LevelOne GEP-5070 User Manual

GEP-5070

48 GE PoE-Plus + 2 GE SFP L2 Managed Switch

User Manual

V1.0

U

SER

M

ANUAL

GEP-5070

Layer 2 Gigabit Ethernet Switch
with 48 10/100/1000BASE-T PoE-Plus Ports (RJ-45)
and 2 Gigabit Ethernet SFP Ports

GEP-5070

E042013/ST-R01

ABOUT THIS GUIDE

PURPOSE This guide gives specific information on how to operate and use the

management functions of the switch.

AUDIENCE The guide is intended for use by network administrators who are

responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).

CONVENTIONS The following conventions are used throughout this guide to show

information:

N

OTE

:

Emphasizes important information or calls your attention to related

features or instructions.

C

AUTION

damage the system or equipment.

W

ARNING

:

Alerts you to a potential hazard that could cause loss of data, or

:

Alerts you to a potential hazard that could cause personal injury.

RELATED PUBLICATIONS The following publication details the hardware features of the switch,

including the physical and performance-related characteristics, and how to
install the switch:

The Installation Guide

Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.

REVISION HISTORY This section summarizes the changes in each revision of this guide.

APRIL 2012 REVISION

This is the first version of this guide. This guide is valid for software release
v1.0.0.4.

