If DHCP fails and the configured IP

address is non-zero, DHCP will stop and the configured IP settings will be used. The DHCP client will
announce the configured System Name as hostname to provide DNS lookup.

2. The IP addresses should be in dotted decimal notation.

-13-

2.2 Ports

Configuration Description

Port The port number associated to this configuration row
Link The current link status is displayed graphically.

Green indicates the link is up and red that it is down.
Speed - Current Provides the current link speed of the port.
Speed - Configured Select any available link speed for the given switch port.

Disabled: disables the switch port operation.

Auto: selects the highest speed that is compatible with a link partner.

1Gbps FDX: selects auto-negotiation 1000Mbps and full duplex

100Mbps FDX: selects fixed 100Mbps and full duplex

-14-

100Mbps HDX: selects fixed 100Mbps and half duplex

10Mbps FDX: selects fixed 10Mbps and full duplex

10Mbps HDX: selects fixed 10Mbps and half duplex

Flow Control – Current Rx Whether pause frames on the port are obeyed
Flow Control – Current Tx Whether pause frames on the port are transmitted
Flow Control – Configured Click to enable flow control for fixed s peed settings.

When “Auto” Speed is selected for a port, this selection indicates the flow control

capability that is advertised to the link partner.
Maximum F rame Enter the maximum frame size allowed for the switch port, including FCS.

The allowed range is 1518 bytes to 9600 bytes.
Excessive Collision Mode Configure port transmission collision behavior.

Discard: Discard frame after 16 collisions (default).

Restart: Restart back-off algorithm after 16 collisions.

Power Control The column shows the current percentage of the power consumption per port.

The Configured column allows for changing the power savings mode parameters per

port.

Disabled: All power savings mechanisms are disabled.

ActiPHY: Link down power savings is enabled.

PerfectReach: Link up power savings is enabled.

Enabled: Both link up and link down power savings are enabled.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.
Refresh Click to refresh the page. Any changes made locally will be undone.

-15-

2.3 Security

2.3.1 Switch

2.3.1.1 Password

Configuration Description

Old Password Ent e r t h e c u r r e n t s y s t e m p a s s w o r d . I f t h i s i s i n c o r r e c t , t h e n e w p a s s w o r d w i l l n o t b e s e t .
New Password New system password to be used

Allowed string length is 0 to 31, and the allowed content is the ASCII characters

from 32 to 126.
Confirm New Password Re-enter the new system password.

Save Click to save the changes.

-16-

2.3.1.2 Auth Method

Configuration Description

Client Access method to the switch – telnet, ssh, web, console
Authentication Method Authentication can be set to one of the following values:

none: authentication is disabled and login is not possible.

local: use the local user database on the switch for authentication.

RADIUS: use a remote

RADIUS server for authentication.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-17-

2.3.1.3 SSH

Configuration Description

Mode Indicates the SSH mode operation. Possible modes are:

Enabled: Enable SSH mode operation.

Disabled: Disable SSH mode operation.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-18-

2.3.1.4 HTTPS

Configuration Description

Mode Indicates the HTTPS mode operation. Possible modes are:

Enabled: Enable HTTPS mode operation.

Disabled: Disable HTTPS mode operation.

Automatic Redirect Indicates the HTTPS redirect mode operation. Automatic redirect web browser to

HTTPS during HTTPS mode enabled. Possible modes are:

Enabled: Enable HTTPS redirect mode operation.

Disabled: Disable HTTPS redirect mode operation.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-19-

2.3.1.5 SNMP

2.3.1.5.1 System

System Configuration Description

Mode Indicates the SNMP mode operation. Possible modes are:

Enabled: Enable SNMP mode operation.

Disabled: Disable SNMP mode operation.

Version Indicates the SNMP supported version. Possible versions are:

SNMP v1: Set SNMP supported version 1.

-20-

SNMP v2c: Set SNMP supported version 2c.
SNMP v3: Set SNMP supported version 3.
Read Community Indicates the community read access string to permit access to SNMP agent. The

allowed string length is 0 ~ 255, and the allowed content is the ASCII characters

from 33 to 126.

Note: This field only suits when SNMP version is setting SNMPv1 or SNMPv2c. If

SNMP version is setting SNMPv3, the community string will associated with SNMPv3

communities table. It provides more flexibility to configure security name than a

SNMPv1 or SNMPv2c community string. In addition to community string, a

particular range of source addresses can use to restrict source subnet.

Write Community Indicates the community write-access string to permit access to SNMP agent. The

allowed string length is 0 ~ 255, and the allowed content is the ASCII characters

from 33 to 126.

Note: This field only suits when SNMP mode version setting SNMPv1 or SNMPv2c. If

SNMP version is setting SNMPv3, the community string will associated with SNMPv3

communities table. It provides more flexibility to configure security name than a

SNMPv1 or SNMPv2c community string. In addition to community string, a

particular range of source addresses can use to restrict source subnet.

Engine ID Indicates the SNMPv3 engine ID. The string must contain an even number between

10 and 64 hexadecimal digits, but all-zeros and all-'F's are not allowed. Change of the

Engine ID will clear all original local users.

Trap Configuration Description

Trap Mode Indicates the SNMP trap mode operation. Possible modes are:

Enabled: Enable SNMP trap mode operation.

Disabled: Disable SNMP trap mode operation.

Trap Version Indicates the SNMP trap supported version. Possible versions are:

SNMP v1: Set SNMP trap supported version 1.

SNMP v2c: Set SNMP trap supported version 2c.

SNMP v3: Set SNMP trap supported version 3.
Trap Community Indicates the community access string when send SNMP trap packet. The allowed

string length is 0 ~ 255, and the allowed content is the ASCII characters from 33 to

126.

Trap Destination Address Indicates the SNMP trap destination address.
Trap Destination IPv6 Address
Provide the trap destination IPv6 address of this switch. IPv6 address is in 128-bit

records represented as eight fields of up to four hexadecimal digits with a colon

-21-

separates each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a

special syntax that can be used as a shorthand way of representing multiple 16-bit

groups of contiguous zeros; but it can only appear once. It also used a following

legally IPv4 address. For example, '::192.1.2.34'.
Trap Authentication Failure Indicates the SNMP entity is permitted to generate authentication failure traps.

Possible modes are:

Enabled: Enable SNMP trap authentication failure.

Disabled: Disable SNMP trap authentication failure.

Trap Link-up and Link-down Indicates the SNMP trap link-up and link-down mode operation. Possible modes are:

Enabled: Enable SNMP trap link-up and link-down mode operation.

Disabled: Disable SNMP trap link-up and link-down mode operation.

Trap Inform Mode Indicates the SNMP trap inform mode operation. Possible modes are:

Enabled: Enable SNMP trap inform mode operation.

Disabled: Disable SNMP trap inform mode operation.

Trap Inform Timeout Indicates the SNMP trap inform timeout (seconds). The allowed range is 0 ~ 2147.
Trap Inform Retry Times Indicates the SNMP trap inform retry times. The allowed range is 0 ~ 255.
Tr ap Pr ob e S ec ur it y E ng in e I D Indicates the SNMP trap probe security engine ID m ode of operation. Possible values are :

Enabled: Enable SNMP trap probe security engine ID mode of operation.

Disabled: Disable SNMP trap probe security engine ID mode of operation.

Trap Security Engine ID Indicates the SNMP trap security engine ID. SNMPv3 sends traps and informs using

USM for authentication and privacy. A unique engine ID for these traps and informs

is needed. When "Trap Probe Security Engine ID" is enabled, the ID will be probed

automatically. Otherwise, the ID specified in this field is used. The string must

contain an even number between 10 and 64 hexadecimal digits, but all-zeros and

all-'F's are not allowed.
Trap Security Name Indicates the SNMP trap security name. SNMPv3 traps and informs using USM for

authentication and privacy. A unique security name is needed when traps and informs

are enabled.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-22-

2.3.1.5.2 Communities

Configuration Description

Delete Check to delete the entry. It will be deleted during the next save.
Community Indicates the community access string to permit access to SNMPv3 agent. The

allowed string length is 1 to 32, and the allowed content is the ASCII characters from

33 to 126. The community string will treat as security name and map a SNMPv1 or

SNMPv2c community string.
Source IP Indicates the SNMP access source address. A particular range of source addresses can

use to restrict source subnet when combined with source mask.
Source Mask Indicates the SNMP access source address mask.

