KTI Networks KS-2601 User Manual
Managed Switch
User's Manual
KS-2601
DOC.061214
1
We make no warranties with respect to this documentation and disclaim any
implied warranties of merchantability, quality, or fitness for any particular
purpose. The information in this document is subject to change without notice.
We reserve the right to make revisions to this publication without obligation to
notify any person or entity of any such changes.
Trademarks or brand names mentioned herein are trademarks or registered
trademarks of their respective companies.
2
About this manual …
This manual is a general user’s manual for the managed switch:
24+2G fully-modularized model
It has three 8-port module slots at front panel. These 8-port modules can be 8*
10/100M TX ports or 8* 100M FX ports. It has flexible design for hardware
configuration.
Modules (8-port )
Front Side
There are two Gigabit module slots at rear panel for gigabit extension.
Module Slot
Rear Side
3
Contents
1. INTRODUCTION---------------------------------------------------------1
1.1 PACKAG E CONTENTS------------------------------------------------------------1
2. WHERE TO PLACE THE MANAGED SWITCH -----------------1
3. CONFIGURE NETWORK CONNECTION ------------------------- 2
3.1 CONNECTING DEVICES TO THE INTELLIGENT SWITCH ------------2
3.2 CONNECTING TO ANOTHER ETHERNET SWITCH/HUB---------------2
3.3 APPLICATION------------------------------------------------------------------------3
4. ADD/REMOVE MODULE ----------------------------------------------4
4.1 ADD/REMOVE M ODULE----------------------------------------------------------4
5. LEDS CONDITIONS DEFINITION----------------------------------- 6
5.1 LEDS DEFINED ---------------------------------------------------------------------- 6
6. MANAGE / CONFIGURE THE SWITCH----------------------------7
6.1 INTRODUCTION OF THE MANAGEMENT FUNCTIONS ----------------7
6.2 MANAGEMENT WITH CONSOLE CONNECTION ----------------------- 10
6.3 MANAGEMENT WITH HTTP CONNECTION------------------------------ 39
6.4 ABOUT TELNET INTERFACE ------------------------------------------------- 70
6.5 ABOUT SNMP INTERFACE----------------------------------------------------- 70
7. SOFTWARE UPDATE AND BACKUP---------------------------- 71
A. PRODUCT SPECIFICATIONS------------------------------------- 72
B. COMPLIANCES------------------------------------------------------- 73
1. Introduction
This managed switch is a Layer2 management switch with lots of advanced
network functions including VLAN, trunking, spanning tree, mirror port, IP
multicast, rate limit and port configuration. It supports console, telnet, http and
SNMP interface for switch management. IEEE 802.1x is supported for port
security application. These functions can meet most of the management request
for current network.
1.1 Package Contents
One Intelligent Switch
One AC power cord (* for AC power model)
One console cable
Two rack-mount kits and screws (* for 24+2G model only)
This user's manual
2. Where To Place the Managed Switch
This switch can be placed on a flat surface (your desk, shelf or table).
Place the Intelligent Switch at a location with these connection considerations in
mind:
The switch configuration does not break the rules as specified in Section 3.
The switch is accessible and cables can be connected easily to it.
The cables connected to the switch are away from sources of electrical
interference such as radio, computer monitor, and light fixtures.
There is sufficient space surrounding the switch to allow for proper ventilation.
You can also install the 24+2G models Intelligent switch on a 19" rack with the
rack-mount kits.
1
3. Configure Network Connection
3.1 Connecting Devices to the Intelligent Switch
[ Connection Guidelines: ]
For 10BaseT connection: Category 3 or 5 twisted-pair Ethernet cable
For 100BaseTX connection: Category 5 twisted-pair Ethernet cable
For 1000BaseTX connection: Category 5e or 6 twisted-pair Ethernet cable
For UTP cable connection, always limit the cable distance to 100 meters (328
ft) as defined by IEEE specification
If your switch has 100BaseFX/1000BaseSX/1000BaseLX ports, you can
connect long distance fiber optic cable to the switch.
Because this switch supports Auto MDI/MDI-X detection on each UTP port,
you can use normal straight through cable for both workstation connection
and hub/switch cascading.
3.2 Connecting to Another Ethernet Switch/Hub
This Intelligent Switch can be connected to existing 10Mbps / 100Mbps /
1000Mbps hubs/switches. Because all UTP ports on the Intelligent Switch
support Auto MDI/MDI-X function, you can connect from any UTP port of the
Intelligent Switch to the MDI or MDI-X port of another hub/switch with Straight
Through or Crossover cables. If the switches have fiber-optic ports, you can
cascade them with fiber optic cable.
