Level One GEP-1070 operation manual

GEP-1070

L2 Managed Gigabit PoE Switch, 802.3at PoE+,

8 PoE Outputs, 2 x SFP

User Manual

V1.0

Digital Data Communications Asia Co., Ltd.

http://www.level1.com

1

About This Manual

Purpose

Audience

Conventions

This manual gives specific information on how to operate and use the
management functions of the Gigabit PoE Ethernet Switch.

The Manual is intended for use by network administrators who are
responsible for operating and maintaining network equipment.
Consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).

The following conventions are used throughout this manual to show
information.

NOTE: Emphasizes important information or calls your attention to

related features or instructions.

C

AUTION

data, or damage the system or equipment.

:

Alerts you to a potential hazard that could cause loss of

Warranty

Disclaimer

W

ARNING

personal injury.

A copy of the specific warranty terms applicable to your products and
replacement parts can be obtained from your local Sales and Service
Office or authorized dealer.

Manufacturer does not warrant that the hardware will work properly in
all environments and applications, and marks no warranty and
representation, either implied or expressed, with respect to the quality,
performance, merchantability, or fitness for a particular purpose.
Manufacturer disclaims liability for any inaccuracies or omissions that
may have occurred. Information in this User’s Manual is subject to
change without notice and does not represent a commitment on the part
of Manufacturer. It assumes no responsibility for any inaccuracies that
may be contained in this User’s Manual, makes no commitment to
update or keep current the information in this User’s Manual, and
reserves the right to make improvements to this User’s Manual and/or to
the products described in this User’s Manual, at any time without notice.

:

Alerts you to a potential hazard that could cause

FCC Statement

This equipment has been tested and found to comply with the limits

2

for a Class A digital device, pursuant to Part 15 of the FCC Rules. These
limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with the
instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely
to cause interference, in which case the user, at his or her own expense
will be required to take whatever measures to correct the interference.

FCC Caution

To assure continued compliance (example-use only shielded
interface cables when connection to computer or peripheral devices). Any
changes or modifications not expressly approved by the party
responsible for compliance could void the user’s authority to
operate the equipment. This device complies with Part 15 of the FCC
Rules. Operation is subject to the Following two conditions: (1) This
device may not cause harmful interference, and (2) this device must
accept any interference received, including interference that may
cause undesired operation.

CE Warning This is a Class A device, In a residential environment, this product may

cause radio interference, in which case the user may be required to take
adequate measures.

RELATED PUBLICATIONS

The following publication details the hardware features of the switch, including the physical and
performance-related characteristics, and how to install the switch:

The Installation Guide

As part of the switch’s software, there is an online web-based help that describes all
management related features.

Information furnished by Yoda Communications, Inc. is believed to be accurate and reliable.
However, no responsibility is assumed by Yoda Communications for its use, nor for any
infringements of patents or other rights of third parties which may result from its use. No license
is granted by implication or otherwise under any patent or patent rights of Yoda Communications.
Yoda Communications reserves the right to change specifications at anytime without notice.

Copyright (C) 2013 by Digital Data Communications Asia Co., Ltd
Taiwan, R.O.C.
All rights reserved.

3

Table of Content

SECTION I GETTING STARTED .................................................................................. 9

1. INTRODUCTION ......................................................................................................... 10

1.1. Key Features .................................................................................................. 10

1.2. Description of Software Features .................................................................... 12

1.3. Reset Button & LED Indicators ....................................................................... 16

1.4. System Defaults ............................................................................................. 17

2. INITIAL SWITCH CONFIGURATION .......................................................................... 20

SECTION II WEB CONFIGURATION ......................................................................... 21

3. USING THE WEB INTERFACE .................................................................................. 22

3.1. Navigating the Web Browser Interface............................................................ 22

Home Page .................................................................................................... 22

Configuration Options ..................................................................................... 22

Panel Display ................................................................................................. 23

Main Menu ..................................................................................................... 23

4. CONFIGURING THE SWITCH .................................................................................... 34

4.1. System ........................................................................................................... 34

System Information Configuration ................................................................... 34

IP Configuration .............................................................................................. 35

IPV6 Configuration ......................................................................................... 37

NTP Configuration .......................................................................................... 39

System Log Configuration .............................................................................. 40

4.2. Power Reduction ............................................................................................ 42

Controlling LED Intensity ................................................................................ 42

Reducing Power for EEE ................................................................................ 43

4.3. Thermal Protection ......................................................................................... 45

4.4. Ports ............................................................................................................... 46

4.5. Security .......................................................................................................... 49

Switch Security ............................................................................................... 49

Network Security ............................................................................................ 77

Authentication Servers (AAA) ....................................................................... 112

4

4.6. Aggregation .................................................................................................. 114

Static Trunks Configuration .......................................................................... 115

LACP Configuration ...................................................................................... 117

4.7. Loop Protection ............................................................................................ 119

4.8. Spanning Tree .............................................................................................. 120

Bridge Settings ............................................................................................. 123

Multiple Spanning Trees Instance (MSTI) Mapping ...................................... 126

Multiple Spanning Tree Instance (MSTI) Priorities ........................................ 128