Add new community Click to add a new community entry as shown below.

Delete Click to cancel the new entry.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-23-

2.3.1.5.3 Users

Configuration Description

Delete Check to delete the entry. It will be deleted during the next save.
Engine ID An octet string identifying the engine ID that this entry should belong to. The string

must contain an even number between 10 and 64 hexadecimal digits, but all-zeros

and all-'F's are not allowed. The SNMPv3 architecture uses the User-based Security

Model (USM) for message security and the View-based Access Control Model

(VACM) for access control. For the USM entry, the usmUserEngineID and

usmUserName are the entry's keys. In a simple agent, usmUserEngineID is always

that agent's own snmpEngineID value. The value can also take the value of the

snmpEngineID of a remote SNMP engine with which this user can communicate. In

othe words, if user engine ID equal system engine ID then it is local user; otherwize

it's remote user.
User Name A string identifying the user name that this entry should belong to. The allowed string

length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126.
Security Level Indicates the security model that this entry should belong to. Possible security models

are:

NoAuth, NoPriv: None authentication and none privacy.

Auth, NoPriv: Authentication and none privacy.

Auth, Priv: Authentication and privacy.

The value of security level cannot be modified if entry already exists. That means

must first ensure that the value is set correctly.
Authentication Protocol Indicates the authentication protocol that this entry should belong to. Possible

authentication protocols are:

None: None authentication protocol.

MD5: An optional flag to indicate that this user using MD5 authentication protocol.

SHA: An optional flag to indicate that this user using SHA authentication protocol.

The value of security level cannot be modified if entry already exists. That means

must first ensure that the value is set correctly.
Authentication Password A string identifying the authentication pass phrase. For MD5 authentication protocol,

-24-

the allowed string length is 8 to 32. For SHA authentication protocol, the allowed

string length is 8 to 40. The allowed content is the ASCII characters from 33 to 126.
Privacy Protocol Indicates the privacy protocol that this entry should belong to. Possible privacy

protocols are:

None: None privacy protocol.

DES: An optional flag to indicate that this user using DES authentication protocol.

Privacy Password A string identifying the privacy pass phrase. The allowed string length is 8 to 32, and

the allowed content is the ASCII characters from 33 to 126.

Add new user Click to add a new SNMPv3 user entry as shown below.

Delete Click to cancel the new entry.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-25-

2.3.1.5.4 Groups

Configuration Description

Delete Check to delete the entry. It will be deleted during the next save.
Security Model Indicates the security model that this entry should belong to. Possible security models are:

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

usm: User-based Security Model (USM).

Security Name A string identifying the security name that this entry should belong to. The allowed

string length is 1 to 32, and the allowed content is the ASCII characters from 33 to

126.

Group Name A string identifying the group name that this entry should belong to. The allowed

string length is 1 to 32, and the allowed content is the ASCII characters from 33 to

126.

Add new group Click to add a new SNMPv3 group entry as shown below.

Delete Click to cancel the new entry.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-26-

2.3.1.5.5 Views

Configuration Description

Delete Check to delete the entry. It will be deleted during the next save.
View Name A string identifying the view name that this entry should belong to. The allowed

string length is 1 to 32, and the allowed content is the ASCII characters from 33 to

126.

View Type Indicates the view type that this entry should belong to. Possible view types are:

included: An optional flag to indicate that this view sub-tree should be included.

excluded: An optional flag to indicate that this view sub-tree should be excluded.

General, if a view entry's view type is 'excluded', it should be exist another view entry

which view type is 'included' and it's OID sub-tree overstep the 'excluded' view entry.
OID Subtree The OID defining the root of the sub-tree to add to the named view. The allowed OID

length is 1 to 128. The allowed string content is digital number or asterisk(*).

Add new view Click to add a new SNMPv3 view entry as shown below.

Delete Click to cancel the new entry.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-27-

2.3.1.5.6 Accesses

Configuration Description

Delete Check to delete the entry. It will be deleted during the next save.
Group Name A string identifying the group name that this entry should belong to. The allowed

string length is 1 to 32, and the allowed content is the ASCII characters from 33 to

126.

Security Model Indicates the security model that this entry should belong to. Possible security models are:

any: Accepted any security model (v1|v2c|usm).

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

usm: User-based Security Model (USM).

Security Level Indicates the security model that this entry should belong to. Possible security models are:

NoAuth, NoPriv: None authentication and none privacy.

Auth, NoPriv: Authentication and none privacy.

Auth, Priv: Authentication and privacy.

Read View Name The name of the MIB view defining the MIB objects for which this request may

request the current values. The allowed string length is 1 to 32, and the allowed

content is the ASCII characters from 33 to 126.
Write View Name The name of the MIB view defining the MIB objects for which this request may

potentially SET new values. The allowed string length is 1 to 32, and the allowed

content is the ASCII characters from 33 to 126.

Add new access Click to add a new SNMPv3 view entry as shown below.

Delete Click to cancel the new entry.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-28-

2.3.2 Network

2.3.2.1 NAS

This page allows you to configure the IEEE 802.1X and MAC-based authentication system and port settings.
The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a
network by requiring users to first submit credentials for authentication. One or more central servers, the
backend servers, determine whether the user is allowed access to the network. These backend (RADIUS)
servers are configured on the Authentication configuration page.

MAC-based authentication allows for authentication of more than one user on the same port, and doesn’t
require the user to have special 802.1X software installed on his system. The switch uses the user’s MAC
address to authenticate against the backend server. Intruders can create counterfeit MAC addresses, which
makes MAC-based authentication less secure than the 802.1X authentication.

-29-

System Configuration Description

Mode Indicates if 802.1X and MAC-based authentication is globally enabled or disabled on

the switch unit. If globally disabled, all ports are allowed forwarding of frames.
Reauthentication Enabled If checked, clients are re-authenticated after the interval specified by the

Reauthentication Period. Re-authentication for 802.1X-enabled ports can be used to

detect if a new device is plugged into a switch port.

For MAC-based ports, re-authentication is only useful if the RADIUS server

configuration has changed. It does not involve communication between the switch

and the client, and therefore doesn’t imply that a client is still present on a port (see

Age Period below).

Reauthentication Period Determines the period, in seconds, after which a connected client must be re-authenticated.

This is only active if the Reauthentication Enabled checkbox is checked.

Valid values: 1 ~ 3600 seconds

-30-

EAPOL Timeout Determines the time the switch shall wait for the supplicant response before

retransmitting a packet.

Valid values: 1 ~ 255 seconds (This has no effect for MAC-based ports.)
Age Period This setting applies to ports running MAC-based authentication, only.

Suppose a client is connected to a 3

rd

party switch or hub, which in turn is connected
to a port on this switch that runs MAC-based authentication, and suppose the client
gets successfully authenticated. Now assume that the client powers down his PC.
What should make the switch forget about the authenticated client? Re-authentication
will not solve this problem, since this doesn’t require the client to be present, as
discussed under

Reauthentication Enabled above. The solution is aging of

authenticated clients. The Age Period, which can be set to a number between 10 and
1000000 seconds, works like this: A timer is started when the client gets
authenticated. After half the age period, the switch starts looking for frames sent by
the client. If another half age period elapses and no frames are seen, the client is
considered removed from the system, and it will have to authenticate again the next
time a frame is seen from it. If, on the other hand, the client transmits a frame before
the second half of the age period expires, the switch will consider the client alive, and
leave it authenticated. Therefore, an age period of T will require the client to send
frames more frequent than T/2 for him to stay authenticated.

Hold Time This setting applies to ports running MAC-based authentication, only.

If the RADIUS server denies a client access, or a RADIUS server request times out
(according to the timeout specified on the Authentication configuration page), the
client is put on hold in the “Unauthorized” state. In this state, frames from the client
will not cause the switch to attempt to re-authenticate the client. The Hold Time,
which can be set to a number between 10 ~ 1000000 seconds, determines the time
after an EAP Failure indication or RADIUS timeout that a client is not allowed
access.

