KYLAND Technology SICOM3024P, SICOM3048, SICOM3024 Web Operation Manual

Download

SICOM3024P/SICOM3048/SICOM3024 Series Industrial

Ethernet Switches Web Operation Manual

Kyland Technology Co., Ltd.

Publication Date: Sep. 2013

Version: V2.2

FAX: +86-10-88796678

Website: http://www.kyland.com

E-mail: support@kyland.com

Disclaimer:

Kyland Technology Co., Ltd. tries to keep the content in this manual as accurate and as up-to-date as possible. This document is not guaranteed to be error-free, and we reserve the right to amend it without notice.

No part of this documentation may be excerpted, reproduced, translated, annotated or duplicated, in any form or by any means without the prior written permission of KYLAND Corporation.

Contents

Preface .................................................................................................................................. 1

1 Product Introduction ............................................................................................................ 5

1.1 Overview ...................................................................................................................... 5

1.2 Product Models ............................................................................................................. 5

1.3 Software Features ........................................................................................................ 5

2 Switch Access ..................................................................................................................... 7

2.1 View Types ................................................................................................................... 7

2.2 Access through Console Port ....................................................................................... 8

2.3 Access through Telnet................................................................................................. 10

2.4 Access through Web ................................................................................................... 12

3 Device Management ......................................................................................................... 14

4 Device Status .................................................................................................................... 15

4.1 Basic Information ........................................................................................................ 15

4.2 Port Status .................................................................................................................. 15

4.3 Port Statistics .............................................................................................................. 17

4.4 System Operating Information .................................................................................... 17

5 Basic Configuration........................................................................................................... 19

5.1 IP Address .................................................................................................................. 19

5.2 Basic Information ........................................................................................................ 20

5.3 Port Configuration ....................................................................................................... 21

5.4 Password Change ...................................................................................................... 24

5.5 Software Update ......................................................................................................... 24

5.5.1 Software Update through FTP .............................................................................. 24

5.6 Software Version Query .............................................................................................. 28

5.7 Configuration Upload/Download ................................................................................. 28

6 Advanced Configuration .................................................................................................... 30

6.1 Port Rate Limiting ................................................................................................ ....... 30

6.1.1 Overview .............................................................................................................. 30

6.1.2 Web Configuration ................................................................................................ 30

6.1.3 Typical Configuration Example ............................................................................. 32

6.2 VLAN .......................................................................................................................... 32

6.2.1 Overview .............................................................................................................. 32

6.2.2 Principle ................................................................................................................ 32

6.2.3 Port-based VLAN.................................................................................................. 33

6.2.4 Web Configuration ................................................................................................ 34

6.2.5 Typical Configuration Example ............................................................................. 38

6.3 PVLAN ........................................................................................................................ 39

6.3.1 Overview .............................................................................................................. 39

6.3.2 Web Configuration ................................................................................................ 40

6.3.3 Typical Configuration Example ............................................................................. 41

6.4 Port Mirroring .............................................................................................................. 42

6.4.1 Overview .............................................................................................................. 42

6.4.2 Description ........................................................................................................... 42

6.4.3 Web Configuration ................................................................................................ 43

6.4.4 Typical Configuration Example ............................................................................. 44

6.5 Port Trunk ................................................................................................................... 44

6.5.1 Overview .............................................................................................................. 44

6.5.2 Implementation ..................................................................................................... 44

6.5.3 Description ........................................................................................................... 45

6.5.4 Web Configuration ................................................................................................ 46

6.5.5 Typical Configuration Example ............................................................................. 47

6.6 Link Check .................................................................................................................. 48

6.6.1 Overview .............................................................................................................. 48

6.6.2 Web Configuration ................................................................................................ 48

6.7 Static Multicast ............................................................................................................ 49

6.7.1 Overview .............................................................................................................. 49

6.7.2 Web Configuration ................................................................................................ 49

6.8 IGMP Snooping .......................................................................................................... 51

6.8.1 Overview .............................................................................................................. 51

6.8.2 Concepts .............................................................................................................. 51

6.8.3 Principle ................................................................................................................ 52

6.8.4 Web Configuration ................................................................................................ 52

6.8.5 Typical Configuration Example ............................................................................. 54

6.9 ACL ............................................................................................................................. 55

6.9.1 Overview .............................................................................................................. 55

6.9.2 Implementation ..................................................................................................... 55

6.9.3 Web Configuration (SICOM3024P/SICOM3024) .................................................. 56

6.9.4 Web Configuration(SICOM3048) .......................................................................... 65

6.9.5 Typical Configuration Example ............................................................................. 73

6.10 ARP .......................................................................................................................... 74

6.10.1 Overview ............................................................................................................ 74

6.10.2 Description ......................................................................................................... 74

6.10.3 Web Configuration ................................ .............................................................. 74

6.11 SNMP ....................................................................................................................... 76

6.11.1 Overview ............................................................................................................. 76

6.11.2 Implementation ................................................................................................... 76

6.11.3 Description .......................................................................................................... 77

6.11.4 MIB ..................................................................................................................... 77

6.11.5 Web Configuration .............................................................................................. 78

6.11.6 Typical Configuration Example ........................................................................... 80

6.12 DT-Ring .................................................................................................................... 81

6.12.1 Overview ............................................................................................................ 81

6.12.2 Concepts ............................................................................................................ 81

6.12.3 Implementation ................................................................................................... 82

6.12.4 Explanation ......................................................................................................... 86

6.12.5 Web Configuration ................................ .............................................................. 86

6.12.6 Typical Configuration Example ........................................................................... 91

6.13 RSTP/STP ................................................................................................................ 92

6.13.1 Overview ............................................................................................................ 92

III

6.13.2 Concepts ............................................................................................................ 92

6.13.3 BPDU ................................................................................................................. 93

6.13.4 Implementation ................................................................................................... 93

6.13.5 Web Configuration ................................ .............................................................. 94

6.13.6 Typical Configuration Example ........................................................................... 98

6.14 RSTP/STP Transparent Transmission ...................................................................... 99

6.14.1 Overview ............................................................................................................ 99

6.14.2 Web Configuration ................................ .............................................................. 99

6.14.3 Typical Configuration Example ......................................................................... 100

6.15 QoS ........................................................................................................................ 101

6.15.1 Overview .......................................................................................................... 101

6.15.2 Principle ............................................................................................................ 101

6.15.3 Web Configuration (SICOM3024P/SICOM3024) .............................................. 102

6.15.4 Web Configuration (SICOM3048) ..................................................................... 106

6.15.5 Typical Configuration Example ......................................................................... 110

6.16 MAC Address Aging Time ....................................................................................... 112

6.16.1 Overview .......................................................................................................... 112

6.16.2 Web Configuration ................................ ............................................................ 112

6.17 LLDP ...................................................................................................................... 112

6.17.1 Overview .......................................................................................................... 112

6.17.2 Web Configuration ................................ ............................................................ 113

6.18 SNTP ...................................................................................................................... 113

6.18.1 Overview .......................................................................................................... 113

6.18.2 Web Configuration ................................ ............................................................ 113

6.19 Alarm ...................................................................................................................... 116

6.19.1 Overview .......................................................................................................... 116

6.19.2 Web Configuration ................................ ............................................................ 116

6.20 Port Traffic Alarm .................................................................................................... 119

6.20.1 Overview .......................................................................................................... 119

6.20.2 Web Configuration ................................ ............................................................ 120

6.21 GMRP Configuration and Query ............................................................................. 121

6.21.1 GARP ............................................................................................................... 121

6.21.2 GMRP ............................................................................................................... 122

6.21.3 Description ....................................................................................................... 122

6.21.4 Web Configuration ................................ ............................................................ 123

6.21.5 Typical Configuration Example ......................................................................... 126

6.22 RMON .................................................................................................................... 128

6.22.1 Overview .......................................................................................................... 128

6.22.2 RMON Groups .................................................................................................. 128

6.22.3 Web Configuration ................................ ............................................................ 130

6.23 Log Query ............................................................................................................... 134

6.23.1 Overview .......................................................................................................... 134

6.23.2 Description ....................................................................................................... 134

6.23.3 Web Configuration ................................ ............................................................ 134

6.24 Unicast Address Configuration and Query .............................................................. 136

6.24.1 Overview .......................................................................................................... 136

6.24.2 Web Configuration ................................ ............................................................ 137

Appendix: Acronyms .......................................................................................................... 139

Preface

Chapter

Content

1. Product Introduction

 Overview  Product models  Software features

2. Switch Access

 View types  Access through Console Port  Access through Telnet  Access through Web

3. Device Management

 Restart  Logout

4. Device Status

 Basic information  Port status  Port statistics  System Operating Information

5. Basic Configuration

 IP address  Basic information  Port configuration  Password change  Software update (FTP)  Software version query  Configuration upload/download

6. Advanced Configuration

 Port rate limiting

Preface

This manual mainly introduces the access methods and software features of SICOM3024P/SICOM3048/SICOM3024 series industrial Ethernet switches, and details Web configuration methods.

Content Structure

The manual contains the following contents:

 VLAN  PVLAN  Port mirroring  Port trunk  Link check  Static multicast  IGMP Snooping  ACL  ARP  SNMP  DT-Ring  RSTP/STP  RSTP/STP transparent transmission  QoS  MAC address aging time  LLDP  SNTP  MSTP  Alarm  Port traffic alarm  GMRP configuration and query  RMON  Log query*  Unicast address configuration and query

Note:

* indicates the features not available on SICOM3048/SICOM3024.

Preface

Conventions in the manual

Format

Description

< >

The content in < > is a button name. For example, click <Apply> button.

[ ]

The content in [ ] is a window name or a menu name. For example, click [File] menu item.

{ }

The content in { } is a portfolio. For example, {IP address, MAC address} means the IP address and MAC address are a portfolio and they can be configured and displayed together.

→

Multi-level menus are separated by "→". For example, Start → All Programs → Accessories. Click [Start] menu, click the sub menu [All programs], then click the submenu [Accessories].

Select one option from two or more options that are separated by "/". For example "Addition/Deduction" means addition or deduction.

It means a range. For example, "1~255" means the range from 1 to 255.

Format

Description

Bold

Commands and keywords, for example, show version, appear in bold font.

Italic

Parameters for which you supply values are in italic font. For example, in the show vlan vlan id command, you need to supply the actual value of vlan id.

Symbol

Description

1. Text format conventions

Preface

2. CLI conventions

3. Symbol conventions

Caution

The matters need attention during the operation and configuration, and they are supplement to the operation description.

Note

Necessary explanations to the operation description.

Warning

The matters call for special attention. Incorrect operation might cause data loss or damage to devices.

Document

Content

SICOM3024P Series Industrial Ethernet Switches Hardware Installation Manual

Describes the hardware structure, hardware specifications, mounting and dismounting methods of SICOM3024P.

SICOM3048 Series Industrial Ethernet Switches Hardware Installation Manual

Describes the hardware structure, hardware specifications, mounting and dismounting methods of SICOM3048.

SICOM3024 Series Industrial Ethernet Switches Hardware Installation Manual

Describes the hardware structure, hardware specifications, mounting and dismounting methods of SICOM3024.