CIST Ports .................................................................................................... 129

MSTI Ports ................................................................................................... 133

4.9. Multicast VLAN Registration (MVR) .............................................................. 134

4.10. IPMC Configurations .................................................................................... 138

IGMP Snooping ............................................................................................ 138

MLD Snooping .............................................................................................. 145

4.11. Link Layer Discovery Protocol (LLDP) .......................................................... 152

LLDP Configuration ...................................................................................... 152

LLDP-MED Configuration ............................................................................. 155

4.12. Power over Ethernet (PoE) ........................................................................... 160

PoE Configuration ........................................................................................ 161

PoE Scheduling ............................................................................................ 163

PoE Auto Checking ...................................................................................... 164

4.13. MAC Address Table ..................................................................................... 166

4.14. IEEE 802.1Q VLANs .................................................................................... 169

VLAN Membership ....................................................................................... 170

VLAN Ports .................................................................................................. 170

4.15. Private VLANs .............................................................................................. 173

PVLAN Membership ..................................................................................... 173

Port Isolation ................................................................................................ 174

4.16. VCL Configuration ........................................................................................ 175

MAC-based VLAN ........................................................................................ 175

Protocol-based VLAN ................................................................................... 176

4.17. Voice VLAN ................................................................................................ .. 180

Configuring VoIP Traffic ............................................................................... 180

5

Configuring Telephony OUI .......................................................................... 183

4.18. Quality of Service (QoS) ............................................................................... 184

Configuring Port Classification ...................................................................... 184

Configuring Port Policing .............................................................................. 186

Configuring Egress Port Scheduler ............................................................... 187

Configuring Egress Port Shaper ................................................................... 190

Configuring Port Tag Remarking Mode......................................................... 191

Configuring Port DSCP Translation and Rewriting ........................................ 193

Configuring DSCP-Based QOS ................................................................ .... 194

Configuring DSCP Translation ...................................................................... 195

Configuring DSCP Classification .................................................................. 197

Configuring QOS Control Lists ..................................................................... 197

Configuring Storm Control ............................................................................ 201

4.19. Configuring Port Mirroring............................................................................. 203

4.20. Configuring UPnP ......................................................................................... 204

4.21. sFlow Agent.................................................................................................. 206

5. MONITORING THE SWITCH .................................................................................... 208

5.1. System ......................................................................................................... 208

Displaying System Information ..................................................................... 208

Displaying CPU Load ................................................................................... 210

Displaying Log Messages ............................................................................. 210

Displaying Detailed Log ................................................................................ 212

5.2. Displaying Thermal Protection ...................................................................... 213

5.3. Ports ............................................................................................................. 214

Displaying Port Status .................................................................................. 214

Displaying Traffic Overview .......................................................................... 215

Displaying QOS Statistics ............................................................................. 216

Displaying QCL Status ................................................................................. 216

Displaying Detailed Port Statistics ................................................................ 218

5.4. Security ........................................................................................................ 219

Displaying Access Management Statistics .................................................... 220

Network Security .......................................................................................... 221

AAA for RADIUS Servers ............................................................................. 235

6

Switch Security ............................................................................................. 240

5.5. Link Aggregation Control Protocol (LACP) .................................................... 246

Displaying LACP System Status ................................................................... 246

Displaying LACP Port Status ........................................................................ 247

Displaying LACP Port Statistics .................................................................... 248

5.6. Loop Protection ............................................................................................ 250

5.7. Spanning Tree .............................................................................................. 251

Displaying STP Bridge Status ....................................................................... 251

Displaying STP Port Status .......................................................................... 253

Displaying STP Port Statistics ...................................................................... 254

5.8. MVR ............................................................................................................. 256

Displaying MVR Statistics ............................................................................. 256

Displaying MVR Channel Group ................................................................... 257

Displaying MVR SFM Information ................................................................. 257

5.9. IPMC ............................................................................................................ 259

IGMP SNOOPING ........................................................................................ 259

MLD SNOOPING ......................................................................................... 262

5.10. Link Layer Discovery Protocol (LLDP) .......................................................... 266

Displaying LLDP Neighbour .......................................................................... 266

Displaying LLDP-MED Neighbour ................................................................. 267

Displaying LLDP Neighbour PoE Information ............................................... 270

Displaying LLDP Neighbour EEE Information ............................................... 271

Displaying LLDP Port Statistics .................................................................... 273

5.11. Displaying PoE Status .................................................................................. 275

PoE Configuration Status ............................................................................. 275

PoE Scheduling Status ................................ ................................................. 276

PoE Auto Checking Status ........................................................................... 277

5.12. Displaying MAC Address Table .................................................................... 279

5.13. VLANs Member ............................................................................................ 280

Displaying VLAN Membership ...................................................................... 280

Displaying VLAN Port Status ........................................................................ 281

5.14. MAC-based VLANs (VCL) ............................................................................ 283

Displaying MAC-based VLANs ..................................................................... 283

7

5.15. sFlow Statistics ............................................................................................. 284

6. DIAGNOSTICS ................................ ................................................................ ......... 286

6.1. Pinging ......................................................................................................... 286