Port Configuration Description

Port The port number for which the configuration below applies.
Admin State Sets the authentication mode to one of the following options (only used when 802.1X

or MAC-based authentication is globally enabled):
Auto: Requires an 802.1X-aware client (supplicant) to be authorized by the
authentication server. Clients that are not 802.1X-aware will be denied access.
Authorized: Forces the port to grant access to all clients, 802.1X-aware or not. The
switch transmits an EAPOL Success frame when the port links up.
Unauthorized: Forces the port to deny access to all clients, 802.1X-aware or not. The

-31-

switch transmits an EAPOL Failure frame when the port links up.
MAC-Based: Enables MAC-based authentication on the port. The switch doesn’t
transmit or accept EAPOL frames on the port. Flooded frames and broadcast traffic
will be transmitted on the port, whether or not clients are authenticated on the port,
whereas unicast traffic against an unsuccessfully authenticated client will be dropped.
Clients that are not (yet) successfully authenticated will not be allowed to transmit
frames of any kind.

Port State The current state of the port. It can undertake one of the following values:

Disabled: 802.1X and MAC-based authentication is globally disabled.
Link Down: 802.1X or MAC-based authentication is enabled, but there is no link on

the port.
Authorized: The port is authorized. This is the case when 802.1X Authentication is
enabled, the port has link, and the Admin State is “Auto” and the supplicant is
authenticated or the Admin State is “Authorized”.
Unauthorized: The port is unauthorized. This is the case when 802.1X authentication
is enabled, the port has link, and the Admin State is “Auto”, but the supplicant is not
(yet) authenticated or the Admin State is “Unauthorized”.
X Auth/Y Unauth: X clients are currently authorized and Y are unauthorized. This
state is shown when 802.1X and MAC-based authentication is globally enabled and
the Admin State is set to “MAC-Based”.

Restart Two buttons are available for each row. The buttons are only enabled when

authentication is globally enabled and the port’s Admin State is “Auto” or
“MAC-Based”.
Clicking these buttons will not cause settings changed on the page to take effect.
Reauthenticate: Schedules a re-authentication to whenever the quiet-period of the
port runs out (port-based authentication). For MAC-based authentication,
re-authentication will be attempted immediately.
The button only has effect for successfully authenticated ports/clients and will not
cause the port/client to get temporarily unauthorized.
Reinitialize: Forces a re-initialization of the port/clients and thereby a
re-authentication immediately. The port/clients will transfer to the unauthorized state
while the re-authentication is ongoing.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.
Refresh Click to refresh the page. Any changes made locally will be undone.

-32-

2.3.2.2 ACL

2.3.2.2.1 Ports

Configure the ACL parameters (ACE) of each switch port. These parameters will affect frames
received on a port unless the frame matches a specific ACE.

Configuration Description

Port The logical port for the settings contained in the same row.
Policy ID Select the policy to apply to this port. The allowed values are 1 ~ 8. The default value

is 1.

Action Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default

value is "Permit".

Rate Limiter ID Select which rate limiter to apply to this port. The allowed values are Disabled or the

values 1 ~ 15. The default value is "Disabled".

Port Copy Select which port frames are copied to. The allowed values are Disabled or a specific

port number. The default value is "Disabled".

Shutdown Specify the port shut down operation of this port. The allowed values are:

Enabled: If a frame is received on the port, the port will be disabled.

-33-

Disabled: Port shut down is disabled.
The default value is "Disabled".

Counter Counts the number of frames that match this ACE.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.
Refresh Click to refresh the page; any changes made locally will be undone.
Clear Click to clear the counters.

2.3.2.2.2 Rate Limiters

Configuration Description

Rate Limiter ID The rate limiter ID for the settings contained in the same row.
Rate The rate unit is packet per second (pps), configure the rate as 1, 2, 4, 8, 16, 32, 64,

128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, or 1024K.
The 1 kpps is actually 1002.1 pps.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-34-

2.3.2.2.3 Access Control Lists

Configuration Description

Ingress Port Indicates the ingress port of the ACE. Possible values are:

Any: The ACE will match any ingress port.
Policy: The ACE will match ingress ports with a specific policy.
Port: The ACE will match a specific ingress port.

Frame Type Indicates the frame type of the ACE. Possible values are:

Any: The ACE will match any frame type.
EType: The ACE will match Ethernet Type frames. Note that an Ethernet Type based

ACE will not get matched by IP and ARP frames.

ARP: The ACE will match ARP/RARP frames.

IPv4: The ACE will match all IPv4 frames.
IPv4/

ICMP: The ACE will match IPv4 frames with ICMP protocol.

IPv4/UDP: The ACE will match IPv4 frames with UDP protocol.
IPv4/TCP: The ACE will match IPv4 frames with TCP protocol.
IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP.

Action Indicates the forwarding action of the ACE.

Permit: Frames matching the ACE may be forwarded and learned.
Deny: Frames matching the ACE are dropped.

Rate Limiter Indicates the rate limiter number of the ACE. The allowed range is 1 ~ 15. When

“Disabled” is displayed, the rate limiter operation is disabled.

Port Copy Indicates the port copy operation of the ACE. Frames matching the ACE are copied

to the port number. The allowed values are Disabled or a specific port number.
When Disabled is displayed, the port copy operation is disabled.

Logging Indicates the logging operation of the ACE. Possible values are:

Enabled: Frames matching the ACE are stored in the System Log.
Disabled: Frames matching the ACE are not logged.

Please note that the System Log memory size and logging rate is limited.

Shutdown Indicates the port shut down operation of the ACE. Possible values are:

Enabled: If a frame matches the ACE, the ingress port will be disabled.
Disabled: Port shut down is disabled for the ACE.

-35-

Counter The counter indicates the number of times the ACE was hit by a frame.
Auto-refresh Check this box to refresh the page automatically. Automatic refresh occurs at regular

ACE modification buttons:

(+) Inserts a new ACE before the current row.
(e) Edits the ACE.
(↑) Moves the ACE up the list.
(↓) Moves the ACE down the list.
(X) Deletes the ACE.
(+) The lowest plus sign adds a new entry at the bottom of the list of ACL.

Refresh Click to refresh the page; any changes made locally will be undone.
Clear Click to clear the counters.
Remove All Click to remove all ACEs.

Remark: The maximum number of ACEs is 128.

intervals.

-36-

2.3.3 Auth Server

Common Server Description

Timeout The Timeout, which can be set to a number between 3 and 3600 seconds, is the

maximum time to wait for a reply from a server. If the server does not reply within
this timeframe, we will consider it to be dead and continue with the next enabled
server (if any).
RADIUS servers are using the

UDP protocol, which is unreliable by design. In order

to cope with lost frames, the timeout interval is divided into 3 subintervals of equal
length. If a reply is not received within the subinterval, the request is transmitted
again. This algorithm causes the RADIUS server to be queried up to 3 times before it
is considered to be dead.

Dead Time The Dead Time, which can be set to a number between 0 and 3600 seconds, is the

period during which the switch will not send new requests to a server that has failed
to respond to a previous request. This will stop the switch from continually trying to
contact a server that it has already determined as dead. Setting the Dead Time to a
value greater than 0 (zero) will enable this feature, but only if more than one server
has been configured.

RADIUS Authentication Server Configuration

# The RADIUS authentication server number for which the configuration applies

-37-

Enabled Enable the RADIUS Authentication Server by checking this box.
IP Address The IP address of the RADIUS Authentication Server expressed in

dotted decimal

notation.

Port The

UDP port to use on the RADIUS Authentication Server. If the port is set to zero

(0), the default port (1812) is used for the RADIUS Authentication Server.

Secret The secret - up to 29 characters long - shared between the RADIUS Authentication

Server and the switch unit.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-38-

2.4 Aggregation

The Port Link Aggregation function can combine multiple physical switched ports, called “Aggregation
Group” into one logical port. It allows making connection between two switches using more than one physical
links to increase the connection bandwidth between two switches. Two aggregation modes, “Static” and
“LACP” are supported.

Note:
Maximum number of aggregation groups in one 24-Port switch: 12
Maximum number of aggregation groups in one 16-Port switch: 8
Maximum number of physical switched port members per group: no limit

2.4.1 Static

Screen of 24-Port Switch

-39-

Screen of 16-Port Switch

Mode Configuration Description

Source MAC Address The Source MAC address can be used to calculate the destination port for the frame.

Check to enable the use of the Source MAC address, or uncheck to disable. By
default, Source MAC Address is enabled.

Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the

frame. Check to enable the use of the Destination MAC Address, or uncheck to
disable. By default, Destination MAC Address is disabled.

IP Address The IP address can be used to calculate the destination port for the frame. Check to

enable the use of the IP Address, or uncheck to disable. By default, IP Address is
enabled.

TCP/UDP Port Number The TCP/UDP port number can be used to calculate the destination port for the frame.

Check to enable the use of the TCP/UDP Port Number, or uncheck to disable. By
default, TCP/UDP Port Number is enabled.

Aggregation Group Configuration

-40-

Group ID Indicates the group ID for the settings contained in the same row. Group ID

“Normal” indicates there is no aggregation. Only one group ID is valid per port.

Port Members Each switch port is listed for each group ID. Select a radio button to include a port in

an aggregation, or clear the radio button to remove the port from the aggregation. By
default, no ports belong to any aggregation group. Only full duplex ports can join an

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

aggregation and ports must be in the same speed in each group.

2.4.2 LACP

Configuration Description

Port The port number for which the associated row configuration applies

LACP Enabled Controls whether LACP is enabled on this switch port. LACP will form an

aggregation when 2 or more ports are connected to the same partner.

Key The Key value incurred by the port, range 1- 65535.

-41-

Auto: set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3.
Specific: a user-defined value can be entered. Ports with the same Key value can

participate in the same aggregation group, while ports with different keys cannot.

Role The Role shows the LACP activity status. The “Active” will transmit LACP packets each

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

second while “Passive” will wait for a LACP packet from a link partner (speak if spoken to).

Note: LLAG means LACP Link Aggregation Groups.

-42-

2.5 Spanning Tree

This section is used to set configuration for supporting Spanning Tree protocols including STP, RSTP, and
MSTP.

2.5.1 Bridge Settings

Basic Configuration Description

Protocol Version The STP protocol version setting

Valid values: STP, RSTP, MSTP

Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to

Forwarding (used in STP compatible mode).
Valid values: 4 ~ 30 seconds

Max Age The maximum age of the information transmitted by the Bridge when it is the Root

Bridge
Valid values: 6 ~ 40 seconds (Max Age must be <= (FwdDelay-1)*2)

Maximum Hop Count It defines how many bridges a root bridge can distribute its BPDU information. This

-43-

defines the initial value of remaining Hops for MSTI information generated at the
boundary of an MSTI region.

Transmit Hold Count The number of BPDU’s a bridge port can send per second. When exceeded,

transmission of the next BPDU will be delayed.

Advanced Configuration

Valid values: 1 ~ 10 BPDU’s per second

Edge Port BPDU Filtering Check to configure a port explicitly as Edge will transmit and receive BPDUs
Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception

of a BPDU. The port will enter the error-disabled state, and will be removed from the
active topology.

Port Error Recovery Control whether a port in the error-disabled state automatically will be enabled after

a certain time. If recovery is not enabled, ports have to be disabled and re-enabled for
normal STP operation. The condition is also cleared by a system reboot.

Port Error Recovery Timeout The time that has to pass before a port in the error-disabled state can be enabled.

Valid values: 30 ~ 86400 seconds (24 hours)

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-44-

2.5.2 MSTI Mapping

Configuration Description

Configuration Name The name identifying the VLAN to MSTI mapping

Bridges must share the name and revision (see below), as well as the VLAN-to-MSTI
mapping configuration in order to share spanning trees for MSTI’s. (Intra-region)
The name is at most 32 characters.

Configuration Revision The revision of the MSTI configuration named above. This must be an integer

between 0 ~ 65535.

MSTI Mapping

MSTI The bridge instance

The CIST is not available for explicit mapping, as it will receive the VLANs not
explicitly mapped.

VLANs Mapped The list of VLAN’s mapped to the MSTI. The VLANs must be separated with

comma and/or space. A VLAN can only be mapped to one MSTI. An unused MSTI
should just be left empty. (i.e. not having any VLANs mapped to it.)

-45-

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

2.5.3 MSTI Priorities

Configuration Description

MSTI The bridge instance. The CIST is the default instance, which is always active.
Priority Controls the bridge priority. Lower numerical values have better priority. The bridge

priority plus the MSTI instance number, concatenated with the 6-byte MAC address
of the switch forms a Bridge Identifier.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-46-

2.5.4 CIST Ports

Configuration Description

Port The switch port number of the logical STP port.
STP Enabled Controls whether STP is enabled on this switch port.
Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as

appropriate by the physical link speed, using the 802.1D recommended values. Using
the Specific setting, a user-defined value can be entered. The path cost is used when
establishing the active topology of the network. Lower path cost ports are chosen as
forwarding ports in favor of higher path cost ports.
Valid values: 1 to 200000000

Priority Controls the port priority. This can be used to control priority of ports having

identical port cost. (See above).

AdminEdge Controls whether the operEdge flag should start as being set or cleared. (The initial

operEdge state when a port is initialized).

operEdge: Operational flag describing whether the port is connecting directly to

edge devices. (No Bridges attached). Transitioning to the forwarding state is faster
for edge ports (having operEdge true) than for other ports.

AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge

-47-

port. This allows operEdge to be derived from whether BPDU’s are received on the
port or not.

Restricted-Role If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI,

even if it has the best spanning tree priority vector. Such a port will be selected as an
Alternate Port after the Root Port has been selected. If set, it can cause lack of
spanning tree connectivity. It can be set by a network administrator to prevent bridges
external to a core region of the network influencing the spanning tree active topology,
possibly because those bridges are not under the full control of the administrator.
This feature is also know as Root Guard.

Restricted TCN If enabled, causes the port not to propagate received topology change notifications

and topology changes to other ports. If set it can cause temporary loss of connectivity
after changes in a spanning trees active topology as a result of persistent incorrectly
learned station location information. It is set by a network administrator to prevent
bridges external to a core region of the network, causing address flushing in that
region, possibly because those bridges are not under the full control of the
administrator or is the physical link state for the attached LANs transitions
frequently.

BPDU Guard If enabled, causes the port to disable itself upon receiving valid BPDU’s. Contrary to

the similar bridge setting, the port Edge status does not affect this setting.

A port entering error-disabled state due to this setting is subject to the bridge Port

Error Recovery setting as well.

Point2Point Controls whether the port connects to a point-to-point LAN rather than a shared

medium. This can be automatically determined, or forced either true or false.
Transition to the forwarding state is faster for point-to-point LANs than for shared
media.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

Note: This configuration applies to physical and Link Aggregation ports.

2.5.5 MSTI Ports

A MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each
MSTI instance configured and applicable for the port. The MSTI instance must be selected before displaying
actual MSTI port configuration options.

This page contains MSTI port settings for physical and

aggregated ports.

-48-

Configuration Description

MSTI Select an MSTI for pop-up configuration.

Get Click to pop-up configuration page.

-49-

Configuration Description (Example with MSTI1)

Port The switch port number of the corresponding STP CIST (and MSTI) port.
Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as

appropriate by the physical link speed, using the 802.1D recommended values. Using
the Specific setting, a user-defined value can be entered. The path cost is used when
establishing the active topology of the network. Lower path cost ports are chosen as
forwarding ports in favor of higher path cost ports.
Valid values: 1 ~ 200000000

Priority Controls the port priority. This can be used to control priority of ports having

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

identical port cost. (See above).

-50-

2.6 IGMP Snooping

2.6.1 Basic Configuration

Global Configuration Description

Snooping Enabled Enable the Global IGMP Snooping.
Unregistered

IPMC Flooding enabled

Enable unregistered IPMC traffic flooding.

Port Configuration Description

Port The port number for which the row configuration applies

-51-

Router Port Specify which ports act as router ports. A router port is a port on the Ethernet switch

that leads towards the Layer 3 multicast device or IGMP querier.
If an aggregation member port is selected as a router port, the whole aggregation will
act as a router port.

Fast Leave Enable the fast leave on the port.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

2.6.2 VLAN Configuration

VLAN Configuration Description

Start from VLAN ….. Select range of VLAN table entries.

VLAN ID The VLAN ID of the entry.

Snooping Enabled Enable the per-VLAN IGMP Snooping.

