How it Works
KTI Networks
Loading...
KS-2260
User Manual
153 pgs5.3 Mb0
Table of contents
Loading...

KTI Networks KS-2260 User Manual

10/100 Managed Fast Ethernet Switch
with 100FX and Gigabit Connectivity
KS-2260
Optional 100FX Modules
Optional Gigabit Modules
Operation Manual
-1-
DOC.030425-KS2260-K
KTI Networks Inc. reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of KTI Networks Inc. to provide notification of such revision or change.
For more information, contact:
United States KTI Networks Inc.
P .O. BOX 631008 Houston, T exas 77263-1008
Phone: 713-2663891 Fax: 713-2663893 E-mail: kti@ktinet.com URL: http://www.ktinet.com/
International Fax: 886-2-26983873
E-mail: kti@ktinet.com.tw URL: http://www.ktinet.com.tw/
-2-
The information contained in this document is subject to change without prior notice. Copyright (C) KTI. All Rights Reserved.
TRADEMARKS
Ethernet is a registered trademark of Xerox Corp.
WARNING:
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference in which case the user will be required to correct the interference at his own expense.
NOTICE:
(1 ) The changes or modifications not expressively approved by the party re­sponsible for compliance could void the user's authority to operate the equip­ment. (2 ) Shielded interface cables and AC power cord, if any, must be used in order to comply with the emission limits.
CISPR A COMPLIANCE:
This device complies with EMC directive of the European Community and meets or exceeds the following technical standard. EN 55022 - Limits and Methods of Measurement of Radio Interference Character­istics of Information Technology Equipment. This device complies with CISPR Class A. WARNING: This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take ad­equate measures.
CE NOTICE Marking by the symbol indicates compliance of this equipment to the EMC
directive of the European Community. Such marking is indicative that this equip­ment meets or exceeds the following technical standards: EN 55022: Limits and Methods of Measurement of Radio Interference character­istics of Information Technology Equipment. EN 50082/1:Generic Immunity Standard -Part 1: Domestic Commercial and Light Industry. EN 60555-2: Disturbances in supply systems caused by household appliances and similar electrical equipment - Part 2: Harmonics.
-3-
Table of Contents
1. Introduction ................................................................ 8
1.1 Introduction .................................................................................... 8
1.2 Features ........................................................................................ 9
1.3 Hardware Specifications ............................................................. 10
1.4 Software Specifications ............................................................... 1 2
1.4.1 Management Objects ............................................................... 1 3
1.4.2 SNMP Traps ............................................................................. 14
1.5 Function Descriptions ................................................................. 1 5
1.5.1 LACP Trunking Function .......................................................... 15
1.5.2 IP Multicast Function ................................................................ 17
1.5.3 MAC Address Filtering Function............................................... 19
1.5.4 Static MAC Address .................................................................. 20
1.5.5 Port Security.............................................................................. 20
1.5.6 VLAN Function .......................................................................... 21
1.5.6.1 Port-based VLAN ................................................................... 21
1.5.6.2 IEEE 802.1Q VLAN (Tag-based VLAN) ................................. 22
1.5.6.3 Protocol-based VLAN ............................................................ 2 3
1.5.7 Spanning Tree Protocol ........................................................... 2 3
1.5.8 Port Sniffer Function ................................................................. 25
1.5.9 QoS Priority Function ................................................................ 26
1.5.10 802.1X Port-Based Network Access Control ......................... 27
2. Installation and Management.................................. 30
2.1 Panel Description ........................................................................ 3 0
2.2 AC Power Supply ......................................................................... 30
2.3 Network Switched Ports .............................................................. 3 1
2.3.1 10/100TX Ports ......................................................................... 31
2.3.2 100FX Modules......................................................................... 3 2
2.3.3 Gigabit Ports and Modules ....................................................... 3 4
2.4 Rack Mounting............................................................................. 36
2.5 LED Indicators............................................................................. 37
2.6 Cooling Fans ............................................................................... 38
2.7 Management Setup ..................................................................... 3 9
2.7.1 Setup for Out-of-band (Console) Management ....................... 4 0
2.7.2 Setup for In-band Management ............................................... 4 1
2.7.3 Quick Guide to Configure Switch IP Address .......................... 4 1
3. Console and Telnet Operation ............................... 42
3.1 Main Menu ................................................................................... 44
-4-
3.2 Switch Static Configuration ......................................................... 4 6
3.2.1 Port Configuration .................................................................... 4 7
3.3.2 Trunk Configuration .................................................................. 49
3.3.3 VLAN Configuration .................................................................. 5 0
3.3.3.1 VLAN Configure ..................................................................... 5 0
3.3.3.2 Create a VLAN Group ............................................................ 52
3.3.3.3 Edit / Delete a VLAN Group ................................................... 54
3.3.3.4 Groups Sorted Mode ............................................................. 55
3.3.4 Misc Configuration ................................................................... 56
3.3.4.1 MAC Age Interval.................................................................... 56
3.3.4.2 Broadcast Storm Filtering ..................................................... 5 7
3.3.4.3 Max Bridge Transmit Delay Bound........................................ 5 8
3.3.4.4 Port Security........................................................................... 59
3.3.4.5 Collision Retry Forever .......................................................... 60
3.3.4.6 Hash Algorithm ...................................................................... 6 0
3.3.5 Administration Configuration ................................................... 6 1
3.3.5.1 Change Username ............................................................... 6 1
3.3.5.2 Change Password ................................................................ 62
3.3.5.3 Device Information ................................................................ 62