6.2. ICMPv6 Pinging ............................................................................................ 288

6.3. Running Cable Diagnostics .......................................................................... 290

7. MAINTENANCE ........................................................................................................ 291

7.1. Restarting the Switch .................................................................................... 291

7.2. Restoring Factory Defaults ........................................................................... 292

7.3. Software ....................................................................................................... 293

Software Upload ........................................................................................... 293

Software Image Select ................................................................................. 293

7.4. Configuration ................................................................................................ 295

Saving Configuration Settings ...................................................................... 295

Upload Configuration Settings ...................................................................... 295

SECTION III APPENDICES ...................................................................................... 297

A. SOFTWARE SPECIFICATIONS .............................................................................. 298

A.1. Software Features ........................................................................................ 298

A.2. Management Features ................................................................................. 299

A.3. Standards ..................................................................................................... 299

A.4. Management Information Bases (MIB) ......................................................... 300

B. TROUBLESHOOTING ............................................................................................. 302

B.1. Accessing the Management Interface ........................................................... 302

B.2. Accessing the Web Page.............................................................................. 303

B.3. Factory Default Reset ................................................................................... 306

B.4. Using System Logs....................................................................................... 306

C. LICENSE INFORMATION ....................................................................................... 307

D. GLOSSARY ............................................................................................................. 313

8

SECTION I GETTING STARTED

The Section I provides an overview of the GEP-1070 Layer-2 managed Gigabit PoE
Switch, and introduces some basic concepts about switching network management. It also
describes the basic settings required to access the management interfaces.

This section includes these chapters:

◆ “1. Introduction” on page 10

◆ “2. Initial Switch Configurations” on page 20

9

Feature

Description

Configuration Backup
and Restore

Backup to management station using Web interface

1. INTRODUCTION

The GEP-1070 is a Layer-2 managed Gigabit PoE Switch with 8-port UTP for Gigabit
Ethernet cable plus 2-port SFP for Gigabit fiber link. It provides a broad range of
management features for Layer 2 switching to deliver high levels of performance that are
commensurate with Gigabit Ethernet networking. With the Power over Ethernet (PoE)
features, it simplifies power installation in an environment where remote PoE devices are
required.

The Gigabit PoE switch provides 10/100/1000Mbps Gigabit Ethernet connections with many
networking capabilities per port basis including Security, QoS service, Bandwidth Control,
Spanning Tree Protocol, VLAN, IGMP, SNMP settings, PoE time scheduling functions,
keep-alive autochecking, etc.

The default configuration can be used for most of the features provided by this switch.
However, there are many options that you should configure to maximizes the switch
performance for your particular network environment.

The Gigabit PoE switch is equipped with a power supply to operate under 100~240 VAC,
50~60 Hz. The AC power cord connector is at the rear panel next to the power on/off switch.
Turning on the power, the switch will first perform “self-diagnostic” test, and take about 5­10 seconds to complete the process.

1.1. Key Features

The Managed Gigabit PoE Ethernet Switch is equipped with an 8-port RJ45 connector for
10/100/1000M Ethernet, plus 2-port SFP connectors for Gigabit Fiber modules. The 8-port
Gigabit RJ45 connectors are with IEEE802.3af/at PoE+ 30W capability to provide high
Power over Ethernet (PoE) to the connected PD devices. In addition to the LED indicators
for each port, a built-in push button is also provided for switch reset.

The key features are as the following table;

Table 1: Key Features

10

Feature

Description

Authentication

Telnet, Web – user name/password, RADIUS, TACACS+
Web – HTTPS
Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering

General Security
Measures

Private VLANs
Port Authentication
Port Security
DHCP Snooping (with Option 82 relay information)
IP Source Guard

Access Control Lists

Supports up to 256 rules

DHCP

Client

DNS

Client and Proxy service

Port Configuration

Speed, duplex mode, flow control, MTU, response to excessive
collisions, power saving mode

Rate Limiting

Input rate limiting per port (manual setting or ACL)

Port Mirroring

1 sessions, up to 10 source ports to one analysis port per session

Port Trunking

Supports up to 5 trunks – static or dynamic trunking (LACP)

Congestion Control

Throttling for broadcast, multicast, unknown unicast storms

Address Table

8K MAC addresses in the forwarding table, 1000 static MAC
addresses, 1K L2 IGMP multicast groups and 128 MVR groups

IP Version 4 and 6

Supports IPv4 and IPv6 addressing, management, and QoS

IEEE 802.1D Bridge

Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Supported to ensure wire-speed switching while eliminating
bad frames

Spanning Tree
Algorithm

Supports standard STP, Rapid Spanning Tree Protocol
(RSTP), and Multiple Spanning Trees (MSTP)

Virtual LANs

Up to 4K using IEEE 802.1Q, port-based, protocol-based,
private VLANs, and voice VLANs, and QinQ tunnel

Traffic Prioritization

Queue mode and CoS configured by Ethernet type, VLAN ID,
TCP/ UDP port, DSCP, ToS bit, VLAN tag priority, or port

Qualify of Service

Supports Differentiated Services (DiffServ), and DSCP
remarking

Link Layer
Discovery Protocol

Used to discover basic information about neighboring devices
Power over Ethernet

Supports PoE Time scheduling, and Keep-alive autochecking

11

Feature

Description

Multicast Filtering

Supports IGMP snooping and query, MLD snooping, and
MulticastVLAN Registration

1.2. Description of Software Features

CONFIGURATION BACKUP AND RESTORE

You can save the current configuration settings to a file on the management station (using
the web interface) or a TFTP server (using the console interface through Telnet), and later
download this file to restore the switch configuration settings.