IGMP Querier Enable the IGMP Querier in the VLAN. The Querier will send out if no Querier

received in 255 seconds after IGMP Querier Enabled. Each Querier’s interval is 125
second, and it will stop act as an IGMP Querier if received any Querier from other
devices.

Refresh Click to refresh the page; any changes made locally will be undone.
|<< Click to display the first page.
>>| Click to display the last page.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-52-

2.7 LLDP

2.7.1 LLDP

Global Configuration Description

Tx Interval The switch is periodically transmitting LLDP frames to its neighbors for having the

network discovery information up-to-date. The interval between each LLDP frame is
determined by the Tx Interval value.
Valid values: 5 – 32768 seconds

Tx Hold Each LLDP frame contains information about how long the information in the LLDP

frame shall be considered valid. The LLDP information valid period is set to Tx Hold

-53-

multiplied by Tx Interval seconds.
Valid values: 2 – 10 times

Tx Delay If some configuration is changed (e.g. the IP address) a new LLDP frame is

transmitted, but the time between the LLDP frames will always be at least the value
of Tx Delay seconds. Tx Delay cannot be larger than 1/4 of the Tx Interval value.
Valid values: 1 – 8192 seconds

Tx Reinit When a port is disabled, LLDP is disabled or the switch is rebooted a LLDP

shutdown frame is transmitted to the neighboring units, signaling that the LLDP
information isn’t valid anymore. Tx Reinit controls the amount of seconds between
the shutdown frame and a new LLDP initialization.

Port Configuration

Valid values: 1 – 10 seconds

Port The switch port number of the logical LLDP port.
Mode Select LLDP mode.

Rx only: The switch will not send out LLDP information, but LLDP information
from neighbor units is analyzed.
Tx only: The switch will drop LLDP information received from neighbors, but will
send out LLDP information.
Disabled: The switch will not send out LLDP information, and will drop LLDP
information received from neighbors.
Enabled: The switch will send out LLDP information, and will analyze LLDP
information received from neighbors.

Optional TLV

Port Descr When checked the “port description” is included in LLDP information transmitted.
Sys Name When checked the “system name” is included in LLDP information transmitted.
Sys Descr When checked the “system description” is included in LLDP information transmitted.
Sys Capa When checked the “system capability” is included in LLDP information transmitted.
Mgmt Addr When checked the “management address” is included in LLDP information

transmitted.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-54-

2.7.2 LLDP-MED

Configuration Description

Fast start repeat count The number of times the fast start transmission is repeated. The recommended value

is 4 times, giving that 4 LLDP frames with a 1 second interval will be transmitted,
when a LLDP frame with new information is received.

Coordinates Location

-55-

Latitude Latitude SHOULD be normalized to within 0-90 degrees with a maximum of 4 digits.

It is possible to specify the direction to either North of the equator or South of the
equator.

Longitude Longitude SHOULD be normalized to within 0-180 degrees with a maximum of 4

digits. It is possible to specify the direction to either East of the prime meridian or
West of the prime meridian.

Altitude Altitude SHOULD be normalized to within -32767 to 32767 with a maximum of 4

digits. It is possible to select between two altitude types (floors or meters).

Meters
Floors

: Representing meters of Altitude defined by the vertical datum specified.

: Representing altitude in a form more relevant in buildings which have
different floor-to-floor dimensions. An altitude = 0.0 is meaningful even outside a
building, and represents ground level at the given latitude and longitude. Inside a
building, 0.0 represents the floor level associated with ground level at the main
entrance.

Map Datum The Map Datum used for the coordinates given in this Option

WGS84

: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327, Prime

Meridian Name: Greenwich.

NAD83/NAVD88

: North American Datum 1983, CRS Code 4269, Prime Meridian
Name: Greenwich; The associated vertical datum is the North American Vertical
Datum of 1988 (NAVD88). This datum pair is to be used when referencing locations
on land, not near tidal water (which would use Datum = NAD83/MLLW).

NAD83/MLLW

: North American Datum 1983, CRS Code 4269, Prime Meridian
Name: Greenwich; The associated vertical datum is Mean Lower Low Water
(MLLW). This datum pair is to be used when referencing locations on
water/sea/ocean.

Civic Address Location

Country code The two-letter ISO 3166 country code in capital ASCII letters - Example: DK, DE or

US.

State National subdivisions (state, canton, region, province, prefecture).
County County, parish, gun (Japan), district.
City City , township, shi (Japan) - Example: Copenhagen
City district City division, borough, city district, ward, chou (Japan)
Block (Neighborhood) Neighborhood, block
Street Street - Example: Poppelvej
Leading street direction Leading street direction - Example: N
Trailing street suffix Trailing street suffix - Example: SW

-56-

Street suffix Street suffix - Example: Ave, Platz
House no. House number - Example: 21
House no. suffix House number suffix - Example: A, 1/2
Landmark Landmark or vanity address - Example: Columbia University
Additional location info Additional location info - Example: South Wing
Name Name (residence and office occupant) - Example: Flemming Jahn
Zip code Postal/zip code - Example: 2791
Building Building (structure) - Example: Low Library
Apartment Unit (Apartment, suite) - Example: Apt 42
Floor Floor - Example: 4
Room no. Room number - Example: 450F
Place type Place type - Example: Office
Postal community name Postal community name - Example: Leonia
P.O. Box Post office box (P.O. BOX) - Example: 12345
Additional code Additional code - Example: 1320300003

Emergency Call Service

Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN

identifier as used during emergency call setup to a traditional CAMA or ISDN
trunk-based PSAP. This format consists of a numerical digit string, corresponding to
the ELIN to be used for emergency calling.

Add New Policy Click to configure a new policy.

Delete Check to delete the policy. It will be deleted during the next save.
Policy ID ID for the policy. This is auto generated and shall be used when selecting the polices

that shall be mapped to the specific ports.

Application Type Intended use of the application types:

1. Voice - for use by dedicated IP Telephony handsets and other similar appliances

supporting interactive voice services. These devices are typically deployed on a
separate VLAN for ease of deployment and enhanced security by isolation from data
applications.

2. Voice Signaling (conditional) - for use in network topologies that require a

different policy for the voice signaling than for the voice media. This application type

-57-

should not be advertised if all the same network policies apply as those advertised in
the Voice application policy.

3. Guest Voice - support a separate 'limited feature-set' voice service for guest users

and visitors with their own IP Telephony handsets and other similar appliances
supporting interactive voice services.

4. Guest Voice Signaling (conditional) - for use in network topologies that require a

different policy for the guest voice signaling than for the guest voice media. This
application type should not be advertised if all the same network policies apply as
those advertised in the Guest Voice application policy.

5. Softphone Voice - for use by softphone applications on typical data centric

devices, such as PCs or laptops. This class of endpoints frequently does not support
multiple VLANs, if at all, and are typically configured to use an 'untagged’ VLAN or
a single 'tagged’ data specific VLAN. When a network policy is defined for use with
an 'untagged’ VLAN (see Tagged flag below), then the L2 priority field is ignored
and only the DSCP value has relevance.

6. Video Conferencing

7. Streaming Video - for use by broadcast or multicast based video content

distribution and other similar applications supporting streaming video services that
require specific network policy treatment. Video applications relying on TCP with
buffering would not be an intended use of this application type.

8. Video Signaling (conditional) - for use in network topologies that require a

separate policy for the video signaling than for the video media. This application type
should not be advertised if all the same network policies apply as those advertised in
the Video Conferencing application policy.

Tag Tag indicating whether the specified application type is using a 'tagged’ or an

'untagged’ VLAN.

Untagged indicates that the device is using an untagged frame format and as such

does not include a tag header as defined by IEEE 802.1Q-2003. In this case, both the
VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has
relevance.

Tagged indicates that the device is using the IEEE 802.1Q tagged frame format, and

that both the VLAN ID and the Layer 2 priority values are being used, as well as the
DSCP value. The tagged format includes an additional field, known as the tag header.
The tagged frame format also includes priority tagged frames as defined by IEEE

802.1Q-2003.

VLAN ID VLAN identifier (VID) for the port as defined in IEEE 802.1Q-2003
L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type. L2

-58-

Priority may specify one of eight priority levels (0 through 7), as defined by IEEE

802.1D-2004. A value of 0 represents use of the default priority as defined in IEEE

802.1D-2004.