3.3.5.4 IP Configuration..................................................................... 6 3
3.3.6 Port Sniffer Configuration ......................................................... 6 4
3.3.7 Priority Configuration ................................................................ 65
3.3.7.1 Static Priority .......................................................................... 66
3.3.7.2 802.1p Priority........................................................................ 67
3.3.8 MAC Address Configuration..................................................... 68
3.3.8.1 Static MAC Address ............................................................... 68
3.3.8.2 Filtering MAC Address........................................................... 70
3.4 Protocol Related Configuration ................................................... 7 1
3.4.1 STP ........................................................................................... 71
3.4.2 SNMP ........................................................................................ 75
3.4.2.1 System Options ..................................................................... 7 5
3.4.2.2 Community Strings ................................................................ 76
3.4.2.3 Trap Managers ...................................................................... 77
3.4.3 GVRP ........................................................................................ 78
3.4.4 IGMP ......................................................................................... 78
3.4.5 LACP......................................................................................... 79
3.4.5.1 Working Port Setting.............................................................. 79
3.4.5.2 State Activity ........................................................................... 80
3.4.5.3 LACP Status .......................................................................... 81
-5-
3.4.6 802.1X....................................................................................... 81
3.4.6.1 Enable 802.1X Protocol......................................................... 8 2
3.4.6.2 802.1X System Configuration ............................................... 8 2
3.4.6.3 802.1X Per Port Configuration .............................................. 83
3.4.6.4 802.1X Misc. Configuration ................................................... 8 4
3.5 Status and Counters ................................................................... 85
3.5.1 Port Status ................................................................................ 86
3.5.2 Port Counters ........................................................................... 8 7
3.5.3 System Information .................................................................. 88
3.6 Reboot Switch ............................................................................. 8 9
3.6.1 Restart ...................................................................................... 8 9
3.6.2 Default ...................................................................................... 8 9
3.7 TFTP Update Firmware ............................................................... 9 0
3.7.1 TFTP Update Firmware ............................................................ 9 1
3.7.2 TFTP Restore Configuration .................................................... 92
3.7.3 TFTP Backup Configuration ..................................................... 9 3
4. SNMP Management ................................................. 94
4.1 Configuring SNMP Settings via Console Operation ................... 95
4.2 SNMP MIB-2 and Private MIB....................................................... 95
4.3 SNMP Traps ................................................................................ 98
5. Web Management .................................................... 99
5.1 Start Browser Software and Making Connection ...................... 10 0
5.2 Web Management Home Overview .......................................... 10 1
5.3 Port status ................................................................................. 10 2
5.4 Port Statistics............................................................................. 10 4
5.5 Administrator ............................................................................. 1 05
5.5.1 IP Address .............................................................................. 1 06
5.5.2 Switch Setting ......................................................................... 10 7
5.5.2.1 Basic Information ................................................................ 10 7
5.5.2.2 Module Info .......................................................................... 108
5.5.2.3 Advanced ............................................................................. 109
5.5.3 Console Port Information ....................................................... 112
5.5.4 Port Controls .......................................................................... 113
5.5.5 Trunking .................................................................................. 115
5.5.5.1 Aggregator settings ............................................................. 116
5.5.5.2 Aggregator Information ........................................................ 117
5.5.5.3 State Activity ......................................................................... 120
5.5.6 Forwarding and Filtering Database ....................................... 1 21
-6-
5.5.6.1 IGMP Snooping.................................................................... 121
5.5.6.2 Static MAC Address ............................................................. 122
5.5.6.3 MAC Address Filtering......................................................... 1 23
5.5.7 VLAN configuration ................................................................. 124
5.5.7.1 Port-based VLAN ................................................................. 125
5.5.7.2 802.1Q VLAN ....................................................................... 127
5.5.8 Spanning Tree........................................................................ 1 31
5.5.9 Port Sniffer .............................................................................. 135
5.5.10 SNMP.................................................................................... 136
5.5.11 Security Manager .................................................................. 139
5.5.12 802.1X Configuration ........................................................... 1 40
5.5.12.1 802.1X PerPort Configuration ........................................... 14 2
5.5.12.2 802.1X Misc Configuration ................................................ 1 43
5.6 TFTP Update Firmware ............................................................. 14 4
5.7 Configuration Backup ................................................................ 14 6
5.7.1 TFTP Restore Configuration .................................................. 1 46
5.7.2 TFTP Backup Configuration ................................................... 1 47
5.8 Reset System ............................................................................ 14 8
5.9 Reboot ....................................................................................... 1 49
6. Update Firmware from Console ........................... 150
Appendix A: Factory Default Settings ...................... 151
-7-