2
3.3 Application
A switch can be used to overcome the hub-to-hub connectivity limitations as well
as improve overall network performance. Switches make intelligent decisions
about where to send network traffic based on the destination address of the
packet. As a result, the switch can significantly reduce unnecessary traffic.
The example below demonstrates the switch ability to segment the network. The
number of nodes on each segment is reduced thereby minimizing network
contention (collisions) and boosting the available bandwidth per port.
With management function of the switch, network administrator is easy to
monitor network status and configure for different applications.
3
4. Add/Remove Module
4.1 Add/Remove Module
[ For 24+2G Fully Modulized Model ]
This model supports three 8-port 10/100Mbps TX/FX modules at front panel and
two 1-port gigabit TX/SX/LX modules at rear panel.
Note: This switch does not support hot-swap function. Turn off the switch
first before adding or removing module. Otherwise, the switch and module
could be damaged.
-- Modules at Front Side --
Modules (8-port )
Front Side
[ Adding Modules to the Switch at Front Panel ]
1. Power OFF the switch first.
2. If the switch is rack-mounted, you have to remove the switch from rack first.
3. Loosen the screws of the cover on the module slot with screwdriver. Two at
the front side, one at bottom side.
4. Remove the cover of the module slot.
5. Follow the rails on both sides of the module slot to slide in the module
slowly.
6. Push the module firmly to make the module connecting well with the
connector in the switch.
7. Drive the screws to fix the module to the switch firmly with screwdriver. Two
at the front side, one at bottom side.
8. If the switch is rack-mounted, you can put the switch back to rack.
9. Power ON the switch.
10. If 100FX module is added, please configure these FX ports to 100/Full with
“set port” command.
11. Connect network cables to the connectors on the module. If the connected
devices are working, the Link/Act LED will be ON.
Note
: We suggest you to keep these removed module slot covers. It can be use
when these modules are removed in the future.
[ Remove Modules from the Switch at Front Panel ]
1. Power OFF the switch first.
4
2. If the switch is rack-mounted, you have to remove the switch from rack first.
3. Loosen the screws of the module with screwdriver. Two at the front side, one
at bottom side.
4. Remove the module slowly from the module slot.
5. Put on the module cover and fix it to the switch by driving its screws with
screwdriver. Two at the front side, one at bottom side.
6. If the switch is rack-mounted, you can put the switch back to rack.
7. Power ON the switch.
-- Modules at Rear Side --
Module Slot
Rear Side
[ Adding Module to the Switch at Rear Panel ]
1. Power OFF the switch first.
2. Loosen the screws of the cover on the module slot.
3. Remove the cover of the module slot.
4. Follow the rails on both sides of the module slot to slide in the module slowly.
5. Push the module firmly to make the module connecting well with the
connector in the switch.
6. Drive the screws to fix the module to the switch firmly.
7. Power ON the switch.
8. Connect network cables to the connectors on the module. If the connected
devices are working, the Link/Act LED will be ON.
Note
: We suggest you to keep these removed module slot covers. It can be use
when these modules are removed in the future.
[ Remove Module from the Switch at Rear Panel ]
1. Power OFF the switch first.
2. Loosen the screws of the module.
3. Remove the module slowly from the module slot.
4. Put on the module cover and fix it to the switch by driving its screws.
5. Power ON the switch.
5
5. LEDs Conditions Definition
5.1 LEDs Defined
The LEDs provide useful information about the switch and the stat us of all individual ports.
[ For 24+2G fully modulized model ]
LED STATUS CONDITION
Power
Link / Act
FDX / Col
ON Switch is receiving power.
ON Port has established a vali d l i n k.
Flashing Data packets being received or sent.
ON The connection is Full Duplex.
OFF The connection is Half Duplex.
Flashing Collisions happen for half duplex connection
6
6. Manage / Configure the switch
6.1 Introduction of the management functions
This switch is a L2 management switch. It supports in-band management
function from SNMP, Http and Telnet interface. It also supports out-band
management function from RS232 console interface. Besides, it supports
network configuration functions, like VLAN, Trunking, Port Mirror, QoS, spanning
tree and software backup/update. Users can configure these functions for
different network applications. The following is a brief introduction about these
functions before the detail operation sections.
