Lantech LGS-2816C-RPS User Manual

Lantech

LGS-2816C-RPS

16 100/1000M SFP+ 8 10/100/1000T/Dual

Speed SFP Combo L2 Plus Managed

Switch w/ Redundant Power Supply

User Manual

M

ANAGEMENT

LGS-2816C-RPS

16 100/1000M SFP+ 8 10/100/1000T/Dual Speed SFP Combo L2 Plus Managed Switch w/
Redundant Power Supply

G

UIDE

LGS-2816C-RPS

Publication date: March., 2011

Revision v5.17

ABOUT THIS GUIDE

PURPOSE This guide gives specific information on how to operate and

AUDIENCE The guide is intended for use by network administrators who

CONVENTIONS The following conventions are used throughout this guide

RELATED PUBLICATIONS The following publication details the hardware features of the

use the management functions of the switch.

are responsible for operating and maintaining network
equipment; consequently, it assumes a basic working
knowledge of general switch functions, the Internet Protocol
(IP), and Simple Network Management Protocol (SNMP).

to show information:

NOTE: Emphasizes important information or calls your attention to

related features or instructions.

C

AUTION

data, or damage the system or equipment.

W

ARNING

injury.

switch, including the physical and performance-related
characteristics, and how to install the switch:

The Installation Guide

Also, as part of the switch‘s software, there is an online web­based help that describes all management related features.

:

Alerts you to a potential hazard that could cause loss of

:

Alerts you to a potential hazard that could cause personal

Release

Date

Revision

5.17

01/10/2010

B1

Revision History

CONTENTS

– 6 –

SECTION I GETTING STARTED

This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.

This section includes these chapters:

◆

―Introduction‖

◆

―Initial Switch Configuration‖

1 INTRODUCTION

This switch provides a broad range of features for Layer 2 plus switching.
It includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of
the features provided by this switch. However, there are many options
that you should configure to maximize the switch‘s performance for your
particular network environment.

KEY FEATURES

Table 1: Key Features

Feature Description

Configuration
Backup and
Restore

Authentication Console, Telnet, web – user name/password, RADIUS,

Access Control Lists Supports up to 128 Access Control Entries (ACEs), using the

DHCP Client Supported

DNS Proxy service

Port Configuration Speed, duplex mode, flow control, MTU, response to

Rate Limiting Input rate limiting per port (using ACL)

Port Mirroring One or more ports mirrored to single analysis port

Port Trunking Supports up to 14 trunks using either static or dynamic trunking

Storm Control Throttling for broadcast, multicast, and unknown unicast storms

Address Table Up to 8K MAC addresses in the forwarding table, 1024 static MAC

Backup to management station or TFTP server

TACACS+ Web – HTTPS

Telnet –

SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
DHCP Snooping
IP Source Guard

shared 128 ACEs for ingress classification

excessive collisions, power saving mode

(LACP)

addresse

s

IP Version 4

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and­Forward

Switching

Spanning Tree Algorithm Supports Rapid Spanning Tree Protocol (RSTP), which includes

Supports IPv4 addressing, management, and QoS

Supported to ensure wire-speed switching while eliminating
bad frames

STP backward compatible mode

SYSLOG

The Syslog is a standard for logging program messages . It allows
separation of the software that generates messages from the
system that stores them and the software that reports and analyzes
them. It is supported by a wide variety of devices and receivers
across multiple platforms.

QoS

Support Quality of Service by the IEEE 802.1P standard. There are
two priority queue and packet transmission schedule. multiple
platforms.

SNMP/RMON

SNMP agent and RMON MIB. In the device, SNMP agent is a client software
which is operating over SNMP protocol used to receive the command from
SNMP manager (server site) and echo the corresponded data, i.e. MIB object.
Besides, SNMP agent will actively issue TRAP information when happened.

RMON is the abbreviation of Remote Network Monitoring and is a branch of the
SNMP MIB.

The device supports MIB-2 (RFC 1213), Bridge MIB (RFC 1493), RMON MIB
(RFC 1757)-statistics Group 1,2,3,9, Ethernet-like MIB (RFC 1643), Ethernet
MIB (RFC 1643) and so on.multiple platforms.