AUTHENTICATION

This switch authenticates management access via a web browser. User names and
passwords can be configured locally or can be verified via a remote authentication server
(i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE

802.1X protocol. This protocol uses Extensible Authentication Protocol over LANs (EAPOL)
to request user credentials from the 802.1X client, and then uses the EAP between the

switch and the authentication server to verify the client’s right to access the network via an

authentication server (i.e., RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access via the web,

SSH for secure management access over a Telnet-equivalent connection, SNMP Version 3,
IP address filtering for SNMP/Telnet/web management access, and MAC address filtering
for port access.

ACCESS CONTROL LISTS

ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP port number or
frame type) or layer 2 frames (based on any destination MAC address for unicast, broadcast
or multicast, or based on VLAN ID or VLAN tag priority). ACLs can by used to improve
performance by blocking unnecessary network traffic or to implement security controls by
restricting access to specific network resources or protocols. Policies can be used to
differentiate service for client ports, server ports, network ports or guest ports. They can
also be used to strictly control network traffic by only allowing incoming frames that match
the source MAC and source IP on specific port.

PORT CONFIGURATION

You can manually configure the speed and duplex mode, and flow control used on specific
ports, or use auto-negotiation to detect the connection settings used by the attached device.

12

Use the full-duplex mode on ports whenever possible to double the throughput of switch
connections. Flow control should be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are exceeded. The
switch supports flow control based on the IEEE 802.3x standard (incorporated in IEEE

802.3-2002).

RATE LIMITING

This feature controls the maximum rate for traffic transmitted or received on an interface.
Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of
the network. Traffic that falls within the rate limit is transmitted, while packets that exceed
the acceptable amount of traffic are dropped.

PORT MIRRORING

The switch can unobtrusively mirror traffic from any port to a monitor port. You can then
attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify
connection integrity.

PORT TRUNKING

Ports can be combined into an aggregate connection. Trunks can be manually set up or
dynamically configured using Link Aggregation Control Protocol (LACP – IEEE 802.3-2005).
The additional ports dramatically increase the throughput across any connection, and
provide redundancy by taking over the load if a port in the trunk should fail. The switch
supports up to 5 trunks.

STORM CONTROL

Broadcast, multicast and unknown unicast storm suppression prevents traffic from
overwhelming the network. When enabled on a port, the level of broadcast traffic passing
through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will
be throttled until the level falls back beneath the threshold.

STATIC ADDRESSES

A static address can be assigned to a specific interface on this switch.
Static addresses are bound to the assigned interface and will not be moved. When a static

address is seen on another interface, the address will be ignored and will not be written to
the address table. Static addresses can be used to provide network security by restricting
access for a known host to a specific port.

13

IEEE 802.1D BRIDGE

The switch supports IEEE 802.1D transparent bridging. The address table facilitates data
switching by learning addresses, and then filtering or forwarding traffic based on this
information. The address table supports up to 16K addresses.

STORE-AND-FORWARD SWITCHING

The switch copies each frame into its memory before forwarding them to another port. This
ensures that all frames are a standard Ethernet size and have been verified for accuracy
with the cyclic redundancy check (CRC). This prevents bad frames from entering the
network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 8 MB for frame buffering.
This buffer can queue packets awaiting transmission on congested networks.

SPANNING TREE ALGORITHM

The switch supports these spanning tree protocols:

◆ Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using the STP backward

compatible mode provided by RSTP. STP provides loop detection. When there are
multiple physical paths between segments, this protocol will choose a single path and
disable all others to ensure that only one route exists between any two stations on the
network. This prevents the creation of network loops. However, if the chosen path
should fail for any reason, an alternate path will be activated to maintain the connection.

◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to about 3 to 5 seconds, compared to
30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a
complete replacement for STP, but can still interoperate with switches running the older
standard by automatically reconfiguring ports to STP-compliant mode if they detect STP
protocol messages from attached devices.

◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
extension of RSTP. It can provide an independent spanning tree for different VLANs. It
simplifies network management, provides for even faster convergence than RSTP by
limiting the size of each region, and prevents VLAN members from being segmented
from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

VIRTUAL LANS

The switch supports up to 4096 VLANs. A Virtual LAN is a collection of network nodes that
share the same collision domain regardless of their physical location or connection point in
the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Members of VLAN groups can be manually assigned to a specific set of VLANs. This allows
the switch to restrict traffic to the VLAN groups to which a user has been assigned. By
segmenting your network into VLANs, you can:

14

◆ Eliminate broadcast storms which severely degrade performance in a flat network.

◆ Simplify network management for node changes/moves by remotely configuring VLAN

membership for any port, rather than having to manually change the network connection.

