Lancom GS-2352 operation manual

... connecting your business

LANCOM GS-2352 User Manual

LANCOM GS-2352

1 Introduction..............................................................................................................................................................7

2 Operation of Web-based Management......................................................................................................................8

3 Configuration..........................................................................................................................................................11

1.1 Overview...................................................................................................................................................7

2.1 Connecting network devices....................................................................................................................10

2.2 Twisted-pair devices................................................................................................................................10

2.3 Cabling guidelines...................................................................................................................................10

3.1 Port.........................................................................................................................................................11

3.1.1 Configuration..........................................................................................................................11

3.1.2 Port Description.......................................................................................................................12

3.1.3 Traffic Overview ......................................................................................................................13

3.1.4 Detailed Statistics ...................................................................................................................14

3.1.5 QoS Statistics ..........................................................................................................................16

3.1.6 SFP Information ......................................................................................................................17

3.2 ACL.........................................................................................................................................................19

3.2.1 Ports........................................................................................................................................19

3.2.2 Rate Limiters...........................................................................................................................20

3.2.3 Access Control List...................................................................................................................21

3.2.4 ACL Status...............................................................................................................................24

3.3 Aggregation............................................................................................................................................26

3.3.1 Static Trunk.............................................................................................................................26

3.3.2 LACP.......................................................................................................................................28

3.4 Spanning Tree.........................................................................................................................................31

3.4.1 Bridge Settings........................................................................................................................31

3.4.2 MSTI Mapping.........................................................................................................................33

3.4.3 MSTI Priorities.........................................................................................................................34

3.4.4 CIST Ports................................................................................................................................35

3.4.5 MSTI Ports...............................................................................................................................37

3.4.6 Bridge Status...........................................................................................................................38

3.4.7 Port Status...............................................................................................................................39

3.4.8 Port Statistics...........................................................................................................................40

3.5 IGMP Snooping.......................................................................................................................................41

3.5.1 Basic Configuration.................................................................................................................41

3.5.2 VLAN Configuration.................................................................................................................43

3.5.3 Port Group Filtering.................................................................................................................44

3.5.4 Status......................................................................................................................................45

3.5.5 Group Information...................................................................................................................47

3.5.6 IPv4 SSM information..............................................................................................................48

3.6 MLD Snooping.........................................................................................................................................49

3.6.1 Basic Configuration.................................................................................................................49

LANCOM GS-2352

3.6.2 VLAN Configuration.................................................................................................................51

3.6.3 Port Group Filtering.................................................................................................................52

3.6.4 Status......................................................................................................................................53

3.6.5 Group Information...................................................................................................................54

3.6.6 IPv6 SSM Information..............................................................................................................55

3.7 MVR........................................................................................................................................................56

3.7.1 Configuration..........................................................................................................................56

3.7.2 Groups Information.................................................................................................................57

3.7.3 Statistics..................................................................................................................................58

3.8 LLDP........................................................................................................................................................59

3.8.1 LLDP Configuration..................................................................................................................59

3.8.2 LLDP Neighbors.......................................................................................................................61

3.8.3 LLDP-MED Configuration.........................................................................................................63

3.8.4 LLDP-MED Neighbors..............................................................................................................69

3.8.5 EEE..........................................................................................................................................71

3.8.6 Port Statistics...........................................................................................................................73

3.9 Filtering Data Base..................................................................................................................................74

3.9.1 Configuration..........................................................................................................................74

3.9.2 Dynamic MAC Table................................................................................................................76

3.10 VLAN.....................................................................................................................................................78

3.10.1 VLAN Membership ................................................................................................................78

3.10.2 Ports .....................................................................................................................................79

3.10.3 Switch Status ........................................................................................................................80

3.10.4 Port Status.............................................................................................................................81

3.10.5 Private VLANs........................................................................................................................83

3.10.6 MAC-based VLAN..................................................................................................................83

3.10.7 Protocol-based VLAN.............................................................................................................85

3.11 Voice VLAN............................................................................................................................................88

3.11.1 Configuration........................................................................................................................89

3.11.2 OUI........................................................................................................................................90

3.12 GARP.....................................................................................................................................................91

3.12.1 Configuration........................................................................................................................92

3.12.2 Statistics ...............................................................................................................................93

3.13 GVRP.....................................................................................................................................................93

3.13.1 Configuration........................................................................................................................94

3.13.2 Statistics ...............................................................................................................................95

3.14 QoS.......................................................................................................................................................96

3.14.1 Port Classification .................................................................................................................96

3.14.2 Port Policing .........................................................................................................................98

3.14.3 Port Scheduler ......................................................................................................................99

3.14.4 Port Shaping........................................................................................................................102

3.14.5 Port Tag Remarking ............................................................................................................104

3.14.6 Port DSCP............................................................................................................................106

3.14.7 DSCP-Based QoS.................................................................................................................107

LANCOM GS-2352

4 System Configuration............................................................................................................................................130

5 Security.................................................................................................................................................................152

3.14.8 DSCP Translation ................................................................................................................109

3.14.9 DSCP Classification .............................................................................................................110

3.14.10 QoS Control List Configuration...........................................................................................111

3.14.11 QCL Status ........................................................................................................................114

3.14.12 Storm Control....................................................................................................................116

3.14.13 WRED................................................................................................................................116

3.15 s-Flow Agent.......................................................................................................................................118

3.15.1 Collector .............................................................................................................................118

3.15.2 Sampler ..............................................................................................................................119

3.16 Loop Protection...................................................................................................................................121

