Luxul XMS-1024P User Manual

Download

Simply Connected

User Guide

XMS-1024P

24 Port Gigabit Managed

PoE/PoE+ Switch

Use the XMS-1024P to:



Cost-effectively Add 802.3af/at PoE Capability to Your Network



Deliver Power and Data for up to 24 PoE-Enabled Network Devices with a Maximum Output of 320 Watts



Simplify PoE Device Installation, Including IP Sercurity Cameras, VoIP Devices, and Wireless AP’s



Future Proof Your Network with Gigabit Speeds (10X Performance of Fast Ethernet)



Optimize and Protect Your Network with Advanced VLAN, QoS and Network Security Features

XMS-1024P

User Guide

Model Number: XMS-1024P 24 Port Gigabit Managed PoE/PoE+ Switch

No part of this publication may be modiﬁed or adapted in any way, for any purposes without permission in writing from Luxul. The material in this manual is subject to change without notice. Luxul reserves the right to make changes to any product to improve reliability, function, or design. No license is granted, either expressly or by implication or otherwise under any Luxul intellectual property rights. An implied license only exists for equipment, circuits and subsystems contained in this or any Luxul product.

This product is covered by one or more U.S. and foreign patents.

Patents: 7,379,717, 6,606,075, 6,373,448, other patents pending

DOCUMENT CONVENTIONS

The following graphical alerts are used in this document to indicate notable situations:

NOTE: Tips, hints, or special requirements that you should take note of.

CAUTION: Care is required. Disregarding a caution can result in data

loss or equipment malfunction.

WARNING!: Indicates a condition or procedure that could result in

personal injury or equipment damage.

CONTACT LUXUL

Sales

P: 801-822-5450 E: sales@luxul.com

Technical Support

P: 801-822-5450 E: support@luxul.com

FCC COMPLIANCE

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

CONTENTS

1 ABOUT THIS GUIDE 6

1.1 Intended Readers 6

1.2 Conventions 6

1.3 Overview of This Guide 6

2 INTRODUCTION 10

2.1 Overview of the Switch 10

2.2 Main Features 11

2.3 Description 12

3 LOGGING ON TO THE SWITCH 14

3.1 Login 14

3.2 Conﬁguration 15

4 SYSTEM 16

4.1 System Settings 16

4.2 User Management 24

4.3 System Tools 26

5 SWITCHING 38

5.1 Port Settings 38

5.2 LAG 48

5.3 Trafﬁc Monitor 53

5.4 MAC Address 57

6 VLAN 64

6.1 802.1Q VLAN 66

6.2 MAC VLAN 72

6.3 Protocol VLAN 74

6.4 Application Example for 802.1Q VLAN 81

6.5 Application Example for MAC VLAN 82

6.6 Application Example for Protocol VLAN 84

6.7 GVRP 86

7 SPANNING TREE 90

7.1 STP Conﬁg 97

7.2 Port Conﬁg 100

7.3 MSTP Instance 102

7.4 STP Security 107

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

7.5 Application Example for STP Function 111

8 MULTICAST 116

8.1 IGMP Snooping 119

8.2 Multicast IP 130

8.3 Multicast Filter 132

8.4 Packet Statistics 135

9 QOS 137

9.1 DiffServ 141

9.2 Bandwidth Control 147

9.3 Voice VLAN 151

10 POE 157

10.1 PoE Conﬁg 158

10.2 PoE Time-Range 161

11 ACL 165

11.1 Time-Range 165

11.2 ACL Conﬁg 169

11.3 ACL Policy 176

12 NETWORK SECURITY 186

12.1 IP-MAC Binding 186

12.2 ARP Inspection 199

12.3 DoS Defense 207

12.4 802.1X/RADIUS 209

13 SNMP 220

13.1 SNMP Conﬁg 223

13.2 SNMP Notiﬁcation 232

13.3 RMON 234

14 LLDP 239

14.1 LLDP Conﬁg 244

14.2 Device Info 246

14.3 Device Statistics 249

14.4 LLDP-Media 250

15 CLUSTER 257

15.1 NDP 259

15.2 NTDP 263

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

15.3 Cluster 269

16 MAINTENANCE 271

16.1 System Monitor 271

16.2 System Logs 273

16.3 Device Diagnostics 279

16.4 Network Diagnostics 281

17 SAVE CONFIG 282

18 REGULATORY COMPLIANCE 283

APPENDIX A: SPECIFICATIONS 286

GLOSSARY 287

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

1 ABOUT THIS GUIDE

This User Guide contains information for setup and Management of the XMS-1024P 24 Port Gigabit Managed PoE/PoE+ Switch. Please read this guide carefully.

1.1 Intended Readers

This Guide is intended for users or installers familiar with IP concepts and Network terminologies.

1.2 Conventions

In this Guide the following conventions are used:



The Switch mentioned in this Guide refers to the XMS-1024P Managed PoE Switch



Menu Name>>Submenu Name>>Tab indicates the location being illustrated in the menu structure. (i.e. System>>System Settings>>Status is the Status tab under the System Settings menu option that is located under the System menu).



Bold font indicates a button, a toolbar icon, menu or menu item.

1.3 Overview of This Guide

Chapter Introduction

Chapter 1 About This Guide

Chapter 2 Introduction

Chapter 3 Login

Chapter 4 System

Introduces the guide structure and conventions.

Introduces the features, application and appearance of XMS-1024P Switch.

Illustrates how to log on to the Web Management page.

This chapter will show how to conﬁgure system properties of the Switch.



System Settings:

Time and Network parameters of the Switch.



User Management:

Password for users to log on to the Web Management page with the desired level of access.



System Tools:

the Switch.



Access Control:

Conﬁgure the Description, System

Conﬁgure the User Name and

Manage the Conﬁguration File of

Provide different security measures for

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Chapter Introduction

Chapter 5 Switching

This chapter will show how to conﬁgure basic functions of the Switch.



Conﬁgure the basic features of the Switch Ports.

Port:



Conﬁgure Link Aggregation Group. A LAG

LAG:

combines a number of Ports together to make a single high-bandwidth Data path.



Trafﬁc Monitor:

each Port



MAC Address:

of the Switch.

Chapter 6 VLAN

This chapter will show how to conﬁgure VLANs to control broadcast on the Local Area Network.



802.1Q VLAN:

Port basis.



MAC VLAN:

without changing the 802.1Q VLAN conﬁguration.



Protocol VLAN:

layer to adjust how some Data is transmitted in the speciﬁed VLAN.



GVRP allows the Switch to automatically add

GVRP:

or remove VLAN membership via dynamic VLAN registration information and propagate the local VLAN registration information to other Switches, without having to individually conﬁgure each VLAN on every Switch.

Chapter 7 Spanning Tree

This chapter will show how to conﬁgure Spanning Tree functions on the Switch.



STP Conﬁg:

Spanning Tree.



Port STP Conﬁg:

Switch Ports.



MSTP Instance:



STP Security:

devices from any malicious attack against STP.

User Guide

Monitor the trafﬁc statistics of

Modify the MAC MAC Table properties

Conﬁgure an 802.1Q VLAN on a Port-per-

Conﬁgure 802.1 Q MAC-based VLAN

Create VLANs using the application

Conﬁgure and view the global settings of

Conﬁgure the STP parameters of

Conﬁgure MSTP instances.

Conﬁgure STP protection to prevent

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Chapter Introduction

Chapter 8 Multicast

Chapter 9 QoS

Chapter 10 PoE

Chapter 11 ACL

This chapter will show how to conﬁgure the Multicast functions of the Switch.



IGMP Snooping:

Snooping, Port properties, VLAN, and Multicast VLAN.



Multicast IP:



Multicast Filter:

users ordering Multicast programs.



Packet Statistics:

each Port of the Switch.

This chapter will show how to conﬁgure QoS to provide the desired quality of service for various Network applications and requirements



DiffServ:

Priority and DSCP priority.



Bandwidth Control:

trafﬁc rate on each Port; Storm Control feature to ﬁlter Broadcast, Multicast and UL frames in the Network.



Voice VLAN:

within the speciﬁed VLAN to ensure the transmission priority of Voice Data stream and Voice quality.