◆ Provide data security by restricting all traffic to the originating VLAN.

◆ Use private VLANs to restrict traffic to pass only between data ports and the uplink ports,

thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total
number of VLANs that need to be configured.

◆ Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.

IEEE 802.1Q TUNNELING (QINQ)

This feature is designed for service providers carrying traffic for multiple customers across
their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2
protocol configurations even when different customers use the same internal VLAN IDs.
This is accomplished by inserting Service Provider VLAN (SPVLAN) tags into the

customer’s frames when they enter the service provider’s network, and then stripping the

tags when the frames leave the network.

TRAFFIC PRIORITIZATION

This switch prioritizes each packet based on the required level of service, using four priority
queues with strict or Weighted Round Robin queuing. It uses IEEE 802.1p and 802.1Q tags
to prioritize incoming traffic based on input from the end-station application. These functions
can be used to provide independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to meet
application requirements. Traffic can be prioritized based on the priority bits in the IP
frame’s Type of Service (ToS) octet or the number of the TCP/UDP port. When these
services are enabled, the priorities are mapped to a Class of Service value by the switch,
and the traffic then sent to the corresponding output queue.

QUALITY OF SERVICE

Differentiated Services (DiffServ) provides policy-based management mechanisms used for
prioritizing network resources to meet the requirements of specific traffic types on a per-hop
basis. Each packet is classified upon entry into the network based on access lists, DSCP
values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3,
or Layer 4 information contained in each packet. Based on network policies, different kinds
of traffic can be marked for different kinds of forwarding.

POWER OVER ETHERNET (PoE)

PoE supports IEEE802.3af/at auto-detection for 15W/30W power provision. Different priority
can be assigned to each port in case of exceeding power budget. The PoE status will

15

LED

Status

Descriptions

CPU

ON

System is ready.

OFF

System is not ready.

PWR

ON

System power is on.

OFF

System power is off.

LAN

Green ON

LAN Port is in connection of 1000Mbps.

Yellow ON

LAN Port is in connection of 10/100Mbps.

Flashing

Data is transmitting or receiving

OFF

No Ethernet connection.

PoE

ON

Power over Ethernet is ON.

OFF

Power over Ethernet is OFF.

show the PoE class and wattage for each port. PoE Time Scheduling can be configured for
ON/OFF in each port for 24-hour/7-days weekly basis. In addition, the keep-alive IP auto­checking can be enabled to ping the connected powered IP device. It can reboot and reset
the power when the connected IP device fails to respond to the ping checking.

MULTICAST FILTERING

Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere
with normal network traffic and to guarantee real-time delivery by setting the required
priority level for the designated VLAN. The switch uses IGMP Snooping and Query to
manage multicast group registration for IPv4 traffic, and MLD Snooping for IPv6 traffic. It
also supports Multicast VLAN Registration (MVR) which allows common multicast traffic,
such as television channels, to be transmitted across a single network-wide multicast VLAN
shared by hosts residing in other standard or private VLAN groups, while preserving
security and data isolation for normal traffic.

1.3. Reset Button & LED Indicators

The Reset button on the front panel can be used to reset the switch, and the Etherent
connections will restart again. Note that all the settings will remain unchanged.

The descriptions of LED indicators per port basis are as the following table:

Table 2: LED Status and Descriptions

16

Function

Parameter

Default

Authentication

User Name
Password
RADIUS Authentication
TACACS+ Authentication

802.1X Port Authentication
HTTPS
SSH
Port Security
IP Filtering

“admin”
“ ”

Disabled
Disabled
Disabled
Enabled
Enabled
Disabled
Disabled

Web
Management

HTTP Server
HTTP Port Number
HTTP Secure Server
HTTP Secure Server Redirect

Enabled
80
Enabled
Disabled

SNMP

SNMP Agent
Community Strings

Traps

SNMP V3

Disabled

“public” (read only)
“private” (read/write)

Global: disabled
Authentication traps:
enabled
Link-up-down events:
enabled

View:default_view
Group: default_rw_group

Port
Configuration

Admin Status
Auto-negotiation
Flow Control

Enabled
Enabled
Disabled

1.4. System Defaults

The system defaults are provided in the configuration file “Config.xml.” To reset the switch
defaults, this file should be set as the startup configuration file.

The following table lists some of the basic system defaults.

Table 3: System Defaults

17

Function

Parameter

Default

Rate Limiting

Input and output rate limits

Disabled

Port Trunking

Static Trunks
LACP (all ports)

None
Disabled

Storm Protection

Status

Broadcast: Enabled (1 kpps)
Multicast: disabled
Unknown unicast: disabled

Spanning Tree
Algorithm

Status

Edge Ports

Enabled, RSTP
(Defaults: RSTP standard)

Enabled

Address Table

Aging Time

300 seconds

Virtual LANs

Default VLAN
PVID
Acceptable Frame Type
Ingress Filtering
Switchport Mode (Egress

Mode)

1
1
All
Disabled
Access

Traffic
Prioritization

Ingress Port Priority
Queue Mode
Weighted Round Robin

Ethernet Type
VLAN ID
VLAN Priority Tag
ToS Priority
IP DSCP Priority
TCP/UDP Port Priority