3.16.1 Configuration .....................................................................................................................121

3.16.2 Status .................................................................................................................................122

3.17 Easy Port.............................................................................................................................................123

3.18 Mirroring ............................................................................................................................................125

3.19 Trap Event Severity .............................................................................................................................126

3.20 SMTP Configuration ............................................................................................................................127

3.21 UPnP ..................................................................................................................................................128

4.1 System Information...............................................................................................................................130

4.1.1 Information...........................................................................................................................130

4.1.2 Configuration........................................................................................................................131

4.1.3 CPU Load...............................................................................................................................132

4.2 Time......................................................................................................................................................133

4.2.1 Manual..................................................................................................................................133

4.2.2 NTP.......................................................................................................................................135

4.3 Account.................................................................................................................................................135

4.3.1 Users.....................................................................................................................................136

4.3.2 Privilege Level........................................................................................................................137

4.4 IP..........................................................................................................................................................138

4.4.1 IPv4 ......................................................................................................................................138

4.4.2 IPv6 ......................................................................................................................................139

4.5 Syslog....................................................................................................................................................140

4.5.1 Configuration........................................................................................................................140

4.5.2 Log........................................................................................................................................141

4.5.3 Detailed Log..........................................................................................................................142

4.6 SNMP....................................................................................................................................................143

4.6.1 System...................................................................................................................................143

4.6.2 Communities.........................................................................................................................144

4.6.3 Users.....................................................................................................................................145

4.6.4 Groups..................................................................................................................................147

4.6.5 Views.....................................................................................................................................148

4.6.6 Access...................................................................................................................................149

4.6.7 Trap.......................................................................................................................................150

LANCOM GS-2352

5.1 IP Source Guard.....................................................................................................................................152

5.1.1 Configuration........................................................................................................................152

5.1.2 Static Table............................................................................................................................153

5.1.3 Dynamic Table.......................................................................................................................154

5.2 ARP Inspection......................................................................................................................................155

5.2.1 Configuration........................................................................................................................155

5.2.2 Static Table............................................................................................................................156

5.2.3 Dynamic Table.......................................................................................................................157

5.3 DHCP Snooping.....................................................................................................................................157

5.3.1 Configuration........................................................................................................................157

5.3.2 Statistics................................................................................................................................158

5.4 DHCP Relay...........................................................................................................................................160

5.4.1 Configuration........................................................................................................................160

5.4.2 Statistics................................................................................................................................161

5.5 NAS.......................................................................................................................................................162

5.5.1 Configuration........................................................................................................................163

5.5.2 Switch Status.........................................................................................................................169

5.5.3 Port Status.............................................................................................................................170

5.6 AAA.......................................................................................................................................................172

5.6.1 Configuration........................................................................................................................172

5.6.2 Radius Overview....................................................................................................................175

5.6.3 Radius Details........................................................................................................................177

5.7 Port Security..........................................................................................................................................177

5.7.1 Limit Control..........................................................................................................................178

5.7.2 Switch Status.........................................................................................................................180

5.7.3 Port Status.............................................................................................................................181

5.8 Access Management..............................................................................................................................182

5.8.1 Configuration........................................................................................................................182

5.8.2 Statistics................................................................................................................................184

5.9 SSH.......................................................................................................................................................184

5.10 HTTPs..................................................................................................................................................185

5.11 Auth Method.......................................................................................................................................186

6 Maintenance.........................................................................................................................................................187

6.1 Restart Device.......................................................................................................................................187

6.2 Firmware ..............................................................................................................................................187

6.2.1 Firmware Upgrade.................................................................................................................187

6.2.2 Firmware Selection................................................................................................................188

6.3 Save / Restore........................................................................................................................................189

6.3.1 Factory Defaults.....................................................................................................................189

6.3.2 Save Start..............................................................................................................................190

6.3.3 Save User..............................................................................................................................190

6.3.4 Restore User..........................................................................................................................191

6.4 Export / Import......................................................................................................................................191

6.4.1 Export Config.........................................................................................................................191

LANCOM GS-2352

A. Glossary of Web-based Management...................................................................................................................197

6.4.2 Import Config........................................................................................................................192

6.5 Diagnostics............................................................................................................................................193

6.5.1 Ping.......................................................................................................................................193

6.5.2 Ping6.....................................................................................................................................194

6.5.3 VeriPHY.................................................................................................................................195

C ................................................................................................................................................................197

D ................................................................................................................................................................197

E .................................................................................................................................................................198

F .................................................................................................................................................................198

H ................................................................................................................................................................199

I .................................................................................................................................................................199

L .................................................................................................................................................................200

M ...............................................................................................................................................................201

N ................................................................................................................................................................202

O ................................................................................................................................................................202

P ................................................................................................................................................................203

Q ................................................................................................................................................................204

R ................................................................................................................................................................204

S .................................................................................................................................................................205

T .................................................................................................................................................................206

U ................................................................................................................................................................206

V ................................................................................................................................................................207

1 Introduction

1.1 Overview

In this user’s manual, it will not only show how to install and connect your network system but how to configure and monitor the GS-2300 series by (RS-232) serial interface or through the web and ethernet ports step-by-step, too. Many detailed explanations of hardware and software functions are shown as well as examples of the operation for the web-based interface.

The GS-2300 series, the next generation of web-managed switches from LANCOM, is a portfolio of affordable managed switches that provides a reliable infrastructure for your business network. These switches deliver more intelligent features to improve the availability of your critical business applications, protect your sensitive information, and optimize your network bandwidth to deliver information and applications more effectively. It provides the ideal combination of affordability and capabilities for entry level networking includes small business or enterprise application and helps you create a more efficient, better-connected workforce.