This chapter will show how to conﬁgure the PoE for the Switch to supply power for PoE capable devices.



PoE Conﬁg:



PoE Time-Range:

supply power.

This chapter will show how to conﬁgure ACL Rules and Policies to ﬁlter packets in order to prevent malicious packets from harming the Network.



Time-Range:



ACL Conﬁg:



Policy Conﬁg:



Policy Binding:

Conﬁgure global parameters of IGMP

Conﬁgure Multicast IP table.

Conﬁgure Multicast Filter to restrict

View the Multicast trafﬁc statistics on

Conﬁgure priorities, Port priority, 802.1P

Rate Limit feature to control the

Voice VLAN to transmit Voice Data stream

PoE global functionality.

Time window(s) for PoE Port to

The effective time for ACL Rules.

ACL Rules.

Policy operational parameters.

Bind the policy to a Port or VLAN.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Chapter Introduction

Chapter 12 Network Security

This Chapter will show how to conﬁgure the multiple protection measures in Network Security.



IP-MAC Binding:

VLAN ID and the Connected Port of the Host together.



ARP Inspection:

attacks on the Network.



DoS Defend:

DoS attack.



802.1X/RADIUS:

Radius Servers.

Chapter 13 SNMP

This chapter will show how to conﬁgure SNMP to provide a Management frame to monitor and maintain the Network devices.



SNMP Conﬁg:



SNMP Notiﬁcation:

conﬁguration for the to monitor and process the events.



RMON (Remote Monitoring) options and

RMON:

conﬁguration.

Chapter 14 LLDP

This chapter will show how to conﬁgure LLDP to provide information for SNMP applications.



Basic Conﬁg:



Device Info:

device and its neighbors



Device Statistics:

local device



LLDP-MED:

the device.

Chapter 15 Cluster

This chapter will show how to conﬁgure the Cluster function to allow central Management of devices in the Network.



NDP setup to get the information from the

NDP:

directly connected neighbor devices.



NTDP functions of the commander Switch to

NTDP:

collect NDP information.



Cluster:

the Cluster.

User Guide

Bind the IP Address, MAC address,

ARP Inspection feature prevent ARP

DoS Defense features to prevent

Covers the use of 802.1X/RADIUS and

Global settings of SNMP.

SNMP Notiﬁcation options and

The LLDP parameters of the device.

View the LLDP information of the local

View the LLDP statistics of the

Conﬁgure LLDP-MED parameters of

Cluster setup to establish and maintain

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Chapter Introduction

Chapter 16 Maintenance

Appendix A Speciﬁcations

Appendix B Conﬁgure the PCs

Appendix C Load Software Using FTP

Appendix D 802.1X/RADIUS Client Software

Appendix E Glossary

2 INTRODUCTION

Thanks for choosing the Luxul XMS-1024P Managed PoE/PoE+ Switch

This chapter will show how to use the common system tools to manage the Switch.



System Monitor:

the Switch.



View system events.

Log:



Device Diagnostics:

cable connected to the Switch.



Network Diagnostics:

test connection at the Switch.

Lists the hardware speciﬁcations of the Switch.

Introduces how to conﬁgure the PCs.

Introduces how to load software of the Switch using FTP function.

Introduces how to use 802.1X/RADIUS Client Software provided for Authentication.

The glossary of the manual.z

The memory and CPU usage of

Test the connection status of the

Ping and Traceroute utilities to

2.1 Overview of the Switch

Designed to meet Commercial Grade requirements, the XMS-1024P from LUXUL provides wire-speed performance and IP Layer 2 Management features to give you the best service and security available.

The EIA Standardized framework and smart conﬁguration capacity provides a ﬂexible solution for any scale of Network. ACL, 802.1X/RADIUS and Dynamic ARP Inspection provide robust security. QoS and IGMP Snooping/Filtering help optimize Voice and video applications. Link Aggregation (LACP) increases aggregated bandwidth, optimizing the transport of critical Data. SNMP, RMON, Web Management/CLI/Telnet Log-in options give you maximum Management ﬂexibility. The XMS-1024P Managed PoE Switch is also a Power Source Equipment device. All the Auto-Negotiating RJ45 Ports on the Switch support Power over Ethernet, which can automatically detect and supply power to Powered Devices complying with the IEEE 802.3af and IEEE 802.3at standards.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

2.2 Main Features

Resiliency and Availability



Link Aggregation (LACP) increases aggregated bandwidth, optimizing the transport of critical Data.



IEEE 802.1s Multiple Spanning Tree provides high link availability.



Multicast Snooping automatically prevents ﬂooding of IP Network when using Multicast.

Layer 2 Switching



GVRP (GARP VLAN Registration Protocol) allows automatic learning and dynamic assignment of VLANs.



Supports up to 4094 VLANs.

Quality of Service



Supports L2 and L3 based CoS (Cost of Service) with 4 priority queues per Port.



Rate Limiting controls the trafﬁc ﬂow according to the conﬁgured values.

Security



Supports industry standard user Authentication methods such as

802.1X/RADIUS, RADIUS.



Dynamic ARP Inspection blocks ARP packets from unauthorized hosts, preventing man-in-the-middle attacks.



L2/L3/L4 Access Control Lists restrict untrusted access to protected resources.



Provides SSHv1/v2, SSL 2.0/3.0 and TLS v1 for Management access encryption.

Manageability



IP Clustering provides ﬂexible scalability and easy Single-Switch-Management.



Telnet, CLI, SNMP v1/v2c/v3, RMON and Web Management access provides excellent Administration ﬂexibility.



Port Mirroring enables monitoring of selected Ingress/Egress trafﬁc.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

2.3 Description

2.3.1 Front Panel

Figure 2-1 Front Panel

The following parts are located on the front panel of the Switch:

24 10/100/1000Mbps Ports: Designed to connect client devices with a bandwidth of up to 1000Mbps.

4 SFP Ports: Designed to allow the use of an SFP module for ﬁ ber interlinking.

NOTE: When using the SFP Port with a 100Mbps module or a Gigabit

module, you need to conﬁ gure its corresponding Speed and Duplex mode in Switching>>Port Settings>>Port Conﬁ g page. For 100Mbps module, please select 100MFD while selecting 1000MFD for Gigabit modules. By default, the Speed and Duplex mode of any installed SFP module is 1000MFD.

1 Console Port: Designed to allow connection to the serial Port of a computer or terminal for monitoring and conﬁ guring the Switch.

24 Port LEDs

The XMS-1024P has a LED mode button which is for Switching the LED status type. When the Speed LED is lit, the Port LED indicates link/link activity. When the PoE LED is lit, the Port LED indicates the power supply status. By default the Speed option is on. Pressing the Mode button will toggle between Speed and PoE. When selected, the PoE display will remain active for 60 seconds and then default back to Speed display.

When the Speed display is active, the Port LED will indicate the Link/Link Activity status of the Port.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

LED Status Indication

Power

System

10/100/1000 Mbps Port LED

When the PoE display is active, the Port LED indicates the PoE status of the Port.

LED Status Indication

Power

System

PoE Max

10/100/1000 Mbps Port LED

On The Switch is powered on

Off The Switch is powered off or power supply has failed

Flashing Indicates a Power fault

Flashing The Switch booted without error and is running

On The Switch encountered a boot error

Green On A 1000 Mbps device is connected to the

corresponding Port

Flashing Data is being transmitted or received on the

corresponding Port

Yellow On A 10/100 Mbps device is connected to the

corresponding Port

Flashing Data is being transmitted or received on the

corresponding Port

Off No device is connected to the corresponding Port

On The Switch is powered on

Off The Switch is powered off or power supply has failed

Flashing Indicates a Power fault

Flashing The Switch booted without error and is running

On The Switch encountered a boot error

On The remaining PoE power available is ≤ 7W

Flashing The remaining PoE power available stays at ≤ 7W the

LED will remain on for 2 minutes

Off The remaining PoE power available is > 7W

Green On The Port is supplying power normally

Flashing The supply power exceeds the correspond PD’s

(Powered Device) maximum power

Yellow On Overload or short circuit is detected

Flashing PD Power-On self-test has failed

Off No PoE power is being provided on the Port

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

100-240V-50/60Hz 5.0A

2.3.2 Rear Panel

The rear panel of XMS-1024P features a power socket and a Grounding Terminal.