1. VLAN (Virtual LAN)
VLAN can divide the switch to several broadcast domains to prevent network
traffic between different user groups. This switch supports 802.1Q tag-based
VLAN and port-based VLAN. Users in the same VLAN can transfer data to
each other. The network traffic will be blocked if they are in different VLAN.
2. Trunk
If two switches are cascaded together, the bottleneck will happen at the
cascading connection. If more cables could be used for the cascading
connection, it will reduce the bottleneck problem. In normal case, switches
will become unstable because of traffic looping when more than one cable is
connected between them. If the switches support trunk function, they can treat
these cables as one connection between them. The traffic looping will not
happen between these cables and the switches will work stable with bigger
bandwidth between them.
This switch supports trunk function and users can configure it with the following
steps.
a. Enable trunk function.
b. Assign ports to a trunk. For example, assign Port 1,2,3 for Trunk 1.
Notes:
About redundant application
The trunk connection supports redundant function. If any trunk cable is broken,
the traffic going through that cable will be transferred to another trunk cable
automatically. For example, if user port Port 6 is assigned to Port 1 in a Trunk
and Port 1 connection breaks, Port 2 will take over the traffic for Port 6
automatically. (It could be used for redundant application.)
3. Spanning Tree Protocol
Spanning tree is a protocol to prevent network loop in network topology. If
network loop happens, it will cause switches in the network unstable because
more and more traffic will loop in the network. If network loop happens,
spanning tree protocol will block one connection in the loop automatically. But
it will also cause a 30 seconds delay if any network connection is changed
because of the network topology detection operation of the protocol.
Because there could be more than one switch in the network, users can
configure this function for their network spanning tree application.
7
4. Port Mirror
This switch operates in store-and-forward algorithm so it is not possible to
monitor network traffic from another connection port. But the port mirror
function could copy packets from some monitored port to another port for
network monitor. This switch also provides DA/SA filtering function for
monitoring the traffic to/from some user.
5. QoS
For Quality of Service request in a network, packets could be classified to
different forwarding priorities. For real-time network traffic (like video, audio), it
needs higher priority than normal network traffic. With the definition of packet
priority, it could have 8 priority levels (from 0 to 7). This switch supports four
priority level queues on each port. It could be configured for port-based or
802.1P tagged based. User can define the mapping (0 – 7) to the four priority
queues.
6. Static Mac ID in ARL table
The switch can learn the Mac address from user’s packets and keep these Mac
address in the ARL table for store-and-forward table lookup operation. But
these Mac addresses will be deleted from ARL table after some time when
users do not send any packets to the switch. This operation is called aging
and the time is called aging time. It is 5 minutes normally (it could be changed
by users.) If users want to keep a Mac address always in ARL table for some
port, they can assign the Mac address to ARL table. These Mac ID are called
Static Mac address. This switch supports static Mac address assignment.
The static Mac address assignment will also limit the Mac address could be
used or rejected on the assigned port only with the port security configuration
function. For example, assigning “00-00-01-11-22-33” to Port 5 will always
keep this Mac ID alive on Port 5 but also limit this Mac address could work on
Port 5 only or rejected from Port 5 - depending on the setting of its port security
mode.
Note
There is a “Mac Security Configuration” function for port security mode. If it is
set to Accept mode, only these static Mac addresses can access network
through the assigned port. The other Mac addresses will be forbidden for
network access through that port. This function can be used for port binding
security application. Please refer to Section 6.2 / 6.3 for the details of the Mac
address filter-in operation of the switch.
7. IEEE 802.1x Port Security Function
If the 802.1x function is enabled, the switch will act as an authenticator for
users accessing network through the switch. It will need a RADIUS server for
the authentication function. Users will be asked for username and password
before network access. If the RADIUS server authenticates it, the switch will
enable the port for network access. This function is very useful for network
security application to prevent illegal users access network through the switch.
This switch supports MD5, TLS and PEAP authentication types.
: About Static Mac Address Filter-in (port binding) function
8
8. Rate Control
This function can limit the burst traffic rate for physical ports. The traffic could
be ingress traffic or egress traffic. This function can protect the network
bandwidth usage by different users.
9. IP Multicast with IGMP Snooping
IP multicast function can forward packets to a group of users connected on
different ports. The user group is learned by the switch from the packets from
IGMP active router with IGMP snooping function. It is often used for video
applications.