LANCOM GS-2352

1 Introduction

The GS-2352 web managed switch provides 52 ports in a single device. Additional highlights:

L2+ features provide better manageability, security, QoS, and performance.

High port count design with all Gigabit Ethernet ports

Supports guest VLAN, voice VLAN, port-based, tag-based and protocol-based VLANs.

Supports 802.3az energy efficient ethernet standard

Supports 8K MAC table

Supports IPv6/ IPv4 dual stack

Supports s-Flow

Supports Easy-Configuration-Port for easy implementation in the IP Phone, IP Camera or Wireless environment.

LANCOM GS-2352

2 Operation of Web-based Management

Initial Configuration

This chapter instructs you how to configure and manage the GS-2300 series through the web user interface. With this facility, you can easily access and monitor through any one port of the switch all the status of the switch, including MIBs status, each port activity, spanning tree status, port aggregation status, multicast traffic, VLAN and priority status, illegal access record, etc.

The default values of the GS-2300 series are listed in the table below:

172.23.56.250IP Address

255.255.255.0Subnet Mask

172.23.56.254Default Gateway

adminUsername

Password

After the switch has finished the configuration of the interface, you can browse it. For instance, type http://172.23.56.250 in the address row in a browser, it will show the following screen and ask you to input your username and password in order to login and access authentication.

The default username is “admin” and the password is "admin". For the first time, please use the default username and password, and then click the <Login> button. The login process now is completed. In the login menu, you have to use the complete username and password respectively, the GS-2300 series will not give you a shortcut to a username automatically. This looks inconvenient, but is more secure.

In the GS-2300 series, the user management allows only one administrator to configure the system at the same time. If there are two or more users using administrator access, it will allow the one who logins first to configure the system. The rest of the users, even with administrator access, can only monitor the system. Those who have no administrator access can only monitor the system regardless. Only a maximum of three users are able to login simultaneously in the GS-2300 series.

When you first login on the Switch using the web to manage you must use the Username "admin". Default

password is "admin".

Both IPv4 and IPv6 is supported for management functions.

To optimize the display effect, we recommend you use Microsoft IE 6.0 above, Netscape V7.1 above or Firefox V1.00 above and have a resolution of 1024x768. The switch supports a neutral web browser interface.

admin

The GS-2300 series is set to DHCP by default. If you do not have a DHCP server to provide an ip address to the

switch, the default ip is 172.23.56.250

LANCOM GS-2352

2 Operation of Web-based Management

LANCOM GS-2352

2 Operation of Web-based Management

2.1 Connecting network devices

The switch is designed to be connected to 10, 100 or 1000Mbps network cards in PCs and servers, as well as to other switches and hubs. It may also be connected to remote devices using optional SFP transceivers.

2.2 Twisted-pair devices

Each device requires an unshielded twisted-pair (UTP) cable with RJ45 connectors at both ends. Use Category 5, 5e or 6 cable for 1000BASE-T connections, Category 5 or better for 100BASE-TX connections.

2.3 Cabling guidelines

The RJ45 ports on the switch support automatic MDI/MDI-X pin-out configuration, so you can use standard straight-through twisted-pair cables to connect to any other network device (PCs, servers, switches, routers, or hubs).

See Appendix B for further information on cabling.

CAUTION: Do not plug a phone jack connector into an RJ45 port. This will damage the switch. Use only twisted-pair

cables with RJ45 connectors that conform to FCC standards.

CONNECTING TO PCS, SERVERS, HUBS AND SWITCHES

Step 1: Attach one end of a twisted-pair cable segment to the device’s RJ45 connector.

Figure 16: Making Twisted-Pair Connections

Step 2: If the device is a network card and the switch is in the wiring closet, attach the other end of the cable segment to a modular wall outlet that is connected to the wiring closet. (See the section “Network Wiring Connections.”) Otherwise, attach the other end to an available port on the switch.

Make sure each twisted pair cable does not exceed 100 meters (328 ft) in length.

Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise

back pressure jamming signals may degrade overall performance for the segment attached to the hub.

Step 3: As each connection is made, the Link LED (on the switch) corresponding to each port will light green (1000 Mbps) or amber (100 Mbps) to indicate that the connection is valid.

NETWORK WIRING CONNECTIONS

Today, the patch-down block is an integral part of many of the newer equipment racks. It is actually part of the patch panel. Instructions for making connections in the wiring closet with this type of equipment follows.

Step 1: Attach one end of a patch cable to an available port on the switch, and the other end to the patch panel.

Step 2: If not already in place, attach one end of a cable segment to the back of the patch panel where the punch-down block is located, and the other end to a modular wall outlet.

Step 3: Label the cables to simplify future troubleshooting. See “Cable Labeling and Connection Records” .

Figure 17: Network Wiring Connections

3 Configuration

This chapter describes all of the basic network configuration tasks which include the Ports, Layer 2 network protocol (e.g. VLANs, QoS, IGMP, ACLs, and PoE, etc.) and any setting of the Switch.

3.1 Port

The section describes how to configure the Port detail parameters of the switch. You can use the Port configuration to monitor, enable, or disable the ports of the switch.

3.1.1 Configuration

This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including

LANCOM GS-2352

3 Configuration

Linkup/Linkdown

Speed (Current and configured)

Flow Control (Current Rx, Current Tx and Configured)

Maximum Frame Size

Excessive Collision Mode

Power Control.