– 5 –

A

BOUT THIS GUIDE

– 6 –

CONTENTS

ABOUT THIS GUIDE 5

ONTENTS 7

C

IGURES 13

F

ABLES 19

T

SECTION I GETTING STARTED 21

1INTRODUCTION 23

Key Features 23

Description of Software Features 24

System Defaults 28

2INITIAL SWITCH CONFIGURATION 31

SECTION II WEB CONFIGURATION 33

3USING THE WEB INTERFACE 35

Navigating the Web Browser Interface 35

Home Page 35

Configuration Options 36

Panel Display 36

Main Menu 36

4CONFIGURING THE SWITCH 45

Configuring System Information 45

Setting an IP Address 46

Setting an IPv4 Address 46

Setting an IPv6 Address 48

Configuring NTP Service 50

Configuring the Time Zone and Daylight Savings Time 51

Configuring Remote Log Messages 53

– 7 –

C

ONTENTS

Configuring Power Reduction 54

Reducing Power to Idle Queue Circuits 54

Configuring Port Connections 55

Configuring Security 57

Configuring User Accounts 58

Configuring User Privilege Levels 60

Configuring The Authentication Method For Management Access 61

Configuring SSH 64

Configuring HTTPS 65

Filtering IP Addresses for Management Access 66

Using Simple Network Management Protocol 67

Remote Monitoring 77

Configuring Port Limit Controls 83

Configuring Authentication Through Network Access Servers 85

Filtering Traffic with Access Control Lists 96

Configuring DHCP Snooping 107

Configuring DHCP Relay and Option 82 Information 109

Configuring IP Source Guard 111

Configuring ARP Inspection 114

Specifying Authentication Servers 117

Creating Trunk Groups 119

Configuring Static Trunks 120

Configuring LACP 123

Configuring Loop Protection 125

Configuring the Spanning Tree Algorithm 127

Configuring Global Settings for STA 129

Configuring Multiple Spanning Trees 132

Configuring Spanning Tree Bridge Priorities 134

Configuring
STP/RSTP/CIST Interfaces 135

Configuring MIST Interfaces 138

Multicast VLAN Registration 140

Configuring General MVR Settings 140

Configuring MVR Channel Settings 143

IGMP Snooping 145

Configuring Global and Port-Related Settings for IGMP Snooping 145

Configuring VLAN Settings for IGMP Snooping and Query 149

– 8 –

C

ONTENTS

Configuring IGMP Filtering 151

MLD Snooping 152

Configuring Global and Port-Related Settings for MLD Snooping 152

Configuring VLAN Settings for MLD Snooping and Query 155

Configuring MLD Filtering 158

Link Layer Discovery Protocol 158

Configuring LLDP Timing and TLVs 159

Configuring LLDP-MED TLVs 162

Power over Ethernet 167

Configuring the MAC Address Table 170

IEEE 802.1Q VLANs 172

Assigning Ports to VLANs 173

Configuring VLAN Attributes for Port Members 174

Using Port Isolation 177

Configuring MAC-based VLANs 177

Protocol VLANs 179

Configuring Protocol VLAN Groups 179

Mapping Protocol Groups to Ports 181

Configuring IP Subnet-based VLANs 182

Managing VoIP Traffic 183

Configuring VoIP Traffic 184

Configuring Telephony OUI 186

Quality of Service 187

Configuring Port Classification 188

Configuring Port Policiers 188

Configuring Egress Port Scheduler 189

Configuring Egress Port Shaper 192

Configuring Port Remarking Mode 193

Configuring Port DSCP Translation and Rewriting 195

Configuring DSCP-based QoS Ingress Classification 196

Configuring DSCP Translation 198

Configuring DSCP Classification 199

Configuring QoS Control Lists 199

Configuring Storm Control 204

Configuring WRED 205

Configuring Congestion Management 206

– 9 –

C

ONTENTS

Configuring Local Port Mirroring 207

Configuring Remote Port Mirroring 208

Configuring UPnP 213

Configuring sFlow 214

5MONITORING THE SWITCH 219

Displaying Basic Information About the System 219

Displaying System Information 219

Displaying CPU Utilization 220

Displaying Log Messages 221

Displaying Log Details 223

Displaying Information About Ports 223

Displaying Port Status On the Front Panel 223

Displaying an Overview of Port Statistics 224

Displaying QoS Statistics 224

Displaying QCL Status 225

Displaying Detailed Port Statistics 226

Displaying Information About Security Settings 229

Displaying Access Management Statistics 229

Displaying Information About Switch Settings for Port Security 230

Displaying Information About Learned MAC Addresses 231

Displaying Port Status for Authentication Services 232

Displaying Port Statistics for 802.1X or Remote Authentication

Service 233

Displaying ACL Status 237

Displaying Statistics for DHCP Snooping 239

Displaying DHCP Relay Statistics 240

Displaying MAC Address Bindings for ARP Packets 241

Displaying Entries in the IP Source Guard Table 242

Displaying Information on Authentication Servers 243

Displaying a List of Authentication Servers 243

Displaying Statistics for Configured Authentication Servers 244

Displaying Information on RMON 247

Displaying RMON Statistics 247

Displaying RMON Historical Samples 249

Displaying RMON Alarm Settings 250

Displaying RMON Event Settings 251

– 10 –

C

ONTENTS

Displaying Information on LACP 252