0
Strict
Queue: 0 1 2 3 4 5 6 7

Weight: Disabled in strict mode
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled

LLDP

Status

Enabled

PoE

Configurations
Time Scheduling
IP Autochecking

Enabled
Disabled
Disabled

IP Settings

Management. VLAN
IP Address

VLAN 1

192.168.1.1

18

Function

Parameter

Default

Subnet Mask
Default Gateway
DHCP

DNS

255.255.255.0

0.0.0.0
Client: Disabled

Snooping:Disabled
Proxy service: Disabled

Multicast
Filtering

IGMP Snooping

MLD Snooping
Multicast VLAN Registration

Snooping: Disabled
Querier: Disabled

Disabled
Disabled

System Log
(console only)

Status
Messages Logged to Flash

Disabled
All levels

NTP

Clock Synchronization

Disabled

19

2. INITIAL SWITCH CONFIGURATION

This chapter includes information on installations of the switch and basic configuration
procedures.

To make use of the management features of your switch, you must first configure it with an
IP address that is compatible with the network in which it is being installed. This should be
done before you permanently install the switch in the network.

Follow this procedure:

1. Place the switch close to the PC that you intend to use for configuration. It helps if you

can see the front panel of the switch while working on your PC.

2. Connect the Ethernet port of your PC to any port on the front panel of the switch. Connect

power to the switch and verify that you have a link by checking the front panel LEDs.

3. Check that your PC has an IP address on the same subnet as the switch. The default IP

address of the switch is 192.168.1.1 and the subnet mask is 255.255.255.0.. The PC
and switch are on the same subnet if they both have addresses starting with 192.168.1.x.

If the PC and switch are not on the same subnet, you must manually set the PC’s IP

address to 192.168.1.x (where “x” is any number from 2 to 254, except 1).

4. Open your web browser and enter the address http://192.168.1.1. If your PC is properly

configured, you will see the login page of the switch. If you do not see the login page,
repeat step 3 or refer to Appendix B.2 “Accessing the Web page”.

5. Enter “admin” for the user name and password, and then click on the Login button.

6. From the menu, click System, and then IP. To request an address from a local DHCP

Server, mark the DHCP Client check box. To configure a static address, enter the new IP
Address, IP Mask, and other optional parameters for the switch, and then click on the
Save button.

If you need to configure an IPv6 address, select IPv6 from the System menu, and either
submit a request for an address from a local DHCPv6 server by marking the Auto
Configuration check box, or configure a static address by filling in the parameters for an
address, network prefix length, and gateway router.

No other configuration changes are required at this stage, but it is recommended that you
change the administrator’s password before logging out. To change the password, click
Security and then Users. Select “admin” from the User Configuration list, fill in the Password
fields, and then click Save.

20

SECTION II WEB CONFIGURATION

This section describes the basic switch features, along with a detailed description of how to
configure each feature via a web browser.

This section includes these chapters:

◆ "3. Using the Web Interface" on page 22

◆ "4. Configuring the Switch" on page 34

◆ "5. Monitoring the Switch" on page 208

◆ "6. Diagnostics" on page 286

◆ "7. Maintenance" on page 291

21

3. USING THE WEB INTERFACE

This switch provides an embedded HTTP web agent. Using a web browser you can
configure the switch and view statistics to monitor network activity. The web agent can be
accessed by any computer on the network using a standard web browser (Internet Explorer

5.0, Netscape 6.2, Mozilla Firefox 2.0.0.0, or more recent versions).

3.1. Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and password. The
administrator has Read/Write access to all configuration parameters and statistics. The
default user name for the administrator is “admin” and for password.

Home Page

When your web browser connects with the switch’s web agent, the home page is displayed

as shown below. The home page displays the Main Menu on the left side of the screen and
an image of the front panel on the right side. The Main Menu links are used to navigate to
other menus, and display configuration parameters and statistics.

Figure 1: Home Page

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration
change has been made on a page, be sure to click on the Save button to confirm the new
setting. The following table summarizes the web page configuration buttons.

22

Button

Action

Save

Sets specified values to the system

Reset

Cancels specified values and restores current values prior to pressing
“Save.”

Logs out of the management interface

Displays help for the selected page

Table 4: Web Page Configuration Buttons

NOTE:

To ensure proper screen refresh, be sure that Internet Explorer is configured so that the

setting “Check for newer versions of stored pages” reads “Every visit to the page.”

Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet

Options / General / Temporary Internet Files / Settings.”

Internet Explorer 7.x: This option is available under “Tools / Internet Options / General /

Browsing History / Settings / Temporary Internet Files.”

Panel Display

The web agent displays an image of the switch’s ports. The refresh mode is disabled by
default. Click Auto-refresh to refresh the data displayed on the screen approximately once
every 5 seconds, or click Refresh to refresh the screen right now. Clicking on the image of a
port opens the Port State page as described on page 210.

Figure 2: Front Panel Indicators

Main Menu

Using the onboard web agent, you can define system parameters, manage and control the
switch, and all its ports, or monitor network conditions. The following table briefly describes
the selections available from this program.