Web Interface

To configure a Port in the web interface:

1. Click Configuration, Port, then Configuration

2. Specify the Speed Configured, Flow Control, Maximum Frame size, Excessive Collision mode, and Power Control.

3. Click Save.

Figure 3-1.1: The Port Configuration

LANCOM GS-2352

3 Configuration

Parameter description:

Port:

The logical port number for this row.

Link:

The current link state is displayed graphically. Green indicates the link is up and red that it is down.

Current Link Speed:

Provides the current link speed of the port.

Configured Link Speed:

Select any available link speed for the given switch port.

Auto Speed selects the highest speed that is compatible with a link partner.

Disabled disables the switch port operation.

Flow Control:

When Auto Speed is selected on a port, this section indicates the flow control capability that is advertised to the link partner. When a fixed-speed setting is selected, that is what is used. The Current Rx column indicates whether pause frames on the port are obeyed, and the Current Tx column indicates whether pause frames on the port are transmitted. The Rx and Tx settings are determined by the result of the last Auto-Negotiation.

Check the configured column to use flow control. This setting is related to the setting for Configured Link Speed.

Maximum Frame Size:

Enter the maximum frame size allowed for the switch port, including FCS.

Excessive Collision Mode:

Configure port transmit collision behavior.

Discard: Discard frame after 16 collisions (default).

Restart: Restart backoff algorithm after 16 collisions.

Power Control:

The Usage column shows the current percentage of the power consumption per port. The Configured column allows for changing the power savings mode parameters per port.

Disabled: All power savings mechanisms disabled.

ActiPHY: Link down power savings enabled.

PerfectReach: Link up power savings enabled.

Enabled: Both link up and link down power savings enabled.

Buttons:

Save – Click to save changes.

Reset – Click to undo any changes made locally and revert to previously saved values.

Refresh – Refresh the ports link status manually

3.1.2 Port Description

This section describes how to configure the port’s alias or any descriptions for the ports identity. It provides user the option to enter an alphanumeric string describing the full name and/or additional information, eg the usage of the port.

Web Interface

To enter a Port Description in the web interface:

1. Click Configuration, Port, then Port Description

2. Specify the detail port alias or description.

3. Click Save.

Figure 3-1.2: The Port Configuration

LANCOM GS-2352

3 Configuration

Parameter description:

Port:

The logical port number for this row.

Description:

The description of device ports must not include “ # % & ‘ + \.

Buttons

Apply – Click to save changes.

Reset – Click to undo any changes made locally and revert to previously saved values.

3.1.3 Traffic Overview

This section describes the port statistics information and provides an overview of general traffic statistics for all switch ports.

Web Interface

To display the Port Statistics Overview in the web interface:

1. Click Configuration, Port, then Traffic Overview

2. If you want to auto-refresh, you need to activate “Auto-refresh”.

3. Click "Refresh" to refresh the port statistics or click "Clear" to clear all information.

LANCOM GS-2352

3 Configuration

Figure 3-1.3: The Port Statistics Overview

Parameter description:

Port

The logical port for the settings contained in the same row.

Packets

The number of received and transmitted packets per port.

Bytes

The number of received and transmitted bytes per port.

Errors

The number of frames received in error and the number of incomplete transmissions per port.

Drops

The number of frames discarded due to ingress or egress congestion.

Filtered

The number of received frames filtered by the forwarding

Auto-refresh

Activate the auto-refresh to refresh the information automatically.

Refresh

Refresh the Port Statistics information.

Clear

Clean up all Port Statistics.

3.1.4 Detailed Statistics

The section describes how to provide detailed traffic statistics for a specific switch port. Use the port select box to select which switch port details to display.

The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit.

Web Interface

To display the per Port detailed Statistics Overview in the web interface:

1. Click Configuration, Port, then Detailed Port Statistics

2. Scroll the Port Index to select which port you want to show the detailed Port statistics overview.

3. If you want to auto-refresh the information then you need to activate “Auto-refresh”.

4. Click “ Refresh“ to refresh the port detailed statistics or click "Clear" to clear all information.

Figure 3-1.4: The Detailed Port Statistics

LANCOM GS-2352

3 Configuration

Parameter description:

Auto-refresh:

To activate the auto-refresh to refresh the Port Statistics information automatically.

Upper left scroll bar:

To scroll which port to display the Port statistics with “Port-0”, “Port-1...

Receive Total and Transmit Total

Rx and Tx Packets:

The number of received and transmitted (good and bad) packets.

Rx and Tx Octets:

The number of received and transmitted (good and bad) bytes. Includes FCS, but excluding framing bits.

Rx and Tx Unicast

The number of received and transmitted (good and bad) unicast packets.

Rx and Tx Multicast:

The number of received and transmitted (good and bad) multicast packets.

Rx and Tx Broadcast:

The number of received and transmitted (good and bad) broadcast packets.

Rx and Tx Pause:

LANCOM GS-2352

3 Configuration

A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation.

Receive and Transmit Size Counters

The number of received and transmitted (good and bad) packets split into categories based on their respective frame sizes.

Receive and Transmit Queue Counters

The number of received and transmitted packets per input and output queue.

Receive Error Counters

Rx Drops:

The number of frames dropped due to lack of receive buffers or egress congestion.

Rx CRC/Alignment:

The number of frames received with CRC or alignment errors.

Rx Undersize:

The number of short 1 frames received with valid CRC.

Rx Oversize:

The number of long 2 frames received with valid CRC.