DSCP DSCP value to be used to provide Diffserv node behavior for the specified

application type as defined in IETF RFC 2474. DSCP may contain one of 64 code
point values (0 through 63). A value of 0 represents use of the default DSCP value as

Port Policies Configuration

defined in RFC 2475.

Port The port number for which the configuration applies.
Policy Id The set of policies that shall apply for a given port. The set of policies is selected by

checkmarking the checkboxes that corresponds to the policies

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

Civic Address Location

IETF Geopriv Civic Address based Location Configuration Information (Civic Address LCI).

Emergency Call Service

Emergency Call Service (e.g. E911 and others), such as defined by TIA or NENA.

Policies

Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN
configuration, along with the associated Layer 2 and Layer 3 attributes, which apply for a set of specific
protocol applications on that port. Improper network policy configurations are a very significant issue in VoIP
environments that frequently result in voice quality degradation or loss of service.
Policies are only intended for use with applications that have specific 'real-time’ network policy requirements,
such as interactive voice and/or video services.
The network policy attributes advertised are:

1. Layer 2 VLAN ID (IEEE 802.1Q-2003)

2. Layer 2 priority value (IEEE 802.1D-2004)

3. Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported
on a given port. The application types specifically addressed are:

1. Voice

2. Guest Voice

-59-

3. Softphone Voice

4. Video Conferencing

5. Streaming Video

6. Control / Signaling (conditionally support a separate network policy for the media types above)
A large network may support multiple VoIP policies across the entire organization, and different policies per
application type. LLDP-MED allows multiple policies to be advertised per port, each corresponding to a
different application type. Different ports on the same Network Connectivity Device may advertise different
sets of policies, based on the authenticated user identity or port configuration.
It should be noted that LLDP-MED is not intended to run on links other than between Network Connectivity
Devices and Endpoints, and therefore does not need to advertise the multitude of network policies that
frequently run on an aggregated link interior to the LAN.

Port Policies Configuration

Every port may advertise a unique set of network policies or different attributes for the same network policies,
based on the authenticated user identity or port configuration.

-60-

2.8 MAC Table

Screen of 24-Port Switch

-61-

Screen of 16-Port Switch

By default, dynamic entries are removed from the MAC after 300 seconds. This removal is also called aging.

Aging Configuration Description

Disable Automatic Aging Check to disable aging for MAC address entries.
Aging Time Configure aging time by entering a value here in seconds

Valid values: 10 to 1000000 seconds

Port MAC Table Learning

Auto Learning is done automatically as soon as a frame with unknown SMAC is received.
Disable No learning is done.
Secure Only static MAC entries are learned, all other frames are dropped.

Note: Make sure that the link used for managing the switch is added to the Static
Mac Table before changing to secure learning mode, otherwise the management link
is lost and can only be restored by using another non-secure port or by connecting to
the switch via the serial interface.

-62-

Add new static entry Click to configure a new static MAC address entry in the MAC table.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

2.8.1 Static MAC Address Configuration

Screen of 24-Port Switch

Screen of 16-Port Switch

Static MAC Table Configuration

VLAN ID The VLAN ID for the static MAC address entry.

MAC Address The MAC address for the entry.
Port Members Check to indicate which ports are members of the entry. Check or uncheck as needed

to modify the entry.

Delete Click to delete the entry. It will be deleted during the next save.
Add new static entry Click to configure a new static MAC address entry in the MAC table.

-63-

2.9 VLANs

Up to 64 VLANs are supported. This page allows for adding and deleting VLANs as well as adding and
deleting port members of each VLAN.

2.9.1 VLAN Membership

Screen of 24-Port Switch

Screen of 16-Port Switch

Configuration Description

Start from VLAN ….. Select range of VLAN table entries.
Delete Check to delete a VLAN entry. The entry will be deleted on the switch unit during

the next Save.

VLAN ID Indicates the ID of this particular VLAN.
Port Members A row of check boxes for each port is displayed for each VLAN ID. To include a port

in a VLAN, check the box. To remove or exclude the port from the VLAN, make
sure the box is unchecked. By default, no ports are members, and all boxes are
unchecked.

Add new entry Click to add a new VLAN entry. An empty row is added to the table, and the VLAN

-64-

can be configured as needed.

Refresh Click to refresh the page; any changes made locally will be undone.
|<< Click to display the first page.
>>| Click to display the last page.
Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

Adding a New VLAN entry

Screen of 24-Port Switch

Configuration Description

VLAN ID Enter VLAN ID for the new VLAN entry.

Legal values: 1 through 4095

Delete Click to delete the new VLAN row.
Add new entry Click to add another new VLAN ID.
Save Click to save the new VLAN row.
Reset Click to undo any changes made locally and revert to previously saved values.

Screen of 16-Port Switch

Configuration Description

VLAN ID Enter VLAN ID for the new VLAN entry.

Legal values: 1 through 4095

Port Members A row of check boxes for each port is displayed for each VLAN ID. To include a port

in a VLAN, check the box. To remove or exclude the port from the VLAN, make

-65-

sure the box is unchecked. By default, no ports are members, and all boxes are

Delete Click to delete the new VLAN row.
Add new VLAN Click to add another new VLAN ID.
Save Click to save the new VLAN row.
Reset Click to undo any changes made locally and revert to previously saved values.

unchecked.

2.9.2 VLAN Port Configuration

Configuration Description

Port This is the logical port number for this row.
VLAN Aware Enable VLAN awareness for a port by checking the box. This parameter affects

VLAN ingress processing. If VLAN awareness is enabled: the tag is removed from
tagged frames received on the port. Furthermore, VLAN tagged frames are classified
to the VLAN ID in the tag. If VLAN awareness is disabled, all frames are classified
to the Port VLAN ID and tags are not removed. By default, VLAN awareness is

-66-

disabled (no checkmark).

Ingress Filtering Enable ingress filtering for a port by checking the box. This parameter affects VLAN

ingress processing. If ingress filtering is enabled and the ingress port is not a member
of the classified VLAN of the frame, the frame is discarded. By default, ingress
filtering is disabled (no checkmark).

Frame Type Determines whether the port accepts all frames or only tagged frames. This parameter

affects VLAN ingress processing.

All: all frames are accepted. (Default)
Tagged: Only tagged frames are accepted. Untagged frames received on the port are

discarded.

Port VLAN Mode Configures the Port VLAN Mode. This parameter affects VLAN ingress and egress

processing.
None: a VLAN tag with the classified VLAN ID is inserted in frames transmitted on
the port. This mode is normally used for ports connected to VLAN aware switches.
Specific: (the default value) a Port VLAN ID can be configured (see below).
Untagged frames received on the port are classified to the Port VLAN ID. If VLAN
awareness is disabled, all frames received on the port are classified to the Port VLAN
ID. If the classified VLAN ID of a frame transmitted on the port is different from the
Port VLAN ID, a VLAN tag with the classified VLAN ID is inserted in the frame.

Port VLAN ID Configures the VLAN identifier for the port. The allowed values are 1 through 4095.

The default value is 1.
Note: The port must be a member of the same VLAN as the Port VLAN ID.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-67-

2.10 Private VLANs

A Private VLAN is a VLAN which contains switched ports that are restricted, such that they can only
communicate with a given "uplink", or called “Promiscuous port”. The restricted ports are called "Isolated
ports". Each private VLAN typically contains many isolated ports, and a single uplink. The uplink will
typically be a switched port (or link aggregation group) connected to a router, firewall, server, provider
network, or similar central resource.

Types of Ports in a private VLAN
Promiscuous: Usually connects to a router – a type of a port which is allowed to send and receive

frames from any other port on the VLAN.

Isolated: This type of port is only allowed to communicate with Promiscuous ports. Isolated

ports are not allowed to communicate to each other. This type of ports usually
connects to hosts.

By default, all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1. A VLAN unaware
port can only be a member of one VLAN, but it can be a member of multiple Private VLANs.

-68-

2.10.1 PVLAN Memberships

Screen of 24-Port Switch

Screen of 16-Port Switch

Configuration Description

Delete Check to delete a VLAN entry. The entry will be deleted on the switch unit during
Private VLAN ID Indicates the ID of this particular private VLAN.

Note: The allowed range for a private VLAN ID is the same as the switch port
number range. Any values outside this range are not accepted, and a warning
message appears.