SICOM3024P/SICOM3048/SICOM3024 Series Industrial Ethernet Switches Web Operation Manual

Describes the switch software functions, Web configuration methods, and steps of all functions.

Product Documents

The documents of SICOM3024P/3048 series industrial Ethernet switches include:

Preface

Document Obtainment

Product documents can be obtained by:

 CD shipped with the device

 Kyland website: www.kyland.com

Product Introduction

1 Product Introduction

1.1 Overview

The series switches are applied in the power, rail transit, coal mining, and many other industries, and can work properly in rugged environment. They support MSTP and DT-Ring, securing reliable operation. With extensive ports, the switches satisfy various customers' requirements. The series switches employ the internal modular design for flexible expansion. They comply with IEC61850-3 and IEEE1613 standards.

1.2 Product Models

This series switches include: SICOM3048 SICOM3024P_V3.1 (V3.1 indicates the hardware version.) SICOM3024_V3.1 (V3.1 indicates the hardware version.)

1.3 Software Features

This series switches provide abundant software features, satisfying customers' various requirements.

 Redundancy protocols: RSTP/STP, DT-Ring, and MSTP  Multicast protocols: IGMP Snooping, GMRP, and static multicast  Switching attributes: VLAN, PVLAN, QoS, and ARP  Bandwidth management: port trunk, port rate limiting  Security: ACL  Synchronization protocol: SNTP  Device management: FTP software update, configuration upload/download  Device diagnosis: port mirroring, LLDP, link check

 Alarm function: port alarm, power alarm, ring alarm, IP/MAC address conflict alarm,

temperature alarm, and port traffic alarm

 Network management: management by CLI, Telnet, Web and Kyvision network

 ...

Product Introduction

management software, and SNMP network monitoring

Switch Access

View Prompt

View Type

View Function

Command for View Switching

SWITCH>

General mode

View recently used commands. View software version. View response information for ping operation.

Input "enable" to enter the Privileged mode.

SWITCH #

Privileged mode

Upload/Download configuration file. Restore default configuration. View response information for ping operation. Restart the switch. Save current configuration. Display current configuration. Update software.

Input "configure terminal" to enter the Configuration mode from the Privileged mode. Input "exit" to return to the General mode.

SWITCH(conf ig) #

Configuration mode

Configure switch functions.

Input "exit" or "end" to return to the Privileged mode.

2 Switch Access

You can access the switch by:

 Console port  Telnet/SSH  Web browser  Kyvision management software

Kyvision network management software is designed by Kyland. For details, refer to its user manual.

2.1 View Types

When logging into the Command Line Interface (CLI) by the console port or Telnet, you can enter different views or switch between views by using the following commands.

Table 1 View Types

Switch Access

When the switch is configured through the CLI, "?" can be used to get command help. In the help information, there are different parameter description formats. For example, <1, 255> means a number range; <H.H.H.H> means an IP address; <H:H:H:H:H:H> means a MAC address; word<1,31> means a string range. In addition, ↑ and ↓ can be used to scroll through recently used commands.

2.2 Access through Console Port

You can access a switch by its console port and the hyper terminal of Windows OS or other software that supports serial port connection, such as HTT3.3. The following example shows how to use Hyper Terminal to access switch by console port.

1. Connect the serial port of a PC to the console port of the switch with a DB9-RJ45 cable.

2. Run the Hyper Terminal in Windows desktop. Click [Start] → [All Programs] →

[Accessories] → [Communications] → [Hyper Terminal], as shown in the following figure.

Figure 1 Starting the Hyper Terminal

3. Create a new connection "Switch", as shown in the following figure.

Figure 2 Creating a New Connection

Note: To confirm the communication port in use, right-click [My Computer] and click [Property] →

[Hardware] → [Device Manager] → [Port].

Switch Access

4. Connect the communication port in use, as shown in the following figure.

Figure 3 Selecting the Communication Port

5. Set port parameters (Bits per second: 9600, Data bits: 8, Parity: None, Stop bits: 1, and

Flow control: None), as shown in the following figure.

Switch Access

Figure 4 Setting Port Parameters

6. Click <OK>. The switch CLI is displayed. Input password "admin" and press <Enter> to

enter the General mode, as shown in the following figure.

Figure 5 CLI

2.3 Access through Telnet

The precondition for accessing a switch by Telnet is the normal communication between the

Switch Access

Note:

For details about how to confirm the switch IP address, see section 5.1 IP Address.

PC and the switch.

1. Enter "telnet IP address" in the Run dialog box, as shown in the following figure.

Figure 6 Telnet Access

2. In the Telnet interface, input "admin" in User, and "123" in Password. Press <Enter> to log

in to the switch, as shown in the following figure.

Figure 7 Telnet Interface

Switch Access

Note:

IE8.0 or a later version is recommended for the best Web display results.

Note:

For details about how to confirm the switch IP address, see section 5.1 IP Address.

2.4 Access through Web

The precondition of accessing switch by Web is the normal communication between the PC and the switch.

1. Input "IP address" in the browser address bar. The login interface is displayed, as shown

in the following figure. Input the default user name "admin" and password "123". Click <Login>.

Figure 8 Web Login

The English login interface is displayed by default. You can click <中文> to change to the Chinese login interface.

2. After you log in successfully, there is a navigation tree on the left of the interface, as

shown in the following figure.

Switch Access

Caution:

After you have restored the default settings, you need to restart the device to make settings take

effect.

Figure 9 Web Interface

You can expand or collapse the navigation tree by clicking <Expand> or <Collapse> on the top of the navigation tree. You can perform corresponding operations by clicking [Save Configuration] or [Load Default] in the top menu. In the upper right corner, you can click <中文> to switch to the Chinese interface.

Device Management

3 Device Management

Click [Device Management] → [Reboot]/[Logout]. You can reboot the device or exit the Web interface. Before rebooting the device, you need to save the current settings as required. If you have saved the settings, the switch automatically configures itself with the saved settings after restart. If you have not saved any settings, the switch restores the factory default settings after restart.

Device Status

4 Device Status

4.1 Basic Information

The switch basic information includes the MAC address, SN, IP address, subnet mask, gateway, system name, device model, and version information, as shown in the following figure.

Figure 10 Basic Information

4.2 Port Status

Port status page displays the port number, administration status, link status, speed, duplex, and flow control, as shown in the following figure.

Figure 11 Port Status

Port ID

Display the type and ID of ports. Port ID is in Sα/β format. α indicates the number of the slot where the board resides. In SICOM3048, S0 indicates the port is a fixed port on the device (not on a board); β indicates the port type and ID of the board/panel where the port resides.

FE/FX/GE/GX indicate port types. FE: 10/100Base-TX RJ45 port FX: 100Base-FX port GE: Gigabit RJ45 port GX: Gigabit SFP slot

Administration Status

Display the administration status of ports. Enable: The port is available and permits data transmission. Disable: The port is locked without data transmission.

Operation Status

Display the operation status of ports.

Device Status

Link

Display the link status of ports. Up: The port is in LinkUp state and can communicate normally. Down: The port is in LinkDown state and cannot communicate normally.

Speed

Display the communication speed of LinkUp ports.

Duplex

Display the duplex mode of LinkUp ports. Full-duplex: The port can receive and transmit data at the same time. Half-duplex: The port only receives or transmits data at the same time.

Flow Control

Display the flow control status of LinkUp ports.

Options: Enable/Disable Enable: The port can receive data. Disable: The port cannot receive data.

Options: Enable/Disable Enable: The port can transmit data.

Device Status

Note:

For details about port settings, see section 5.3 Port Configuration.

Disable: The port cannot transmit data.

4.3 Port Statistics

Port statistics cover the number of bytes/packets that each port sends/receives, CRC errors, and number of packets with less than 64 bytes, as shown in the following figure.

Figure 12 Port Statistics

You can click <Reset> to restart statistics collection.

4.4 System Operating Information

System operating information includes the device runtime, CPU usage, Memory usage, device temperature, and system time, as shown in the following figures.

Figure 13 System Operating Information (SICOM3024P)

Figure 14 System Operating Information (SICOM3048)

Figure 15 System Operating Information (SICOM3024)

Device Status

Basic Configuration

5 Basic Configuration

5.1 IP Address

1. View the switch IP address by using the console port.

Log in to the switch CLI through the console port. Run the "show interface" command in the Privileged mode to view the switch IP address. As shown in the following figure, the IP address is circled in red.

Figure 16 Viewing IP Address

2. Set the IP address. Switch IP address and gateway can be configured manually, as shown in the following figure.

Figure 17 IP Address

Basic Configuration

Caution:

 IP address and gateway must be in the same network segment; otherwise, the IP address

cannot be modified.

 For the series switches, the change in IP address will take effect only after the device is

restarted.

5.2 Basic Information

Basic information includes the project name, switch name, location, contact, and system time, as shown in the following figure.

Figure 18 Device Information (SICOM3024P)

Figure 19 Device Information (SICOM3048/SICOM3024)

Project Name

Range: 1~64 characters

System Name

Range: 1~32 characters

Location

Basic Configuration

Value: English/Chinese characters Range: 1~255 characters (One Chinese character occupies the position of two English characters.)

Contact

Value: English/Chinese characters Range: 1~32 characters (One Chinese character occupies the position of two English characters.)

Device time

Portfolio: {YYYY, MM, DD, HH, MM, SS} Range: YYYY (year) ranges from 2000 to 2099, MM (month) from 1 to 12, DD (day) from 1 to 31, HH (hour) from 0 to 23, and MM (minute) and SS (second) from 0 to 59. Function: Set the system date and time. The switch can continue timekeeping after powered off.

5.3 Port Configuration

In port configuration, you can configure port status, port speed, flow control, and other information, as shown in the following figure.

Figure 20 Port Configuration

Administration Status

Options: Enable/Disable Default: Enable Function: Allow data transmission on port or not. Description: Enable indicates the port is enabled and permits data transmission; Disable

Basic Configuration

Caution:

100Base-FX ports are set to Disable forcibly.

Caution:

 10/100Base-TX ports can be set to auto-negotiation, 10M&full duplex, 10M&half duplex,

100M&full duplex, or 100M&half duplex.

 100Base-FX ports are set to 100M&full duplex.  1000M RJ45 ports can be set to auto-negotiation, 10M&full duplex, 10M&half duplex,

indicates the port is disabled and disallows data transmission. This option directly affects the hardware status of the port and triggers port alarms.

Operation Status

Description: When the administration status is Enable, the operation status is set to Enable forcibly; when the administration status is Disable, the operation status is set to Disable forcibly.

Auto

Options: Enable/Disable Default: Enable Function: Configure the auto-negotiation status of ports. Description: When Auto is set to Enable, the port speed and duplex mode will be automatically negotiated according to port connection status; when Auto is set to Disable, the port speed and duplex mode can be configured.

Speed

Options: 10M/100M/1000M Function: Configure the speed of ports forcibly. Description: When Auto is set to Disable, the port speed can be configured.