23

Menu

Description

Page

Configuration

34

System

34

Information

Configures system contact, name and location

34

IP

Configures IPv4 and SNTP settings

35

IPv6

Configures IPv6 and SNTP settings

37

NTP

Enables NTP, and configures a list of NTP servers

39

Log

Configures the logging of messages to a remote
logging process, specifies the remote log server, and
limits the type of system log messages sent

40

Power Reduction

42

LED

Reduces LED intensity during specified hours

42

EEE

Configures Energy Efficient Ethernet for specified
queues, and specifies urgent queues which are to
transmit data after maximum latency expires
regardless queue length

43

Thermal Protection

Configures temperature priority levels, and assigns
those priorities for port shut-down if exceeded

45

Ports

Configures port connection settings

46

Security

49

Switch

49

Users

Configures user names, passwords, and access levels

49

Privilege Levels

Configures privilege level for specific functions

51

Auth Method

Configures authentication method for management
access via local database, RADIUS or TACACS+

52

SSH

Configures the Secure Shell server

55

HTTPS

Configures secure HTTP settings

56

Access
Management

Sets IP addresses of clients allowed management
access via HTTP/HTTPS, and SNMP, and Telnet/SSH

58

SNMP

Simple Network Management Protocol

59

System

Configures read-only and read/write community
strings for SNMP v1/v2c, engine ID for SNMP v3, and
trap parameters

60

Table 5: Main Menu

24

Menu

Description

Page

Communities

Configures community strings

64

Users

Configures SNMP v3 users on this switch

65

Groups

Configures SNMP v3 groups

66

Views

Configures SNMP v3 views

68

Access

Assigns security model, security level, and read / write
views to SNMP groups

69

Network

76

Limit Control

Configures port security limit controls, including secure
address aging; and per port security, including
maximum allowed MAC addresses, and response for
security breach

76

NAS

Configures global and port settings for IEEE 802.1X

78

ACL

Access Control Lists

89

Ports

Assigns ACL, rate limiter, and other parameters to
ports

89

Rate Limiters

Configures rate limit policies

91

Access
Control List

Configures ACLs based on frame type, destination
MAC type, VLAN ID, VLAN priority tag; and the action
to take for matching packets

92

DHCP

Dynamic Host Configuration Protocol

98

Snooping

Enables DHCP snooping globally; and sets the trust
mode for each port

98

Relay

Configures DHCP relay information status and policy

100

IP Source Guard

Filters IP traffic based on static entries in the IP
Source Guard table, or dynamic entries in the DHCP
Snooping table

102

Configuration

Enables IP source guard and sets the maximum
number of clients that can learned dynamically

102

Static Table

Adds a static addresses to the source-guard binding
table

104

ARP Inspection

Address Resolution Protocol Inspection

105

Configuration

Enables inspection globally, and per port

105

25

Menu

Description

Page

Static Table

Adds static entries based on port, VLAN ID, and
source MAC address and IP address in ARP request
packets

108

AAA

Configures RADIUS authentication server, RADIUS
accounting server, and TACACS+ authentication
server settings

109

Aggregation

111

Static

Specifies ports to group into static trunks

112

LACP

Allows ports to dynamically join trunks

114

Loop Protection

116

Spanning Tree

117

Bridge Settings

Configures global bridge settings for STP, RSTP and
MSTP; also configures edge port settings for BPDU
filtering, BPDU guard, and port error recovery

119

MSTI Mapping

Maps VLANs to a specific MSTP instance

123

MSTI Priorities

Configures the priority for the CIST and each MISTI

125

CIST Ports

Configures interface settings for STA

126

MSTI Ports

Configures interface settings for an MST instance

130

MVR

Configures Multicast VLAN Registration, including
global status, MVR VLAN, port mode, and immediate
leave

131

IPMC

IP Multicast

134

IGMP Snooping

Internet Group Management Protocol Snooping

134

Basic
Configuration

Configures global and port settings for multicast
filtering

135

VLAN
Configuration

Configures IGMP snooping per VLAN interface

138

Port Group
Filtering

Configures multicast groups to be filtered on specified
port

140

MLD Snooping

Multicast Listener Discovery Snooping

141

Basic
Configuration

Configures global and port settings for multicast
filtering

141

VLAN

Configures MLD snooping per VLAN interface

144

26

Menu

Description

Page

Configuration

Port Group
Filtering

Configures multicast groups to be filtered on specified
port

146

LLDP

Link Layer Discovery Protocol

148

LLDP

Configures global LLDP timing parameters, and port­specific TLV attributes

148

LLDP-MED

Configures LLDP-MED attributes, including device
location, emergency call server, and network policy
discovery

151

PoE

Configures Power-over-Ethernet settings for each port

156

Configuration

To disable/enable PoE with priority, and power limit

157

Time Scheduling

To set the scheduling date and hourly period.

159

Auto Checking

To set the checking IP address, and time intervals.