Figure 2-2 Rear Panel

1 Grounding Terminal: The XMS-1024P already comes with a grounding mechanism in the provided three prong power cable and power supply. You can also ground the Switch with the provided Ground Cable. For detailed information, please refer to Installation Guide.

1 AC Power Socket: Connect the female connector of the power cord to the Switch, and the male connector to the AC power outlet. Please make sure the voltage of the AC power source meets the requirements of the input voltage (100-240V~ 50/60Hz 0.6A).

3 LOGGING ON TO THE SWITCH

3.1 Login

1. To access the Web Management conﬁ guration, open a web-browser and type in the default address 192.168.0.4 in the address ﬁ eld of the browser, then press the Enter key.

Figure 3-1 Web-browser

NOTE: To log in to the Switch, the IP Address of your PC should be set in the

same subnet of the Switch. The IP Address should be 192.168.0.x (where “x” is any number from 1 to 254 excluding 192.168.0.4 of the Switch or the IP of any other device on the Network), The Subnet Mask is

255.255.255.0. For the detailed instructions as to how to do this, please refer to Appendix B.

2. A login window will appear, as shown in Figure 3-2. Enter admin for the User Name and Password. Then click the Login button or press the Enter key.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Figure 3-2 Login

3.2 Conﬁ guration

After a successful login, the main System page will appear (Figure 3-3).

User Guide

Figure 3-3 Main Setup-Menu

CAUTION: By clicking Apply the current conﬁ guration changes will be

applied to the running conﬁ guration. If the Switch is rebooted the conﬁ guration will be lost. To save the conﬁ guration to nonvolatile memory please click Save Conﬁ g link in the left-hand menu. We strongly recommend clicking Save Conﬁ g before cutting the power or rebooting the Switch to avoid losing the new conﬁ guration. If the Switch becomes inoperable after an Apply action you can reboot the Switch to return it to the

Other trademarks and registered trademarks are the proper ty of their respective owners

previous state.

XMS-1024P

4 SYSTEM

The System menu offers the various system conﬁ guration options of the Switch, and includes four submenus:



System Settings



User Management



System Tools



Access Control.

4.1 System Settings

The System Settings submenu includes the: Status, Device Description, System Time, Daylight Saving Time and System IP tabs.

4.1.1 Status

This page allows you to view the Port connection status and the System Info.

The Port status diagram shows the status of the 24 10/100/1000Mbps RJ45 Ports and 4 SFP Ports of the Switch. Ports labeled as 1-24 are 10/100/1000Mbps Ports and Ports labeled as 21F-24F are SFP Ports.

Choose System>>System Settings>>Status to load the following page.

Figure 4-1 Status

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Port Status

Indicates the Port is not connected to a device.

Indicates the Port is connected at the speed of 1000Mbps.

Indicates the Port is connected at the speed of 10Mbps or 100Mbps.

Indicates the SFP Port is not connected.

Indicates the SFP Port is connected at the speed of 1000Mbps.

Indicates the SFP Port is connected at the speed of 100Mbps.

When the cursor is used to highlight the Port, the detailed information of the Port will be displayed.

Figure 4-2 Port Information

Port Information

Port:

Type:

Speed:

Status:

Other trademarks and registered trademarks are the proper ty of their respective owners

Displays the selected Port number of the Switch.

Displays the conﬁ gured type of the Port

Displays the maximum transmission rate of the Port.

Displays the connection status of the Port.

XMS-1024P

You may click a Port to display the bandwidth utilization chart for the Port. The actual rate divided by theoretical maximum rate is the bandwidth utilization. Figure 4-3 displays the bandwidth utilization monitored every four seconds. Monitoring the bandwidth utilization on a Port allows you to monitor the Network trafﬁ c and analyze the Network for any abnormalities.

Figure 4-3 Bandwidth Utilization

Bandwidth Utilization

Rx:

Tx:

Select Rx to display the bandwidth utilization of received packets on this Port.

Select Tx to display the bandwidth utilization of sent packets on this Port.

4.1.2 Device Description

On this page you can conﬁ gure the description of the Switch, including Device Name, Device Location and System Contact.

Choose System>>System Settings>>Device Description to load the following page.

Figure 4-4 Device Description

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

The following entries are displayed on this screen:

Device Description

Device Name:

Device Location:

System Contact:

NOTE: The Device Description settings will be restored to defaults if the

4.1.3 System Time

System Time displays the current time settings of the Switch. On this page you can conﬁ gure the System Time settings. The settings here will be used for other time-based functions like Access Control List (ACL).

You can manually set the System Time, automatically aquire time from an NTP Server or synchronize with your PC’s clock.

Choose System>>System Settings>>System Time to load the following page.

A name for the Switch is entered here.

Location information is entered here to help identify the location and purpose of the Switch.

Support or Admin contact information is entered here.

Switch is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to nonvolatile memory.

Figure 4-5 System Time

The following entries are displayed on this screen:

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Time Info

Current System Date & Time:

Current Time Source:

Time Conﬁg

Manual:

Get Time from NTP Server:

Synchronize with PC’S Clock:

NOTE: The System Time settings will be restored to defaults if the Switch is

restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

Displays the current date and time of the Switch.

Displays the current time source of the Switch.

When this option is selected, you can set the date and time manually.

When this option is selected, you can conﬁgure the time zone and the IP Address for the desired NTP Server. The Switch will get time from NTP Server automatically if it has connected to a NTP Server.



Time Zone: Select your local time zone.



Primary/Secondary NTP Server: Enter an IP Address for the NTP Server(s).



Update Rate: Specify in hours how often the Switch will check for an NTP time update.

When this option is selected, the administrator PC’s clock is used to set the System Time.

NOTE: When “Get Time from NTP Server” is selected and no time Server is

conﬁgured, the Switch will get it’s time from the time Server of the Default Gateway in the Network..

4.1.4 Daylight Savings Time

On this page you can conﬁgure the Daylight Savings Time settings of the Switch.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Choose the menu System>>System Settings>>Daylight Savings Time to load the following page.

Figure 4-6 Daylight Savings Time

The following entries are displayed on this screen:

DST Conﬁ g

DST Status:

Predeﬁ ned Mode:

Recurring Mode:

Other trademarks and registered trademarks are the proper ty of their respective owners

Enable or Disable DST.

Select a predeﬁ ned DST conﬁ guration.



USA: First Sunday in April, 02:00 ~ Last Sunday in October, 02:00.



Australia: First Sunday in October, 02:00 ~ First Sunday in April, 03:00.



Europe: Last Sunday in March, 01:00 ~ Last Sunday in October, 01:00.



New Zealand: First Sunday in October, 02:00 ~ Last Sunday in March, 03:00.

Allows you to specify a DST conﬁ guration that will run in recurring pattern. Unless changed this mode will run each Start and End Time conﬁ gured.



Offset: Speciﬁ es the change of time in minutes when a DST event occurs.



Start Time/End Time: Set the Starting and Ending week, day and month for DST in your geographical location.

XMS-1024P

DST Conﬁg

Date Mode:

NOTE: The DST settings will be restored to defaults if the Switch is restarted

NOTE: When DST is disabled the various modes cannot be conﬁgured.

NOTE: When DST is enabled the default daylight savings time will be set to

4.1.5 System IP

Each device in an IP Network must have a unique IP Address. You log in to the Web Management page of the Switch using the Switches IP Address. The Switch supports three modes to set the IP Address: Static IP, DHCP and BOOTP. The IP Address set using the new mode selected will replace the current IP Address. On this page you can conﬁgure the system IP of the Switch.

Allows you to specify the DST conﬁguration using a Date format instead of a week, day and month format. This conﬁguration will not run in a recurring mode and must be set each year.



Offset: Speciﬁes the change of time in minutes when a DST event occurs.



Start Time/End Time: Set the Starting and Ending dates for DST in your geographical location.

and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

USA in predeﬁned mode.