Duplex

Options: Half/Full Function: Configure the duplex mode of ports. Description: When Auto is set to Disable, the port duplex mode can be configured.

Basic Configuration

100M&full duplex, 100M&half duplex, 1000M&full duplex, ot 1000M&half duplex.

 1000M fiber ports can be set to auto-negotiation and 1000M&full duplex.

You are advised to enable auto-negotiation for each port to avoid the connection problems caused by mismatched port configuration. If you want to force port speed/duplex mode, please make sure the same speed/duplex mode configuration in the connected ports at both ends.

Flow Control

Options: Off/On Default: Off Function: Enable/Disable flow control function on the designated port. Description: Once the flow control function is enabled, the port will inform the sender to slow the transmitting speed to avoid packet loss by algorithm or protocol when the port-received flow is bigger than the size of port cache. If the devices work in different duplex modes (half/full), their flow control is realized in different ways. If the devices work in full duplex mode, the receiving end will send a special frame (Pause frame) to inform the sending end to stop sending packets. When the sender receives the Pause frame, it will stop sending packets for a period of "wait time" carried in the Pause frame and continue sending packets once the "wait time" ends. If the devices work in half duplex mode, they support back pressure flow control. The receiving end creates a conflict or a carrier signal. When the sender detects the conflict or the carrier wave, it will take backoff to postpone the data transmission.

Options: Enable/Disable Default: Enable Function: Allow the port to receive data or not. Description: Enable indicates the port can receive data; Disable indicates the port cannot receive data.

Basic Configuration

Options: Enable/Disable Default: Enable Function: Allow the port to receive data or not. Description: Enable indicates the port can transmit data; Disable indicates the port cannot transmit data.

Reset

Options: Reset/Noreset Default: Noreset Function: Reset the port or not.

5.4 Password Change

You can change the password for user name "admin", as shown in the following figure.

Figure 21 Password Change

5.5 Software Update

Software updates may help the switch to improve its performance. For this series switches, software updates include BootROM software version update and system software version update. The BootROM software version should be updated before the system software version. If the BootROM version does not change, you can update only the system software version. The software version update requires an FTP server.

5.5.1 Software Update through FTP

Install an FTP server. The following uses WFTPD software as an example to introduce FTP

Basic Configuration

server configuration and software update.

1. Click [Security] → [Users/Rights]. The "Users/Rights Security Dialog" dialog box is

displayed. Click <New User> to create a new FTP user, as shown in the following figure. Create a user name and password, for example, user name "admin" and password "123". Click <OK>.

Figure 22 Creating a New FTP User

2. Input the storage path of the update file in "Home Directory", as shown in the following figure. Click <Done>.

Basic Configuration

Parameter

Description

File_name

Name of the BootROM version

Ftp_server_ip_address

IP address of the FTP server

User_name

Created FTP user name

Password

Created FTP password

Figure 23 File Location

3. To update the BootROM software, input the following command in the Privileged mode.

Switch#update bootrom File_name Ftp_server_ip_address User_name Password The following table lists the parameter descriptions.

Table 2 Parameters for BootROM Update by FTP

4. The following figure shows the software update page. Enter the IP address of the FTP server, file name (on the server), FTP user name, and password. Click <Apply>.

Basic Configuration

Warning:

 Only the software version in inactive state can be used for update through Web.  The file name must contain an extension. Otherwise, the update may fail.

Caution:

To display update log information as shown in the preceding figure, you need to click [Logging] → [Log Options] in WFTPD and select Enable Logging and the log information to be displayed.

Figure 24 Software Update through FTP

5. Ensure normal communication between the FTP server and the switch, as shown in the following figure.

Figure 25 Normal Communication between the FTP Server and the Switch

6. When the update is completed as shown in the following figure, please reboot the device and open the Switch Basic Information page to check whether the update succeeded and

the new version is active.

Warning:

 In the software update process, keep the FTP server software running.  When update completes, reboot the device to make the new version take effect.

 If update fails, do not reboot the device to avoid the loss of software file and startup

anomaly.

Figure 26 Successful Software Update through FTP

Basic Configuration

5.6 Software Version Query

Two software versions can be downloaded to the switch, but only one can be in active state at a time. In the Web UI, you can update only the inactive version. By querying software versions, you can learn the IDs, release dates, and statuses of the two versions, as shown in the following figure.

Figure 27 Software Version Query

5.7 Configuration Upload/Download

Configuration backup function can save current switch configuration files on the server. When the switch configuration is changed, you can download the original configuration files from the server to switch through FTP. File uploading is to upload the switch configuration files to the server and save them to *.doc

Basic Configuration

Caution:

After configuration file is downloaded to the switch, you need to restart the switch to make the configuration take effect.

and *.txt files. File downloading is to download the saved configuration files from the server to switch, as shown in the following figures.

Figure 28 Configuration File Upload

Figure 29 Configuration File Download

Advanced Configuration

6 Advanced Configuration

6.1 Port Rate Limiting

6.1.1 Overview

Port rate limiting is to limit the rate packets received or transmitted by a port and discard the packets whose rate exceeds the threshold. The function takes effect on all packets at the egress but only certain types of packets at the ingress. The following packets are controlled at the ingress.  Unicast packets: indicate the unicast packets added statically or whose source MAC

addresses are learned.

 Multicast packets: indicate the packets added statically or learned through IGMP

Snooping or GMRP.

 Reserved multicast packets: indicate the packets with MAC addresses in the range of

0x0180c2000000 to 0x0180c200002f.

 Broadcast packets: indicate the packets with the destination MAC address of

FF:FF:FF:FF:FF:FF.

 Unknown multicast packets: indicate the packets neither added statically nor learned

through IGMP Snooping or GMRP.

 Unknown unicast packets: indicate the packets neither added statically nor whose source

MAC addresses are learned.

 Unknown source packets: indicate the packets with unknown source MAC addresses.

6.1.2 Web Configuration

1. Select the packet types for rate control, as shown in the following figure.

Advanced Configuration

Figure 30 Packet Types for Rate Control

The receiver classifies rate control into two types: service rate control and broadcast rate control. Each packet can be added to only one rate control type.

2. Configure port rate control, as shown in the following figure.

Figure 31 Port Rate Control

Service/Broadcast

Range: 64~1000000Kbps Function: Configure rate control for packets on the port. Packets whose rate is higher than the specified value are discarded. Description: The ingress rate for a 100M port ranges from 64 to 100000Kbps. The ingress rate for a 1000M port ranges from 64 to 1000000Kbps.

OutRate

Range: 64~1000000Kbps Function: Limit the rate of packets forwarded by a port.

Advanced Configuration

Caution:

If a rate value is set to 0, rate control is disabled on the port.

802.1Q Header

Length/Type

Data

FCS

Description: The egress rate for a 100M port ranges from 64 to 100000Kbps. The ingress rate for a 1000M port ranges from 64 to 1000000Kbps.

6.1.3 Typical Configuration Example

Set the rate threshold of unicast and multicast packets on port 2 to 70Kbps, broadcast packets to 80Kbps, and outgoing rate to 90Kbps. Configuration steps:

1. Select unicast and multicast packets in the Service column, and broadcast packets in the Broadcast column, as shown in Figure 30.

2. On port 2, set the service rate threshold to 70Kbps, broadcast rate threshold to 80Kbps, and outgoing rate to 90Kbps, as shown in Figure 31.

6.2 VLAN

6.2.1 Overview

One LAN can be divided into multiple logical Virtual Local Area Networks (VLANs). A device can only communicate with the devices on the same VLAN. As a result, broadcast packets are restricted to a VLAN, optimizing LAN security. VLAN partition is not restricted by physical location. Each VLAN is regarded as a logical network. If a host in one VLAN needs to send data packets to a host in another VLAN, a router or layer-3 device must be involved.

6.2.2 Principle

To enable network devices to distinguish packets from different VLANs, fields for identifying VLANs need to be added to packets. At present, the most commonly used protocol for VLAN identification is IEEE802.1Q. The following table shows the structure of an 802.1Q frame.

Table 3 802.1Q Frame Structure

Advanced Configuration

Type

PRI

CFI

VID

Note:

 VLAN 1 is the default VLAN and cannot be manually created and/or deleted.  Reserved VLANs are reserved to realize specific functions by the system and cannot be

manually created and/or deleted.

A 4-byte 802.1Q header, as the VLAN tag, is added to the traditional Ethernet data frame. Type: 16 bits. It is used to identify a data frame carrying a VLAN tag. The value is 0x8100. PRI: three bits, identifying the 802.1p priority of a packet. CFI: one bit. 0 indicates Ethernet, and 1 indicates token ring. VID: 12 bits, indicating the VLAN number. The value ranges from 1 to 4093. 0, 4094, and 4095 are reserved values.

The packet with an 802.1Q header is a tagged packet; the one without 802.1Q header is an untagged packet. All packets carry an 802.1Q tag in the switch.

6.2.3 Port-based VLAN

VLAN partition can be either port-based or MAC address-based. This series switches support port-based VLAN partition. VLAN members can be defined based on switch ports. After a port is added to a specified VLAN, the port can forward the packets with the tag for the VLAN.

1.Port Type

Ports fall into two types according to how they handle VLAN tags when they forward packets.

 Untag port: Packets forwarded by an Untag port do not have VLAN tags. Untag ports are

usually used to connect to terminals that do not support 802.1Q. By default, all switch ports are Untag ports and belong to VLAN1.

 Tag port: All packets forwarded by a Tag port carry a VLAN tag. Tag ports are usually

used to connect network transmission devices.

Advanced Configuration

Processing Received Packets

Processing Packets to Be Forwarded

Untagged packets

Tagged packets

Port Type

Packet Processing

Add PVID tags to untagged packets.

 If the VLAN ID in a

packet is in the list of VLANs allowed through, accept the packet.

 If the VLAN ID in a

packet is not in the list of VLANs allowed through, discard the packet.

Untag

Forward the packet after removing the tag.

Tag

Keep the tag and forward the packet.

2.PVID

Each port has a PVID. When receiving an untagged packet, a port adds a tag to the packet according to the PVID. The port PVID is the VLAN ID of the Untag port. By default, all ports' PVID is VLAN 1.

The following table shows how the switch processes received and forwarded packets according to the port type and PVID.

Table 4 Different Processing Modes for Packets

6.2.4 Web Configuration

1. Configure the VLAN transparent transmission mode, as shown in the following figure.

Ingress VLAN Filter

Options: Nonmember Drop/Nonmember Forward Default: Nonmember Drop Function: Configure the VLAN transparent transmission mode.

Figure 32 Configuring VLAN Transparent Transmission Mode

Advanced Configuration

Description: The transparent transmission mode indicates whether the switch checks incoming packets on a port. If Nonmember Drop is selected, a packet is discarded when the VLAN tag of the packet is different from the VLAN of the port. If Nonmember Forward is selected, a packet is accepted when the VLAN tag of the packet is identical with that of any other connected port on the switch; otherwise, the packet is discarded.

2. Create a VLAN.

Click <Add> in Figure 32 to create a VLAN. As shown in the following figure, select the ports to be added to the VLAN and set port parameters.