Displaying an Overview of LACP Groups 252

Displaying LACP Port Status 252

Displaying LACP Port Statistics 253

Displaying Information on Loop Protection 254

Displaying Information on the Spanning Tree 255

Displaying Bridge Status for STA 255

Displaying Port Status for STA 257

Displaying Port Statistics for STA 258

Displaying MVR Information 259

Displaying MVR Statistics 259

Displaying MVR Group Information 260

Displaying MVR SFM Information 261

Showing IGMP Snooping Information 262

Showing IGMP Snooping Status 262

Showing IGMP Snooping Group Information 263

Showing IPv4 SFM Information 263

Showing MLD Snooping Information 264

Showing MLD Snooping Status 264

Showing MLD Snooping Group Information 266

Showing IPv6 SFM Information 266

Displaying LLDP Information 267

Displaying LLDP Neighbor Information 267

Displaying LLDP-MED Neighbor Information 268

Displaying LLDP Neighbor PoE Information 271

Displaying LLDP Neighbor EEE Information 272

Displaying LLDP Port Statistics 273

Displaying PoE Status 275

Displaying the MAC Address Table 276

Displaying Information About VLANs 277

VLAN Membership 277

VLAN Port Status 278

Displaying Information About MAC-based VLANs 279

Displaying Information About Flow Sampling 280

6PERFORMING BASIC DIAGNOSTICS 283

Pinging an IPv4 or IPv6 Address 283

– 11 –

C

ONTENTS

Running Cable Diagnostics 285

7PERFORMING SYSTEM MAINTENANCE 287

Restarting the Switch 287

Restoring Factory Defaults 288

Upgrading Firmware 288

Activating the Alternate Image 289

Managing Configuration Files 290

Saving Configuration Settings 290

Restoring Configuration Settings 290

SECTION III APPENDICES 293

ASOFTWARE SPECIFICATIONS 295

Software Features 295

Management Features 296

Standards 297

Management Information Bases 298

BTROUBLESHOOTING 299

Problems Accessing the Management Interface 299

Using System Logs 300

CLICENSE INFORMATION 301

The GNU General Public License 301

GLOSSARY 305

NDEX 313

I

– 12 –

FIGURES

Figure 1: Home Page 35

Figure 2: Front Panel Indicators 36

Figure 3: System Information Configuration 45

Figure 4: IP Configuration 47

Figure 5: IPv6 Configuration 49

Figure 6: NTP Configuration 50

Figure 7: Time Zone and Daylight Savings Time Configuration 52

Figure 8: Configuring Settings for Remote Logging of Error Messages 53

Figure 9: Configuring EEE Power Reduction 55

Figure 10: Port Configuration 57

Figure 11: Showing User Accounts 59

Figure 12: Configuring User Accounts 59

Figure 13: Configuring Privilege Levels 61

Figure 14: Authentication Server Operation 62

Figure 15: Authentication Method for Management Access 63

Figure 16: SSH Configuration 64

Figure 17: HTTPS Configuration 66

Figure 18: Access Management Configuration 67

Figure 19: SNMP System Configuration 71

Figure 20: SNMPv3 Community Configuration 72

Figure 21: SNMPv3 User Configuration 74

Figure 22: SNMPv3 Group Configuration 75

Figure 23: SNMPv3 View Configuration 76

Figure 24: SNMPv3 Access Configuration 77

Figure 25: RMON Statistics Configuration 78

Figure 26: RMON History Configuration 79

Figure 27: RMON Alarm Configuration 81

Figure 28: RMON Event Configuration 83

Figure 29: Port Limit Control Configuration 85

Figure 30: Using Port Security 86

Figure 31: Network Access Server Configuration 96

– 13 –

F

IGURES

Figure 32: ACL Port Configuration 98

Figure 33: ACL Rate Limiter Configuration 99

Figure 34: Access Control List Configuration 106

Figure 35: DHCP Snooping Configuration 109

Figure 36: DHCP Relay Configuration 110

Figure 37: Configuring Global and Port-based Settings for IP Source Guard 113

Figure 38: Configuring Static Bindings for IP Source Guard 114

Figure 39: Configuring Global and Port Settings for ARP Inspection 116

Figure 40: Configuring Static Bindings for ARP Inspection 117

Figure 41: Authentication Configuration 119

Figure 42: Static Trunk Configuration 122

Figure 43: LACP Port Configuration 125

Figure 44: Loop Protection Configuration 126

Figure 45: STP Root Ports and Designated Ports 127

Figure 46: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 128

Figure 47: Common Internal Spanning Tree, Common Spanning Tree, Internal

Spanning Tree 128

Figure 48: STA Bridge Configuration 132

Figure 49: Adding a VLAN to an MST Instance 134

Figure 50: Configuring STA Bridge Priorities 135

Figure 51: STP/RSTP/CIST Port Configuration 138

Figure 52: MSTI Port Configuration 139

Figure 53: MVR Concept 140

Figure 54: Configuring General MVR Settings 143

Figure 55: Configuring MVR Channel Settings 145

Figure 56: Configuring Global and Port-related Settings for IGMP Snooping 149

Figure 57: Configuring VLAN Settings for IGMP Snooping and Query 151

Figure 58: IGMP Snooping Port Group Filtering Configuration 152

Figure 59: Configuring Global and Port-related Settings for MLD Snooping 155

Figure 60: Configuring VLAN Settings for MLD Snooping and Query 157