Choose the menu System>>System Settings>>System IP to load the following page.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Figure 4-7 System IP

The following entries are displayed on this screen:

IP Conﬁ g

MAC Address:

IP Address Mode:

Management VLAN:

IP Address:

Subnet Mask:

Default Gateway:

Displays MAC Address or Hardware Address of the Switch.

Allows you to select the desired mode for setting the IP Address of the Switch.



Static IP: When this option is selected you set the IP Address, Subnet Mask and Default Gateway manually.



DHCP: When this option is selected the Switch will obtain all IP Address settings from the DHCP Server in your Network.



BOOTP: When this option is selected the Switch will obtain all IP Address settings from the BOOTP Server in your Network.

Enter the ID of Management VLAN this will be the only VLAN through which you can access the Management page of the Switch. By default VLAN1 is the Management VLAN and you can access the Switch via any Port on the Switch. However, if another VLAN is created and set to be the Management VLAN, you may have to reconnect the Management station to a Port that is a member of the Management VLAN.

The IP Address of the Switch. The default IP is 192.168.0.4, if you have selected the Static IP option you will be able to modify this address as desired. If DHCP or BOOTP is selected they will conﬁ gure the IP Address.

The Subnet Mask of the Switch. The default Mask is 255.255.255.0, if you have selected the Static IP option you will be able to modify this address as desired. If DHCP or BOOTP is selected they will conﬁ gure the Subnet Mask.

The Default Gateway of the Switch. The default Gateway is blank, if you have selected the Static IP option you will be able to modify this address as desired. If DHCP or BOOTP is selected they will conﬁ gure the Default Gateway.

User Guide

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

NOTE: The System IP settings will be restored to defaults if the Switch

4.2 User Management

User Management allows you to conﬁ gure the User Name and Password for log in to the Web Management page with the desired access level to protect the settings of the Switch from being changed by unauthorized users.

is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to non-volatile memory.

NOTE: Changing the IP Address to a different IP subnet (i.e. from

192.168.0.XXX to 192.168.1.XXX) will interrupt Network communication. Please keep the new IP Address in the same IP subnet as the rest of the local Network.

NOTE: The Switch only requires one IP Address. Any new IP Address

conﬁ gured will replace the original default IP Address.

NOTE: If the Switch gets an IP Address from the DHCP Server, you can ﬁ nd

the IP conﬁ guration information of the Switch in the DHCP Server connected clients list. If DHCP option is selected but no DHCP Server exists, the Switch will keep trying to obtain the IP Address from DHCP Server until successful.

The User Management function can is implemented in the User Table and User Conﬁ g pages.

4.2.1 User Table

On this page you can view the information about the current conﬁ gured users of the Switch.

Choose the menu System>>User Management>>User Table to load the following page.

Figure 4-8 User Table

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

4.2.2 User Conﬁ g

On this page you can conﬁ gure the Access Level of the user allowed to log in to the Web Management page. The Switch provides two access levels: Guest and Admin. The Guest user can only view the settings and status with no rights to actually conﬁ gure the Switch; the Admin user can conﬁ gure all functions of the Switch.

Choose the menu System>>User Management>>User Conﬁ g to load the following page.

Figure 4-9 User Conﬁ g

The following entries are displayed on this screen:

User Info

User Name:

Access Level:

User Status:

Password:

Other trademarks and registered trademarks are the proper ty of their respective owners

Create a Name for a new User login.

Select the access Level to Apply to the User.



Admin: Admin can edit, modify and view all the settings of the Switch.



Guest: Guest only can view the settings and status of the Switch.

Enable or Disable the User conﬁ guration. (Typically you would use this function on a previously conﬁ gured user.)

Enter a Password for the Users login.

XMS-1024P

User Info

Conﬁrm Password:

User Table

Select:

User ID, Name, Access Level and status:

Operation:

CAUTION: The User Conﬁg settings will be restored to defaults if the

CAUTION: The default Admin user can be deleted please take care when

CAUTION: The User Name and Password can contain only 16 characters, if

Conﬁrm the Password for the Users login.

Select the desired entry to delete or edit the corresponding user information. If selecting multiple entries the only option available is Delete.

Displays the current User ID, User Name, Access Level and User Status.

Click the Edit link of the desired entry to edit the corresponding user information. After modifying the settings, please click the Modify button to save the modiﬁcation.

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

selecting multiple users for deletion.

more than 16 characters are entered they will be truncated.

4.3 System Tools

The System Tools menu allows you to manage the system functions of the Switch including; Conﬁg Restore, Conﬁg Backup, Firmware Upgrade, System Reboot and Restore Factory Defaults.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

4.3.1 Conﬁ g Restore

On this page you can upload a previous backup conﬁ guration ﬁ le to restore your Switch to the desired conﬁ guration.

Choose the menu System>>System Tools>>Conﬁ g Restore to load the following page.

Figure 4-10 Conﬁ g Restore

The following entries are displayed on this screen:

Conﬁ g Restore

Conﬁ g File:

Restore Conﬁ g:

Browse to the conﬁ guration backup ﬁ le you would like to Restore.

Click the Restore Conﬁ g button to restore the backup conﬁ guration ﬁ le. The Switch will automatically reboot as part of the Restore process and will load the Restored Conﬁ g ﬁ le after reboot.

NOTE: It can take a few minutes to restore the conﬁ guration. Please wait for

the operation to complete normally.

CAUTION: To avoid damage to the Switch please do not power down the

Switch while a Restore operation is in process.

CAUTION: As part of the Restore process the current settings of the

Switch will be lost. A corrupt or bad conﬁ guration ﬁ le may cause the Switch to become unresponsive, if this occurs please power down the Switch and power back up to restore to the previous settings.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

4.3.2 Conﬁ g Backup

On this page you can download the current conﬁ guration of the Switch and save it as a ﬁ le to your computer for your future conﬁ guration restore or to conﬁ gure future installations.

Choose the menu System>>System Tools>>Conﬁ g Backup to load the following page.

Figure 4-11 Conﬁ g Backup

The following entries are displayed on this screen:

Conﬁ g Backup

Backup Conﬁ g:

Click the Backup Conﬁ g button to save the current running conﬁ guration as a ﬁ le on your computer. We recommend making a Conﬁ g Backup before all Firmware Upgrades.

NOTE: It may take a few minutes to Backup the conﬁ guration. Please

wait without any operation. Please wait for the operation to complete normally

4.3.3 Firmware Upgrade

The Switch Firmware can be upgraded via the Web Management page. Upgrades to the system Firmware can add more functionality, better performance, and/or resolve any known issues. Visit http://luxul.com to download the current ﬁ rmware.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Choose the menu System>>System Tools>>Firmware Upgrade to load the following page.

Figure 4-12 Firmware Upgrade

The following entries are displayed on this screen:

Firmware Upgrade

Firmware File:

Current Firmware Version:

Hardware Version:

Upgrade:

Browse to the downloaded Firmware ﬁ le and select it. Visit http://

luxul.com to download the current ﬁ rmware.

Displays the current running version of Firmware on the Switch.

Displays the version of Hardware the Switch is running as new revisions are released they may not support all Firmware versions. Visit http://luxul.com for more information.

Click the Upgrade button to Upgrade the current running Firmware of the Switch. We recommend making a Conﬁ g Backup before all Firmware Upgrades.

NOTE: We recommend making a Conﬁ g Backup before all Firmware

Upgrades.

CAUTION: Do not interrupt the upgrade. To avoid damage to the Switch

please do not power down the Switch while an Upgrade operation is in process.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

CAUTION: Please select the proper Firmware version matching your

Hardware version. Visit http://luxul.com for more information.

NOTE: After the Upgrade process is complete the Switch will reboot

automatically.

4.3.4 System Reboot

On this page you can Reboot the Switch. Please save the current running conﬁ guration before rebooting to avoid losing the conﬁ guration.

Choose the menu System>>System Tools>>System Reboot to load the following page.

Figure 4-13 System Reboot

The following entries are displayed on this screen:

System Reboot

Save Conﬁ g:

Reboot:

Leaving this checkbox checked will cause the Switch to save the Conﬁ guration to non-volatile RAM prior to Reboot. We recommend leaving this option checked.

Click the Reboot button to reboot the Switch.