Port Members A row of check boxes for each port is displayed for each private VLAN ID. To

include a port in a Private VLAN, check the box. To remove or exclude the port from
the Private VLAN, make sure the box is unchecked. By default, no ports are members,
and all boxes are unchecked.

Add new Private VLAN Click to add a new private VLAN ID. An empty row is added to the table, and the

private VLAN can be configured as needed.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-69-

Adding new Private VLAN

Screen of 24-Port Switch

Screen of 16-Port Switch

Configuration Description

Private VLAN ID See above.
Port Members See above.

Delete Click to delete the new private VLAN row.

-70-

2.10.2 Port Isolation

Screen of 24-Port Switch

Screen of 16-Port Switch

A port member of a VLAN can be isolated to other isolated ports on Private VLAN.

Configuration Description

Port Numbers A check box is provided for each port of a private VLAN.

When checked, set the port to be isolation port in a private VLAN.
When unchecked, set the port to be promiscuous port in a private VLAN.
By default, port isolation is disabled for all ports.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-71-

2.11 QoS

Frames can be classified by 4 different QoS classes: Low, Normal, Medium, and High.
The classification is controlled by a QCL that is assigned to each port. A QCL consists of an ordered
list of up to 12 QCEs. Each QCE can be used to classify certain frames to a specific QoS class.

This classification can be based on parameters such as VLAN ID, UDP/TCP port, IPv4/IPv6 DSCP or

Tag Priority. Frames not matching any of the QCEs are classified to the default QoS class for the port.

-72-

2.11.1 Ports

Configuration Description

Number of Classes Configure the number of traffic classes as "1", "2", or "4". The default value is "4".

Ingress Configuration

Port The logical port for the settings contained in the same row.
Default Class Configure the default QoS class for the port, that is, the QoS class for frames not

matching any of the QCEs in the QCL.

QCL # Select which QCL to use for the port.
Tag Priority Select the default tag priority for this port when adding a Tag to the untagged frames.

Egress Configuration

Queuing Mode Select which Queuing mode for this port.

Strict Priority: High class queue is served first always till it is empty

Weighted: The queues are served based on the weight ratios set below.
Queue Weighted Setting Queue weighted (Low:Normal:Medium:High) if the "Queuing Mode" is

"Weighted".

-73-

- Low Weight of Low Class

- Normal Weight of Normal Class

- Medium Weight of Medium Class

- High Weight of High Class

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

2.11.2 QoS Control List

Configuration Description

QCL # Select a QCL to display a table that lists all the QCEs for that particular QCL.
You can modify each QCE in the table using the following buttons:

(+) Inserts a new QCE before the current row.
(e) Edits the QCE.
(↑) Moves the QCE up the list.
(↓) Moves the QCE down the list.
(X) Deletes the QCE.
(+) The lowest plus sign adds a new entry at the bottom of the list of QCL.

QCE Type Specifies which frame field the QCE processes to deter mine the QoS class of the

-74-

frame. The following QCE types are supported:

Ethernet Type: The Ethernet Type field. If frame is tagged, this is the Ethernet Type

that follows the tag header.

VLAN ID: VLAN ID. Only applicable if the frame is VLAN tagged.
TCP/UDP Port: IPv4 TCP/UDP source/destination port.
DSCP: IPv4 and IPv6 DSCP.

ToS: The 3 precedence bit in the ToS byte of the IPv4/IPv6 header (also known as

DS field).
Tag Priority:

User Priority. Only applicable if the frame is VLAN tagged or priority

tagged.

Type Value Indicates the value according to its QCE type.
Traffic Class The QoS class associated with the QCE.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.
Cancel Click to return to previous page.

-75-

2.11.3 Rate Limiters

Configuration Description

Port The logical port for the settings contained in the same row.
Policer Enabled Enable or disable the port policer. The default value is "Disabled".
Policer Rate Configure the rate for the port policer. The default value is "500". This value is

restricted to 500-1000000 when the "Policer Unit" is "kbps", and it is restricted to
1-1000 when the "Policer Unit" is "Mbps"

Policer Unit Configure the unit of measure for the port policer rate as kbps or Mbps. The default

value is "kbps".

Shaper Enabled Enable or disable the port shaper. The default value is "Disabled".
Shaper Rate Configure the rate for the port shaper. The default value is "500". This value is

restricted to 500-1000000 when the "Policer Unit" is "kbps", and it is restricted to
1-1000 when the "Policer Unit" is "Mbps".

Shaper Unit Configure the unit of measure for the port shaper rate as kbps or Mbps. The default

value is "kbps".

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-76-

2.11.4 Storm Control

There is a unicast storm rate control, multicast storm rate control, and a broadcast storm rate control. These
only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present on the MAC Address table.

The rate is 2^n, where n is equal to or less than 15, or "No Limit". The unit of the rate can be either pps
(packets per second) or kpps (kilo-packets per second). The configuration indicates the permitted packet rate
for unicast, multicast, or broadcast traffic across the switch.

Note: Frames, which are sent to the CPU of the switch are always limited to approximately 4 kpps. For
example, broadcasts in the management VLAN are limited to this rate. The management VLAN is configured
on the IP setup page.

Configuration Description

Frame Type The settings in a particular row apply to the frame type listed here: unicast, multicast,

or broadcast.

Status Enable or disable the storm control status for the given frame type.
Rate The rate unit is packet per second (pps), configure the rate as 1, 2, 4, 8, 16, 32, 64,

128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, or 1024K.
The 1 kpps is actually 1002.1 pps.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

-77-

2.11.5 Wizard

This handy wizard helps you set up a

QCL quickly.

-78-

2.11.6 Wizard – Port Policies

Screen of 24-Port Switch

Screen of 16-Port Switch

-79-

Configuration Description

QCL ID Frames that hit this QCE are set to match this specific QCL.
Port Members A row of radio buttons for each port is displayed for each QCL ID. To include a port

Cancel Wizard Click to cancel the wizard.
< Back Click to go back to the previous wizard step.
Next > Click to continue the wizard.

in a QCL member, click the radio button.

-80-

2.11.7 Wizard – Typical Network Application Rules

Configuration Description

Audio and Video Indicates the common servers that apply to the specific QCE . The common servers

are: QuickTime 4 Server, MSN Messenger Phone, Yahoo Messenger Phone, Napster,
Real Audio.

Games Indicates the common games that apply to the specific QCE.
User Definition Indicates the user definition that applies to the specific QCE. The user definitions are:

Ethernet Type: Specify the Ethernet Type filter for this QCE. The allowed range is

0x600 to 0xFFFF.

VLAN ID: VLAN ID filter for this QCE. The allowed range is 1 to 4095.
UDP/TCP Port: Specify the TCP/UDP port filter for this QCE. The allowed range is

0 to 65535.

DSCP: Specify the DSCP filter for this QCE. The allowed range is 0 to 63.

Cancel Wizard Click to cancel the wizard.
< Back Click to go back to the previous wizard step.
Next > Click to continue the wizard.

-81-

2.11.8 Wizard – ToS Precedence Mapping

This wizard is used to set up the traffic class mapping to the precedence part of

ToS (3 bits) when receiving

IPv4/IPv6 packets.

Configuration Description

QCL ID Select the QCL ID to which this QCE applies.
ToS Precedence Class Select a traffic class of Low, Normal, Medium, or High to apply to the QCE.

Cancel Wizard Click to cancel the wizard.
< Back Click to go back to the previous wizard step.
Next > Click to continue the wizard.

-82-

2.11.9 Wizard – VLAN Tag Priority Mapping

Configuration Description

QCL ID Select the QCL ID to which this QCE applies.
VLAN Priority Class Select a traffic class of Low, Normal, Medium, or High to apply to the QCE.

Cancel Wizard Click to cancel the wizard.
< Back Click to go back to the previous wizard step.
Next > Click to continue the wizard.

-83-

2.12 Mirroring

To debug network problems, selected traffic can be copied, or mirrored, to a mirror port where a frame
analyzer can be attached to analyze the frame flow. The traffic to be copied to the mirror port is selected as
follows:

z All frames received on a given port (also known as ingress or source mirroring).
z All frames transmitted on a given port (also known as egress or destination mirroring).

Configuration Description

Port to mirror to Port to mirror is also known as the mirror port. Frames from ports that have either

source (rx) or destination (tx) mirroring enabled are mirrored to this port. Disabled
disables mirroring.