Table 1-2: Key Features (Continued)

Feature Description

Virtual LANs Up to 4K using IEEE 802.1Q, port-based, and private VLANs

Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID,

TCP/ UDP port, DSCP, ToS bit, VLAN tag priority, or port

Qualify of Service Supports Differentiated Services (DiffServ), and DSCP
remarking

Multicast Filtering Supports IGMP snooping and Proxy

DESCRIPTION OF FIRMWARE FEATURES

The switch provides a wide range of advanced performance and
Security enhancing features. Flow control eliminates the loss of packets
due to bottlenecks caused by port saturation. Storm suppression
prevents broadcast, multicast, and unknown unicast traffic storms from
engulfing the network. Untagged (port-based) and tagged VLANs, plus
support for automatic GVRP VLAN registration provide traffic security
and efficient use of network bandwidth. QoS priority queueing ensures
the minimum delay for moving real-time multimedia data across the
network. While IGMP Snooping function provides support for real-time
network applications.

Others the switch also supports TACACS+ and RADIUS authentication
for management security requirement and SSL and SSH for encryption
for all HTTP traffic and all transmitted data for secure, remote
command-line interface (CLI) access over IP networks

Some of the management features are briefly described below.

IGMP SNOOPING

Support IGMP version 2 (RFC 2236): The function IGMP snooping is
used to establish the multicast groups to forward the multicast
packet to the member ports, and, in nature, avoid wasting the
bandwidth while IP multicast packets are running over the network.

ACCESS CONTROL

LISTS

The ACLs are divided into EtherTypes. IPv4, ARP protocol, MAC and

VLAN parameters etc. Here we will just go over the standard and
extended access lists for TCP/IP. As you create ACEs for ingress
classification, you can assign a policy for each port, the policy
number is 1-8, however, each policy can be applied to any port.
This makes it very easy to determine what type of ACL policy you
will be working with.

SECURIY

AND

AUTHENTICATION

This switch provides management access via the console port,
Telnet, or a web browser. User names and passwords can be
configured locally or can be verified via a remote authentication
server (i.e., RADIUS or TACACS+).

Port-based authentication is also supported via the IEEE 802.1X
protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client,
and then uses the EAP between the switch and the authentication
server to verify the client‘s right to access the network via an
authentication server (i.e., RADIUS server).

Other authentication options include HTTPS for secure management
access via the web, SSH for secure management access over a
Telnet-equivalent connection, SNMP Version 3, IP address filtering
for web/SNMP/Telnet/SSH management access, and MAC address

filtering for port access.

IGMP PROXY

The implementation of IP multicast processing. The switch supports IGMP
version 1 and IGMP version 2, efficient use of network bandwidth, and fast
response time for channel changing. IGMP version 1 (IGMPv1) is described in
RFC1112 ,and IGMP version 2 (IGMPv2) is described in RFC 2236. Hosts
interact with the system through the exchange of IGMP messages. Similarly,
when you configure IGMP proxy, the system interacts with the router on its
upstream interface through the exchange of IGMP messages. However, when
acting as the proxy, the system performs the host portion of the IGMP task on
the upstream interface as follows:

 When queried, sends group membership reports to the group.
 When one of its hosts joins a multicast address group to which

none of its other hosts belong, sends unsolicited group
membership reports to that group.

 When the last of its hosts in a particular multicast group leaves the

group, sends an unsolicited leave group membership report to the
all-routers group (244.0.0.2).

NOTE: The SSL only provide the CLI for switch management and SSH

default enable without UI for management.

REDUDANT

POWER SUPPLY

Provide a D-Sub connector on rear panel to connect to RP-2000
External/Redundant system for provide a full power cord
redundancy solution that can protect against a single power main
failure

POWER SAVING

The Power saving using the "ActiPHY Power Management" and
"PerfectReach Power Management" two techniques to detect the
client idle and cable length automatically and provides the different
power.

Q-in-Q VLAN FOR

PERFORMANCE AND

SECURITY

The VLAN feature in the switch offers the benefits of both security
and performance. VLAN is used to isolate traffic between different
users and thus provides better security. Limiting the broadcast traffic
to within the same VLAN broadcast domain also enhances
performance. Q-in-Q, the use of double VLAN tags is an efficient
method for enabling Subscriber Aggregation. This is very useful in
the MAN.

MVR

Multicast VLAN Registration (MVR) can support carrier to serve
content provider using multicast for Video streaming application in
the network. Each content provider Video streaming has a dedicated
multicast VLAN. The MVR routes packets received in a multicast
source VLAN to one or more receive VLANs. Clients are in the receive
VLANs and the multicast server is in the source VLAN.

PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow

control used on specific ports, or use auto-negotiation to detect the
connection settings used by the attached device. Flow control should
also be enabled to control network traffic during periods of congestion
and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3 x
standards.

PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor

You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be

manually set up or dynamically configured using Link Aggregation
Control Protocol (LACP). The additional ports dramatically increase the
throughput across any connection, and provide redundancy by taking
over the load if a port in the trunk should fail.

STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents

traffic from overwhelming the network. When enabled on a port, the
level of broadcast traffic passing through the port is restricted. If
broadcast traffic rises above a pre-defined threshold, it will be throttled
until the level falls back beneath the threshold.

port.

SPANNING TREE

ALGORITHM

The switch supports these spanning tree protocols:

 Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using

the STP backward compatible mode provided by RSTP. STP
provides loop detection. When there are multiple physical paths
between segments, this protocol will choose a single path and
disable all others to ensure that only one route exists between
any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any
reason, an alternate path will be activated to maintain the
connection.



Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This
protocol reduces the convergence time for network topology
changes, for the older IEEE 802.1D STP standard. It is intended
as a complete replacement for STP, but can still interoperate with
switches running the older standard by automatically
reconfiguring ports to STP-compliant mode if they detect STP

protocol messages from attached devices.

VIRTUAL LANS

(VLANS)

The switch supports up to 4K VLANs. The VLAN is a collection of
network nodes that share the same collision domain regardless of
their physical location or connection point in the network. The
switch supports the IEEE 802.1Q tagged VLANs standard. Members
of VLAN groups can be dynamically learned via GVRP, or ports can
be manually assigned to a specific set of VLANs. By segmenting
your network into VLANs, you can:

 Eliminate broadcast storms which severely degrade

performance in a flat network.

 Provide data security by restricting all traffic to the originating

VLAN.

 Use private VLANs to restrict traffic to pass only between data

ports and

the uplink ports, thereby isolating adjacent ports

within the same VLAN, and allowing you to limit the total
number of VLANs that need to be configured.

IP-MAC-PORT BINDING

The IP network layer uses a four-byte address. The Ethernet link
layer uses a six-byte MAC address. Binding these two address
types together allows the transmission of data between the layers.
The primary purpose of IP-MAC binding is to restrict the access to
a switch to a number of authorized users. Only the authorized
client can access the Switch‘s port by checking the pair of IP-MAC
Addresses and port number with the pre-configured database. If
an unauthorized user tries to access an IP-MAC binding enabled
port, the system will block the access by dropping its packet.

DHCP SNOOPING

This feature enables the DHCP Snooping to include information
about client when forwarding DHCP requests from a DHCP client to a
DHCP server via Trust Port. DHCP snooping can be configured on
LAN switches to harden the security on the LAN to only allow clients
with specific IP/MAC addresses to have access to the network. In
short, DHCP snooping ensures IP integrity on a Layer 2 switched
domain.

LINK LAYER

DISCOVERY PROTOCOL

(LLDP)

IEEE Standard──802.1AB （Link Layer Discovery Protocol），Provide
more easy debug tool and enhance the networking management
availability, Others it can provide auto-discovery device and

topology providing

QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management

mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types. Each packet is classified upon entry
into the network based on access lists, DSCP values, or VLAN lists. Using
access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4
information contained in each packet. Based on network policies,
different kinds of traffic can be marked for different kinds of forwarding.

Function

Parameter

Default

Console Port Connection

Baud Rate

115200 bps

Data bits

8

Stop bits

1

Parity

none

Local Console Timeout

0 (disabled)

System Information

Device Name

LGS-2816C-RPS

Account

Admin User

admin/admin

Guest User

guest/guest

Time

Manual/NTP

Manual

NTP Server

209.81.9.7

Time Zone

GMT+8:00

Daylight Saving

0 (hour)

IP Configuration

DHCP Setting

Disabled

IP Address

192.168.1.1

Subnet Mask

255.255.255.0

Default Gateway

192.168.1.254

DNS

Manual

DNS Server

0.0.0.0

Loop Detection

Detection Port

None

Management Policy

Management Policy

None

Syslog

Syslog

Disabled
IP Address

0.0.0.0

Port

514

Virtual Stack

State

Disable

Role

Slave

Group ID

default

Port Configuration

Speed

Auto

Flow Control

SYM

Masimum Frame

9600

Excessive Collision Mode

Discard

Description

Empty

Port Power Saving

Power Saving

Disable

VLAN Mode

VLAN Mode

Tag-based

SYSTEM DEFAULTS

The following table lists some of the basic system defaults.