10. Protected Port
This function can protect a port from communicating with some other ports.
Even these ports are in the same VLAN. This protection is still valid. For
example, Port 1,2,3,4 are marked as protected ports. Port 1,2,3,4 cannot
communicate with each other, but they can communicate with the other ports.
This is for port isolation application though they are in the same VLAN.
11. Software Backup/Update
This switch supports backup and update functions for its internal software and
its network configuration. It could be done in three ways.
a. From console when booting: doing by Xmodem protocol and by terminal
program for boot code and run-time code updating.
b. From console/Telnet when running: doing by TFTP protocol and it will need a
TFTP server in network for run-time code and configuration backup/update.
c. From web browser: doing by http protocol and by web browser for run-time
code and configuration backup/update.
9
6.2 Management with Console Connection
Please follow the steps to complete the console hardware connection first.
1. Connect from the console port of the switch to COM port of PC with the
console cable.
2. Start the terminal program. Create a new connection and select COM port of
PC used for the console. Set the configuration of the terminal as
[38400,8,N,1]. (With Windows, you can find the terminal program in [Start] ->
[Programs] -> [Accessory Programs] -> [Communication] -> [Terminal]. If you
cannot find it, please install it from your Windows Installation Disk. Please
refer to your Windows user manual for the installation.)
3. Power on the switch.
If everything is correct, the booting screen will appear in the terminal program
when the switch is powered on. It will stop at the following screen after some
initializing messages.
-------------------------------------------------------------------------------------------------------
Booting Program Version 1. 05.00, built at 14:44:03, Jul 29 2005
RAM: 0x00000000-0x00800000, 0x0000cc78-0x007f3000 available
FLASH: 0x05800000 - 0x05900000, 16 blocks of 0x00010000 bytes each.
==> enter ^C to abort booting within 3 seconds ..... .
Start to run system initialization task
[System Configuration]
Company Name :
Model Name : Intelligent Switch
MAC Address : 00:00:01:23:45:67
Firmware Version : 3.02.02 < Mar 13 2006 15:13:36 >
Press <ENTER> key to start.
UCD-SNMP version 4.1.2
-------------------------------------------------------------------------------------------------------
Press Enter key, user name and password will be requested. The default user
name and password is "admin" / ”123456”.
After login the switch, a prompt will be shown. Because this switch supports
command-line operation for console interface, you can press “?” or “help” to
check the command list first.
Note:
Management with Telnet connection has the same interface as console
connection.
10
With help command, you can find the command list as follow.
-------------------------------------------------------------------------------------------------------
>help
[Command List]
?.............. Help commands
help........ ... Help commands
set....... ..... Set commands
show........... Show commands
default........ Restore to factory default setting
del........ . ... Del commands
find........ . .. Find commands
whoami....... . . Display current login user nam e
reset.......... Reset system
ping........... Ping a specified host with IP address
backup......... backup run-time fi rmware or configuration file
upgrade........ Upgrade run-time firmware or configuration file
exit......... . . Logout
logout......... Logout
-------------------------------------------------------------------------------------------------------
Here is the detail about these commands.
1. ? and help command
This is help command and the switch will prompt command list for this
command.
2. set command
This command can be used to configure most functions of the switch. Lots of
sub-commands are for this command.
Enter “set” at the prompt, the sub-command list will be shown.
>set
[Command List]
?.............. Help commands
help........ ... Help commands
1qvlan......... Set 802.1q VLAN Configuration
admin...... .... Set administrator name and password
age............ Set aging time of switch
arl........ .... Add a static MAC addres s in ARL table
automode....... Set Auto Negotiation or Aut o Detect mode of port
dot1x.......... Set 802.1x configuration
guest.......... Set name and password for Guest
gvrp......... .. Set GVRP Protocol enable or disable
http........... Set HTTP Protocol enable or di sable
idle........... Set idle time for Console.
igmp........... Set IGMP configuration
loopback....... Set Loopback Detection of port
mirror...... ... Set mirror confi gurat i on
net............ Set network IP configuration
port........... Set switch port configuration
protect........ Set protected port set ting
pvlan........ .. Set members of Port-based VLAN groups
11
qos............ Set QoS configuration
ratecontrol.... S et Rate Control configuration
rmon........... Set RMON Function configuration
security....... Set port security mode for Static MAC address
snmp........... Set snmp configuration
sta............ Set Spanning Tree configuration
stormcontrol... Set Storm Control c onf i guration
trunk.......... Set Trunk function configuration
2.1 set ? and set help command
These two commands will show the sub-command list for set command.