Rx Fragments:

The number of short 1 frames received with invalid CRC.

Rx Jabber:

The number of long 2 frames received with invalid CRC.

Rx Filtered:

The number of received frames filtered by the forwarding process.

Short frames are frames that are smaller than 64 bytes.

Long frames are frames that are longer than the configured maximum frame length for this port.

Transmit Error Counters

Tx Drops:

The number of frames dropped due to output buffer congestion.

Tx Late/Exc. Coll.:

The number of frames dropped due to excessive or late collisions.

Auto-refresh:

To activate the auto-refresh to refresh the Queuing Counters automatically.

Refresh

Refresh the detailed port statistics manually.

Clear

Clear the detailed port statistics manually.

3.1.5 QoS Statistics

The section describes that switch could display the QoS detailed Queuing counters for a specific switch port. for the different queues for all switch ports.

Web Interface

To display the Queuing Counters in the web interface:

1. Click Configuration, Port, then QoS Statistics

2. If you want to auto-refresh the information then you need to activate “Auto-refresh”.

3. Click “ Refresh“ to refresh the Queuing Counters or click "Clear" to clear all information.

Figure 3-1.5: The Queuing Counters Overview

Parameter description:

Port:

The logical port for the settings contained in the same row.

LANCOM GS-2352

3 Configuration

Qn:

Qn is the Queue number, QoS queues per port. Q0 is the lowest priority queue.

Rx/Tx:

The number of received and transmitted packets per queue.

Auto-refresh:

To activate the auto-refresh to refresh the Queuing Counters automatically.

Refresh

Refresh the Queuing Counters manually.

Clear

Clear the Queuing Counters manually.

3.1.6 SFP Information

The section describes the SFP module information which you will see when you connect an SFP module to the switch. The information includes: Connector type, Fiber type, wavelength, baud rate and Vendor OUI etc.

Web Interface

To display the SFP information in the web interface:

1. Click Configuration, Port, then SFP Information

Figure 3-1.6: The SFP Information Overview

LANCOM GS-2352

3 Configuration

Parameter description:

Connector Type:

Display the connector type, for instance, UTP, SC, ST, LC and so on.

Fiber Type:

Display the fiber mode, for instance, Multi-Mode, Single-Mode.

Tx Central Wavelength:

Display the fiber optical transmitting central wavelength, for instance, 850nm, 1310nm, 1550nm and so on.

Baud Rate:

Display the maximum baud rate of the fiber module supported, for instance, 10M, 100M, 1G and so on.

Vendor OUI:

Display the Manufacturer's OUI code which is assigned by IEEE.

Vendor Name:

Display the company name of the module manufacturer.

Vendor P/N:

Display the product name of the naming by module manufacturer.

Vendor Rev (Revision):

Display the module revision.

Vendor SN (Serial Number):

Show the serial number assigned by the manufacturer.

Date Code:

Show the date this SFP module was made.

Temperature:

Show the current temperature of SFP module.

Vcc:

Show the working DC voltage of SFP module.

Mon1(Bias) mA:

Show the Bias current of SFP module.

Mon2(TX PWR):

3.2 ACL

3.2.1 Ports

LANCOM GS-2352

3 Configuration

Show the transmit power of SFP module.

Mon3(RX PWR):

Show the receiver power of SFP module.

The GS-2300 series access control list (ACL) is probably the most commonly used object in the IOS. It is used for packet filtering but also for selecting types of traffic to be analyzed, forwarded, or influenced in some way. The ACLs are divided into EtherTypes. IPv4, ARP protocol, MAC and VLAN parameters etc. Here we will just go over the standard and extended access lists for TCP/IP. As you create ACEs for ingress classification, you can assign a policy for each port, the policy number is 1-8. However, each policy can be applied to any port. This makes it very easy to determine what type of ACL policy you will be working with.

The section describes how to configure the ACL parameters (ACE) of the each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE.

Web Interface

To configure the ACL Ports in the web interface:

1. Click Configuration, ACL, then Ports

2. To scroll the specific parameter value to select the correct value for port ACL setting.

3. Click save to save the setting

4. If you want to cancel the setting then you need to click the reset button. It will revert to previously saved values.

5. After your configuration is complete you can see the counter of the port. Then you could click refresh to update the counter or clear the information.

Figure 3-2.1: The ACL Ports Configuration

Parameter description:

Port:

The logical port for the settings contained in the same row.

Policy ID:

Select the policy to apply to this port. The allowed values are 1 through 8. The default value is 1.

Action:

LANCOM GS-2352

3 Configuration

Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit".

Rate Limiter ID:

Select which rate limiter to apply on this port. The allowed values are Disabled or the values 1 through 16. The default value is "Disabled".

Port Copy:

Select which port frames are copied on. The allowed values are Disabled or a specific port number. The default value is "Disabled".

Mirror:

Specify the mirror operation of this port. The allowed values are:

Enabled: Frames received on the port are mirrored.

Disabled: Frames received on the port are not mirrored.

The default value is "Disabled".

Logging:

Specify the logging operation of this port. The allowed values are:

Enabled: Frames received on the port are stored in the System Log.

Disabled: Frames received on the port are not logged.

The default value is "Disabled". Please note that the System Log memory size and logging rate is limited.

Shutdown:

Specify the port shut down operation of this port. The allowed values are:

Enabled: If a frame is received on the port, the port will be disabled.

Disabled: Port shut down is disabled.

The default value is "Disabled".

Counter:

Counts the number of frames that match this ACE.