1. Introduction

1.1 Introduction

Driven by recent advances in desktop computing technology, toda y’s network applications have increased in speed, power and the ability to process information. To meet the demands of these more bandwidth­intensive applications, this switch device provides significant increase in performance for your Ethernet and Fast Ethernet network. The switch comes with high number of 10/100 Fast Ethernet switched ports, each capable of transferring information simultaneously at full wire speed to control and allocate the network bandwidth. It also provides two Gigabit Ethernet slots for migration to Gigabit network smoothly.
The key features of the switch units are:
High Port-count and High Bandwidth
100FX connectivity
Copper Gigabit connectivity
Fiber Gigabit connectivity
Network Management
-8-

1.2 Features

19-inch rack mountable 24-Port 10/100 managed Fast Ethernet switch with two Giga expansion port slots
Provides two alternative 100Base-FX port slots for fiber connections
Non-blocking and store-and-forward switch engine performs forwarding and filtering at full wire speed.
Supports diversified optional Giga port modules for selection including 10/100/1000 copper type and fiber type
Provides port control function for auto-negotiation, speed, duplex, and flow control configuration
Provides per-port Egress/Ingress data rate control function
Provides 802.1X port-based network access control function
Provides broadcast storm filtering function
Provides 802.3ad port trunking function with up to 7 trunks
Supports input-port-based, output-port-based, and input-output­pair-based Sniffer function
Provides static MAC address and filtering MAC address configuration
Provides ingress port security function
Provides bridging delay bound control function
Supports Ethernet frame length up to 1522 bytes
Supports 802.3x flow control for full duplex mode and backpressure flow control for half duplex mode
Supports auto-aging with selectable inter-age time
Supports port-based VLAN and 802.1Q tag-based VLAN
Supports 802.1v protocol-based VLAN classification
Supports port-based priority and 802.1p CoS with 2-level priorities
Supports Spanning Tree Protocol
Supports IP Multicasting and IGMP snooping
Supports console/Telnet/SNMP/Web/Trap managements
-9-

1.3 Hardware Specifications

10/100 Switched Ports Port 1 ~ 24, Total : 24 ports
802.3 10Base-T , 802.3u 100Base-TX compliant Shielded RJ-45 with auto MDI-X function
Port 23, 24 Alternatives 100Base-FX connectivity
2 expansion module slots - Slot F23, F24
Giga Switched Ports 2 expansion Slots - Slot G1, G2
802.3z and 802.3ab compliant Supports optional 10/100/1000 Copper module Supports optional Giga Fiber modules
Port Control Function Port enable/disable
Auto-negotiation function Speed,Duplex mode Full duplex flow control function Half duplex flow control function Ingress data rate Egress data rate Port security (MAC learning function)
Flow Control Methods 802.3x pause frame based for full duplex
Backpressure for half duplex mode
Forwarding speed Max. 148,810 pps on 100M switched ports
Max. 1,488,100 pps on Gigabit switched ports
Trunking Function IEEE 802.3ad compliant
Per trunk mode : Static or LACP Up to 7 trunk groups (trunk ports) Each is composed of up to 4 ports
Port Sniffering One sniffer port (any one among 26 ports)
Up to 25 monitored ports
3 mode options - Tx / Rx / Tx+Rx traffic MAC address aging time Control options - 300 ~ 765 seconds MAC Address Table Size : 6K entries for
Auto-learned unicast addresses and
Static unicast/multicast addresses Broadcast Storm Filtering Threshold options - 5%,10%, 15%,20%, 25% Filtering MAC Address Destination address-based filtering
-10-
Network Access Control 802.1X protocol support for all ports Function Radius client configuration
Per port mode - Auto, Fu, Fa, No QoS Function 2-level (High/Low) priority for Tx queues
Selectable Tx High/Low service ratio Priority Decision Method First - Port-based priority
Second - 802.1p priority (Tag priority value) VLAN Function Mode options if enabled -
Port-based VLAN
802.1Q T ag-based VLAN
Port-based VLAN Max. 26 VLAN groups
VLAN-tagging is ignored
No tag modification for tagged packets
802.1Q VLAN Max. 256 VLAN groups
- VLAN ID 2 ~ 4094
- Member port mode Outgoing : Tagged, Untagged
- GVRP 802.1Q complaint (GARP 802.1P complaint)
- Protocol classification 802.1v compliant IP Multicasting Table 256 multicast address root entries 10/100 Port LED Display Link / Activity status
Speed status Duplex / Collision status
Giga Port LED Display Link / Activity status
Duplex / Collision status
Console Port RS-232, DTE, DB9
Baud : 9600, N, 8, 1, 0, No flow control Dimension 443mm (W) x 245mm (D) x 43mm (H) Power Input Rating 100 ~ 240V AC, 50/60Hz, 50W Input voltage range 90 ~ 264VAC Input frequency 47 ~ 440Hz Power Consumption 17W min. 26W max. Environmental Operating temperature : 0 ~ 50oC
Storage temperature : -40 ~ 85oC Certifications FCC Part 15 Class A
CE / CISPR Class A
-11-