Figure 33 VLAN Configuration

VLAN Name

Range: 1~31 characters Function: Set the VLAN name.

VLAN ID

Range: 2~4093 Function: Configure the VLAN ID. Description: VLAN ID is used to distinguish different VLANs. This series switches support a maximum of 256 VLANs.

VLAN Member

Options: Tagged/Untagged Function: Select the type of the port in the VLAN.

Advanced Configuration

Caution: An Untag port can be added to only one VLAN. The VLAN ID is the PVID of the port. The default value is 1. A Tag port can be added to multiple VLANs.

Priority

Range: 0~7 Default: 0 Function: Set the default priority of the port. When adding an 802.1Q tag to an untagged packet, the value of the PRI field is the priority.

PVLAN

Options: Enable/Disable Default: Disable Function: To add a Tag port to a VLAN, you need to enable or disable PVLAN. For details about PVLAN, see the next chapter.

3. View the VLAN list, as shown in the following figure.

Figure 34 Viewing VLAN List

PVLAN List

Options: select/deselect Function: Enable or disable the PVLAN function. For details, see the next chapter.

4. View the PVIDs of ports.

Click <Untagged Port VLAN List> in Figure 34. The following page is displayed.

Figure 35 Port PVID List

Caution: Each port must have an Untag attribute. If it is not set, the Untag port is in VLAN 1 by default.

Advanced Configuration

5. Modify/Delete VLAN.

Click a VLAN list in Figure 34. You can modify or delete a created VLAN. Click <Delete> at the bottom. You can delete a VLAN directly, as shown in the following figure.

Figure 36 Modifying/Deleting a Created VLAN

Advanced Configuration

Item

Configuration

VLAN2

Set port 1 and port 2 of Switch A and B to Untag ports, and port 7 to Tag port.

VLAN100

Set port 3 and port 4 of Switch A and B to Untag ports, and port 7 to Tag port.

VLAN200

Set port 5 and port 6 of Switch A and B to Untag ports, and port 7 to Tag port.

6.2.5 Typical Configuration Example

As shown in the following figure, the entire LAN is divided into 3 VLANs: VLAN2, VLAN100 and VLAN200. It is required that the devices in a same VLAN can communicate to each other, but different VLANs are isolated. The terminal PCs cannot distinguish Tag packets, so the ports on connecting Switch A and Switch B with PCs are set to Untag port. VLAN2, VLAN100 and VLAN200 packets need to be transmitted between Switch A and Switch B, so the ports connecting Switch A and Switch B should be set to Tag ports, permitting the packets of VLAN 2, VLAN 100 and VLAN 200 to pass through. The following table shows specific configuration.

Table 5 VLAN Configuration

Figure 37 VLAN Application

Advanced Configuration

Configurations on Switch A and Switch B:

1. Create VLAN 2, add port 1 and port 2 to VLAN 2 as Untag ports, and add port 7 into VLAN 2 as Tag port, as shown in Figure 33.

2. Create VLAN 100, add port 3 and port 4 to VLAN 100 as Untag ports, and add port 7 into VLAN 100 as Tag port, as shown in Figure 33.

3. Create VLAN 200, add port 5 and port 6 into VLAN 200 as Untag ports, and add port 7 into VLAN 200 as Tag port, as shown in Figure 33.

6.3 PVLAN

6.3.1 Overview

Private VLAN (PVLAN) uses two layers isolation technologies to realize the complex port traffic isolation function, achieving network security and broadcast domain isolation. The upper VLAN is a shared domain VLAN in which ports are uplink ports. The lower VLANs are isolation domains in which ports are downlink ports. Downlink ports can be assigned to different isolation domains and they can communicate with the uplink port at the same time. Isolation domains cannot communicate with each other.

Figure 38 PVLAN Application

As shown in the preceding figure, the shared domain is VLAN 100 and the isolation domains are VLAN 10 and VLAN 30; the devices in the isolation domains can communicate with the device in the shared domain, such as VLAN 10 can communicate with VLAN 100; VLAN 30 can also communicate with VLAN100, but the devices in different isolation domains cannot communicate with each other, such as VLAN 10 cannot communicate with VLAN 30.

Note: When a PVLAN-enabled Tag port forwards a frame carrying a VLAN tag, the VLAN tag will be removed.

6.3.2 Web Configuration

1. Enable PVLAN on the port, as shown in the following figure.

Advanced Configuration

Figure 39 Enabling PVLAN

You can enable PVLAN on a Tag port in VLAN. If the VLAN is a shared domain, the uplink port is an Untag port and the downlink port shall be added to the VLAN as a Tag port. If the VLAN is an isolation domain, the downlink port is an Untag port and the uplink port shall be added to the VLAN as a Tag port.

2. Select the member VLANs of PVLAN, as shown in the following figure.

Advanced Configuration

Note:

Both shared and isolation domains are member VLANs of PVLAN.

Figure 40 Selecting PVLAN Members

PVLAN List

Options: select/deselect Default: deselect Function: Select PVLAN members.

6.3.3 Typical Configuration Example

Figure 41 shows a PVLAN application. VLAN300 is a shared domain and port 1 and port 2 are uplink ports; VLAN100 and VLAN200 are isolation domains and port 3, 4, 5 and 6 are downlink ports.

Configuration steps:

Figure 41 PVLAN Configuration Example

1. Configure the shared domain, VLAN 300, as shown in Figure 39.

Set port 1 and port 2 to Untag ports and add them to VLAN 300. Set port 3 and port 4 to Tag ports and add them to VLAN 300. Enable PVLAN on the two ports. Set port 5 and port 6 to Tag ports and add them to VLAN 300. Enable PVLAN on the two ports.

Advanced Configuration

Caution:

 A mirroring source or destination port cannot be added to a Trunk group,while the port

added to a Trunk group cannot be set to a mirroring destination or source port.

 A mirroring source or destination port cannot be set to a redundant port, while a redundant

port cannot be set to a mirroring source or destination port.

2. Configure VLAN 100, an isolation domain, as shown in Figure 39.

Set port 1 and port 2 to Tag ports and add them to VLAN 100. Enable PVLAN on the two ports. Set port 3 and port 4 to Untag ports and add them to VLAN 100.

3. Configure VLAN 200, an isolation domain, as shown in Figure 39.

Set port 1 and port 2 to Tag ports and add them to VLAN 200. Enable PVLAN on the two ports. Set port 5 and port 6 to Untag ports and add them to VLAN 200.

4. Set VLAN300, VLAN100 and VLAN200 to PVLAN members, as shown in Figure 40.

6.4 Port Mirroring

6.4.1 Overview

With port mirroring function, the switch copies all received or transmitted data frames in a port (mirroring source port) to another port (mirroring destination port). The mirroring destination port is connected to a protocol analyzer or RMON monitor for network monitoring, management, and fault diagnosis.

6.4.2 Description

A switch supports only one mirroring destination port but multiple source ports. Multiple source ports can be either in the same VLAN, or in different VLANs. Mirroring source port and destination port can be in the same VLAN or in different VLANs. The source port and destination port cannot be the same port.

Advanced Configuration

6.4.3 Web Configuration

1. Select the mirroring destination port, as shown in the following figure.

Figure 42 Selecting a Mirroring Port

Mirroring Port

Options: Disable/a switch port Default: Disable Function: Select a port to be the mirroring destination port. There must be only one mirroring destination port.

2. Select mirroring source ports and the mirroring mode, as shown in the following figure.

Figure 43 Mirroring Source Port

Mode

Options: RX/TX/RX & TX Function: Select the data to be mirrored. TX indicates only the transmitted packets are mirrored in the source port. RX indicates only the received packets are mirrored in the source port. TX&RX indicates both transmitted and received packets are mirrored in the source port.

Advanced Configuration

6.4.4 Typical Configuration Example

As shown in the following figure, the mirroring destination port is port 2 and the mirroring source port is port 1. Both transmitted and received packets on port 1 are mirrored to port 2.

Figure 44 Port Mirroring Example

Configuration steps:

1. Set port 2 to the mirroring destination port, as shown in Figure 42.

2. Set port 1 to the mirroring source port and the port mirroring mode to TX&RX, as shown in Figure 43.

6.5 Port Trunk

6.5.1 Overview

Port trunk is to bind a group of physical ports that have the same configuration to a logical port. The member ports in a trunk group can not only share the load, but also become a dynamic backup for each other to enhance connection reliability.

6.5.2 Implementation

As shown in the following figure, three ports in Switch A aggregate to a trunk group and the bandwidth of the trunk group is the total bandwidth of three ports.

Advanced Configuration

Caution:

 Gigabit ports of the series switches do not support port trunk.

 A port can be added to only one trunk group.

Figure 45 Port Trunk

If Switch A sends packets to Switch B by way of the aggregated link, Switch A determines the member port for transmitting the traffic based on the calculation result of load sharing. When one member port of the aggregated link fails, the traffic transmitted through the port is taken over by another normal port based on traffic sharing algorithm.

6.5.3 Description

Port trunk and the following port configurations cannot be used together:  Port redundancy: A port added to a trunk group cannot be configured as a redundant port,

while a redundant port cannot be added to a trunk group.

 Port mirroring: A port added to a trunk group cannot be configured as a mirroring

destination or source port.

In addition, the following operations are not recommended.

 Enable GMRP on a trunk port.  Add a GMRP-enabled port to a trunk group.  Add a trunk port to a static unicast/multicast entry.  Add a port in a static unicast/multicast entry to a trunk group.

6.5.4 Web Configuration

1. Add Port Trunk.

Click <Add> to add a trunk group, as shown in the following figure.

Figure 46 Adding a Trunk Group

2. Configure the trunk group, as shown in the following figure.

Advanced Configuration

Figure 47 Configuring the Trunk Group

Trunk ID (SICOM3024P/SICOM3024)

Range: 1~14 Function: Set the trunk group ID. Description: The series switches support a maximum of 14 trunk groups. Each group can contain a maximum of 4 ports.

Trunk ID (SICOM3048)

Range: 1~6 Function: Set the trunk group ID. Description: The series switches support a maximum of 6 trunk groups. Each group can contain a maximum of 4 ports.

Advanced Configuration

3. View trunk group list, as shown in the following figure.

Figure 48 Trunk Group List

Lock

Lock the member ports of a trunk group. After locked member ports are deleted from a trunk group, you must enable the ports manually to unlock the ports. Click a trunk group in Figure 48. You can modify or delete the trunk group, as shown in the following figure.

Figure 49 Modifying/Deleting a Trunk Group

After modifying group member settings (add a new port to the group or delete a port member from the group), click <Apply> to make the modification take effect. If you click <Delete>, you can delete the group.

6.5.5 Typical Configuration Example

As shown in Figure 45, port 2, port 3, and port 4 of Switch A are connected to ports of Switch B respectively, forming trunk group 1 to achieve load balancing among ports. Configuration steps:

Advanced Configuration

Caution:

If the peer device does not support the function, the function shall be disabled on the connected

1.Create trunk group 1 on Switch A and add port 2, port 3, and port 4 to the group, as shown in Figure 47.