Buttons

Save – Click to save changes.

Reset – Click to undo any changes made locally and revert to previously saved values.

Refresh

Refresh the ACL Port Configuration manually.

Clear

Clear the ACL Port Configuration manually.

3.2.2 Rate Limiters

The section describes how to configure the switch’s ACL Rate Limiter parameters. The Rate Limiter Level from 1 to 16 allows the user to set rate limiter values and units (pps or kbps).

Web Interface

To configure ACL Rate Limiter in the web interface:

1. Click Configuration, ACL, then Rate Limiter

2. Specify the Rate field and the range from 0 to 3276700.

LANCOM GS-2352

3 Configuration

3. Select the unit: pps or kbps.

4. Click save to save the settings.

5. If you want to cancel the setting then you need to click the reset button. It will revert to previously saved values.

Figure 3-2.2: The ACL Rate Limiter Configuration

Parameter description:

Rate Limiter ID:

The rate limiter ID for the settings contained in the same row.

Rate

The allowed values are: 0-3276700 in pps or 0, 100, 200, 300, ..., 1000000 in kbps.

Unit:

Specify the rate unit. The allowed values are:

pps: packets per second.

kbps: Kbits per second.

Buttons

Save – Click to save changes.

Reset – Click to undo any changes made locally and revert to previously saved values.

3.2.3 Access Control List

The section describes how to configure Access Control List rules. An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted. Other actions can also be invoked when a matching packet is found, including rate limiting, copying matching packets to another port or to the system log, or shutting down a port.

LANCOM GS-2352

3 Configuration

This page shows the Access Control List (ACL), which is made up of the ACEs defined on this switch. Each row describes the ACE that is defined. The maximum number of ACEs is 256 on each switch. Click on the lowest plus sign to add a new ACE to the list. The reserved ACEs are used for internal protocol and cannot be edited or deleted, the order sequence cannot be changed and the priority is highest

Web Interface

To configure Access Control Lists in the web interface:

1. Click Configuration, ACL, then Configuration

2. Click the button to add a new ACL, or use the other ACL

modification buttons to specify the editing action (i.e., edit, delete, or moving the relative position of entry in the list)

3. Specify the parameters of the ACE

4. Click save to save the settings.

5. If you want to cancel the setting then you need to click the reset button. It will revert to previously saved values.

6. When editing an entry on the ACE Configuration page, note that the Items displayed depend on various selections, such as Frame Type and IP Protocol Type. Specify the relevant criteria to be matched for this rule, and set the actions to take when a rule is matched (such as Rate Limiter, Port Copy, Logging, and Shutdown).

Figure 3-2.3: The ACL Rate Limiter Configuration

Parameter description:

Ingress Port:

Indicates the ingress port of the ACE. Possible values are:

Any: The ACE will match any ingress port.

Policy: The ACE will match ingress ports with a specific policy.

Port: The ACE will match a specific ingress port.

Frame Type:

LANCOM GS-2352

3 Configuration

Indicates the frame type of the ACE. Possible values are:

Any: The ACE will match any frame type.

Ethernet ype: The ACE will match Ethernet Type frames. Note that an Ethernet Type based ACE will not get matched by IP and ARP frames.

ARP: The ACE will match ARP/RARP frames.

IPv4: The ACE will match all IPv4 frames.

Action:

Indicates the forwarding action of the ACE.

Permit: Frames matching the ACE may be forwarded and learned.

Deny: Frames matching the ACE are dropped.

Rate Limiter:

Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.

Port Copy:

Indicates the port copy operation of the ACE. Frames matching the ACE are copied to the port number. The allowed values are Disabled or a specific port number. When Disabled is displayed, the port copy operation is disabled.

Mirror:

Specify the mirror operation of this port. The allowed values are:

Enabled: Frames received on the port are mirrored.

Disabled: Frames received on the port are not mirrored.

The default value is "Disabled".

Logging:

Indicates the logging operation of the ACE. Possible values are:

Enabled: Frames matching the ACE are stored in the System Log.

Disabled: Frames matching the ACE are not logged.

Please note that the System Log memory size and logging rate is limited.

Shutdown:

Indicates the port shut down operation of the ACE. Possible values are:

Enabled: If a frame matches the ACE, the ingress port will be disabled.

Disabled: Port shut down is disabled for the ACE.

Counter:

The counter indicates the number of times the ACE was hit by a frame.

Modification Buttons

You can modify each ACE (Access Control Entry) in the table using the following buttons:

: Inserts a new ACE before the current row.

: Edits the ACE row.

: Moves the ACE up the list.

: Moves the ACE down the list.

: Deletes the ACE.

LANCOM GS-2352

3 Configuration

MAC Parameter:

SMAC Filter

(Only displayed when the frame type is Ethernet Type or ARP.)

Specify the source MAC filter for this ACE.

Any: No SMAC filter is specified. (SMAC filter status is "don't-care".)

Specific: If you want to filter a specific source MAC address with this ACE, choose this value. A field for entering an SMAC value appears.

SMAC Value

When "Specific" is selected for the SMAC filter, you can enter a specific source MAC address. The legal format is "xx-xx-xx-xx-xx-xx" or "xx.xx.xx.xx.xx.xx" or "xxxxxxxxxxxx" (x is a hexadecimal digit). A frame that hits this ACE matches this SMAC value.

DMAC Filter

Specify the destination MAC filter for this ACE.

Any: No DMAC filter is specified. (DMAC filter status is "don't-care".)

: The lowest plus sign adds a new entry at the bottom of the ACE listings.