Table: System Defaults

Function

Parameter

Default

Tag-based Group

VLAN ID

1

VLAN Name

Default

IGMP Aware

Disable

Private VLAN

Disable

GVRP propagation

Disable

Member Port

1-24 ports

Port-based Group

VLAN Name

Default

Member Port

1-24 ports

VLAN Ports

Tag Identifier

0x8100

VLAN Aware

Enable

Ingress Filtering

Disable

Frame Type

All

PVID

1

Role

Access

Untag VID

0

Double Tag

Disable

Port Isolation

Port Member

None

Management VLAN

VLAN ID

1

MAC Address Table

Age Time

300 secs

Disable automatic aging

Disable

MAC Table Learning

Auto
GVRP Config

GVRP State

Disabled

Join Time

20

Leave Time

60

LeaveAll Time

1000

Default Applicant Mode

Normal

Default Registrar Mode

Normal

Restricted Mode

Disabled

Masimum Frame

9600

Excessive Collision Mode

Discard

QoS Ports

Number of Classes

4

Default Class

Low

QCL

1

User Priority

0

Table: System Defaults (Continued)

Function

Parameter

Default

Queuing Mode

Strict Priority

Queue Weighted Low

1 Queue Weighted Normal

2

Queue Weighted Medium

4

Queue Weighted High

8

QoS Control List

QoS Control List

None

Rate Limiters

Ingress Enable

Disabled

Ingress Rate

500 Ingress Unit

Kbps

Egress Enable

Disabled

Egress Rate

500 Egress Unit

Kbps

Storm Control

Flooded unicast status

Disabled

Flooded unicast Rate

1 pps

Multicast status

Disabled

Multicast Rate

1 pps

Broadcast status

Disabled

Broadcast Rate

1 pps

ACL Ports

Policy ID

1

Action

Permit

Rate Limiter ID

Disabled
Port Copy

Disabled

Rate Limiters

Rate Limiter 1

512 pps

Rate Limiter 2

16K pps

Rate Limiter 3

32 pps

Rate Limiter 4- 16

1 pps

Table : System Defaults (Continued)

2

INITIAL SWITCH CONFIGURATION

This chapter includes information on connecting to the switch and
basic configuration procedures.

CONNECTING TO THE SWITCH

The switch has a embed network management agent. It offers a variety of
management options, including SNMP, RMON and a web- based interface.
A PC may also be connected directly to the switch for configuration and
monitoring via a command line interface (CLI).

NOTE: An IPv4 address for the switch could be obtained via DHCP

CONFIGURATION

OPTIONS

Server. To change this address, see ―Setting an IP Address‖ on page 34.

If the switch couldn‘t receive a IP Address from a DHCP server, it has a
default IP address 192.168.1.1, default gateway 192.168.1.254
and subnet mask 255.255.255.0.

The switch‘s HTTP web agent allows you to configure switch
parameters, monitor port connections, and display statistics using a
standard web browser such as Microsoft IE 6.0 above, Netscape

V7.1 above or FireFox V1.00. The switch‘s web management

interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232
serial console port on the switch, or remotely by a Telnet connection
over the network.

The switch‘s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be
managed from any system in the network using network management
software such as Lantech View.

The switch‘s web interface, console interface, and SNMP agent allow you
to perform the following management functions:

 Set the administrator password

 Set an IP interface for a management VLAN

 Configure SNMP parameters

 Enable/disable any port

REQUIRED

CONNECTIONS

 Set the speed/duplex mode for any port

 Configure the bandwidth of any port by limiting input or output

rates or enable the Flow control of any port

 Control port access through IEEE 802.1X security or static

address filtering

 Filter packets using Access Control Lists (ACLs)

 Configure up to 4K IEEE 802.1Q VLANs

 Configure IGMP Snooping or Proxy functionality

 Upgrade the system firmware or Import /Export configuration

files via HTTP (using the web interface) or TFTP (using the
command line interface)

 Configure Spanning Tree/ RSTP/ MSTP parameters

 Configure Class of Service (CoS) priority queuing and QoS

 Configure the Port Trunk via static or LACP standard trunks

 Enable port mirroring

 Set storm control on any port for excessive broadcast, multicast,

or unknown unicast traffic

 Display system information and statistics

 Configure the LLDP Parameters

The switch provides an RS-232 serial port that enables a connection to
a PC or terminal for monitoring and configuring the switch. A null­modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal
emulation program to the switch. You can use the console cable provided
with this package, or use a null-modem cable that complies with the
wiring assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC

running terminal emulation software, and tighten the captive
retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on

the switch.