2.Create trunk group 1 on Switch B and add port 2, port 3, and port 4 to the group, as shown in Figure 47.

6.6 Link Check

6.6.1 Overview

Link Check detects the data transmission of redundancy protocol-enabled ports. Link check helps to detect the anomaly for timely processing when a fault occurs

6.6.2 Web Configuration

The following figure shows the link check configuration.

Figure 50 Link Check Configuration

Administration Status

Options: Enable/Disable Default: Enable Description: The function can be enabled only on a redundant protocol-enabled port.

Advanced Configuration

port of the local device.

Run Status

Options: Normal Link/Receive Fault/Disable/Send Fault Description: If Link Check is enabled on a ring port and the port sends and receives data normally, Normal Link is displayed. If the peer end does not receive the detection packets from the device, Send Fault is displayed. If the device does not receive detection packets from the peer end, Receive Fault is displayed. If Link Check is not enabled on a port, Disable is displayed.

6.7 Static Multicast

6.7.1 Overview

You can configure the static multicast address table. You can add an entry to the table in <multicast MAC address, VLAN ID, multicast member port> format. When receiving multicast packets, the; switch searches the table for the corresponding member port to forward the packets. The device supports up to 256 multicast entries.

6.7.2 Web Configuration

1. Enable static multicast, as shown in the following figure.

Figure 51 Enabling Static Multicast

Multicast Filtrate Mode

Options: transmit unknown/drop unknown Default: transmit unknown Function: Configure the processing mode for unknown multicast packets.

Advanced Configuration

Description: Unknown multicast packets are packets neither manually added nor learned through IGMP Snooping or GMRP. Transmit unknown indicates unknown multicast packets are broadcasted in the corresponding VLANs; drop unknown indicates unknown multicast packets are discarded.

FDB Multicast Status

Options: Enable/Disable Default: Disable Function: Enable or disable static multicast. Static multicast and IGMP Snooping cannot be enabled at the same time.

2. Add a static multicast entry, as shown in the following figure.

Figure 52 Adding a Static Multicast Entry

MAC

Portfolio: HHHHHHHHHHHH (H is a hexadecimal number.) Function: Configure the multicast group address. The lowest bit of the highest byte is 1.

VLAN ID

Options: all existing VLANs Function: Set the VLAN ID of the entry. Only the member ports of the VLAN can forward the multicast packets.

Member Port List

Advanced Configuration

Select member ports for the multicast address. If hosts connected to a port need to receive the packets from a multicast address, you can configure the port as the member port of the multicast address.

3. View, modify, or delete a static multicast entry, as shown in the following figure.

Figure 53 Operations on a Static Multicast Entry

The static multicast address list contains the MAC address, VLAN ID, and member port. To delete an entry, select the entry and click <Delete>. To modify an entry, select the entry and click <Modify>.

6.8 IGMP Snooping

6.8.1 Overview

Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast protocol at the data link layer. It is used for managing and controlling multicast groups. IGMP Snooping-enabled switches analyze received IGMP packets, establish mapping between ports and MAC multicast addresses, and forward multicast packets according to the mapping.

6.8.2 Concepts

 Querier: periodically sends IGMP general query packets to query the status of the

members in the multicast group, maintaining the multicast group information. When multiple queriers exist on a network, they automatically elect the one with the smallest IP address to be the querier. Only the elected querier periodically sends IGMP general query packets. The other queriers only receive and forward IGMP query packets.

 Router port: receives general query packets (on an IGMP-enabled switch) from the

querier. Upon receiving an IGMP report, a switch establishes a multicast entry and adds

Advanced Configuration

the port that receives the IGMP report to the member port list. If a router port exists, it is also added to the member port list. Then the switch forwards the IGMP report to other devices through the router port, so that the other devices establish the same multicast entry.

6.8.3 Principle

IGMP Snooping manages and maintains multicast group members by exchanging related packets among IGMP-enabled devices. The related packets are as follows:  General query packet: The querier periodically sends general query packets (destination

IP address: 224.0.0.1) to confirm whether or not the multicast group has member ports. After receiving the query packet, a non-querier device forwards the packet to all its connected ports.

 Specific query packet: If a device wants to leave a multicast group, it sends an IGMP

leave packet. After receiving the leave packet, the querier sends a specific query packet (destination IP address: IP address of the multicast group) to confirm whether the group contains other member ports.

 Membership report packet: If a device wants to receive the data of a multicast group, the

device sends an IGMP report packet (destination IP address: IP address of the multicast group) immediately to respond to the IGMP query packet of the group.

 Leave packet: If a device wants to leave a multicast group, the device will send an IGMP

leave packet (destination IP address: 224.0.0.2).

6.8.4 Web Configuration

1. Enable IGMP Snooping, as shown in the following figure.

Advanced Configuration

Caution:

The auto query function on a network shall be enabled on at least one switch.

Figure 54 Enabling IGMP Snooping

IGMP Snooping Status

Options: Enable/Disable Default: Disable Function: Enable or disable IGMP Snooping. IGMP Snooping and static multicast/GMRP cannot be enabled at the same time.

Auto Query Status

Options: Enable/Disable Default: Disable Function: Enable or disable auto query for querier election. Description: The auto query function can be enabled only if IGMP Snooping is enabled.

IGMP Cross Status

Options: Enable/Disable Default: Disable Function: If the function is enabled, report and leave packets can be forwarded by the DT ring ports.

2. View the multicast member list, as shown in the following figure.

Figure 55 IGMP Snooping Member List

IGMP Member List

Combination: {MAC, VLAN ID, Member} In the FDB multicast table dynamically learned through IGMP Snooping, the VLAN ID is the VLAN ID of member ports.

Advanced Configuration

6.8.5 Typical Configuration Example

As shown in the following figure, IGMP Snooping is enabled on Switch 1, Switch 2, and Switch 3. Auto query is enabled on Switch 2 and Switch 3. The IP address of Switch 2 is

192.168.1.2 and that of Switch 3 is 192.168.0.2.Therefore, Switch 3 is elected as the querier.

1.Enable IGMP Snooping on Switch 1.

2.Enable IGMP Snooping and auto query on Switch 2.

3.Enable IGMP Snooping and auto query on Switch 3.

Figure 56 IGMP Snooping Configuration Example

 Switch 3 as the querier periodically sends general query packets. Port 4 of Switch 2

receives the packets and is thus elected as the routing port. Switch 2 forwards the packets through port 3. Then port 2 of Switch 1 receives the packets and is thus elected as the routing port.

 When PC 1 is added to multicast group 225.1.1.1 and sends IGMP report packets, port 1

and port 2 (routing port) of Switch 1 are added to multicast group 225.1.1.1. IGMP report packets are forwarded to Switch 2 through port 2. Then port 3 and port 4 of Switch 2 are also added to multicast group 225.1.1.1. Switch 2 forwards the report packets to Switch 3 through port 4. As a result, port 5 of Switch 3 is also added to multicast group 225.1.1.1.

 When receiving multicast data, Switch 1 forwards the data to PC 1 through port 1. As port

2 is also a multicast group member, it also forwards multicast data. As the process proceeds, multicast data finally reaches port 5 of Switch 3 because no further receiver is available. If PC 2 is also added to multicast group 225.1.1.1, multicast data is also forwarded to PC 2.

Advanced Configuration

6.9 ACL

6.9.1 Overview

With the development of network technologies, security issues have become increasingly prominent, calling for access control mechanism. With the Access Control List (ACL) function, the switch matches packets with the list to implement access control.

6.9.2 Implementation

The series switches filter packets according to the matched ACL. Each entry consists several conditions in the logical AND relationship. ACL entries are independent of each other. The switch compares a packet with ACL entries in the ascending order of entry IDs. Once a match is found, the action is taken and no further comparison is conducted, as shown in the following figure.

Figure 57 ACL Processing Flowchart

Note:

Default process indicates the processing mode towards packets matching no ACL entry.

6.9.3 Web Configuration (SICOM3024P/SICOM3024)

1. Add an ACL entry.

Click <Add List> to add an ACL entry, as shown in the following figure.

Figure 58 Adding an ACL Entry

2. Set parameters for the ACL entry, as shown in the following figure.

Advanced Configuration

Figure 59 Setting ACL Entry Parameters 1

The switch provides a number of ACL entry parameters. You need to click <Next> to finish setting all of them, as shown in the following figures.

Figure 60 Setting ACL Entry Parameters 2

Advanced Configuration

Figure 61 Setting ACL Entry Parameters 3

Group

Advanced Configuration

Figure 62 Setting ACL Entry Parameters 4

Forcible configuration: 1

Item

Range: 1~1023 Function: Set the ID of the ACL entry. You can configure a maximum of 1023 ACL entries. When multiple ACL entries are configured, they are compared with packets in the ascending order of IDs.

Action

Options: Deny/Redir Port/Mirror Port/Forward Default: Deny Function: Configure the action towards a packet that matches the ACL entry. Deny: Packets matching the entry will be denied. Redir Port: Packets matching the entry will be forwarded to the specified port. You need to specify the port in the drop-down list. Mirror Port: Packets matching the entry will be forwarded to both the destination port and the specified port in the drop-down list. Forward: Packets matching the entry will be forwarded to the destination port.

Control Port

Options: all/one or multiple ports

Advanced Configuration

Function: Select the port on which the ACL takes effect.

Source MAC

Portfolio: {MAC, MASK} Format: {HHHHHHHHHHHH, HHHHHHHHHHHH} (H is a hexadecimal number.) Function: Configure the source MAC address and subnet mask. If the source MAC address and subnet mask of a packet is identical with the value of this parameter, then the condition is met.

Destination MAC

Portfolio: {MAC, MASK} Format: {HHHHHHHHHHHH, HHHHHHHHHHHH} (H is a hexadecimal number.) Function: Configure the destination MAC address and subnet mask. If the destination MAC address and subnet mask of a packet is identical with the value of this parameter, then the condition is met.

Source IP

Portfolio: {IP, MASK} Format: {A.B.C.D, A.B.C.D} Function: Configure the source IP address and subnet mask. If the source IP address and subnet mask of a packet is identical with the value of this parameter, then the condition is met. Destination IP Portfolio: {IP, MASK} Format: {A.B.C.D, A.B.C.D} Function: Configure the destination IP address and subnet mask. If the destination IP address and subnet mask of a packet is identical with the value of this parameter, then the condition is met.

Ethernet Type

Range: 1537~65535 Function: Configure the Ethernet type. If the Ethernet type field of a packet is identical with the value of this parameter, then the condition is met.

TOS/DSCP

Advanced Configuration

Range: 0~255 Function: Configure the service type. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

IP Protocol

Range: 0~255 Function: Configure the IP protocol value. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

IP TTL

Range: 0~3 Function: Configure the TTL field. If the value is set to 0, the TTL of a matched packet must be 0; if the value is set to 1, the TTL of a matched packet must be 1; if the value is set to 2, the TTL of a matched packet range from 2 to 254; if the value is set to 3, the TTL of a matched packet must be 255. If the corresponding field of a packet meets these rules, then the condition is met.