MC: Frame must be multicast.

BC: Frame must be broadcast.

UC: Frame must be unicast.

Specific: If you want to filter a specific destination MAC address with this ACE, choose this value. A field for entering a DMAC value appears.

DMAC Value

When "Specific" is selected for the DMAC filter, you can enter a specific destination MAC address. The legal format is "xx-xx-xx-xx-xx-xx" or "xx.xx.xx.xx.xx.xx" or "xxxxxxxxxxxx" (x is a hexadecimal digit). A frame that hits this ACE matches this DMAC value.

Buttons

Save – Click to save changes.

Reset – Click to undo any changes made locally and revert to previously saved values.

Auto-refresh:

Activate the auto-refresh to refresh the information automatically.

Refresh

Refresh the ACL configuration manually

Clear

Clear the ACL configuration.

Remove All

Remove all ACL configurations from the table.

3.2.4 ACL Status

The section describes how to shows the ACL status by different ACL users. Each row describes the ACE that is defined. It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations. The maximum number of ACEs is 256 on each switch.

Web Interface

To display the ACL status in the web interface:

1. Click Configuration, ACL, then ACL status

2. If you want to auto-refresh the information then you need to activate “Auto-refresh”.

3. Click “Refresh“ to refresh the ACL Status

Figure 3-2.4: The ACL Status

Parameter description:

User:

Indicates the ACL user.

Ingress Port:

LANCOM GS-2352

3 Configuration

Indicates the ingress port of the ACE. Possible values are:

Any: The ACE will match any ingress port.

Policy: The ACE will match ingress ports with a specific policy.

Port: The ACE will match a specific ingress port.

Frame Type:

Indicates the frame type of the ACE. Possible values are:

Any: The ACE will match any frame type.

EType: The ACE will match Ethernet Type frames. Note that an Ethernet Type based ACE will not get matched by IP and ARP frames.

ARP: The ACE will match ARP/RARP frames.

IPv4: The ACE will match all IPv4 frames.

Action:

Indicates the forwarding action of the ACE.

Permit: Frames matching the ACE may be forwarded and learned.

Deny: Frames matching the ACE are dropped.

Rate Limiter:

Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.

Port Copy:

Mirror:

Specify the mirror operation of this port. The allowed values are:

Enabled: Frames received on the port are mirrored.

Disabled: Frames received on the port are not mirrored.

LANCOM GS-2352

3 Configuration

The default value is "Disabled".

CPU:

Forward packet that matched the specific ACE to CPU.

CPU Once:

Forward first packet that matched the specific ACE to CPU.

Counter:

The counter indicates the number of times the ACE was hit by a frame.

Conflict:

Indicates the hardware status of the specific ACE. The specific ACE is not applied to the hardware due to hardware limitations.

Auto-refresh:

Activate the auto-refresh to refresh the information automatically.

Refresh

Refresh the ACL status information manually.

3.3 Aggregation

You can bundle more than one port with the same speed, full duplex and the same MAC to be a single logical port, thus the logical port aggregates the bandwidth of these ports. This means you can apply your current Ethernet equipment’s to build the bandwidth aggregation. For example, if there are three Fast Ethernet ports aggregated in a logical port, then this logical port has bandwidth three times as high as a single Fast Ethernet port has.

3.3.1 Static Trunk

The Aggregation Configuration is used to configure the settings of Link Aggregation. You can bundle more than one port with the same speed, full duplex and the same MAC to be a single logical port, thus the logical port aggregates the bandwidth of these ports. This means you can apply your current Ethernet equipment’s to build the bandwidth aggregation.

3-3.1.1 Static Trunk

Ports using Static Trunk as their trunk method can choose their unique Static GroupID to form a logic “trunked port”. The benefit of using Static Trunk method is that a port can immediately become a member of a trunk group without any handshaking with its peer port. This is also a disadvantage because the peer ports of your static trunk group may not know that they should be aggregate together to form a “logic trunked port”. Using Static Trunk on both end of a link is strongly recommended. Please also note that low speed links will stay in “not ready” state when using static trunk to aggregate with high speed links.

Web Interface

To configure the Trunk Aggregation Hash mode and Aggregation Group in the web interface:

1. Click Configuration, Static Trunk, and then Aggregation Mode Configuration.

2. Activate to enable or disable the aggregation mode function.

Activate Aggregation Group ID and Port members

3. Click Save to save the setting

4. If you want to cancel the setting then you need to click the reset button. It will revert to previously saved values.

Figure 3-3.1.1: The Aggregation Mode Configuration

LANCOM GS-2352

3 Configuration

Parameter description:

Hash Code Contributors

Source MAC Address:

The Source MAC address can be used to calculate the destination port for the frame. Check to enable the use of the Source MAC address, or uncheck to disable. By default, Source MAC Address is enabled.

Destination MAC Address:

The Destination MAC Address can be used to calculate the destination port for the frame. Check to enable the use of the Destination MAC Address, or uncheck to disable. By default, Destination MAC Address is disabled.

IP Address:

The IP address can be used to calculate the destination port for the frame. Check to enable the use of the IP Address, or uncheck to disable. By default, IP Address is enabled.

TCP/UDP Port Number:

The TCP/UDP port number can be used to calculate the destination port for the frame. Check to enable the use of the TCP/UDP Port Number, or uncheck to disable. By default, TCP/UDP Port Number is enabled.

Aggregation Group Configuration

Locality:

Indicates the aggregation group type. This field is only valid for switches.