3. Make sure the terminal emulation software is set as follows:

■

Select the appropriate serial port (COM port 1 or COM port 2).

■

Set the baud rates to 115200 bps.

REMOTE

CONNECTIONS

■

Set the data format to 8 data bits, 1 stop bit, and no parity.

■

Set flow control to none.

■

Set the emulation mode to VT100.

■

When using HyperTerminal, select Terminal keys, not
Windows keys.

NOTE: Once you have set up the terminal correctly, the console login

screen will be displayed.

For a description of how to use the CLI, see ―Using the Command Line

Interface‖. For a list of all the CLI commands and detailed information on

using the CLI, refer to ―CLI Command Groups‖ on.

Prior to accessing the switch‘s onboard agent via a network connection,
you must first configure it with a valid IP address, subnet mask, and
default gateway using a console connection, or DHCP protocol.

An IPv4 address for this switch could be obtained via DHCP Server. To
manually configure this address or enable dynamic address assignment
via DHCP, see ―Setting an IP Address‖ on page 34.

If the switch does not receive a IP Address from a DHCP server, it will
default to the IP address 192.168.1.1, default gateway 192.168.1.254
and subnet mask 255.255.255.0.

NOTE: This switch supports the Telnet sessions or SSH sessions.

Telnet and SSH cannot be used concurrently.

After configuring the switch‘s IP parameters, you can access the
onboard configuration program from anywhere within the attached
network. The onboard configuration program can be accessed using
Telnet from any computer attached to the network. The switch can
also be managed by any computer using a web browser (Microsoft
IE 6.0 above, Netscape V7.1 above or FireFox V1.00.), or
from a network computer using SNMP network management
software.

The onboard program only provides access to basic configuration functions.
To access the full range of SNMP management functions, you must use
SNMP-based network management software.

SETTING AN IP

ADDRESS

You must establish IP address information for the switch to obtain
management access through the network. This can be done in either

of the following ways:

MANUAL

CONFIGURATION

You can manually assign an IP address to the switch. You may also
need to specify a default gateway that resides between this device
and management stations that exist on another network segment.
Valid IPv4 addresses consist of four decimal numbers, 0 to 255,
separated by periods. Anything outside this format will not be

accepted by the CLI program.

BASIC CONFIGURATION

SETTING PASSWORDS If this is your first time to log into the console interface, you could define

a new password for access to the web interface, record it, and put it in a
safe place. The password can consist of up to 15 alphanumeric
characters and is case sensitive. To prevent unauthorized access to the
switch, set the password as follows:

First to access the Switch via Console port and Type ― admin‖ default
username and ― admin‖ default password.
Then enter account configuration interface. Type ―modify admin,‖ where
password is your new password.

Managed Switch ­LGS-2816C-RPS

Login: admin

Password: *****

LGS-2816C-RPS(account)# modify admin

username/password: the length is from 5 to 15.

Current username (admin):admin

Current password:

New password:

Confirm password:

Username changed successfully.

Password changed successfully.

▼

Manual — You have to input the information, including IP address

and subnet mask. If your management station is not in the same IP
subnet as the switch, you will also need to specify the default gateway
router.

▼

Dynamic — The switch can obtain a IPv4 address from DHCP

address allocation servers on the network.

NOTE: An IPv4 address for this switch is 192.168.1.1 default .

ASSIGNING AN IPV4 A

Before you can assign an IP address to the switch, you must obtain
the following information from your network administrator:

▼

IP address for the switch

▼

Network mask for this network

▼

Default gateway for the network

To assign an IPv4 address to the switch, type

―set ip ip mask gateway‖

DDRESS

where ―ip‖ is the switch‘s IP address, ―mask‖ is the mask for the network
portion of the address, ―gateway‖ is the IP address of the default
gateway, Press <Enter>.

Managed Switch - LGS­2816C-RPS

Login: admin

Password: *****

LGS-2816C-RPS# ip
LGS-2816C-RPS(ip)# set ip ?
Usage: set <ip> [mask] [gateway]
LGS-2816C-RPS(ip)#

LGS-2816C-RPS(ip)# set ip 192.168.20.15 255.255.255.0 192.168.20.250>

DYNAMIC CONFIGURATION

OBTAINING AN IPV4 A

If you enable the ―dhcp‖ option, IP will be enabled but will not function
until a DHCP reply has been received. Requests will be sent periodically
in an effort to obtain IP configuration information. DHCP values can
include the IP address, subnet mask, and default gateway.