160

MAC Table

Configures address aging, dynamic learning, and
static addresses

162

VLANs

Virtual LANs

164

VLAN
Membership

Configures VLAN groups

165

Ports

Specifies default PVID and VLAN attributes

166

Private VLANs

168

PVLAN
Membership

Configures PVLAN groups

168

Port Isolation

Prevents communications between designated ports
within the same private VLAN

169

VCL

VLAN Control List

170

MAC-based
VLAN

Maps traffic with specified source MAC address to a
VLAN

170

Protocol-based
VLAN

172

Protocol to
Group

Creates a protocol group, specifying supported
protocols

172

Group to
VLAN

Maps a protocol group to a VLAN for specified ports

174

Voice VLAN

175

27

Menu

Description

Page

VoIP Traffic

Configures global settings, including status, voice
VLAN ID, VLAN aging time, and traffic priority; also
configures port settings, including the way in which a
port is added to the Voice VLAN, and blocking non­VoIP addresses

176

Telephony OUI

Maps the OUI in the source MAC address of ingress
packets to the VoIP device manufacturer

178

QoS

179

Port
Classification

Configures default traffic class, drop priority, user
priority, drop eligible indicator, classification mode for
tagged frames, and DSCP-based QoS classification

179

Port Policing

Configures Policing setting for all the switch ports
including packet rate, and flow control

181

Port Scheduler

Provides overview of QoS Egress Port Schedulers,

including the queue mode and weight; also configures
egress queue mode, queue shaper (rate and access
to excess bandwidth), and port shaper

183

Port Shaping

Provides overview of QoS Egress Port Shapers,
including the rate for each queue and port; also
configures egress queue mode, queue shaper (rate
and access to excess bandwidth), and port shaper

185

Port Tag
Remarking

Provides overview of QoS Egress Port Tag
Remarking; also sets the remarking mode (classified
PCP/DEI values, efault PCP/DEI values, or mapped
versions of QoS class and drop priority)

186

Port DSCP

Configures ingress translation and classification
settings and egress re-writing of DSCP values

188

DSCP-Based
QoS

Configures DSCP-based QoS ingress classification
settings

189

DSCP
Translation

Configures DSCP translation for ingress traffic or
DSCP remapping for egress traffic

190

DSCP
Classification

Maps DSCP values to a QoS class and drop
precedence level

192

QoS Control List

Configures QoS policies for handling ingress packets
based on Ethernet type, VLAN ID, TCP/UDP port,
DSCP, ToS, or VLAN priority tag

193

28

Menu

Description

Page

Storm Control

Sets limits for broadcast, multicast, and unknown
unicast traffic

196

Mirroring

Sets source and target ports for mirroring

198

UPnP

Enables UPnP and defines timeout values

199

Monitor

204

System

204

Information

Displays basic system description, switch’s MAC

address, system time, and software version

204

CPU Load

Displays graphic scale of CPU utilization

206

Log

Displays logged messages based on severity

206

Detailed Log

Displays detailed information on each logged message

208

Thermal Protection

Shows the current chip temperature

209

Ports

210

State

Displays a graphic image of the front panel indicating
active port connections

210

Traffic Overview

Shows basic Ethernet port statistics

211

QoS Statistics

Shows the number of packets entering and leaving the
egress queues

212

QCL Status

Shows the status of QoS Control List entries

212

Detailed Statistics

Shows detailed Ethernet port statistics

214

Security

215

Access
Management
Statistics

Displays the number of packets used to manage the
switch via HTTP, HTTPS, and SNMP, Telnet, and
SSH

215

Network

217

Port Security

Shows the entries authorized by port security services,
including MAC address, VLAN ID, the service state,
time added to table, age, and hold state

217

NAS

Shows global and port settings for IEEE 802.1X

220

Switch

Shows port status for authentication services, including

802.1X security state, last source address used for
authentication, and last ID

220

29

Menu

Description

Page

Port

Displays authentication statistics for the selected port –
either for 802.1X protocol or for the remote
authentication server depending on the authentication
method

221

ACL Status

Shows the status for different security modules which
use ACL filtering, including ingress port, frame type,
and forwarding action

225

DHCP

Dynamic Host Configuration Protocol

227

Snooping

Statistics

Shows statistics for various types of DHCP protocol
packets

227

Relay
Statistics

Displays server and client statistics for packets
affected by the relay information policy

228

ARP Inspection

Displays entries in the ARP inspection table, sorted
first by port, then VLAN ID, MAC address, and finally
IP address

230

IP Source
Guard

Displays entries in the IP Source Guard table, sorted
first by port, then VLAN ID, MAC address, and finally
IP address

230

AAA

Authentication, Authorization and Accounting

231

RADIUS Overview

Displays status of configured RADIUS authentication
and accounting servers

231

RADIUS Details

Displays the traffic and status associated with each
configured RADIUS server

233

Switch Security

Shows information about MAC address learning for
each port, including the software module requesting
port security services, the service state, the current
number of learned addresses, and the maximum
number of secure addresses allowed

236

LACP

Link Aggregation Control Protocol

242

System Status

Displays administration key and associated local ports
for each partner

242

Port Status

Displays administration key, LAG ID, partner ID, and
partner ports for each local port

244

Port Statistics

Displays statistics for LACP protocol messages

245

Loop Protection

246

30