Max ICMP

Range: 0~1023 Function: Configure the Max ICMP value. The value indicates the data length of ICMP packets. If the data length of an ICMP packet is larger than the value, then the condition is met.

TCP Flag

Range: 0~63 Function: Configure the TCP flag. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

ICMP Type Code

Range: 0~65535 Function: Configure the ICMP type code. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

Vlan ID

Range: 1~4093 Function: Configure the VLAN ID. If the corresponding field of a packet is identical with the

Advanced Configuration

value of this parameter, then the condition is met.

Vlan ID Range (0~3)

Portfolio: {X~Y} (X and Y (X≤Y) range from 1 to 4093. X and Y indicate the lower and upper limits of Vlan IDs respectively.) Function: Configure the range of VLAN IDs of packets. The condition is met when the VLAN ID of a packet is within the specified range.

Source L4 Port

Range: 1~65535 Function: Configure the source port number for Layer-4 protocol packets. If the corresponding field of a packet is identical with the value, then the condition is met.

Src Port Range (0~3)

Portfolio: {X~Y} (X and Y (X≤Y) range from 1 to 65535. X and Y indicate the lower and upper limits of Layer-4 source port numbers respectively.) Function: Configure the source port number range for Layer-4 protocol packets. If the corresponding field of a packet is within the specified range, then the condition is met.

Destination L4 Port

Range: 1~65535 Function: Configure the destination port number for Layer-4 protocol packets. If the corresponding field of a packet is identical with the value, then the condition is met.

Dst Port Range (0~3)

Portfolio: {X~Y} (X and Y (X≤Y) range from 1 to 65535. X and Y indicate the lower and upper

limits of Layer-4 destination port numbers respectively.) Function: Configure the destination port number range for Layer-4 protocol packets. If the corresponding field of a packet is within the specified range, then the condition is met.

L2 Format

Options: None/L2_Others/Ethernet_II/IEEE_802_2_SNAP Default: None Function: Configure Layer-2 Ethernet frame format. None indicates this rule is not used; L2_Others indicates all of the other Ethernet frame formats except Ethernet_II and IEEE_802_2_SNAP. When the Ethernet frame format of a packet is consistent with the

Advanced Configuration

specified value, then the condition is met.

L3 Format

Options: None/L3_Others/IPV4_without_frag/IPV6_without_exten Default: None Function: Configure the Layer-3 Internet protocol. None indicates this rule is not used; L3_Others indicates all the Layer-3 Internet protocols except IPV4_without_frag and IPV6_without_exten. When the Layer-3 Internet protocol of a packet is consistent with the specified value, then the condition is met.

L4 Format

Options: None/L4_Others/TCP/UDP/ (ICMP/IGMP) Default: None Function: Configure the Layer-4 protocol type. None indicates this rule is not used; L4_Others indicates all the protocols except TCP, UDP, ICMP, and IGMP. When the Layer-4 protocol type of a packet is consistent with the specified value, then the condition is met.

Same IP

Options: Disable/False/True Default: Disable Function: Check whether the source IP address of a packet is identical with its destination IP address. Disable indicates the rule is not used. False indicates the condition is met if the source IP address of a packet is different from its destination IP address. True indicates the condition is met if the source IP address of a packet is identical with its destination IP address.

Same L4 Port

Options: Disable/False/True Default: Disable Function: Check whether the source Layer-4 port number of a packet is identical with its destination Layer-4 port number. Disable indicates the rule is not used.

Advanced Configuration

Note:

It is not necessary to set all these parameters, but at least one parameter needs to be set. If

only one parameter is required, then leave all the other parameters empty.

False indicates the condition is met if the source Layer-4 port number of a packet is different from its destination Layer-4 port number. True indicates the condition is met if the source Layer-4 port number of a packet is identical with its destination Layer-4 port number.

TCP Sequence Zero

Options: Disable/False/True Default: Disable Function: Check whether the TCP Sequence field of a packet is 0. Disable indicates the rule is not used. False indicates the condition is met if the TCP Sequence field of a packet is not 0. True indicates the condition is met if the TCP Sequence field of a packet is 0.

User-Defined Field (0~2)

Portfolio: {Value, Base Addr, Offset} Range or Options: Value: 1~65535 Base Addr: End of Tag (Default)/End of EthType/End of IP Header Offset: 0~63 Function: Define a field as an ACL condition. Value indicates the value to be matched; Base Addr indicates the reference point of a packet; End of Tag indicates the end of the Tag field is the reference point; End of EthType indicates the end of the EthType field is the reference point; End of IP Header indicates the end of the IP header field is the reference point; Offset indicates the offset of the value compared with the reference point. If the Offset of a packet compared with Base Addr is Value, then the condition is met.

3. View the ACL.

Advanced Configuration

Figure 63 ACL Entries

Click an ACL entry in the preceding figure. Then modify or delete the ACL entry, as shown in the following figure.

Figure 64 Modifying/Deleting an ACL Entry

Click <Apply> for changes to take effect after modification. Click <Delete> to delete the ACL entry.

Advanced Configuration

6.9.4 Web Configuration(SICOM3048)

1. Add an ACL entry.

Figure 65 Adding an ACL Entry

Click <Add List> in the preceding figure to add an ACL entry. Different group IDs correspond to different ACL parameters, as shown in the following figures.

Figure 66 Setting ACL Entry Parameters - Group 1

Advanced Configuration

Figure 67 Setting ACL Entry Parameters - Group 2

Advanced Configuration

Figure 68 Setting ACL Entry Parameters - Group 3

Figure 69 Setting ACL Entry Parameters - Group 4

Advanced Configuration

Group

Options: 1~4 Default: 1 Function: Configure the group number of the ACL entry. Description: Different group IDs correspond to different ACL parameters.

Item

Range: 1~51 1 Function: Set the ID of the ACL entry. A maximum of 511 ACL entries can be configured. When multiple ACL entries are configured, they are compared with packets in the ascending order of IDs.

Action

Options: Deny/Redir Port/Mirror Port/Forward Default: Deny Function: Configure the action towards a packet that matches the ACL entry. Deny: Packets matching the entry will be denied. Redir Port: Packets matching the entry will be forwarded to the specified port. Specify the port in the drop-down list. Mirror Port: Packets matching the entry will be forwarded to both the destination port and the specified port in the drop-down list.

Control Port

Options: All ports/Any specified port Function: Select the port on which the ACL takes effect.

Source MAC

Portfolio: {MAC address, MAC subnet mask} Format: {HHHHHHHHHHHH, HHHHHHHHHHHH} (H is a hexadecimal number.) Function: Configure the source MAC address and subnet mask. If the source MAC address and subnet mask of a packet is identical with the value of this parameter, then the condition is met.

Destination MAC

Portfolio: {MAC address, MAC subnet mask}

Advanced Configuration

Format: {HHHHHHHHHHHH, HHHHHHHHHHHH} (H is a hexadecimal number.) Function: Configure the destination MAC address and subnet mask. If the destination MAC address and subnet mask of a packet is identical with the value of this parameter, then the condition is met.

Ethernet Type

Range: 1537~65535 Function: Configure the Ethernet type. If the Ethernet type field of a packet is identical with the value of this parameter, then the condition is met.

Vlan Tag

Range: 1~4093 Function: Configure the VLAN ID. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

IPV4 Valid

Options: Disable/Yes/No Default: Disable Function: Check whether the received packet is a valid IPv4 packet. Disable indicates the rule is not used. Yes indicates the condition is met if the received packet is a valid IPv4 packet. No indicates the condition is met if the received packet is not a valid IPv4 packet.

Source IP

Portfolio: {IP address, IP subnet mask} Format: {A.B.C.D, A.B.C.D} Function: Configure the source IP address and subnet mask. If the source IP address and subnet mask of a packet is identical with the value of this parameter, then the condition is met. Destination IP Portfolio: {IP address, IP subnet mask} Format: {A.B.C.D, A.B.C.D} Function: Configure the destination IP address and subnet mask. If the destination IP address and subnet mask of a packet is identical with the value of this parameter, then the

Advanced Configuration

condition is met.

Same IP Address

Options: Disable/Yes/No Default: Disable Function: Check whether the source IP address of a packet is identical with its destination IP address. Disable indicates the rule is not used. No indicates the condition is met if the source IP address of a packet is different from its destination IP address. Yes indicates the condition is met if the source IP address of a packet is identical with its destination IP address.

Same L4 Port

Options: Disable/Yes/No Default: Disable Function: Check whether the source Layer-4 port number of a packet is identical with its destination Layer-4 port number. Disable indicates the rule is not used. No indicates the condition is met if the source Layer-4 port number of a packet is different from its destination Layer-4 port number. Yes indicates the condition is met if the source Layer-4 port number of a packet is identical with its destination Layer-4 port number.

TCP/UDP Valid

Options: Disable/Yes/No Default: Disable Function: Check whether the received packet is a TCP/UDP packet. Disable indicates the rule is not used. Yes indicates the condition is met if the received packet is a valid TCP/UDP packet. No indicates the condition is met if the received packet is not a valid TCP/UDP packet.

TCP Frame Valid

Options: Disable/Yes/No

Advanced Configuration

Default: Disable Function: Check whether the received packet is a valid TCP frame. Disable indicates the rule is not used. Yes indicates the condition is met if the received packet is a valid TCP frame. No indicates the condition is met if the received packet is not a valid TCP frame.

TCP Sequence Zero

Options: Disable/Yes/No Default: Disable Function: Check whether the TCP Sequence field of a packet is 0. Disable indicates the rule is not used. No indicates the condition is met if the TCP Sequence field of a packet is not 0. Yes indicates the condition is met if the TCP Sequence field of a packet is 0.

TCP Header Length

Range: 1~15 Function: Configure the TCP header length. If the corresponding field of a packet is smaller than the value of this parameter, then the condition is met.

Source L4 Port

Range: 1~65535 Function: Configure the source port number for Layer-4 protocol packets. If the corresponding field of a packet is identical with the value, then the condition is met.

Destination L4 Port

Range: 1~65535 Function: Configure the destination port number for Layer-4 protocol packets. If the corresponding field of a packet is identical with the value, then the condition is met.

TCP Flag

Range: 0~63 Function: Configure the TCP flag. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

TOS/DSCP

Range: 0~255

Advanced Configuration

Note:

It is not necessary to set all parameters, but at least one parameter needs to be set. If only one

parameter is required, then leave the other parameters empty.

Function: Configure the service type. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

IP Protocol

Range: 0~255 Function: Configure the IP protocol value. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

IP Version

Range: 0~255 Function: Configure the value of the IP protocol version plus the header length. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

IP TTL

Range: 0~255 Function: Configure the TTL field. If the corresponding field of a packet is identical with the value of this parameter, then the condition is met.

3. View the ACL.

Figure 70 ACL Entries

Click an ACL entry in the preceding figure. You can modify or delete the ACL entry, as shown in the following figure.

Figure 71 Modifying/Deleting an ACL Entry

Advanced Configuration

Click <Apply> for the changes to take effect after modification. You can click <Delete> to delete the ACL entry.