If the DHCP option is enabled, the switch will start broadcasting service
requests as soon as it is powered on.

To automatically configure the switch by communicating with DHCP
address allocation servers on the network, type the following command,
and press <Enter>. Wait a few minutes, and then check the IP
configuration settings using the ―enable dhcp‖ command.

―enable dhcp‖

DDRESS

ENABLING SNMP

MANAGEMENT

ACCESS

Managed Switch - LGS-2816C-RPS
Login: admin

Password: *****

LGS-2816C-RPS# ip
LGS-2816C-RPS(ip)# enabl dhcp ?
Usage: enable dhcp <manual|auto>
LGS-2816C-RPS(ip)# enable dhcp manual
LGS-2816C-RPS(ip)# show
DHCP : Enable
IP Address : 192.168.20.15
Current IP Address : 0.0.0.0
Subnet mask : 255.255.255.0
Gateway : 192.168.20.250
Current Gateway : 255.255.255.255
DNS Setting : Manual
DNS Server : 0.0.0.0
LGS-2816C-RPS(ip)#

NOTE: Response time from DHCP servers vary considerably for different

network environments. If you do not get a response in a reasonable
amount of time, try entering the ―disable dhcp‖ command followed by
the ―enable dhcp‖ command. Otherwise, set the static IP address to a
null address, and then enter the ―dhcp enable‖ command or reboot the
switch.

The switch can be configured to accept management commands from
Simple Network Management Protocol (SNMP) applications such as
Lantech View. You can configure the switch to (1) respond to SNMP
requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either
to return information or to set a parameter), the switch provides the
requested data or sets the specified parameter. The switch can also be
configured to send information to SNMP managers (without being
requested by the managers) through trap messages, which inform the
manager that certain events have occurred.

The switch includes an SNMP agent that supports SNMP version 1, 2c, and
3 clients. To provide management access for version 1 or 2c clients, you
must specify a community string. The switch provides a default MIB
View (i.e., an SNMPv3 construct) for the default ―public‖ community
string that provides read access to the entire MIB tree, and a default
view for the ―private‖ community string that provides read/write access
to the entire MIB tree. However, you may assign new views to version 1
or 2c community strings that suit your specific security requirements.

COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)

Community strings are used to control management access to SNMP
version 1 and 2c stations, as well as to authorize SNMP stations to
receive trap messages from the switch. You therefore need to assign
community strings to specified users, and set the access level.

The default strings are:

▼

public - with read-only access. Authorized management stations

are only able to retrieve MIB objects.

▼

private - with read/write access. Authorized management stations

are able to both retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c
clients, it is recommended that you change the default community
strings.

To change the read-only or read/write community string, type either of
the following commands, and press <Enter>.

“ set community <Community> <user_name> <Source IP> <Source
Mask> “

LGS-2816C-RPS(snmp)# set community public publicuser 0.0.0.0

0.0.0.0
LGS-2816C-RPS(snmp)#

MIL-SM24DPA(snmp)# show community

SNMP Community Table:

Source IP Source Mask

---------- ---------------

0.0.0.0 0.0.0.0

Number of entries: 1

LGS-2816C-RPS(snmp)#

NOTE: If you do not intend to support access to SNMP version 1

and 2c clients, we recommend that you delete both of the
default community strings. If there are no community strings,
then SNMP management access from SNMP v1 and v2c clients is
disabled.

Idx Community UserName

--- -------------- ------------- ----

1 public publicuser

.

EXPORT OR IMPORT

CONFIGURATION

SETTINGS

Configuration commands modify the working configuration, and are
exported to a nonvolatile storage. To export the current
configuration settings to a backup server, enter the following
command, and press <Enter>.

―export <current|user> <ip_address>”

where ―ip_address‖ is the ip address of the backup server, and

―current| user”

is the name under which the configuration settings

are exported.

TRAP RECEIVERS

You can also specify SNMP stations that are to receive traps from the switch.
To configure a trap receiver, enter the ―snmp trap‖ commands shown below,
and press <Enter>.

{For SNMPv1/v2c Trap setting}
“set trap <index> <version> <IP> <port> <community/security>”

where ―version‖ indicates the SNMP client version (1, 2c, 3), ―community- string‖
specifies access rights for a version 1/2c host, and ―host-address‖ is the IP
address for the trap receiver. For a more detailed description of these
parameters and other SNMP commands. The following example creates a trap
host for a version 1 SNMP client.