1.4 Software Specifications

Management interface
In-band SNMP over TCP/IP network In-band W eb browser over TCP/IP network In-band T elnet over TCP/IP network Out-of-band via Console port SNMP Traps over TCP/IP network
RFC & Protocols
IPv 4 IP version4 RFC791 TC P Transmission Control Protocol RFC793 UD P User Datagram Protocol RFC768 ARP Ehernet Address Resolution Protocol RFC826 ICMP Internet Control Message Protocol RFC792 SNM P SNMP agent v1 RFC1157 MIB-2 Standard MIB RFC1213 Traps Generic SNMP traps RFC1157 TFTP Trivial File Transfer Protocol RFC1350 Telnet Telnet protocol RFC854 HTTP HTTP server for web management RFC1945 GVRP GARP VLAN Registration Protocol 802.1Q GARP Generic attribute registration protocol 802.1P DHCP Dynamic Host Configuration Protocol RFC2131 IGMP Internet Group Management Protocol RFC2236 RMON MIB groups : Statistics, History, Alarm, Event RFC1271 Bridge Bridge MIB RFC1493
-12-

1.4.1 Management Objects

List of management objects supported by console and T elnet interfaces :
Management Objects Console Telnet Web SNMP
Boot diagnostics Yes - - ­Login check Y es Yes Yes ­Port configuration Y es Yes Yes ­Trunk configuration (& LACP) Y es Yes Yes ­VLAN configuration Y es Yes Y es ­QoS Priority configuration Y es Yes Yes ­MAC address aging setting Yes Yes Yes ­Broadcast storm filtering setting Y es Yes Yes ­Max. bridge transmit delay bound Y es Yes Yes ­Low queue delay bound setting Y es Yes Yes ­Low queue delay time setting Yes Yes Yes ­Port security setting Y es Yes Yes ­Collision retry forever setting Y es Yes Yes ­Port Sniffer (Mirrowing) setting Y es Yes Yes ­IP configuration (TCP/IP) Y es Yes Yes ­Username, password change Yes Yes Yes ­SNMP community string settings Y es Yes Yes ­SNMP device information settings Yes Yes Yes ­Trap manager configuration Y es Yes Yes ­STP configuration Yes Yes Yes ­Static Mac address configuration Y es Yes Yes ­Filter Mac address configuration Yes Yes Yes ­GVRP setting Y es Y es Yes ­IGMP setting Y es Yes Yes -
802.1X configuration Y es Yes Y es ­System firmware update (TFTP) Yes Yes Y es ­System firmware update (1K modem) Yes - - ­Default configuration file download Yes Yes Yes ­Current configuration backup (TFTP) Y es Yes Yes ­Reboot switch with default settings Yes Yes Yes ­Reboot switch with current settings Yes Yes Yes -
-13-
Management Objects Console Telnet Web SNMP
Port state - enable/disable Yes Yes Yes Yes Port status - link, speed Y es Yes Yes Yes Port static counters Yes Yes Yes Yes Device Mac address information Yes Yes Yes Yes System firmware version information Yes Y es Yes ­System hardware version information Y es Yes Yes ­System default configuration version Yes Yes Yes ­G1, G2 module information Y es Y es Y es Y es F23, F24 module information Y es Yes Yes Yes Cooling Fan1 Fan2 status Y es Yes Yes Yes LACP status Yes Yes Yes ­IGMP snooping information - - Yes ­RFC 1213 MIB-2 objects - - - Yes RFC 1493 Bridge MIB - - - Yes RFC 1271 RMON MIB (group 1,2,3,9) - - - Yes

1.4.2 SNMP Traps

T rap Events
The table below lists the events the device will generate SNMP traps.
Generic: RFC1157 generic, Specific: EnterpriseSpecific
Type T rap Event
Generic Cold Start Device bootup Generic Authentication SNMP authentication failure Generic Port link change Port link down Generic Port link change Port link recovery Specific Fan1 failure Cooling Fan1 failure warning Specific Fan1 failure Cooling Fan1 failure recovery Specific Fan2 failure Cooling Fan2 failure warning Specific Fan2 failure Cooling Fan2 failure recovery
-14-