2.2 set 1qvlan command
This command is used to configure 802.1Q VLAN of the switch.
Its syntax is . . .
>set 1qvlan
[Argument List]
enable......... Set 802.1Q VLAN enabled.
disable........ Set 802.1Q VLAN disabled.
ingressfilter.. Set ingress filter Enable or Disable.
create......... Create new 802.1Q vlan with specified VLAN I D and V LAN Name.
modify......... Modify the setting of a 802. 1Q V LAN.
pvid........... Set the Port VLANID of specified port.
mgrpvid........ Set the Port VLANID of management port.
priority....... Set the priority for tag of speci f i ed port.
mode........... Set the VLAN Mode.
enable and disable sub-commands are used to enable/disable 802.1Q
VLAN function of the switch.
ingressfilter sub-command is used to enable/disable VLAN filtering executed
at ingress port.
Enable: the VLAN filtering function will be executed when packet is received
at ingress port. If the ingress port is in the same VLAN of the received packet,
this packet will go to forwarding stage. Otherwise, the packet will be
discarded by VLAN filtering at ingress port.
Disable: the VLAN filtering function will be executed when packet is
forwarded to egress port.
create sub-command is used to create a static 802.1Q VLAN. For example,
“set 1qvlan create 20 ABC” will create a static 802.1Q VLAN with ID 20 and
name “ABC”.
modify sub-command is used to modify a static 802.1Q VLAN setting.
Its syntax is . . .
>set 1qvlan modify
Syntax : set 1qvlan modify [+|-] [port#] VLANID [1:<tagged>|0: <untagged>]
Examples : Set 1qvlan +1+5-7 2 1
Description: Add port 1,5 to VLAN 2 as tagged port and remove port 7 from VLAN 2
pvid sub-command is used to set Port VLAN ID. The Port VLAN ID is used
as the VLAN ID for tag adding when untagged packet is translated to tagged
packet. For example, “set 1qvlan pvid 3 10” will set the PVID of Port 3 as 10.
mgrpvid sub-command is used to select the VLAN group that is allowed to
management the switch. Only the users in the selected VLAN can manage
12
the switch by Http, Telnet and SNMP. For example, “set 1qvlan mgrpvid 5”
will allow the users in the VLAN with VLAN ID 5 to manage the switch
remotely.
priority sub-command is used to set port priority for tag adding when
untagged packet is translated to tagged packet. For example, “set 1qvlan
priority 3 2” will set the port priority of Port 3 as 2. The priority information in
tag will be filled with 2 when the untagged packet coming to Port 3 is
translated to tagged packet.
mode sub-command is used to select the VLAN mode for 802.1Q VLAN
operation. There are three modes for VLAN function –SVL (Shared VLAN),
IVL (Individual VLAN) and SVL/IVL.
Syntax : set 1qvlan mode [0:S VL|1:IVL]
Examples : Set 1qvlan m ode 0
Description: Set c u rrent vl an mode as SVL
0: SVL mode
1: IVL mode
2: SVL/IVL mode
SVL mode – the switch will do packet forwarding according to its Mac
address directly. It is the normal VLAN operation of switch.
IVL mode – the switch will do packet forwarding according to its Mac address
and VLAN ID both. It is for some special VLAN applications.
SVL/IVL mode – its operation is the same as IVL mode but for untagged port
is used as the uplink port in MDU/MTU application.
For most VLAN applications, SVL mode is suggested.
2.3 set admin command
This command is used to modify the user name and password for
administrator.
2.4 set age command
This command is used to change the aging time of the switch.
Its syntax is . . .
>set age
Syntax: set age [time]
[time]: 0: disable aging operation
1~65535: aging time in seconds, default is 300.
The aging time is 300 seconds default and its valid range is 0 ~ 65535. If
[time] is set to 0, the aging function will be disabled.
(Notes: Disable aging is different from static Mac ID in ARL table. The
connection port is fix for a static Mac ID, but the connection port could be
changed for a Mac ID with no aging.)
2.5 set arl command
This command is for adding static Mac ID to ARL table of the switch.
Its syntax is . . .
>set arl
Set ARL [xx-xx-xx-xx-xx-xx] [port #]
13
For example, “set ARL 00-00-01-11-22-33 5” will add a static Mac ID “00-0001-11-22-33” to ARL table for Port 5 and this Mac ID will never be aged out
from Port 5.