Port The logical port for the settings contained in the same row.
Mode Select one of the following mirror modes.

Rx only: Frames received at this port are mirrored to the mirror port. Frames
transmitted are not mirrored.
Tx only: Frames transmitted from this port are mirrored to the mirror port. Frames
received are not mirrored.

-84-

Disabled: Neither frames transmitted nor frames received are mirrored.

Save Click to save the changes.
Reset Click to undo any changes made locally and revert to previously saved values.

Enabled: Frames received and frames transmitted are mirrored to the mirror port.

Note: For a given port, a frame is only transmitted once. It is therefore not possible to mirror Tx frames for the
mirror port. Because of this, mode for the selected mirror port is limited to Disabled or Rx only.

-85-

3. Monitor

3.1 System

3.1.1 Information

Status Information Description

Contact The system contact configured in Configuration | System | Information | System

Contact.

Name The system name configured in Configuration | System | Information | System Name.
Location The system location configured in Configuration | System | Information | System

Location.

MAC Address The MAC Address of this switch.

-86-

System Date The current (GMT) system time and date. The system time is obtained through the

configured

SNTP Server, if any.

System Uptime The period of time the device has been operational.

Switch ID The switch ID.

Software Version The software version of the switch
Software Date The date when the switch software was produced.

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.

3.1.2 CPU Load

This page displays the CPU load, using a SVG graph. The load is measured as averaged over the last
100ms, 1sec and 10 seconds intervals. The last 120 samples are graphed, and the last numbers are
displayed as text as well. In order to display the SVG graph, your browser must support the SVG
format. Consult the SVG W iki for more information on browser support. Specifically, at the time of
writing, Microsoft Internet Explorer will need to have a plug-in installed to support SVG.

-87-

3.1.3 Log

Configuration Description

ID The ID (>= 1) of the system log entry.
Level The level of the system log entry. The following level types are supported:

Info: Information level of the system log.
Warning: Warning level of the system log.
Error: Error level of the system log.
All: All levels.

Time The time of the system log entry.
Message The message of the system log entry.

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to Updates the system log entries, starting from the current entry ID.
Clear Flushes all system log entries.
I<< Updates the system log entries, starting from the first available entry ID.
<< Updates the system log entries, ending from the last entry currently displayed.
>> Updates the system log entries, starting from the last entry currently displayed.
>> I Updates the system log entries, ending at the last entry currently displayed.

-88-

3.1.4 Detailed Log

Configuration Description

ID The ID (>= 1) of the system log entry.
Message The message of the system log entry.

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to Updates the system log entries, starting from the current entry ID.
Clear Flushes all system log entries.
I<< Updates the system log entries, starting from the first available entry ID.
<< Updates the system log entries, ending from the last entry currently displayed.
>> Updates the system log entries, starting from the last entry currently displayed.
>> I Updates the system log entries, ending at the last entry currently displayed.

-89-

3.2 Ports

3.2.1 State

Screen of 24-Port Switch

Screen of 16-Port Switch

Configuration Description

Port Icon Click the port icon to display its detailed statistics.
Port 2 example:

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.

-90-

3.2.2 Traffic Overview

Screen of 24-Port Switch

Screen of 16-Port Switch

Configuration Description

Port The logical port for the settings contained in the same row.
Packets The number of received and transmitted packets per port.\
Bytes The number of received and transmitted bytes per port

-91-

Errors The number of frames received in error and the number of incomplete transmissions

per port.
Drops The number of frames discarded due to ingress or egress congestion.
Filtered The number of received frames filtered by the forwarding process
Receive/Transmit The number of received and transmitted packets per port.

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.
Clear Click to flush all counters.

-92-

3.2.3 QoS Statistics

Screen of 24-Port Switch

Screen of 16-Port Switch

Configuration Description

Port The logical port for the settings contained in the same row.
Low Queue There are 4

the lowest priority queue.

QoS queues per port with strict or weighted queuing scheduling. This is

-93-

Normal Queue This is the normal priority queue of the 4 QoS queues. It has higher priority than the

"Low Queue".
Medium Queue This is the medium priority queue of the 4 QoS queues. It has higher priority than the

"Normal Queue".
High Queue This is the highest priority queue of the 4 QoS queues.
Receive/Transmit The number of received and transmitted packets per port.

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.
Clear Click to flush all counters.

-94-

3.2.4 Detailed Statistics

Configuration Description
Receive Total and Transmit Total

Rx and Tx Packets Number of received and transmitted (good and bad) packets.
Rx and Tx Octets Number of received and transmitted (good and bad) bytes. Includes FCS, but

excludes framing bits.
Rx and Tx Unicast Number of received and transmitted (good and bad) unicast packets.
Rx and Tx Multicast Number of received and transmitted (good and bad) multicast packets.
Rx and Tx Broadcast Number of received and transmitted (good and bad) broadcast packets.
Rx and Tx Pause Counter of the MAC Control frames received or transmitted on this port that have an

opcode indicating a PAUSE operation.

Receive and Transmit Size Counters

Number of received and transmitted (good and bad) packets split into categories

based on their respective frame sizes.

Receive and Transmit Queue Counters

Number of packets received and transmitted by the input and output queues.

-95-

Receive Error Counters

Rx Drops Number of frames dropped due to lack of receive buffers or egress congestion.
Rx CRC/Alignment Number of frames received with CRC or alignment errors.
Rx Undersize Nu mber of short
Rx Oversize Number of long
Rx Fragments Number of short
Rx Jabber Nu mber of long

1

frames received with valid CRC.

2

frames received with valid CRC.

1

frames received with invalid CRC.

2

frames received with invalid CRC.

Rx Filtered Number of received frames filtered by the forwarding process.

Transmit Error Counters

Tx Drops Nu mber of frames dropped due to output buffer congestion.
Tx Late/Exc. Coll. Number of frames dropped due to excessive or late collisions.

Port # Select the logical port for the displayed statistics
Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.
Clear Click to flush all counters.

Note:

1

Short frames are frames that are smaller than 64 bytes.

2

Long frames are frames that are longer than the configured maximum frame length for this port.

-96-

3.3 Security

3.3.1 Network

-97-

3.3.1.1 Port Security

3.3.1.1.1 Switch

Configuration Description

User Module Name The full name of a module that may request Port Security services.
Abbr A one-letter abbreviation of the user module

This is used in the Users column in the port status table.
Port The port number for which the status applies. Click the port number to see the status

for this particular port.
Users Each of the user modules has a column that shows whether that module has enabled

Port Security or not. A '-' means that the corresponding user module is not enabled,

whereas a letter indicates that the user module abbreviated by that letter (see Abbr)

has enabled port security.
MAC Count Indicate the number of currently learned MAC addresses (forwarding as well as

blocked) on the port. If no user modules are enabled on the port, a dash (-) will be

-98-

Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.

shown.

3.3.1.1.2 Port

Configuration Description

Port # Select a port to display.
MAC Address The MAC address and VLAN ID that is seen on this port. If no MAC addresses are

learned, a single row stating "No MAC addresses attached" is displayed.
VLAN ID ditto
State Indicates whether the corresponding MAC address is blocked or forwarding. In the

blocked state, it will not be allowed to transmit or receive traffic.
Time of Adding Show the date and time when this MAC address was first seen on the port.
Age/Hold If at least one user module has decided to block this MAC address, it will stay in the

blocked state until the hold time (measured in seconds) expires. If all user modules

have decided to allow this MAC address to forward, and aging is enabled, the Port

Security module will periodically check that this MAC address still forwards traffic.

If the age period (measured in seconds) expires and no frames have been seen, the

MAC address will be removed from the MAC table. Otherwise a new age period will

begin. If aging is disabled or a user module has decided to hold the MAC address

indefinitely, a dash (-) will be shown.
Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.

-99-

3.3.1.2 NAS

3.3.1.2.1 Switch

Configuration Description

Port # Select a port to display.
Auto-refresh Check this box to enable an automatic refresh of the page at regular intervals.

Refresh Click to refresh the page; any changes made locally will be undone.

3.3.1.2.2 Port

Configuration Description

Port # Select a port to display the port state.
Admin State The port's current administrative state. Refer to NAS Admin State for a description of

-100-