NOTE: We recommend making a Conﬁ g Backup before any Reboot.

CAUTION: To avoid damage to the Switch please do not power down the

Switch while a Reboot operation is in process.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

4.3.5 Restore Factory Defaults

On this page you can restore the Switch to the Factory Default settings. The Switch will reboot as part of this operation once rebooted all settings will return to their default values.

Choose the menu System>>System Tools>>Restore Factory Defaults to load the following page.

Figure 4-14 Restore Factory Defaults

The following entries are displayed on this screen:

Restore Factory Defaults

Reset:

Click the Reset button to restore the Switch to Factory Default settings. The Switch will reboot as part of this operation once rebooted all settings will return to their default values

CAUTION: If the Switch is restarted and you have not selected Save Conﬁ g

from the main menu and saved your running conﬁ guration to non-volatile memory all custom conﬁ guration settings will be lost.

CAUTION: To avoid damage to the Switch please do not power down the

Switch while a Reboot operation is in process.

NOTE: After the system reboots, the Switch will be reset to default

settings.

4.4 Access Control

Access Control provides different security measures for remote login to enhance Management security.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

4.4.1 Access Control

On this page you can control the users logging on to the Web Management page. The deﬁ nitions of Admin and Guest refer to section 4.2 User Management.

Choose the menu System>>Access Control>>Access Control to load the following page.

Figure 4-15 Access Control

The following entries are displayed on this screen:

Access Control

Control Mode:

Select the control mode for users to log on to the Web Management page.



IP-based: Limit the IP-Range of the Users allowed to login.



MAC-based: Limit the MAC Addresses of the Users allowed to login.



Port-based: Limit the Ports of the Users allowed to login.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Access Control

IP Address & Mask:

MAC Address:

Port:

Session Timeout

Timeout Limit:

User Limits

Limit Users:

Admin Users:

Guest Users:

4.4.2 SSL Conﬁg

SSL (Secure Sockets Layer) is a security protocol designed to provide a secure connection using the application layer protocol (i.e. HTTP) communication based on TCP. SSL is widely used to secure Data transmission between Web Browsers and Servers.

hese ﬁelds are available for conﬁguration only when IP-based mode is selected. Only the users within the IP-range you conﬁgure are allowed to login.

This ﬁeld is available for conﬁguration only when MAC-based mode is selected. Only the device with the conﬁgured MAC Address is allowed to login.

This ﬁeld is available for conﬁguration only when Port-based mode is selected. Only the Users connected to these Ports conﬁgured are allowed to login.

The default Timeout Limit is 10 minutes this may conﬁgured anywhere in the 5-30 minute range if desired. If you do nothing within the Web Management page during the timeout period the system will log you out automatically.

Enable or Disable the User Limits function.

Enter the maximum number of allowed Admin User simultaneous logins.

Enter the maximum number of allowed Guest User simultaneous logins.

SSL provides the following services:

1. Authentication of Users and Servers based on certiﬁcates to ensure the Data is transmitted to the correct User and Server.

2. Encryption of all Data transmission to prevent the Data interception.

3. To maintain the integrality of the Data to prevent Data alteration during transmission.

Utilizing asymmetrical encryption technology, SSL uses key pairs to encrypt/decrypt Data. A key pair refers to a public key (contained in the certiﬁcate) and its corresponding private key. By default the Switch has a self-signed certiﬁcate and a corresponding private key. The Certiﬁcate/Key Upload function enables the user to replace the default key pair.

After SSL is enabled you can log on to the Web Management page via Secure HTTP at

https://192.168.0.4. The ﬁrst time you use an HTTPS connection to log onto the Switch

with the default certiﬁcate you will be prompted “The security certiﬁcate presented

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

by this website was not issued by a trusted certiﬁ cate authority” or “Certiﬁ cate Errors”. Please choose “add this certiﬁ cate to trusted certiﬁ cates” or “continue to this website”.

On this page you can conﬁ gure SSL.

Choose the menu System>>Access Control>>SSL Conﬁ g to load the following page.

Figure 4-16 SSL Conﬁ g

The following entries are displayed on this screen:

SSL Conﬁ g

SSL:

Certiﬁ cate Upload

Certiﬁ cate File:

Key Upload

Key File:

Enable or Disable the SSL function.

Select the desired Certiﬁ cate to Upload to the Switch. The certiﬁ cate must be BASE64 encoded.

Select the desired SSL Key to Upload to the Switch. The key must be BASE64 encoded.

CAUTION: SSL Conﬁ guration settings will be restored to defaults if the

Switch is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to nonvolatile memory.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

CAUTION: The SSL Certiﬁcate and Key uploaded must be a matching pair. If

CAUTION: The SSL Certiﬁcate and Key uploaded will not take effect until

NOTE: To establish a secured connection to the Switch using https, please

CAUTION: HTTPS connections will be slower than http connections, as

4.4.3 SSH Conﬁg

SSH (Secure Shell) is a security protocol established on application and transport layers. An SSH-encrypted-connection is similar to a telnet connection, but with telnet remote Management method not having any inherent safety we offer this options for remote command line conﬁguration. SSH provides information security and Authentication when you log on to the Switch remotely through any Network environment. It encrypts all transmitted Data to prevent the Data during Remote Management being compromised.

the Certiﬁcate and Key are not a matching pair HTTPS access to the Switch will fail..

the Switch is rebooted.

enter https:// before the IP Address of the Switch in your Web Browser.

https connections involve Authentication, Encryption and Decryption processes.

SSH has two versions, V1 and V2 which are not compatible with each other. During initial communication the SSH Server and Client auto-negotiate the SSH version and the encryption algorithm. After a successful negotiation the Client sends an Authentication request to the Server for login. Once the login process is complete the two can communicate with each other. The Switch can be conﬁgured to run an SSH Server to allow Users to log on to the Switch via SSH connection using any readily available SSH client software (we recommend the PuTTY SSH Client).

The SSH key can be Uploaded to the Switch. If the key is successfully Uploaded, Certiﬁcate Authentication will be preferred for SSH all connections to the Switch.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Choose the menu System>>Access Control>>SSH Conﬁ g to load the following page.

Figure 4-17 SSH Conﬁ g

The following entries are displayed on this screen:

Global Conﬁ g

SSH:

Protocol V1:

Protocol V2:

Idle Timeout:

Max Connect:

Key Upload

Key Type:

Key File:

Upload:

Enable or Disable SSH.

Enable or Disable SSH V1 support.

Enable or Disable SSH V2 support.

Set the connection idle timeout time. The system will automatically release the connection when the time has expired the default timeout is 500 seconds.

Set the maximum number of allowed connections to the SSH Server. No new connection will be allowed when the number of the connections reaches the maximum, the default value is 5.

Select the type of SSH Key to upload, the Switch supports three types: SSH-1 RSA, SSH-2 RSA and SSH-2 DSA.

Select the desired key ﬁ le to upload.

Click the Upload button to upload the desired key ﬁ le to the Switch.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

CAUTION: SSH settings will be restored to defaults if the Switch is restarted

CAUTION: Please ensure the key length of the upload ﬁ le is between 256-

CAUTION: After the Key File is uploaded the default key of the same type

Application Example 1 for SSH:

SSH Login

In the example below we will outline a typical connection using the Windows 7 version of the PuTTY SSH Client.

1. Open PuTTY, enter the IP Address of the Switch into Host Name (or IP Address) ﬁ eld, keep the default value of 22 in the Port ﬁ eld and select SSH as the Connection type.

and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to non-volatile memory.

3072 bits.

will be replaced. A failed or corrupt upload will result in SSH access to default to Password Authentication.

Figure 4-18 SSH Login

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

2. Click the Open button to log on to the Switch. Enter the User Name and Password

used to access the Web Management page of the Switch.

5 SWITCHING

Switching menu is used to conﬁ gure the basic functions of the Switch, including: Port Settings, LAG, Trafﬁ c Monitor and MAC Settings.

5.1 Port Settings

The Port Settings menu allows you to conﬁ gure the features of the Ethernet Ports of the Switch, the available options include: Port Conﬁ g, Port Mirror, Port Security, Port Isolation and Loopback Detection pages.