1.5 Function Descriptions

1.5.1 LACP Trunking Function

The switch provides a trunking function, which is compliant with 802.3ad standard. 802.3ad is a specification from IEEE that allows us to bundle several physical port links together to form one logical port , called a trunk between two devices. It supports Link Aggregation Control Proto­col (LACP).
IEEE 802.3ad trunking also allows redundant connections between de­vices to be combined for more aggregate bandwidth between devices supporting LACP.
The LACP provides a standardized means for exchanging information between two link partners on a link to allow their Link Aggregation Con­trol instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs, move the link to that Link Aggregation Group, and enable its transmission and reception functions in an orderly manner.
The switch can support up to seven trunk groups, or called trunk ports or trunks. Each group is a logic port and can have up to 4 physical port members. A physical port can only belong to one trunk group. Each trunk group can be set LACP disabled or enabled. The operations are:
LACP disabled
If one trunk group is LACP disabled, it becomes a local static trunk and all member ports are forced to be work ports. The link aggregation is formed and there is no LACP negotiation taking place. Maximal four member ports are allowed.
LACP enabled
If one trunk group is LACP enabled, it is called LACP static trunk. Link aggregation is formed through LACP negotiation between link partners. Up to four ports can be selected as member ports for each trunk group. However, the max. two ports, called work ports can be aggregated at the
-15-
same time. Those member ports which are not work ports are standby to become work port if any current work port fails to operate. This transition takes about 30 seconds. Each member port can be set LACP Passive or LACP active as described below:
LACP Passive : The port does not initiate the LACP negotiation, but it does understand the LACP packet. It will reply to the received LACP packet to eventually form the link aggregation if its link partner is requesting to do so (in active state). LACP Active : The port is willing to form an aggregate link, and initiate the negotiation. The link aggregate will be formed if its link partner is running in LACP active or passive mode.
There are only three valid combinations to run the LACP link aggregate as follows:
disabled to disabled state (forced link aggregate without LACP)
active to active state
active to passive state
Rules of trunking
1. Up to seven trunk groups (trunk ports) can be created.
2. Each trunk group can be composed of up to 4 member ports.
3. The member port can be one of Port 1 ~ Port 24 and G1 - G2 port.
4. One switched port only can belong to one trunk group.
5. If VLAN group exist, all members of one static trunk group must be
in same VLAN group.
6. LACP operation requires member ports in full-duplex mode.
7. In a static trunk group (LACP disabled), four work ports are aggre-
gated at the same time.
8. In an LACP trunk group, maximal two work ports can be aggregated
at the same time.
-16-

1.5.2 IP Multicast Function

Internet Protocol (IP) multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of infor­mation to thousands of corporate recipients and homes. Applications that take advantage of multicast include video conference, corporate communications, distance learning, and distribution of software, stock quotes, and news.
IP Multicast delivers source traffic to multiple receivers without adding any additional burden on the source or the receivers while using the least network bandwidth of any competing technology. Multicast packets are replicated in the network by the devices supporting multicast protocols resulting in the most efficient delivery of data to multiple receivers pos­sible.
Multicast is based on the concept of a group. An arbitrary group of receivers expresses an interest in receiving a particular data stream. This group does not have any physical or geographical boundaries - the hosts can be located anywhere on the Internet. Hosts that are interested in receiving data flowing to a particular group must join the group using IGMP. Hosts must be a member of the group to receive the data stream.
IP Multicast address
IP Multicast addresses specify an arbitrary group of IP hosts that have joined the group and want to receive traffic sent to this group. IP multicast addresses range from 224.0.0.0 through 239.255.255.255. This address range is only for the group address or destination address of IP multicast traffic. The source address for multicast datagrams is always the unicast source address.
-17-
IGMP
Internet Group Management Protocol (IGMP) is used to dynamically register individual hosts in a multicast group on a particular LAN. Hosts identify group memberships by sending IGMP messages to their local multicast router. Under IGMP, routers listen to IGMP messages and peri­odically send out queries to discover which groups are active or inactive on a particular subnet.
RFC 2236 defines the specification for IGMP Version 2. There are four types of IGMP messages:
Membership query
IGMP V ersion 1 membership report
IGMP V ersion 2 membership report
Leave group
Hosts send out IGMP membership reports corresponding to a particular multicast group to indicate that they are interested in joining that group. The router periodically sends out an IGMP membership query to verify that at least one host on the subnet is still interested in receiving traffic directed to that group. When there is no reply to three consecutive IGMP membership queries, the router times out the group and stops forwarding traffic directed toward that group.
With leave group message, the hosts can actively communicate to the local multicast router their intention to leave the group. The router then sends out a group-specific query and determines whether there are any remaining hosts interested in receiving the traffic. If there are no replies, the router times out the group and stops forwarding the traffic.
-18-
IGMP Snooping
IGMP snooping requires the LAN switch to examine, or snoop, some Layer 3 information in the IGMP packets sent between the hosts and the router. When the switch hears the IGMP host report from a host for a particular multicast group, the switch adds the host's port number to the associated multicast table entry. When the switch hears the IGMP leave group message from a host, it removes the host's port from the table entry.
Multicast Forwarding
In multicast routing, the source is sending traffic to an arbitrary group of hosts represented by a multicast group address. The multicast router must determine which direction is upstream (toward the source) and which direction (or directions) is downstream. If there are multiple down­stream paths, the router replicates the packet and forwards the traffic down the appropriate downstream paths - which is not necessarily all paths.
The switch can support IP multicast if IGMP protocol is enabled. IGMP snooping function and status is also provided. Each IP multicast address is associated one Vlan ID and its member ports. The information is avail­able from management interfaces.