Note
: Because the static Mac address is fixed on the assigned port by the
switch, the static Mac address can access network through the assigned port
only. It will fail to access network through other ports of the switch.
2.6 set automode command
This command is used to set the auto mode function of connection port when
it is forced to some special setting instead of fully auto-negotiation. There are
two modes for it – an(auto negotiation) and ad(auto detection).
an mode – if the auto. function of a port is disabled in port configuration, the
switch will disable its auto-negotiation function and the Auto-MDIX function of
the port is also disabled. That is the real force-mode setting of the port.
ad mode – if the auto. function of a port is disabled in port configuration, the
switch will not disable its auto-negotiation function but just modify its autonegotiation attribute for the speed/duplex mode setting. And the Auto-MDIX
function of the port is still enabled.
Its syntax is …
>set automode
Valid mode [an:Auto Negotiation|ad:Auto Detect]
[Application]
If the connected device is auto-negotiation enabled and you want to force the
speed of the connection (for example, 10M/Half), you can select ad mode.
If the connected device is in forced mode (for example, 10M/Half) and it is
auto-negotiation disabled, you can use an mode and set the port to the same
configuration as the device in port configuration function.
You can select an mode or ad mode depending on your applications. In most
of connection cases, ad mode is suggested. But for 100FX connection, you
should select an mode and disable Auto. Set the port to 100/Full.
2.7 set dot1x command
This command is used to configure 802.1x function of the switch.
Its syntax is . . .
>set dot1x
[Argument List]
enable......... Set 802.1x enable
disable........ Set 802.1x disable
authmode....... Set 802.1x Auth Mode of a specified port
authport....... Set Authenticate Port of Radius Server
quiettime...... Set 802.1x Quiet Timeout Period
re_au......... . Set 802.1x Re-authentication
reauthcnt...... Set 802.1x Re-authentication Max Count
14
reauthtime.... . Set 802.1x Re-authentication Timeout P eri od
reqcnt......... Set 802.1x Max Request Count
rsip........... Set Radius Server Address
shkey.......... Set 802.1x Shared Key
supptime....... Set 802.1x Supplicant Timeout Period
svrtime........ Set 802.1x Server Timeout Period
transparent.... Set 802.1x as transparent mode
txtime......... Set 802.1x Tx Timeout Period
enable sub-commands is used to enable 802.1x authentication function.
disable sub-command is used to disable 802.1x function.
authmode sub-command is used to set the authentication mode for a
physical port. Its syntax is . . .
set dot1x authmode [port#] [ auto|fa|fu|no]
- auto: the authentication mode of the port depending on the authentication
result of the port
- fa (force-authenticated): will force the port always being authentication
successful in 802.1x process and the real authentication result will be
ignored.
- fu (force-unauthenticated): will force the port always being authentication
unsuccessful in 802.1x process and the real authentication result will be
ignored.
- none: 802.1x function will not be executed on the port, i.e. disabled on the
port.
authport sub-command is used to set the handshaking port number between
the switch and RADIUS server. It could be different for different RADIUS
servers.
quiettime sub-command is used to set the quiet time value between the
switch and the user before next authentication process when authentication
fail.
re_au sub-command is used to enable the re-authentication function of the
switch. When the re-authentication time is up, the switch will start the reauthentication process.
reauthcnt sub-command is used to set max count for re-authentication
request in the re-authentication process. If the max count is met, it will
become un-authentication state. The valid value is 1~10.
reauthtime sub-command is used to set the timeout period of the reauthentication process.
reqcnt sub-command is used to set max request timeout count between the
switch and RADIUS server before authentication fail. The valid value is 1~10.
rsip sub-command is used to set the IP address of RADIUS server.
shkey sub-command is used to set the security key between the switch and
RADIUS server.
supptime sub-command is used to set the timeout value between the switch
and users (called “supplicant” in 802.1x) after first identification. The valid
value is 0~65535.
svrtime sub-command is used to set the request timeout value between the
switch and RADIUS server. The valid value is 0~65535.
15
transparent sub-command is used to set the operation of 802.1x function to
transparent mode. In this mode, the switch will forward the 802.1x packets
only.
txtime sub-command is used to set the timeout value for the identification
request from the switch to users. The request will be re-tried until the
reauthcnt is met. After that, authentication fail message will be sent. The
valid value is 0~65535.