5.1.1 Port Conﬁ g

Here you can conﬁ gure the basic parameters for the Ethernet Ports of the Switch. When the Port is disabled, all packets received on the Port will be discarded. Disabling unused Ports will reduce the power consumption but will require you to Enable them if a new device is connected.

The parameters you set will affect the operating mode of the Port, please set the parameters appropriately according to your needs and the capability of connected devices.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Choose the menu Switching>>Port Settings>>Port Conﬁ g to load the following page.

Figure 5-1 Port Conﬁ g

Here you can view and conﬁ gure the Port parameters.

Port Conﬁ g

Port Select:

Select:

Port:

Description:

Status:

Speed and Duplex:

Flow Control:

LAG:

Enter a port number and click the Select button to quick-select the corresponding Port.

Place a check mark to select the desired Port(s) to be conﬁ gured.

Displays the Port number. Will be blank when selecting multiple ports.

Description of the Port for easy identiﬁ cation.

Allows you to Enable or Disable the Port.

Select the Speed and Duplex mode for the Port. The device connected to the Switch should be in the same Speed and Duplex as the port it is connected too. When “Auto” is selected Speed and Duplex will be determined by auto-negotiation. For the SFP adapters the Switch does not support auto-negotiation you will be required to set the port to 1000MFD.

Allows you to Enable or Disable the Flow Control feature. When Flow Control is enabled the Switch will attempt to synchronize the speed with its peer to avoid the packet loss caused by congestion.

Displays the LAG Group number the Port belongs to.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

CAUTION: Port Conﬁ g settings will be restored to defaults if the Switch

CAUTION: After the Key File is uploaded the default key of the same type

NOTE: The parameters of the Ports in a LAG Group should be set the same

5.1.2 Port Mirror

Port Mirror can be used to forward copies of packets from one or multiple Ports (Mirrored Port or the source Port(s)) to a speciﬁ ed Port (Mirroring or destination Port). The mirroring Port is connected to a Data diagnosis device, which is used to analyze the mirrored packets for monitoring and troubleshooting the Network.

Choose the menu Switching>>Port Settings>>Port Mirror to load the following page.

is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to nonvolatile memory.

will be replaced. A failed or corrupt upload will result in SSH access to default to Password Authentication.

for optimal operation.

Figure 5-2 Mirroring Port

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

The following entries are displayed on this screen.

Mirror Group List

Group:

Mirroring:

Mode:

Mirrored Port:

Operation:

The Mirror Group number.

The Mirroring Port number (destination Port).

Indicates the trafﬁ c mirroring options of Ingress or Egress sources.

Displays the Mirrored Ports and whether they are mirroring Ingress, Egress or Both.

Click Edit to conﬁ gure the mirror group.

Edit to displays the following page.

User Guide

Figure 5-3 Mirroring Port

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen.

Mirror Group

Number:

Mirroring Port

Mirroring Port:

Mirrored Port

Port Select:

Select:

Port:

Ingress:

Egress:

LAG:

The mirror group number you want to conﬁgure.

The Mirroring Port (destination Port) number.

Enter a Port number and click the Select button to quick-select the corresponding Port.

Place a check in the check box to select the desired Port(s) as a Mirrored Port (source Port(s)).

Displays the Port number.

Enable or Disable the Ingress feature. When Ingress is enabled the incoming packets received by the Mirrored Port will be copied and forwarded to the Mirroring Port.

Enable or Disable the Egress feature. When Egress is enabled the outgoing packets received by the Mirrored Port will be copied and forwarded to the Mirroring Port

Displays the LAG Group number the Port belongs to. A LAG Group member cannot be selected as a Mirrored Port or Mirroring Port.

CAUTION: Port Mirror settings will be restored to defaults if the Switch

is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

NOTE: LAG Group members cannot be selected as a Mirrored Port or

Mirroring Port.

CAUTION: A Port cannot be set as a Mirrored Port and a Mirroring

Port simultaneously.

NOTE: The Port Mirror function will span multiple VLANs.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

5.1.3 Port Security

Port Security is used to protect the Switch from the malicious MAC Address Attacks by limiting the maximum number of MAC Addresses that can be learned on each Port. A Port with the Port Security feature enabled will learn MAC Addresses dynamically. When the number of learned MAC Address reaches the maximum value set the Port will stop learning. Any new devices with an unlearned MAC Address will not be allowed access to the Network via this Port.

Choose the menu Switching>>Port Settings>>Port Security to load the following page.

Figure 5-4 Port Security

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Port Security

Select:

Port:

Max Learned MAC:

Learned Num:

Learn Mode:

Status:

Check the check box of the desire Port(s) for Port Security conﬁguration.

Displays the Port number.

Specify the Maximum number of MAC Addresses that can be learned on the Port(s).

Displays the number of MAC Addresses that have been learned by the Port.

Select the Learn Mode for the Port.



Dynamic: When Dynamic mode is selected any learned MAC Address will be deleted automatically after the aging time expires.



Static: When Static mode is selected the learned MAC Address will not be deleted by the aging time process and can only be deleted manually. The learned entries will clear if the Switch is rebooted.



Permanent: When Permanent mode is selected the learned MAC Address will not be deleted by the aging time process and can only be deleted manually. The learned entries will be saved if the Switch is rebooted.

Enable or Disable the Port Security feature for the Port(s).

CAUTION: Port Security settings will be restored to defaults if the

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

CAUTION: Port Security is unavailable for any LAG Group members. If the

Port is removed from the LAG Group the Port Security function will be available for the Port.

NOTE: Port Security is disabled when using 802.1X/RADIUS/Radius

Authentication.

5.1.4 Port Isolation

Port Isolation (sometimes referred to as Port based VLAN) provides a method of restricting trafﬁc ﬂow and to improve Network security. By not allowing the selected

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Port to forward packets to Ports not members of its Port Isolation List.

Choose the menu Switching>>Port Settings>>Port Isolation to load the following page.

Figure 5-5 Port Isolation Conﬁ g

The following entries are displayed on this screen:

Port Isolation Conﬁ g

Port:

Allowed Ports:

Port Isolation List

Port:

Allowed Ports:

Other trademarks and registered trademarks are the proper ty of their respective owners

Select a Port number to set its Port Isolation List.

Select the Allowed Port(s) for the selected Port to Forward too.

Display the Port number.

Display the Allowed Ports List for the corresponding Port.

XMS-1024P

NOTE: Port Isolations settings will be restored to defaults if the

5.1.5 Loopback Detection

The Loopback Detection feature can detect Network loops using loopback detection packets. When a loop is detected, the Switch will display an alert and/or block the corresponding Port according to the settings conﬁ gured.

Choose the menu Switching>>Port Settings>>Loopback Detection to load the following page.

Switch is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to non-volatile memory.

Figure 5-6 Loopback Detection Conﬁ g

The following entries are displayed on this screen:

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Loopback Detection

Loopback Detection:

Detection Interval:

Automatic Recovery:

Refresh Status:

Refresh Interval:

Port Conﬁg

Port Select:

Select:

Port:

Status:

Operation Mode:

Recovery Mode:

Loop Status:

Block Status:

LAG:

Manual Recover:

User Guide

Enable or Disable Loopback Detection globally.

Set a Loopback Detection interval between 1 and 1000 seconds the default value is 30 seconds.

The amount of Time after which the blocked Port will automatically return to normal status. It is set as a number of detection intervals to elapse before Automatic Recovery.

Enable or Disable automatic refresh.

Set a web refresh interval between 3 and 100 seconds the default is 3 seconds.

Enter a Port number and click the Select button to quick-select the corresponding Port.

Check the check box of the desired Port(s) for Loopback Detection conﬁguration.

Displays the Port number.

Enable or Disable Loopback Detection for the Port(s).

Select the Mode the Switch will operate in when loops are detected.



Alert: When a loop is detected display an alert.



Port based: When a loop is detected display an alert and block the Port.

Select the Mode the Switch will use to unblock Ports marked for recovery to normal status.



Auto: Block status can be automatically removed after Recovery interval.



Manual: Block status only can be removed manually.

Displays if a loopback is detected.

Displays the Port Blocking Status block or unblock.

Displays the LAG Group number the Port belongs to.