1.5.3 MAC Address Filtering Function

MAC address filtering allows the switch to drop unwanted traffic. In­coming traffic is filtered based on the destination MAC addresses (DAs). The unwanted destination addresses are called filter MAC addresses.
The switch provides management function that allows LAN administra­tor to maintain the filter MAC address table.
-19-

1.5.4 Static MAC Address

The switch provides Static MAC Address setup function. The static MAC addresses are the MAC addresses which are setup by LAN admin­istrators and are not learned by the switch automatically.
The static addresses are stored and referred in switch MAC address table permanently regardless of whether the MAC addresses are physi­cally disconnected to the switch.
Applying this function with port security function allows LAN adminis­trator to build a protection mechanism that let switch only serves granted devices.
Static MAC address related settings:
Mac Address : Static Ethernet MAC address (12 digits) Port num : The port number where the MAC address is located Vlan ID : The associated Vlan ID to the address, if 802.1Q VLAN is enabled.

1.5.5 Port Security

A port in security mode does not learn any source MAC address (SA). Only the incoming packets with SA existing in the switch static MAC address table can be forwarded normally. Otherwise, the packets are dropped. This features provides a protection mechanism to restrict the devices link to the switch port. Only devices with valid MAC addresses can be served by the switch.
-20-

1.5.6 VLAN Function

Virtual LANs (VLANs) can be viewed as a group of devices on dif ferent physical LAN segments which can communicate with each other as if they were all on the same physical LAN segment. It can create a network that is independent of physical location and group users into logical workgroups. The benefits are:
Confine broadcast traffic and Increased performance
Improved manageability
Network tuning and simplification of software configurations
Physical topology independence
Increased security options
The switch supports port-based, 802.1Q (T ag-based) and protocol-based VLAN. In the default configuration, VLAN function is disabled.

1.5.6.1 Port-based VLAN

Up to 26 VLAN groups can be created. Each group has its own port members. The member ports are selected among the physical ports on the switch. Packets can go among only members in the same VLAN group.
Required configurations:
Maintain (Create/delete/modify) VLAN groups
Manage the port members of each VLAN group
Note:
1. The ports which are not belonging to any group are treated as
belonging to another single VLAN.
2. A trunk group is treated as a physical port.
3. VLAN-tagging is ignored in port-based VLAN mode.
-21-

1.5.6.2 IEEE 802.1Q VLAN (T ag-based VLAN)

Tag-based VLAN is an IEEE 802.1Q specification standard. Therefore, it is possible to create a VLAN across devices from different venders. IEEE
802.1Q VLAN uses a technique to insert a tag into the Ethernet frames. Tag contains a VLAN Identifier (VID) that indicates the VLAN numbers.
The switch can classify each received packet as belonging to one and only one VLAN. If the received packet is VLAN-tagged, the packet is classified as belonging to the VLAN specified in the VLAN tag header. If the received packet is untagged, it is classified as belonging to the de­fault VLAN configured for the ingress port.
Required configurations:
Enable or disable GVRP support
VLAN information including VID (2-4094) and name
T agged member ports of each VLAN
Outgoing tag mode for each member port
T ag - outgoing frames with VLAN-tagged Untag - outgoing frames without VLAN-tagged
PVID (Port VID, 1-255 for untagged incoming frames) for each port
Ingress Rule 1 setting for each port : forward only packets with VID
matching configured PVID
Ingress Rule 2 setting for each port : drop untagged frames
PVID : this feature is useful to accommodate the devices which do not support tagging to participate in the VLAN.
GVRP - GARP [Generic Attribute Registration Protocol] VLAN Regis­tration Protocol : GVRP allows automatic VLAN configuration between
the switch and nodes. If the switch is connected to a device with GVRP enabled, you can send a GVRP request using the VID of a VLAN defined on the switch, the switch will automatically add that device to the exist­ing VLAN. (GVRP - 802.1Q complaint, GARP - 802.1P compliant)
-22-