6.9.5 Typical Configuration Example

The following uses SICOM3024P as an example to describe the configuration steps for an ACL entry. Connect port 2 of the switch. Configure the port to receive packets only from source MAC address 02-02-02-02-02-02 and forward the packets through port 1. Configuration steps:

1. Set the action to Redir Port and select port 1 in the drop-down list, as shown in Figure 59.

2. Select FE2 in Control Port, as shown in Figure 59.

3. Set the source MAC address to 020202020202 and subnet mask to FFFFFFFFFFFF, as shown in Figure 59.

4. Keep all the other parameters empty.

Advanced Configuration

6.10 ARP

6.10.1 Overview

The Address Resolution Protocol (ARP) resolves the mapping between IP addresses and MAC addresses by the address request and response mechanism. The switch can learn the mapping between IP addresses and MAC addresses of other hosts on the same network segment. It also supports static ARP entries for specifying mapping between IP addresses and MAC addresses. Dynamic ARP entries periodically age out, ensuring consistency between ARP entries and actual applications. The series switches provide not only Layer 2 switching function, but also the ARP function for resolving the IP addresses of other hosts on the same network segment, enabling the communication between the NMS and managed hosts.

6.10.2 Description

ARP entries fall into dynamic and static ones. Dynamic entries are generated and maintained based on the exchange of ARP packets. Dynamic entries can expire, be updated by a new ARP packet, or be overwritten by a static ARP entry. Static entries are manually configured and maintained. They never expire or are overwritten by dynamic ARP entries. The switch supports up to 512 ARP entries (256 static ones at most).When the number of ARP entries is larger than 512, new entries automatically overwrite old dynamic entries.

6.10.3 Web Configuration

1. Configure ARP aging time, as shown in the following figure.

Figure 72 Configuring Aging Time

ARP Aging Time

Advanced Configuration

Caution:

 The IP address of a static ARP entry must be on the same network segment with the IP

address of the switch.

 If the IP address of a static entry is the IP address of the switch, the system automatically

maps the IP address to the MAC address of the switch.

 In general, the switch automatically learns ARP entries. Manual configuration is not

required.

Range: 10~60 minutes Default: 20 minutes Function: Configure ARP aging time. Description: ARP aging time is the duration from when a dynamic ARP entry is added to the table to when the entry is deleted from the table.

2. Add a static ARP entry, as shown in the following figure.

Figure 73 Adding a Static ARP Entry

ARP address

Portfolio: {IP address, MAC address} Format: {A.B.C.D, HHHHHHHHHHHH} (H is a hexadecimal number.) Function: Configure a static ARP entry.

3. View or delete an ARP entry, as shown in the following figure.

Advanced Configuration

Caution:

You cannot delete dynamic ARP entries.

Figure 74 ARP Address Table

ARP address

Portfolio: {IP address, MAC address, Flags} Function: Display ARP entries, including static and dynamic entries. Operation: Select a static entry in the Number column. Click <Delete> to delete the entry.

6.11 SNMP

6.11.1 Overview

The Simple Network Management Protocol (SNMP) is a framework using TCP/IP to manage network devices. With the SNMP function, the administrator can query device information, modify parameter settings, monitor device status, and discover network faults.

6.11.2 Implementation

SNMP adopts the management station/agent mode. Therefore, SNMP involves two types of NEs: NMS and agent.  The Network Management Station (NMS) is a station running SNMP-enabled network

management software client. It is the core for the network management of an SNMP network.

 Agent is a process in the managed network devices. It receives and processes request

packets from the NMS. When an alarm occurs, the agent proactively reports it to the

Advanced Configuration

NMS.

The NMS is the manager of an SNMP network, while the agent is the managed device of the SNMP network. The NMS and agents exchange management packets through SNMP. SNMP involves the following basic operations:

 Get-Request  Get-Response  Get-Next-Request  Set-Request  Trap

The NMS sends Get-Request, Get-Next-Request, and Set-Request packets to agents to query, configure, and manage variables. After receiving these requests, agents reply with Get-Response packets. When an alarm occurs, an agent proactively reports it to the NMS with a trap message.

6.11.3 Description

This series switches support SNMPv2. SNMPv2 is compatible with SNMPv1. SNMPv1 uses community name for authentication. A community name acts as a password, limiting NMS's access to agents. If the switch does not acknowledged the community name carried by an SNMP packet, the packet is discarded. SNMPv2 also uses community name for authentication. It is compatible with SNMPv1, and extends the functions of SNMPv1. To enable the communication between the NMS and agent, their SNMP versions must match. Different SNMP versions can be configured on an agent, so that it can use different versions to communicate with different NMSs.

6.11.4 MIB

Any managed resource is called managed object. The Management Information Base (MIB) stores managed objects. It defines the hierarchical relationships of managed objects and attributes of objects, such as names, access permissions, and data types. Each agent has its own MIB. The NMS can read/write MIBs based on permissions. The following figure

Advanced Configuration

shows the relationships among the NMS, agent, and MIB.

Figure 75 Relationship among NMS, Agent, and MIB

MIB defines a tree structure. The tree nodes are managed objects. Each node has a unique Object Identifier (OID), which indicates the location of the node in the MIB structure. As shown in the following figure, the OID of object A is 1.2.1.1.

Figure 76 MIB Tree Structure

6.11.5 Web Configuration

1. Enable SNMP, as shown in the following figure.

Figure 77 Enabling SNMP

SNMP Status

Options: Enable/Disable Default: Enable Function: Enable or disable SNMP.

2. Configure access rights, as shown in the following figure.

Advanced Configuration

Figure 78 Access Rights Configuration

Read-Only Community

Range: 3~16 characters Default: public Function: Configure the name of read-only community. Description: The MIB information of the switch can be read only if the community name carried by an SNMP packet is identical with that configured on the switch.

Read-Write Community

Range: 3~16 characters Default: private Function: Configure the name of read-write community. Description: The MIB information of the switch can be read and written only if the community name carried by an SNMP packet is identical with that configured on the switch.

Request Port

Range: 1~65535 Default: 161 Function: Configure the number of the port for receiving SNMP requests.

3. Set trap parameters, as shown in the following figure.

Figure 79 Trap Configuration

Trap on-off

Options: Enable/Disable Default: Enable Function: Enable or disable trap sending.

Trap Port ID

Options: 1~65535 Default: 162 Function: Configure the number of port for sending trap messages.

Server IP Address

Format: A.B.C.D

Advanced Configuration

Function: Configure the address of the server for receiving trap messages. You can configure a maximum of five servers.

4. View the IP address of the management server, as shown in the following figure.

Figure 80 IP Address of Management Server

The IP address of the management server does not need to be configured manually. The switch automatically displays it only if the NMS is running on the server and reads and writes the MIB node information of the device.

6.11.6 Typical Configuration Example

SNMP management server is connected to the switch through Ethernet. The IP address of the management server is 192.168.0.23, and the switch is 192.168.0.2.The NMS monitors and manages the Agent through SNMPv2, and reads and writes the MIB node information of the Agent. When the Agent is faulty, it proactively sends trap messages to the NMS, as shown in the following figure.

Advanced Configuration

Figure 81 SNMP Configuration Example

Configuration on the Agent:

1. Enable SNMP, as shown in Figure 77.

2. Configure access rights. Set read-only community name to public, read-write community name to private, and request port to 161, as shown in Figure 78.

3. Enable trap sending, set trap port number to 162, and IP address of server to

192.168.0.23, as shown in Figure 79.

To monitor and manage the status of the Agent, run the management software, for example, Kyvision, on the NMS. For operations on Kyvision, refer to the Kyvision Operation Manual.

6.12 DT-Ring

6.12.1 Overview

DT-Ring and DT-Ring+ are Kyland-proprietary redundancy protocols. They enable a network to recover within 50ms when a link fails, ensuring stable and reliable communication. DT rings fall into two types: port-based (DT-Ring-Port) and VLAN-based (DT-Ring-VLAN).

 DT-Ring-Port: specifies a port to forward or block packets.  DT-Ring-VLAN: specifies a port to forward or block the packets of a specific VLAN. This

allows multiple VLANs on a tangent port, that is, one port is part of different redundant rings based on different VLANs.

DT-Ring-Port and DT-Ring-VLAN cannot be used together.

6.12.2 Concepts

 Master: One ring has only one master. The master sends DT-Ring protocol packets and

Advanced Configuration

Note:

If no primary port is configured on the master, the first port whose link status changes to up

when the ring is closed is in forwarding state. The other ring port is in blocking state.

detects the status of the ring. When the ring is closed, the two ring ports on the master are in forwarding and blocking state respectively.

 Primary port: indicates the ring port (on the master) whose status is configured as

forwarding forcibly by user when the ring is closed.

 Slave: A ring can include multiple slaves. Slaves listen to and forward DT-Ring protocol

packets and report fault information to the master.

 Backup port: The port for communication between DT rings is called the backup port.  Master backup port: When a ring has multiple backup ports, the backup port with the larger

MAC address is the master backup port. It is in forwarding state.

 Slave backup port: When a ring has multiple backup ports, all the backup ports except the

master backup port are slave backup ports. They are in blocking state.

 Forwarding state: If a port is in forwarding state, the port can both receive and send data.  Blocking state: If a port is in blocking state, the port can receive and forward only DT-Ring

protocol packets, but not other packets.

6.12.3 Implementation

DT -Ring-Port Implementation

The forwarding port on the master periodically sends DT-Ring protocol packets to detect ring status. If the blocking port of the master receives the packets, the ring is closed; otherwise, the ring is open. Working process of switch A, Switch B, Switch C, and Switch D:

1. Configure Switch A as the master and the other switches as slaves.

2. Ring port 1 on the master is in forwarding state while ring port 2 is in blocking state. Both two ports on the slave are in forwarding state.

3. If link CD is faulty, as shown in the following figure:

a) When link CD is faulty, port 6 and port 7 on the slave are in blocking state. Port 2 on the

Advanced Configuration

Note:

If port 1 on master A is configured as the primary port, the fault and fault recovery processes

are identical with those described above.

master changes to forwarding state, ensuring normal link communication.

b) When the fault is rectified, port 6 and port 7 on the slave are in forwarding state. Port 2 on

the master changes to blocking state. Link switchover occurs and links restore to the state before CD is faulty.

Figure 82 CD Link Fault

4. If link AC is faulty, as shown in the following figure:

a) When link AC is faulty, port 1 is in blocking state and port 2 changes to forwarding state,

ensuring normal link communication. b) After the fault is rectified,  If no primary port is configured on master A, port 1 is still in blocking state and port 8 is in

forwarding state. No switchover occurs.

 If port 1 on master A is configured as primary port. When the ring is closed, primary port

must be in forwarding state. Therefore, port 1 changes to forwarding state. Port 8 is in

Advanced Configuration

Caution: Link status change affects the status of ring ports.

forwarding state and port 2 is in blocking state. Link switchover occurs.