Click to Manually remove the block status of selected Port(s).

CAUTION: Loopback Detection settings will be restored to defaults if the

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

NOTE: Recovery Mode is not available when Alert or Port Based with

Manual Recovery is the chosen Operation Mode.

NOTE: Loopback Detection requires Storm Control to be conﬁgured

and active.

5.2 LAG

LAG (Link Aggregation Group) is used to combine a number of Ports together to make a single high-bandwidth Data path and to implement trafﬁc load sharing among the member Ports of a group. This also enhances connection reliability.

All member Ports in an Aggregation group must have the same basic conﬁguration. The included basic conﬁguration options include; STP, QoS, GVRP, VLAN, Port Attributes, MAC Address Learning Mode and other associated settings.



If the Ports that have GVRP, 802.1Q VLAN, Voice VLAN, STP, QoS, DHCP Snooping and Port Conﬁguration (Speed and Duplex, Flow Control) settings conﬁgured are in a LAG Group, their conﬁgurations should be the same.



The Ports that have Port Security, Port Mirror, MAC Address Filtering, Static MAC Address Binding and 802.1X/RADIUS Authentication settings conﬁgured cannot be added to a LAG Group.



It is not recommended to add any Ports with ARP Inspection and/or DoS Defense to the LAG Group.

If a LAG Group(s) is to be used, we recommend conﬁguration of the LAG Group before conﬁguring the other functions for LAG Member Ports.

NOTE: To calculate the bandwidth of a LAG: If a LAG consists of the four

Ports with the speed of 1000Mbps Full Duplex, the aggregate bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4) because the bandwidth of each member Port is 2000Mbps taking in to account the up-link speed of 1000Mbps and the down-link speed of 1000Mbps.

NOTE: The trafﬁc load of the LAG will be automatically balanced among

the Member Ports. If the connection of one or several Ports are lost, the trafﬁc using these Ports will be forwarded by the remaining Member Ports of the LAG maintaining redundancy.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Depending on the Aggregation mode, Aggregation groups fall into two types: Static LAG and LACP Conﬁ g.

5.2.1 LAG Table

On this page you can view the information of the current LAG Groups conﬁ gured on the Switch. Choose the menu Switching>>LAG>>LAG Table to load the following page.

Figure 5-7 LAG Table

The following entries are displayed on this screen:

Lag Hash

Hash Algorithm:

Select the applied scope of Hash Algorithm which applies to choosing a Port used to transfer the packets.



SRC MAC + DST MAC: When this option is selected the Hash Algorithm will use the source and destination MAC Addresses of the packets.



SRC IP + DST IP: When this option is selected the Hash Algorithm will use the source and destination IP Addresses of the packets.

LAG Table

Select:

Group Number:

Description:

Member:

Operation:

Other trademarks and registered trademarks are the proper ty of their respective owners

Check the check box of the desired LAG Group.

Displays the LAG Group number.

Displays the description of LAG Group.

Displays the LAG Group Members.

Allows you to view or modify the information for each LAG Group.



Edit: Click to modify the settings of the LAG Group.



Detail: Click to get the information of the LAG.

XMS-1024P

Click the Detail button for the detailed information of your selected LAG.

Figure 5-8 Detail Information

5.2.2 Static LAG

On this page you can manually conﬁ gure the LAG Group. The LACP feature is disabled for the member Ports of any manually added Static LAG.

Choose the menu Switching>>LAG>>Static LAG to load the following page.

Figure 5-9 Manual Conﬁ g

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

The following entries are displayed on this screen:

LAG Conﬁg

Group Number:

Description:

LAG Table

Member Ports:

Select a Group Number for the LAG.

Displays the description of LAG (not conﬁgurable by the user).

Select the Ports to be added as a LAG member. Clearing all the Ports from the LAG will delete the LAG Group.

NOTE: The LAG Group can be deleted by clearing its member Ports..

NOTE: Only a non-member Port can be added to a LAG Group. If a Port is

the member of a LAG Group or is Dynamically Aggregated as an LACP member, the Port number will be grayed out and cannot be selected.

CAUTION: Static LAG settings will be restored to defaults if the Switch

is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

User Guide

5.2.3 LACP Conﬁg

LACP (Link Aggregation Control Protocol) is deﬁned in IEEE802.3ad and enables Dynamic Link Aggregation by exchanging LACP packets with a partner. The Switch can dynamically group similarly conﬁgured Ports into a single logical link, dynamically creating a LAG Group.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

With the LACP feature enabled the Port will notify its partner of the System Priority, System MAC, Port Priority, Port Number and Operation Key (the Operation Key is determined by the physical properties of the Port). The device with higher priority will control dynamic Aggregation. System Priority and System MAC are used to decide the priority of a device. The lower System Priority value will be the Higher Priority. If partner devices have the same System Priority the device with the numerically lowest System MAC has the higher priority. The device with the highest priority will choose the Ports to be aggregated based on Port Priority, Port Number and Operation Key. Only the Ports with the same operation key can be added into the same

Aggregation group. In an Aggregation group the Port with lowest Port Priority will be considered the preferred Port. If Port priorities are equal the Port with lowest Port number is preferred. After an Aggregation group is established the selected Ports will be aggregated together in a Dynamically conﬁ gured LAG Group.

On this page you can conﬁ gure the LACP feature of the Switch.

Choose the menu Switching>>LAG>>LACP Conﬁ g to load the following page.

Figure 5-10 LACP Conﬁ g

The following entries are displayed on this screen:

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

LACP Conﬁg

System Priority:

LACP Conﬁg

Port Select:

Select:

Port:

LAG Group:

Port Priority:

Status:

LAG:

User Guide

Speciﬁes the system priority for the Switch. The System Priority and MAC Address constitute the System Identiﬁcation (ID). A lower System Priority value indicates a higher system priority. When exchanging information between systems the system with higher priority determines which Link Aggregation Group a link belongs to. The system(s) with lower priority adds the proper links to Link Aggregation according to the selection of its partner

Click the Select button to quick-select the corresponding Port based on the Port number you entered.

Select the desired Port(s) for LACP conﬁguration.

Displays the Port number.

Specify an LAG Group for the Port. The member Ports in a dynamic Aggregation group must have the same LAG Group.

Specify a Port Priority for the Port. This value determines the priority of the Port to be selected as a Dynamic Aggregation group member. The Port with lowest Port Priority will be considered the preferred Port. If two Port priorities are equal the Port with lower Port number is preferred

Enable/Disable the LACP feature for your selected Port.

Displays the LAG Group the Port belongs to.

CAUTION: LACP Conﬁg settings will be restored to defaults if the Switch

is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

5.3 Trafﬁc Monitor

Trafﬁc Monitor allows for monitoring the trafﬁc of each Port.

5.3.1 Trafﬁc Summary

Trafﬁc Summary screen displays the trafﬁc information of each Port enabling you to monitor the trafﬁc and analyze any Network abnormities.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Choose the menu Switching>>Trafﬁ c Monitor>>Trafﬁ c Summary to load the following page.

Figure 5-11 Trafﬁ c Summary

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

The following entries are displayed on this screen:

Auto Refresh

Auto Refresh:

Refresh Rate:

Trafﬁ c Summary

Port Select:

Port:

Packets Rx:

Packets Tx:

Octets Rx:

Octets Tx:

Statistics:

5.3.2 Trafﬁ c Statistics

Trafﬁ c Statistics displays the detailed trafﬁ c information of each Port enabling you to monitor the trafﬁ c and locate faults.

Choose the menu Switching>>Trafﬁ c Monitor>>Trafﬁ c Statistics to load the following page.

Enable/Disable refreshing the Trafﬁ c Summary page automatically.

Enter a value in seconds to specify the Refresh Interval.

Click the Select button to quick-select the corresponding Port based on the Port number you entered.

Displays the Port number.

Displays the number of Packets Received on the Port. Error packets are not counted in this ﬁ eld.

Displays the number of Packets Transmitted on the Port.

Displays the number of Octets Received on the Port. Error octets are counted in this ﬁ eld.

Displays the number of Octets Transmitted on the Port.

Click the View link to View the detailed trafﬁ c statistics for the Port.