>snmp trap version 1

LGS-2816C-RPS(snmp)# set trap 1 2 192.168.1.10 162 public

LGS-2816C-RPS(snmp)#
LGS-2816C-RPS(snmp)# show trap
SNMPv3 Trap Host Configuration:
No Ver. IP Port Community/Security Security Auth. Priv.
Name Level Protocol Protocol

-- ---- ------------ ---- ------------------ --------- -------- ---------
1 v2c 192.168.1.10 162 public
2
3
4
5
6
LGS-2816C-RPS(snmp)# del trap 1
LGS-2816C-RPS(snmp)#

.

Managed Switch- LGS-2816C-PRS

Login: admin

Passward:*****
LGS-2816C-PRS# config-file
LGS-2816C-PRS(config-file)#
LGS-2816C-PRS(config-file)# export ?
Usage: export <current l user> <ip_address>
LGS-2816C-PRS(config-file)# export user 192.168.20.1

C

HAPTER

2 | Initial Switch Configuration

Managing System Files

– 42 –

To Import configuration settings from a backup server, enter the following
command, and press <Enter>.“config load tftp-server file-name‖

Login: admin

Passward:*****
LGS-2816C-PRS# config-file
LGS-2816C-PRS(config-file)#
LGS-2816C-PRS(config-file)# import ?
Usage: import <current│user> <ip_address> <file_path>
Ip_address : TFTP server ip address.

LGS-2816C-PRS(config-file)# import user 192.168.20.1 LGS-2816C-RPS.config

Managed Switch- LGS-2816C-PRS

File_path : Configuration file path.

S

ECTION

II

WEB CONFIGURATION

S

ECTION

II

This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.

This section includes these chapters:

◆

―Using the Web Interface‖

◆

―Configuring the Switch‖

3

USING THE WEB INTERFACE

3

This switch has an embedded HTTP web agent. Using a web browser you

can configure the switch and view statistics to monitor network activity.
The web agent can be accessed by any computer on the network using a
standard web browser (Microsoft IE 6.0 above, Netscape V7.1 above
or FireFox V1.00).

NOTE: You can also use the Command Line Interface (CLI) to manage the

switch over a serial connection to the console port or via Telnet. For more
information on using the CLI, refer to ―Using the Command Line

Interface‖ on page 178.

CONNECTING TO THE WEB INTERFACE

Prior to accessing the switch from a web browser, be sure you have
first performed the following tasks:

1. Configured the switch with a valid IP address, subnet mask, and

default gateway using an out-of-band serial connection, or DHCP
protocol. (See ―Setting an IP Address‖ on page 34.)

2. Set the system password using an out-of-band serial connection. (See

―Setting Passwords‖ on page 34.)

3. After you enter a user name and password, you will have access to

the system configuration program.

NOTE: The switch only allow one user connect from RS-232 Console UI and

three user from Telnet. Others allow maximum 4 users connect via WebUI and
maximum 1 user connect via Telnet, then Maximum 5 users allowed to login
the switch via WebUI, Telnet and RS-232 Console.

NOTE: The Admin could create the Operator account. The Operator has create,

modify and delete rights as the same as Admin, but operator only has the right
to change himself password and couldn‘t do upgrade.
The guest has no right to create, modify and delete. Only has read right.

NAVIGATING THE WEB BROWSER INTERFACE

To access the web-browser interface you must first enter a user name
and password. By default, the user name is ―admin‖ and there is no

HOME PAGE When your web browser connects with the switch‘s web agent, the home

password.

page is displayed as shown below. The home page displays the Main
Menu on the left side of the screen and an image of the front panel on
the right side. The Main Menu links are used to navigate to other menus,
and display configuration parameters and statistics.

Figure 1: Home Page

CONFIGURATIO

N

OPTION

S

Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the
Apply button to confirm the new setting. The following table
summarizes the web page configuration buttons.

Table 3: Web Home Page Configuration Buttons

Button Action

Apply Sets specified values to the system.