Figure 61: MLD Snooping Port Group Filtering Configuration 158

Figure 62: LLDP Configuration 161

Figure 63: LLDP-MED Configuration 167

Figure 64: Configuring PoE Settings 170

Figure 65: MAC Address Table Configuration 172

Figure 66: VLAN Membership Configuration 174

Figure 67: VLAN Port Configuration 176

– 14 –

F

IGURES

Figure 68: Port Isolation Configuration 177

Figure 69: Configuring MAC-Based VLANs 178

Figure 70: Configuring Protocol VLANs 180

Figure 71: Assigning Ports to Protocol VLANs 182

Figure 72: Assigning Ports to an IP Subnet-based VLAN 183

Figure 73: Configuring Global and Port Settings for a Voice VLAN 186

Figure 74: Configuring an OUI Telephony List 187

Figure 75: Configuring Ingress Port QoS Classification 188

Figure 76: Configuring Ingress Port Policing 189

Figure 77: Displaying Egress Port Schedulers 191

Figure 78: Configuring Egress Port Schedulers and Shapers 192

Figure 79: Displaying Egress Port Shapers 193

Figure 80: Displaying Port Tag Remarking Mode 194

Figure 81: Configuring Port Tag Remarking Mode 195

Figure 82: Configuring Port DSCP Translation and Rewriting 196

Figure 83: Configuring DSCP-based QoS Ingress Classification 197

Figure 84: Configuring DSCP Translation and Re-mapping 198

Figure 85: Mapping DSCP to QoS 199

Figure 86: QoS Control List Configuration 203

Figure 87: Storm Control Configuration 204

Figure 88: WRED Configuration 206

Figure 89: Congestion Management Configuration 207

Figure 90: Mirror Configuration 208

Figure 91: Configuring Remote Port Mirroring 209

Figure 92: Mirror Configuration (Source) 211

Figure 93: Mirror Configuration (Intermediate) 212

Figure 94: Mirror Configuration (Destination) 213

Figure 95: UPnP Configuration 214

Figure 96: sFlow Configuration 217

Figure 97: System Information 220

Figure 98: CPU Load 221

Figure 99: System Log Information 222

Figure 100: Detailed System Log Information 223

Figure 101: Port State Overview 223

Figure 102: Port Statistics Overview 224

Figure 103: Queueing Counters 225

– 15 –

F

IGURES

Figure 104: QoS Control List Status 226

Figure 105: Detailed Port Statistics 228

Figure 106: Access Management Statistics 229

Figure 107: Port Security Switch Status 231

Figure 108: Port Security Port Status 232

Figure 109: Network Access Server Switch Status 233

Figure 110: NAS Statistics for Specified Port 237

Figure 111: ACL Status 238

Figure 112: DHCP Snooping Statistics 240

Figure 113: DHCP Relay Statistics 241

Figure 114: Dynamic ARP Inspection Table 242

Figure 115: Dynamic IP Source Guard Table 242

Figure 116: RADIUS Overview 243

Figure 117: RADIUS Details 247

Figure 118: RMON Statistics 249

Figure 119: RMON History Overview 250

Figure 120: RMON Alarm Overview 251

Figure 121: RMON Event Overview 251

Figure 122: LACP System Status 252

Figure 123: LACP Port Status 253

Figure 124: LACP Port Statistics 254

Figure 125: Loop Protection Status 254

Figure 126: Spanning Tree Bridge Status 257

Figure 127: Spanning Tree Detailed Bridge Status 257

Figure 128: Spanning Tree Port Status 258

Figure 129: Spanning Tree Port Statistics 259

Figure 130: MVR Statistics 260

Figure 131: MVR Group Information 261

Figure 132: MVR SFM Information 261

Figure 133: IGMP Snooping Status 263

Figure 134: IGMP Snooping Group Information 263

Figure 135: IPv4 SFM Information 264

Figure 136: MLD Snooping Status 265

Figure 137: MLD Snooping Group Information 266

Figure 138: IPv6 SFM Information 267

Figure 139: LLDP Neighbor Information 268

– 16 –

F

IGURES

Figure 140: LLDP-MED Neighbor Information 271

Figure 141: LLDP Neighbor PoE Information 272

Figure 142: LLDP Neighbor EEE Information 273

Figure 143: LLDP Port Statistics 275

Figure 144: Power over Ethernet Status 276

Figure 145: MAC Address Table 277

Figure 146: Showing VLAN Members 278

Figure 147: Showing VLAN Port Status 279

Figure 148: Showing MAC-based VLAN Membership Status 280

Figure 149: Showing sFlow Statistics 282

Figure 150: ICMP Ping 284

Figure 151: VeriPHY Cable Diagnostics 285

Figure 152: Restart Device 287

Figure 153: Factory Defaults 288

Figure 154: Software Upload 289

Figure 155: Software Image Selection 289

Figure 156: Configuration Save 290

Figure 157: Configuration Upload 291

– 17 –

F

IGURES

– 18 –

TABLES

Table 1: Key Features 23

Table 2: System Defaults 28

Table 3: Web Page Configuration Buttons 36

Table 4: Main Menu 36

Table 5: HTTPS System Support 65

Table 6: SNMP Security Models and Levels 68

Table 7: Dynamic QoS Profiles 89

Table 8: QCE Modification Buttons 100

Table 9: Recommended STA Path Cost Range 136

Table 10: Recommended STA Path Costs 136

Table 11: Default STA Path Costs 136

Table 12: QCE Modification Buttons 200

Table 13: System Capabilities 268

Table 14: Troubleshooting Chart 299

– 19 –

T

ABLES

– 20 –

S

ECTION

GETTING STARTED

This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.