Global: The group members may reside on different units. The device supports two 8-port global aggregations.

Local: The group members reside on the same unit. Each local aggregation may consist of up to 16 members.

Group ID:

Indicates the group ID for the settings contained in the same row. Group ID "Normal" indicates there is no aggregation. Only one group ID is valid per port.

Port Members:

Each switch port is listed for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and ports must be in the same speed in each group.

Buttons

Save – Click to save changes.

Reset – Click to undo any changes made locally and revert to previously saved values.

LANCOM GS-2352

3 Configuration

3.3.2 LACP

Ports using Link Aggregation Control Protocol (according to IEEE 802.3ad specification) as their trunking method can choose their unique LACP GroupID to form a logic “trunked port”. The benefit of using LACP is that a port makes an agreement with its peer port before it becomes a ready member of a “trunk group” (also called aggregator). LACP is safer than the other trunking method - static trunk.

3-3.2.1 Configuration

This page allows the user to inspect the current LACP port configurations, and possibly change them as well An LACP trunk group with more than one ready member-ports is a “real trunked” group. An LACP trunk group with only one or less than one ready member-ports is not a “real trunked” group.

Web Interface

To configure the Trunk Aggregation LACP parameters in the web interface:

1. Click Configuration, LACP, Configuration

2. Activate to enable or disable the LACP on the port.

3. Select the Key parameter: Auto or specific value. Default is Auto.

4. Select the Role: Active or Passive. Default is Active.

5. Click Save to save the settings

6. If you want to cancel the setting then you need to click the reset button. It will revert to previously saved values.

Figure 3-3.2.1: The LACP Port Configuration

Parameter description:

Port:

The switch port number.

LACP Enabled:

Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. LACP can form max 12 LLAGs per switch and 2 GLAGs.

Key:

The Key value incurred by the port, range 1-65535 . The Auto setting will set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3. Using the Specific setting, a user-defined value can be entered. Ports with the same Key value can participate in the same aggregation group, while ports with different keys cannot.

Role:

The Role shows the LACP activity status. The Active will transmit LACP packets each second, while Passive will wait for a LACP packet from a partner (speak if spoken to).

Buttons

Save – Click to save changes.

LANCOM GS-2352

Reset – Click to undo any changes made locally and revert to previously saved values.

3-3.2.2 System Status

This section describes the LACP System Status which is provided when LACP is configured on the switch.

Web Interface

To display the LACP System status in the web interface:

1. Click Configuration, LACP, System Status

2. If you want to auto-refresh the information then you need to activate “Auto-refresh”.

3. Click “Refresh“ to refresh the LACP System Status.

Figure 3-3.2.2: The LACP System Status

3 Configuration

Parameter description:

Aggr ID:

The Aggregation ID associated with this aggregation instance. For LLAG the id is shown as 'isid:aggr-id' and for GLAGs as 'aggr-id'

Partner System ID:

The system ID (MAC address) of the aggregation partner.

Partner Key:

The Key that the partner has assigned to this aggregation ID.

Last changed:

The time since this aggregation changed.

Local Ports:

Shows which ports are a part of this aggregation for this switch. The format is: "Switch ID:Port".

Auto-refresh:

To activate the auto-refresh to refresh the information automatically.

Refresh

Refresh the LACP System status information manually.

3-3.2.3 Port Status

This section describes the LACP Status which is provided when LACP is configured on the switch.

Web Interface

To display the LACP Port status in the web interface:

1. Click Configuration, LACP, Port Status

2. If you want to auto-refresh the information then you need to activate “Auto-refresh”.

3. Click “Refresh“ to refresh the LACP Port Status.

LANCOM GS-2352

3 Configuration

Figure 3-3.2.3: The LACP Status

Parameter description:

Port:

The switch port number.

LACP:

'Yes' means that LACP is enabled and the port link is up. 'No' means that LACP is not enabled or that the port link is down. 'Backup' means that the port could not join the aggregation group but will join if other port leaves. Meanwhile its LACP status is disabled.

Key:

The key assigned to this port. Only ports with the same key can aggregate together.

Aggr ID:

The Aggregation ID assigned to this aggregation group. IDs 1 and 2 are GLAGs while IDs 3-14 are LLAGs.

Partner System ID:

The partner's System ID (MAC address).

Partner Port:

The partner's port number connected to this port.

Auto-refresh:

To activate the auto-refresh to refresh the information automatically.

Refresh:

Refresh the LACP port status information manually.

3-3.2.4 Port Statistics

This section describes the LACP Statistics which are provided when LACP is configured on the switch.

Web Interface

To display the LACP Port statistics in the web interface:

1. Click Configuration, LACP, Port Statistics

2. If you want to auto-refresh the information then you need to activate “Auto refresh”.

3. Click “Refresh“ to refresh the LACP Statistics.

Figure 3-3.2.4: The LACP Statistics

+ 177 hidden pages

Lancom GS-2352 operation manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

1 Introduction

1.1 Overview

2 Operation of Web-based Management

2.1 Connecting network devices

2.2 Twisted-pair devices

2.3 Cabling guidelines

3 Configuration

3.1 Port

3.1.1 Configuration

3.1.2 Port Description

3.1.3 Traffic Overview

3.1.4 Detailed Statistics

3.1.5 QoS Statistics

3.1.6 SFP Information

3.2 ACL

3.2.1 Ports

3.2.2 Rate Limiters

3.2.3 Access Control List

3.2.4 ACL Status

3.3 Aggregation

3.3.1 Static Trunk

3.3.2 LACP