Auto Logout Sets the device auto logout with time

period up to 60 minutes or disable the auto
logout

NOTE: To ensure proper screen refresh, be sure that Internet Explorer is

configured so that the setting ―Check for newer versions of stored
pages‖ reads ―Every visit to the page.‖

Internet Explorer 6.x and earlier: This option is available under the menu
―Tools / Internet Options / General / Temporary Internet Files / Settings.‖

Internet Explorer 7.x: This option is available under ―Tools / Internet
Options / General / Browsing History / Settings / Temporary Internet Files.‖

Menu

Description

Page

Configuration

System

System

Information

Configures Location, Contact and Device Name

Account

Configures User Account and Password

Time

Configures SNTP and System Time settings

IP Configuration

Configures IPv4 settings

Loop Detection

Configures Loop Detection

Management
Policy

Configures Management Policy

Syslog

Configures Syslog parameters

Virtual Stack

Configures the Virtual Stack for Switch Management

Port

Configuration

Configures port parameters settings

Status

Display port status

Simple Counter

Display port simple counter

Detail Counter

Display port detail counter

Power Saving

Configures port power saving settings

Vlan

Vlan mode

Configures VLAN Mode with port-base, tag-base..etc

Tag-based
Group

Configures Tag-based VLAN Group parameters setting

Port-based
Group

Configures Port-based VLAN Group parameters setting

Ports

Configures VLAN Port detail parameters setting

PANEL DISPLAY The web agent displays an image of the switch‘s ports. The refresh mode

is auto-mode by default. Clicking on the image of a port opens the
Detailed Statistics page as described on page 143.

Figure 2: Front Panel Indicators

MAIN MENU Using the onboard web agent, you can define system parameters,

manage and control the switch, and all its ports, or monitor network
conditions. The following table briefly describes the selections available
from this program.

Table 4: Main Menu

– 47 –

C

HAPTER

3 | Using the Web Interface

Navigating the Web Browser Interface

Port Isolation

Configures Port Isolation setting

Management
VLAN

Configures Management VLAN ID

MAC

MAC Address
Table

Configures MAC Address Aging parameters setting
Static Filter

Configures MAC Address Static Filter settting

Static Forward

Configures MAC Address Static Forward setting

MAC Alias

Configures MAC Address Alias setting

MAC Table

Display the MAC Address Table

GVRP

Config

Configures GVRP detail parameters setting

Counter

Display GVRP per port detail counter

Group

Configures and display the GVRP VLAN Group Information

QoS

Ports

Configures Port QoS parameters setting

QoS Control List

Configures QoS Control List setting

Rate Limiters

Configures Port Rate Limit parameters setting

Storm Control

Configures Storm Control parameters setting

Wizard

Configures QCL via Wizard setting

SNMP

System

Configures SNMP System parameters setting

Communitites

Configures SNMPv1/v2 Communities parameters setting

Users

Configures SNMP Users account and parameters setting

Groups

Configures SNMP Groups and parameters setting

Views

Configures SNMP Views and parameters setting

Accesses

Configures SNMP Accesses and parameters setting

Trap Hosts

Display the SNMP Trap Hosts information

ACL

Ports

Configures ACL Ports parameters setting

Rate Limiters

Configures ACL Rate Limit parameters setting

Access Control
List

Display and Configures ACLs Role setting

– 48 –

C

HAPTER

3 | Using the Web Interface

Navigating the Web Browser Interface

Wizard

Configures ACL via Wizard setting

IP MAC Binding

Configuration

Configures IP MAC Port Binding settings

Dynamic Entry

Configures role using dynamic entry of IP Address, MAC,
Port and VID

802.1X

Server

Configures RADIUS Authentication and Accounting Server
parameters setting

Port
Configuration

Configures Port 802.1X parameters setting

Status

Display Port 802.1X configuration information includes
Port Index, Mode, Status and VLAN Policy

Statistics

Display Port 802.1X statistics information

TACACS+

State

Configures TACACS+ State parameters setting

Authentication

Configures TACACS+ Authenticaiton parameters setting

Accounting

Configures TACACS+ Accounting parameters setting

Trunk

Port

Configures Trunk port settings and Display Trunk Port

Status

Aggregator View

Display Trunk Aggregation status and LACP Detail
information

Aggregation
Hash Mode

Configures Aggregation Mode parameters setting

LACP System

Priority

Configures LACP System Priority setting

STP (Spanning

Tree)

Status

Display the STP parameters setting information

Configuration

Configures STP parameters setting

Port

Display Port STP configuration and status information

MSTP

State

Configrues MSTP parameters setting

Region Config

Configrues MSTP Region parameters setting

Instance View

Display the MSTP Instance View information

Mirroring

Configures Port Mirroring parameters setting

SSH

Configures Secure Shell server

Multicast

IGMP Mode

Configures Multicast IGMP mode with Snooping or Proxy