Figure 83 DT-Ring Link Fault

DT -Ring-VLAN Implementation

DT-Ring-VLAN allows the packets of different VLANs to be forwarded in different paths. Each forwarding path for a VLAN forms a DT-Ring-VLAN. Different DT-VLAN-Rings can have different masters. As shown in the following figure, two DT-Ring-VLANs are configured. Ring links of DT-Ring-VLAN 10: AB-BC-CD-DE-EA. Ring links of DT-Ring-VLAN 20: FB-BC-CD-DE-EF. The two rings are tangent at link BC, CD, and DE. Switch C and Switch D share the same ports in the two rings, but use different logical links based on VLANs.

Figure 84 DT-Ring-VLAN

Note:

In each DT-Ring-VLAN logical ring, the implementation is identical with that of DT-Ring-Port.

Advanced Configuration

DT -Ring+ Implementation

DT-Ring+ can provide backup for two DT rings, as shown in the following figure. One backup port is configured respectively on Switch C and Switch D. Which port is the master backup port depends on the MAC addresses of the two ports. If the master backup port or its link fails, the slave backup port will forward packets, preventing loops and ensuring normal communication between redundant rings.

Figure 85 DT-Ring+ Topology

Advanced Configuration

Caution: Link status change affects the status of backup ports.

6.12.4 Explanation

DT-Ring configurations should meet the following conditions:

 All switches in the same ring must have the same domain number.  Each ring can only have one master and multiple slaves.  Only two ports can be configured on each switch for a ring.  For two connected rings, backup ports can be configured only in one ring.  Multiple backup ports can be configured in one ring.  On a switch, only one backup port can be configured for one ring.  DT-Ring-Port and DT-Ring-VLAN cannot be configured on one switch at the same time.

6.12.5 Web Configuration

1. Configure redundant ring mode, as shown in the following figure.

Figure 86 Redundant Ring Mode Configuration

Select Redundancy Mode

Options: DT-RING-PORT/DT-RING-VLAN Default: DT-RING-PORT Function: Select the redundancy mode.

Check Loop Status

Options: Disable/Enable Default: Disable Function: Enable or disable ring status detection. Description: After ring status detection is enabled, the switch automatically detects ring status. When a non-ring port receives DT-Ring packets, the port will be locked. Therefore,

Advanced Configuration

use the function with caution.

2. Create a DT ring, as shown in the following figure.

Figure 87 Creating a DT Ring

Click <Add> and configure the DT ring.

3. Configure DT-Ring and DT-VLAN-Ring, as shown in the following figures.

Figure 88 DT-Ring Configuration

Advanced Configuration

Figure 89 DT-VLAN-Ring Configuration

Redundancy

Forced configuration: DT-RING Domain ID Configuration rang: 1~32 Function: Differentiate rings. A maximum of 16 port-based rings or 8 VLAN-based rings can be configured on one switch.

Domain Name

Range: 1~31 characters Function: Configure the domain name.

Station Type

Options: Master/Slave Default: Master Function: Select the role of the switch in the current ring.

Ring Port1/Ring Port2

Options: all switch ports

Function: Select two ring ports.

Caution:

 A ring port or backup port cannot be added to a trunk group. A port added to a trunk group

cannot be configured as a ring port or backup port.

 A ring port or backup port can be configured as a mirroring source or destination port. A

mirroring source or destination port cannot be configured as a ring port or backup port.

 STP cannot be enabled on a ring port or a backup port. An STP-enabled port cannot be

configured as a ring port or backup port.

Caution:

 The primary port takes effect only when the ring is closed.

 The primary port must be one of the two ring ports on the master.

Primary Port

Options: Disable/All switch ports

Advanced Configuration

Default: Disable Function: Configure the primary port. Description: When the ring is closed, the primary port is in forwarding state.

DT -RING+

Options: Enable/Disable Default: Disable Function: Enable or disable the DT-Ring+ function.

Backup Port

Options: All switch ports Function: Select one port as the backup port. Explanation: You can configure a backup port only after the DT-Ring+ function is enabled.

Add VLAN List

Options: All created VLANs Function: Select the VLAN whose packets are allowed through on the current ring port.

Advanced Configuration

After the configurations are completed, created rings are listed in the DT-RING List, as shown in the following figure.

Figure 90 DT-Ring List

4. View and modify DT-Ring configuration. Click the DT-Ring options in the preceding figure. You can view and modify the configurations of the ring, as shown in the following figure.

Figure 91 DT-Ring Configuration

Click <Apply> for changes to take effect after modification. Click <Delete> to delete the DT-Ring configuration entry.

5. View DT-Ring and port status, as shown in the following figure.

Figure 92 DT-Ring State

6.12.6 Typical Configuration Example

Advanced Configuration

As shown in Figure 85, Switch A, B, C, and D form Ring 1; Switch E, F, G, and H form ring 2. Links CE and DF are the backup links between Ring 1 and Ring 2.

Configuration on Switch A:

1. Domain ID: 1; Domain name: Ring; Ring port: port 1 and port 2; Station type: Slave;

DT-Ring+: Disable; do not set backup ports, as shown in Figure 88.

Configuration on Switch B:

2. Domain ID: 1; Domain name: Ring; Ring port: port 1 and port 2, no primary port; Station

type: Master; DT-Ring+: Disable; do not set backup ports, as shown in Figure 88.

Configuration on Switch C and Switch D:

3. Domain ID: 1; Domain name: Ring; Ring port: port 1 and port 2; Station type: Slave;

DT-Ring+: Enable; Backup port: port 3, as shown in Figure 88.

Configuration on Switch E, Switch F, and Switch G:

4. Domain ID: 2; Domain name: Ring; Ring port: port 1 and port 2; Station type: Slave;

DT-Ring+: Disable; do not set backup ports, as shown in Figure 88.

Configuration on Switch H:

5. Domain ID: 2; Domain name: Ring; Ring port: port 1 and port 2, no primary port; Station

type: Master; DT-Ring+: Disable; do not set backup ports, as shown in Figure 88.

Advanced Configuration

6.13 RSTP/STP

6.13.1 Overview

Standardized in IEEE802.1D, the Spanning Tree Protocol (STP) is a LAN protocol used for preventing broadcast storms caused by link loops and providing link backup. STP-enabled devices exchange packets and block certain ports to prune "loops" into "trees", preventing proliferation and endless loops. The drawback of STP is that a port must wait for twice the forwarding delay to transfer to the forwarding state. To overcome the drawback, IEEE creates 802.1w standard to supplement

802.1D.IEEE802.1w defines the Rapid Spanning Tree Protocol (RSTP). Compared with STP, RSTP achieves much more rapid convergence by adding alternate port and backup port for the root port and designated port respectively. When the root port is invalid, the alternate port can enter the forwarding state quickly.

6.13.2 Concepts

 Root bridge: serves as the root for a tree. A network has only one root bridge. The root

bridge changes with network topology. The root bridge periodically sends BPDU to the other devices, which forward the BPDU to ensure topology stability.

 Root port: indicates the best port for transmission from the non-root bridges to the root

bridge. The best port is the port with the smallest cost to the root bridge. A non-root bridge communicates with the root bridge through the root port. A non-root bridge has only one root port. The root bridge has no root port.

 Designated port: indicates the port for forwarding BPDU to other devices or LANs. All

ports on the root bridge are designated ports.

 Alternate port: indicates the backup port of the root port. If the root port fails, the alternate

port becomes the new root port.

 Backup port: indicates the backup port of the designated port. When a designated port

fails, the backup port becomes the new designated port and forwards data.

Advanced Configuration

…

Root

bridge ID

Root path

cost

Designated

bridge ID

Designated

port ID

Message

age

Max

age

Hello

time

Forward

delay

… …

8 bytes

4 bytes

8 bytes

2 bytes

…

6.13.3 BPDU

To prevent loops, all the bridges of a LAN calculate a spanning tree. The calculation process involves transmitting BPDUs among devices to determine the network topology. The following table shows the data structure of a BPDU.

Table 6 BPDU

Root bridge ID: priority of the root bridge (2 bytes)+MAC address of the root bridge (6 bytes). Root path cost: cost of the path to the root bridge. Designated bridge ID: priority of the designated bridge (2 bytes)+MAC address of the designated bridge (6 bytes). Designated port ID: port priority+port number. Message age: duration that a BPDU can be spread in a network. Max age: maximum duration that a BPDU can be saved on a device. When Message age is larger than Max age, the BPDU is discarded. Hello time: interval for sending BPDUs. Forward delay: status change delay (discarding--learning--forwarding).

6.13.4 Implementation

The process for all bridges calculating the spanning tree with BPDUs is as follows:

1. In the initial phase, each port of all devices generates the BPDU with itself as the root

bridge; both root bridge ID and designated bridge ID are the ID of the local device; the root path cost is 0; the designated port is the local port.

2. Best BPDU selection: All devices send their own BPDUs and receive BPDUs from other

devices. Upon receiving a BPDU, each port compares the received BPDU with its own.

 If the priority of its own BPDU is higher, then the port does not perform any operation.  If the priority of the received BPDU is higher, then the port replaces the local BPDU with

KYLAND Technology SICOM3024P, SICOM3048, SICOM3024 Web Operation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Preface

1 Product Introduction

1.1 Overview

1.2 Product Models

1.3 Software Features

2 Switch Access

2.1 View Types

2.2 Access through Console Port

2.3 Access through Telnet

2.4 Access through Web

3 Device Management

4 Device Status

4.1 Basic Information

4.2 Port Status

4.3 Port Statistics

4.4 System Operating Information

5 Basic Configuration

5.1 IP Address

5.2 Basic Information

5.3 Port Configuration

5.4 Password Change

5.5 Software Update

5.5.1 Software Update through FTP

5.6 Software Version Query

5.7 Configuration Upload/Download

6 Advanced Configuration

6.1 Port Rate Limiting

6.1.1 Overview

6.1.2 Web Configuration

6.1.3 Typical Configuration Example

6.2 VLAN

6.2.1 Overview

6.2.2 Principle

6.2.3 Port-based VLAN

6.2.4 Web Configuration

6.2.5 Typical Configuration Example

6.3 PVLAN

6.3.1 Overview

6.3.2 Web Configuration

6.3.3 Typical Configuration Example

6.4 Port Mirroring

6.4.1 Overview

6.4.2 Description

6.4.3 Web Configuration

6.4.4 Typical Configuration Example

6.5 Port Trunk

6.5.1 Overview

6.5.2 Implementation

6.5.3 Description

6.5.4 Web Configuration

6.5.5 Typical Configuration Example

6.6 Link Check

6.6.1 Overview

6.6.2 Web Configuration

6.7 Static Multicast

6.7.1 Overview

6.7.2 Web Configuration

6.8 IGMP Snooping

6.8.1 Overview

6.8.2 Concepts

6.8.3 Principle

6.8.4 Web Configuration

6.8.5 Typical Configuration Example

6.9 ACL

6.9.1 Overview

6.9.2 Implementation

6.9.3 Web Configuration (SICOM3024P/SICOM3024)

6.9.4 Web Configuration(SICOM3048)

6.9.5 Typical Configuration Example

6.10 ARP

6.10.1 Overview

6.10.2 Description

6.10.3 Web Configuration

6.11 SNMP

6.11.1 Overview

6.11.2 Implementation