This section includes these chapters:

◆ "Introduction" on page 23

◆ "Initial Switch Configuration" on page 31

I

– 21 –

S

ECTION

I

| Getting Started

– 22 –

1 INTRODUCTION

This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.

KEY FEATURES

Table 1: Key Features

Feature Description

Configuration Backup
and Restore

Backup to management station using Web

Authentication Telnet, Web – user name/password, RADIUS, TACACS+

Web – HTT PS
Teln e t – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering

General Security
Measures

Access Control Lists Supports up to 512 rules

DHCP Client

DNS Client and Proxy service

Port Configuration Speed, duplex mode, flow control, MTU, response to excessive

Rate Limiting Input rate limiting per port (manual setting or ACL)

Port Mirroring 1 session, multiple source ports to one analysis port (local mirror),

Port Trunking Supports up to 25 trunks – static or dynamic trunking (LACP)

Congestion Control Throttling for broadcast, multicast, unknown unicast storms

Address Table 8K MAC addresses in the forwarding table, 1000 static MAC

Private VLANs
Port Authentication
Port Security
DHCP Snooping (with Option 82 relay information)
IP Source Guard

collisions, power saving mode

or one source port to multiple destination ports (remote mirror)

addresses, 1K L2 IGMP multicast groups and 128 MVR groups

IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Supported to ensure wire-speed switching while eliminating bad
frames

– 23 –

C

HAPTER

Description of Software Features

1

| Introduction

Table 1: Key Features (Continued)

Feature Description

Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and

Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private

Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/

Qualify of Service Supports Differentiated Services (DiffServ), and DSCP remarking

Link Layer Discovery
Protocol

Multicast Filtering Supports IGMP snooping and query, MLD snooping, and Multicast

DESCRIPTION OF SOFTWARE FEATURES

The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Storm suppression prevents broadcast,
multicast, and unknown unicast traffic storms from engulfing the network.
Untagged (port-based), tagged, and protocol-based VLANs provide traffic
security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across
the network. While multicast filtering provides support for real-time
network applications.

Multiple Spanning Trees (MSTP)

VLANs, and voice VLANs, and QinQ tunnel

UDP port, DSCP, ToS bit, VLAN tag priority, or port

Used to discover basic information about neighboring devices

VLAN Registration

Some of the management features are briefly described below.

CONFIGURATION

BACKUP AND

RESTORE

You can save the current configuration settings to a file on the
management station (using the web interface) or a TFTP server (using the
console interface through Telnet), and later download this file to restore
the switch configuration settings.

AUTHENTICATION This switch authenticates management access via a web browser. User

names and passwords can be configured locally or can be verified via a
remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol
uses Extensible Authentication Protocol over LANs (EAPOL) to request user
credentials from the 802.1X client, and then uses the EAP between the
switch and the authentication server to verify the client’s right to access
the network via an authentication server (i.e., RADIUS or TACACS+
server).

Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access, and MAC address filtering for port access.

– 24 –

C

HAPTER

Description of Software Features

1

| Introduction

ACCESS CONTROL

LISTS

ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP
port number or frame type) or layer 2 frames (based on any destination
MAC address for unicast, broadcast or multicast, or based on VLAN ID or
VLAN tag priority). ACLs can by used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting
access to specific network resources or protocols. Policies can be used to
differentiate service for client ports, server ports, network ports or guest
ports. They can also be used to strictly control network traffic by only
allowing incoming frames that match the source MAC and source IP on
specific port.

PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control

used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Flow
control should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).

RATE LIMITING This feature controls the maximum rate for traffic transmitted or received

on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within
the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.

PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.

You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be

manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 5 trunks.

STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents

traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.

STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.

Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will

– 25 –

C

HAPTER

Description of Software Features

1

| Introduction

be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.

IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table

facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 16K addresses.

STORE-AND-FORWARD

SWITCHING

SPANNING TREE

ALGORITHM

The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.

To avoid dropping frames on congested ports, the switch provides 8 MB for
frame buffering. This buffer can queue packets awaiting transmission on
congested networks.

The switch supports these spanning tree protocols:

◆ Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using the

STP backward compatible mode provided by RSTP. STP provides loop
detection. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure
that only one route exists between any two stations on the network.
This prevents the creation of network loops. However, if the chosen
path should fail for any reason, an alternate path will be activated to
maintain the connection.

◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol

reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE

802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.

◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is

a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for
even faster convergence than RSTP by limiting the size of each region,
and prevents VLAN members from being segmented from the rest of
the group (as sometimes occurs with IEEE 802.1D STP).

– 26 –

C

HAPTER

Description of Software Features

1

| Introduction

VIRTUAL LANS The switch supports up to 4096 VLANs. A Virtual LAN is a collection of

network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:

◆ Eliminate broadcast storms which severely degrade performance in a

flat network.

◆ Simplify network management for node changes/moves by remotely

configuring VLAN membership for any port, rather than having to
manually change the network connection.

◆ Provide data security by restricting all traffic to the originating VLAN.

◆ Use private VLANs to restrict traffic to pass only between data ports

and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.

IEEE 802.1Q

TUNNELING (QINQ)

TRAFFIC

PRIORITIZATION

◆ Use protocol VLANs to restrict traffic to specified interfaces based on

protocol type.

This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s
frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.

This switch prioritizes each packet based on the required level of service,
using four priority queues with strict or Weighted Round Robin queuing. It
uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
provide independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet or the number
of the TCP/UDP port. When these services are enabled, the priorities are
mapped to a Class of Service value by the switch, and the traffic then sent
to the corresponding output queue.

be used to

– 27 –

C

HAPTER

System Defaults

1

| Introduction

QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management

mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2,
Layer 3, or Layer 4 information contained in each packet. Based on
network policies, different kinds of traffic can be marked for different kinds
of forwarding.

MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it

does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration for IPv4 traffic, and MLD Snooping for IPv6 traffic. It also
supports Multicast VLAN Registration (MVR) which allows common
multicast traffic, such as television channels, to be transmitted across a
single network-wide multicast VLAN shared by hosts residing in other
standard or private VLAN groups, while preserving security and data
isolation for normal traffic.

SYSTEM DEFAULTS

The switch’s system defaults are stored in a non-volitile memory. To reset
the switch defaults, see "Restoring Factory Defaults" on page 288.

The following table lists some of the basic system defaults.

Table 2: System Defaults

Function Parameter Default

Authentication User Name “admin”

Password “admin”

RADIUS Authentication Disabled

TACACS+ Authentication Disabled

802.1X Port Authentication Disabled

HTTPS Enabled

SSH Enabled

Port Security Disabled

IP Filtering Disabled

Web Management HTTP Server Enabled

HTTP Port Number 80

HTTP Secure Server Disabled

HTTP Secure Server Redirect Disabled

– 28 –

C

HAPTER

Table 2: System Defaults (Continued)

Function Parameter Default

SNMP SNMP Agent Disabled

Community Strings “public” (read only)

“private” (read/write)

1

| Introduction

System Defaults

Traps Global: disabled

SNMP V3 View: default_view

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Rate Limiting Input and output limits Disabled

Po r t Tr u n k i n g St a t i c Tr u n k s No n e

LACP (all ports) Disabled

Storm Protection Status Broadcast: Enabled (1 kpps)

Spanning Tree Algorithm Status Enabled, RSTP

Edge Ports Enabled

Address Table Aging Time 300 seconds

Virtual LANs Default VLAN 1

PVID 1

Authentication traps: enabled
Link-up-down events: enabled

Group: default_rw_group

Multicast: disabled
Unknown unicast: disabled

(Defaults: RSTP standard)

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode) Access

Traffic Prioritization Ingress Port Priority 0

Queue Mode Strict

Weighted Round Robin Queue: 0 1 2 3 4 5 6 7

Weight: Disabled in strict mode

Ethernet Type Disabled

VLAN ID Disabled

VLAN Priority Tag Disabled

ToS P r i o rity D i s a ble d

IP DSCP Priority Disabled

TCP/UDP Port Priority Disabled

LLDP Status Enabled

– 29 –

C

HAPTER

1

| Introduction

System Defaults

Table 2: System Defaults (Continued)

Function Parameter Default

IP Settings Management. VLAN VLAN 1

IP Address 192.168.1.1

Subnet Mask 255.255.255.0

Default Gateway 0.0.0.0

DHCP Client: Disabled

Snooping: Disabled

DNS Proxy service: Disabled

Multicast Filtering IGMP Snooping Snooping: Disabled

MLD Snooping Disabled

Multicast VLAN Registration Disabled

System Log
(console only)

NTP Clock Synchronization Disabled

Status Disabled

Messages Logged to Flash All levels

Querier: Disabled

– 30 –