Note
: This switch supports MD5, TLS and PEAP authentication types.
2.8 set guest command
This command is used to modify the user name and password for guest.
(The “guest” account is allowed to see the configuration/setting of the switch.
But the “guest” is not allowed to make any modification.)
2.9 set gvrp command
This command is used to enable/disable the GVRP function for 802.1Q
VLAN. If this function is enabled, this switch will learn the 802.1Q VLAN from
another 802.1Q network devices if it receives their packets. The learned
remote 802.1Q VLAN will be shown in the dynamic 802.1Q VLAN table.
Its syntax is . . .
>set gvrp
Syntax: set gvrp [1|0] <1:enable,0: di sable>
2.10 set http command
This command is used to enable/disable the http function of the switch.
Because hacker or worm/virus (like ColdRed) often attacks http server, this
command is provided to disable http to prevent it. (If this switch is installed in
public Internet without any firewall protection, we suggest users to disable the
http interface and use Telnet or SNMP instead.)
Its syntax is . . .
>set http
Syntax : Set http enable
Description: Enable htt p protocol function.
Syntax : Set http disable
Description: Disable ht tp protocol function.
2.11
set idle command
This command is used to set idle time for console connection. If no any key
operation in this idle time, the switch logout automatically for security.
Its syntax is . . .
Syntax: Set idle [time]
[time]: 30~3600 sec onds
For example, “set idle 300” will change the idle time to 300 seconds. It is 10
minutes default. Its valid range is 30 ~ 3600 seconds.
16
2.12 set igmp command
This command is used to enable/disable IGMP snooping function for IP
multicast operation.
Its syntax is . . .
>set igmp
[Command List]
enable......... Enable igmp snooping functi on
disable........ Disable igmp snooping function
2.13
set loopback command
This command is used to set the loopback detection function of the switch. If
loopback condition happens at some connection port, all the transmitted
packets will come back to the switch and cause packet storm in the switch.
That may cause the switch unstable. If this function is enabled and
loopback condition is found at some port, that port will be disabled by the
switch. You can use “release” sub-command to enable the port after its
loopback condition is removed.
Its syntax is …
Syntax: set loopback [enable|disable|release].
[enable] : enable loopback detection on port
[disable]: disable loopback detection on port
[release]: release the ports that loopback are detected
2.14
set mirror command
This command is used to configure mirror function of the switch. The
following is the sub-command for it.
>set mirror
[Command List]
?.............. Help commands
help........... Help commands
enable........ . Enable mirror function
disable........ Disable mirror function
ingress........ Set mirror ingress setting
egress...... . .. Set mirror egress setting
port........... Set mirror capture port setting
2.14.1 set mirror ? and set mirror help command
This command can show the sub-command list for “set mirror” command.
2.14.2 set mirror enable command
This command is used to enable the mirror operation.
2.14.3 set mirror disable command
This command is used to disable the mirror operation.
2.14.4 set mirror ingress command
17
This command is used to configure the mirror operation for ingress traffic.
Its syntax is . . .
>set mirror ingress
[Argument List]
div............ Set mirror ingress/egress [div=%d]
mode........... Set mirror ingress/egress [mode=ALL/ S A/DA]
mac............ Set mirror ingress/egress [mac=xx-xx-xx-xx-xx-xx]
monitor........ Set mirror ingress/egress [monitor=xx,xx,xx]
set mirror ingress div x : every x packets, capture one for mirror. For
example, “set mirror ingress div 10” will capture one packet from every ten
packets from ingress traffic.
set mirror ingress mode xx : mirror all packets or mirror packets with
some DA or SA only. For example, “set mirror ingress mode all” will mirror
all packets.
set mirror ingress mac xx-xx-xx-xx-xx-xx : if the mirror mode is for the
packets with some DA/SA, users can assign the DA/SA here.
set mirror ingress monitor xx,xx,xx : set the monitored ports here. For
example, “set mirror ingress monitor 1,2,5” will mirror the ingress traffic
from Port 1,2,5. (Notes: If the monitored traffic exceeds the maximum
bandwidth of capture port, flow control function will work on these
monitored ports.)
2.14.5 set mirror egress command
This command is used to configure the mirror operation for egress traffic.
Its syntax is similar to the mirror operation for ingress traffic. Please refer
to “set mirror ingress command” section.
2.14.6 se t mirror port command
This command is used to set the capture port for mirror operation. For
example, “set mirror port 3” will capture the mirror traffic to Port 3.