1.5.6.3 Protocol-based VLAN

In order for an end station to send packets to different VLANs, it itself has to be either capable of tagging packets it sends with VLAN tags or attached to a VLAN-aware bridge that is capable of classifying and tag­ging the packet with different VLAN ID based on not only default PVID but also other information about the packet, such as the protocol. The switch can support 802.1v compliant protocol-based VLAN classifica­tion by means of both built-in knowledge of layer 2 packet formats used by selected popular protocols, such as Novell IPX and AppleTalk`s EtherTalk, and others. Required configuration:
Protocol setting for each VLAN group defined in 802.1Q VLAN mode
If more than two VLAN groups are configured with same protocol
value, make sure the member ports of those groups are not overlaping. Any incoming untagged packet is checked and classified according the
Protocol vs. VLAN mapping settings. If an associated VLAN group is found, the packet is calssified and is inserted with VID tag of the group VLAN ID instead of input port PVID.

1.5.7 Spanning Tree Protocol

Spanning-Tree Protocol (STP) is a link management protocol that pro­vides path redundancy while preventing undesirable loops in the net­work. For an Ethernet network to function properly, only one active path must exist between two stations. Multiple active paths between stations cause loops in the network. If a loop exists in the network, you might receive duplicate messages. When loops occur, some switches see sta­tions on both sides of the switch. This condition confuses the forward­ing algorithm and allows duplicate frames to be forwarded.
T o provide path redundancy, Spanning-Tree Protocol defines a tree that spans all switches in an extended network. Spanning-Tree Protocol forces certain redundant data paths into a standby (blocked) state. If one net­work segment in the Spanning-Tree Protocol becomes unreachable, or if Spanning-Tree Protocol costs change, the spanning-tree algorithm
-23-
re-configures the spanning-tree topology and reestablishes the link by activating the standby path.
Spanning-Tree Protocol operation is transparent to end stations, which are unaware whether they are connected to a single LAN segment or a switched LAN of multiple segments.
STP related parameters Priority : A value to identify the root bridge. The bridge with the lowest
value has the highest priority and is selected as the root. MAC Address : The MAC address of the switch as a unique identifier to the network. Max Age : The number of seconds a bridge waits without receiving Spanning Tree protocol configuration messages before attempting a reconfiguration. Maximum Age Timer measures the age of the received protocol information recorded for a port and ensures that this informa­tion is discarded when its age limit exceeds the value of the maximum age parameter recorded by the switch. The time-out value for this timer is the maximum age parameter of the switches. Hello Time : The number of seconds between the transmission of Span­ning Tree protocol configuration messages. It determines how often the switch broadcasts its hello message to other switches. Forward Delay Time : The number of seconds a port waits before chang­ing from its Spanning Tree Protocol learning and listening states to the forwarding state. Forward Delay Timer Monitors the time spent by a port in the learning and listening states. The time-out value is the forward delay parameter of
Spanning tree port states Listening : Switches send messages to one another to establish the
network topology and the optimal paths to the different segments of the network. Other data is not transmitted. Blocking : The switch enters the Blocking State if a path with higher priority is found to exist during the Listening State. Normal data is not transmitted.
-24-
Learning : The switch enters the Learning State if no path with a higher priority is found during the Listening State. Learned entries are entered in the Unicast Destination Forwarding T able. Normal data is not transmitted. Forwarding : The switch enters the Forwarding State after having been in the Learning State for a predefined time period. Normal data is transmitted.
Per port control settings PathCost : Specifies the path cost for each port. The Spanning-Tree
Protocol uses port path costs to determine which port to select as a forwarding port. You should assign lower numbers to ports attached to faster media (such as full duplex), and higher numbers to ports attached to slower media. The possible range is 1 to 65535. The recommended path cost is 1000 divided by LAN speed in megabits per second. Priority : Specify STP port priority for each port. The port (physical or logical) with the lowest priority value has the highest priority and for­wards the spanning-tree frames. The possible priority range is 0 through 255 (decimal). The default is 128. If all ports have the same priority value, the lowest port number forwards the spanning-tree frames.

1.5.8 Port Sniffer Function

Port sniffer function is a method to duplicate all traffic occurred on the specified monitored ports to the designated sniffer port. The traffic can be configured for incoming packets only or outgoing packets only or both. The control settings are:
Sniffer Mode : Specify the traffic type for monitoring Options - Disable, Rx=incoming, Tx=outgoing, Both=Rx&Tx
Sniffer Port : Specify the port where performs monitoring Monitored Port : Select the ports whose traffic will be duplicated to the
monitoring port. Press Space key for selection from the port member list.
-25-