2.15 set net command
This command is used to configure IP settings of the switch.
Its syntax is . . .
>set net
[Argument List]
dhcp........... Set DHCP client
ip............. Set IP Address
netmask........ Set netmask
gateway........ S et gateway IP address
This switch supports static IP setting or dynamic DHCP IP assignment. If
DHCP function is enable, this switch will try to get IP configuration from
DHCP server. If DHCP server is not found, the switch will use its default IP
configuration. You can check the IP conf iguration got from DHCP server by
“show net” command.
For static IP setting, you can set the IP configuration of the switch with ip,
netmask and gateway commands. For example, “set net ip 192.168.1.250
18
netmask 255.255.255.0 gateway 192.168.1.154” will set these parameters as
the IP address configuration of the switch. After the command, you can use
“show net” to verify the setting.
2.16
set port command
This command is used to change the connection configuration of ports.
Its syntax is . . .
>set port 2
[Argument List]
name........... Set port # name [string]
admin...... .... Set port # admin [enabl e|di sable]
speed.......... Set port # speed [auto|10|100|1000]
duplex......... Set port # duplex [full|half]
flowctrl....... Set port # flowctrl [ON|OFF]
User can configure the following items for each port.
a. Name of a port with “name” sub-command.
b. Enable/Disable a port with “admin” sub-command.
c. Operation speed of a port with “speed” sub-command.
d. Duplex mode of a port with “duplex” sub-command.
e. Flow Control function of a port with “flowctrl” sub-command.
For exampe, “set port 1 name YYY admin enable speed 10 duplex half”
command will enable Port 1 and set it to 10Mbps/Half Duplex and name it as
“YYY”.
Note
: For 100FX port, the port setting is allowed for 100/Full (100Mbps, Full
duplex) only.
2.17 set protected command
This command can set protection enabled/disabled for each connection port.
If a port is set as protected port, it cannot communicate with other protected
ports. But it still can communicate with other unprotected ports if they are in
the same VLAN.
For example, Port 1,2,3 are set as protected ports. Port 1,2,3 cannot
communicate with each other, but they can communicate with other unprotected ports – e.g. Port 4,5,6. This function is often used to isolated ports
in the same VLAN.
Its syntax is …
>set protect
[Argument List]
enable......... Set protect enable
disable........ Set protect disable
port........... Set protect port [port#] [1|0]
enable: enable this function
disable: disable this function
port: set a port as protected or un-protected
2.18 set pvlan command
19
This command is used to set the configuration for port-based VLAN. This
switch supports both 802.1Q VLAN and port-based VLAN. If you want to
apply port-based VLAN for the switch, you can use this command to
configure it.
Its syntax is …
>set pvlan
Syntax : Set pvlan [1:enable|0:dis abl e]
Examples : Set pvlan enable
Description: Enable the P ort-based VLAN function.
Syntax : Set pvlan name [vlan#] [ vlan name]
Examples : Set pvlan nam e 1 vl an_1
Description: Set name of vlan 1 as "vlan_1".
Syntax : Set pvlan [+/-] [port #] [vlan#]
Examples : Set pvlan +1+2+3+4+5-7 1
Description: Add port 1,2,3,4,5 to VLAN 1 and
remove port 7 from VLAN 1
Note
: If a port does not belong to any VLAN, that port will be isolated from
other ports – including the internal management interface of the switch.
2.19
set qos command
This command is used to configure QoS function of the switch.
Its syntax is . . .
>set qos
[Argument List]
enable......... Set QoS enabled.
disable........ Set QoS disabled.
priority....... Set QoS priority of specified port.
dot1p.......... Set 802.1p enabled of specified port.
mapping...... .. Set 802.1p priority to priority queue mapping.
This switch supports four priority queues on each port – P0, P1, P2 and P3.
And both port-based priority and 802.1P tag priority are supported. This
command can be used to configure the QoS setting of the switch. Here are
the details about these sub-commands.
2.19.1 set qos enable command
This command is used to enable QoS operation.
2.19.2 set qos disable command
This command is used to disable QoS operation.
2.19.3 set qos priority command
This command is used to configure port-based priority. All packets coming
from high priority port will always be forwarded to highest priority queue P3.
All packets coming from low priority port will always be forwarded to lowest
priority queue P0. For example, “set qos priority 3 high” command will set
Port 3 as a high priority port.
20
Loading...