1.5.9 QoS Priority Function

This switch supports two priority levels, high and low, and provides two priority functions:
1. Port-based Priority (Static priority)
2. 802.1p Priority (VLAN tagged priority)
Priority Classification Methods
Static priority is called port-based priority. The priority level of a receiv­ing packet is determined by the configured priority of the input port where the packet is received and the content of the packet is ignored. Each port must be pre-configured with a priority level for incoming frames or disabled setting.
The switch uses the following rules:
1. Applies Static Priority method first for tagged or untagged packets.
2. If port static priority is disabled, applies 802.1p Priority method.
3. Untagged packets are treated as low priority.
Outgoing Service Policy
The switch provides two options for outgoing service policy for high priority packets and low priority packets.
1. High priority always first
2. Round robin method with specified [High : Low] ratio setting This policy configuration can be set via the management interface.
-26-

1.5.10 802.1X Port-Based Network Access Control

For some IEEE 802 LAN environments, it is desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to make use of those services. IEEE 802.1X Port-based network access control function provide a means of authenticating and authoriz­ing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases in which the authentication and authorization process fails. The 802.1X standard relies on the client to provide credentials in order to gain access to the network. The credentials are not based on a hardware address. Instead, they can be either a username/password combination or a certificate. The credentials are not verified by the switch but are sent to a Remote Au­thentication Dial-In User Service (RADIUS) server, which maintains a database of authentication information. 802.1X consists of three compo­nents for authentication exchange, which are as follows:
An 802.1X authenticator: This is the port on the switch that has
services to offer to an end device, provided the device supplies the proper credentials.
An 802.1X supplicant: This is the end device; for example, a PC that
connects to a switch that is requesting to use the services (port) of the device. The 802.1X supplicant must be able to respond to communicate.
An 802.1X authentication server: This is a RADIUS server that exam-
ines the credentials provided to the authenticator from the supplicant and pro­vides the authentication service. The authentication server is responsible for letting the authenticator know if services should be granted.
-27-
The 802.1X authenticator operates as a go-between with the supplicant and the authentication server to provide services to the network. When a switch is configured as an authenticator, the ports of the switch must then be configured for authorization. In an authenticator-initiated port authorization, a client is powered up or plugs into the port, and the authenticator port sends an Extensible Authentication Protocol (EAP) PDU to the supplicant requesting the identification of the supplicant. At this point in the process, the port on the switch is connected from a physical standpoint; however, the 802.1X process has not authorized the port and no frames are passed from the port on the supplicant into the switching engine. If the PC attached to the switch did not understand the EAP PDU that it was receiving from the switch, it would not be able to send an ID and the port would remain unauthorized. In this state, the port would never pass any user traffic and would be as good as disabled. If the client PC is running the 802.1X EAP , it would respond to the request with its configured ID. (This could be a username/password combination or a certificate.)
After the switch, the authenticator receives the ID from the PC (the sup­plicant). The switch then passes the ID information to an authentication server (RADIUS server) that can verify the identification information. The RADIUS server responds to the switch with either a success or failure message. If the response is a success, the port will be authorized and user traffic will be allowed to pass through the port like any switch port connected to an access device. If the response is a failure, the port will remain unauthorized and, therefore, unused. If there is no response from the server, the port will also remain unauthorized and will not pass any traffic.
The following configuration settings are required in the switch to make
802.1X function work:
-28-
Enable 802.1X protocol
Radius client configuration ­Radius server IP : IP address of the Radius server Shared key : en encryption key for use during authentication sessions
with the specified Radius server. It must match the key used on the Radius server.
NAS identifier : identifier for this Radius client Server port : the UDP destination port for authentication requests to the
specified Radius server Accounting port : the UDP destination port for accounting requests to the specified Radius server
Per-port 802.1X mode setting: Auto (Au) - The port is set to the Authorized or Unauthorized state in
accordance with the outcome of an authentication exchange between the Supplicant and the Authentication Server.
Forced Authorized (Fa) - The port is forced to be in authorized state. Forced Unauthorized (Fu) - The port is forced to be in unauthorized state. None (No) - The port is not necessary authorized.
Misc. configuration: quietPeriod - the period during which the port does not try to acquire a
supplicant txPeriod - the period the port waits to retransmit the NEXT EAPOL PDU during an authentication session suppTimeout - the period of time the switch waits for a supplicant re­sponse toan EAP request serverTimeout - the period of time the switch waits for a server response to an authentication request reAuthMax - the number of authentication attempts that must time-out before authentication fails and the authentication session ends. reAuthPeriod - the period of time after which the connected radius cli­ents must be re-authenticated
-29-

2. Installation and Management

2.1 Panel Description

2.2 AC Power Supply

One AC power cord which meets the specification of your country of origin was supplied with the switch unit. Before installing AC power cord to the switch, make sure the AC power switch is in OFF position and the AC power to the power cord is turned off. The switch supports wide range of AC power input specifications as follows:
Power Rating : 100 ~ 240VAC, 50/60Hz, 50W Voltage Range : 90 ~ 260VAC Frequency : 47 ~ 440 Hz Inrush Current : 24A@230V Minimal Consumption : 17W Maximal Consumption : 26W
-30-
Loading...
+ 123 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use