Figure 5-12 Trafﬁ c Statistics

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Auto Refresh

Auto Refresh:

Refresh Rate:

Statistics

Port:

Received:

Sent:

Broadcast:

Multicast:

Unicast:

Alignment Errors:

UndersizePkts:

Pkts64Octets:

Pkts65to127Octets:

Pkts128to255Octets:

Pkts256to511Octets:

Pkts512to1023Octets:

PktsOver1023Octets:

Collisions:

Enable/Disable refresh of the Trafﬁc Summary page automatically.

Enter a value in seconds to specify the Refresh Interval.

Enter a Port number and click the Select button to view the trafﬁc statistics of the corresponding Port.

Displays the Packets Received on the Port.

Displays the Packets Transmitted on the Port.

Displays the number of good Broadcast Packets Received and/or Transmitted on the Port. Error packets are not counted.

Displays the number of good Multicast Packets Received and/ orTransmitted on the Port. Error packets are not counted.

Displays the number of good Unicast Packets Received and/or Transmitted on the Port. Error packets are not counted.

Displays the number of Received Packets with a bad Frame Check Sequence (FCS) containing a non-integral octet (Alignment Error). The length of the packet will be between 64 bytes and 1518 bytes.

Displays the number of Received Packets (excluding error Packets) that are less than 64 bytes long.

Displays the number of Received Packets (including error Packets) that are 64 bytes long.

Displays the number of Received Packets (including errorPackets) that are between 65 and 127 bytes long.

Displays the number of Received Packets (including errorPackets) that are between 128 and 255 bytes long.

Displays the number of Received Packets (including errorPackets) that are between 256 and 511 bytes long.

Displays the number of Received Packets (including errorPackets) that are between 512 and 1023 bytes long.

Displays the number of Received Packets (including errorPackets) that are over 1023 bytes.

Displays the number of Collisions experienced by a Port during Packet Transmissions. Collisions can indicate a Network loop, duplicate MAC Addresses or other Network abnormalities.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

CAUTION: Trafﬁc Statistics settings will be restored to defaults if the

5.4 MAC Address

The Switch forwards trafﬁc based on the Destination MAC Address contained in the Packet Header. To accelerate this process the Switch maintains a MAC MAC Table, the properties of which can be adjusted to meet the needs of the Network. By default the MAC MAC Table is updated dynamically as Data crosses the Switch, this combined with an Aging Timeout allows the Switch to dynamically manage the MAC MAC Table. The Switch offers multiple options for conﬁguration to meet the needs of your Network, see the table below:

The types and the features of the MAC MAC Table are listed as the following:

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

Type

Dynamic MAC

Static MAC

MAC Filtering

Conﬁguration Auto Aging MAC Address

Automatic Yes (Note:

Auto Aging can be disabled but it is not recommended)

Manual Conﬁguration

No Yes (Note: The

Table 5-1 Types and features of MAC Table

Relationship between the

kept after reboot

No The learned MAC address

conﬁguration must be saved to non-volatile RAM)

bound MAC Address and the Port

can be learned by the other Ports in the same VLAN.

The static MAC address cannot be learned by or added to other Ports in the same VLAN.

The ﬁltered MAC address cannot be learned by or added to other Ports in the same VLAN. Also if the device is moved to a new port the port will not be allowed to forward Data.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

This function includes four submenus: MAC Table, Static MAC, Dynamic MAC and MAC Filtering.

5.4.1 MAC Table

On this page, you can view all the information of the MAC Table.

Choose the menu Switching>>MAC Settings>>MAC Table to load the following page.

Figure 5-13 MAC Table

The following entries are displayed on this screen:

Address Table

MAC Address:

VLAN ID:

Port:

Type:

Enter the MAC address to search by.

Enter the VLAN ID to search by.

Select the corresponding Port number to search by.

Select the Type of entry to search by.



All: Displays all MAC Address entries. (Note: The maximum number of entries displayed on this page is 100, to display more than 100 entries please use the Search option.)



Static: Displays only the Static MAC Address entries.



Dynamic: Displays only the Dynamic MAC Address entries.



Filtering: Displays only the Filtered MAC Address entries.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Address Table

MAC Address:

VLAN ID:

Port:

Type:

Aging Status:

5.4.2 Static MAC

The Static MAC Table maintains the static MAC Address entries which are added or removed manually. In the stable Networks static MAC Address entries can facilitate reducing broadcast packets and enhance the efﬁ ciency of packet forwarding.

Choose the menu Switching>>MAC Settings>>Static MAC to load the following page.

Displays the MAC address learned by the Switch.

Displays the corresponding VLAN ID of the MAC address.

Displays the corresponding Port number of the MAC address.

Displays the Type of the MAC address.

Displays the Aging status of the MAC address.

Figure 5-14 Static MAC

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Add Static MAC

MAC Address:

VLAN ID:

Port:

Search Option

Search Option:

Static MAC Table

Select:

MAC Address:

VLAN ID:

Port:

Type:

Aging Status:

Enter the static MAC Address to be bound.

Enter the corresponding VLAN ID of the MAC address.

Select a Port from the drop-down to be bound.

Select a Search Option from the drop-down and click the Search button to ﬁnd the desired entry in the Static MAC Table.



MAC: Enter the MAC address of the desired entry.



VLAN ID: Enter the VLAN ID number of the desired entry/entries.



Port: Enter the Port number of the desired entry/entries.

Select an entry to delete or modify the corresponding Port number.

Displays the Static MAC Address.

Displays the corresponding VLAN ID of the Static MAC Address.

Displays the corresponding Port Number of the Static MAC Address. You can modify the Port number to which the MAC Address is bound, however the new Port must be in the same VLAN.

Displays the Type of the MAC Address entry.

Displays the Aging Status of the MAC Address entry.

CAUTION: Static MAC settings will be restored to defaults if the Switch

is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

CAUTION: If the corresponding Port Number of the Static MAC address

is not correct due to the connected Port or device having changed, the Switch will not forward packets correctly. Please reset the static address entry correctly.

CAUTION: If the MAC address of a device has been added to the Static MAC

Table, connecting the device to another Port will cause its MAC Address not to be recognized dynamically by the Switch. This will result in packets not forwarding to the connected device.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

NOTE: The MAC address in the Static MAC Table cannot be added to the

Filtering MAC Table or be bound to a Port dynamically.

NOTE: The Static MAC Address binding function is not available if the

802.1X/RADIUS/RADIUS feature is enabled.

5.4.3 Dynamic MAC

The Dynamic MAC Table updates automatically by learning new MAC Addresses and Auto Aging of old MAC Addresses.

To fully utilize the Dynamic MAC Table which has a limited capacity, the Switch uses Auto Aging. The Switch removes the MAC address entry related to a Network device if no packet is received from the device within the Aging Time.

On this page, you can conﬁ gure the Dynamic MAC parameters.

Choose the menu Switching>>MAC Address>>Dynamic MAC to load the following page.

Figure 5-15 Dynamic MAC

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Aging Conﬁg

Auto Aging:

Aging Time:

Search Option

Search Option:

Dynamic MAC Table

Select:

MAC Address:

VLAN ID:

Port:

Type:

Aging Status:

Bind:

Enable/Disable the Auto Aging feature. (Note: We strongly recommend that you do not disable Auto Aging that can result in Data loss and potential connectivity issues.)

Enter the Aging Time for the Dynamic MAC Address.

Select a Search Option from the drop-down and click the Search button to ﬁnd the desired entry in the Dynamic MAC Table.



MAC: Enter the MAC address of the desired entry.



VLAN ID: Enter the VLAN ID number of the desired entry/entries.



Port: Enter the Port number of the desired entry/entries.

Select the entry/entries to delete the dynamic address or to bind the MAC Address to the corresponding Port statically

Displays learned MAC Address.

Displays the corresponding VLAN ID of the MAC address.

Displays the corresponding Port number of the MAC address.

Displays the Type of the MAC address.

Displays the Aging Status of the MAC address.

Select the desired entry/entries and click the Bind button to bind the MAC address of your selected entry to the corresponding Port statically.

NOTE: Setting aging time properly helps implement effective MAC address

aging. An aging time that is too long or too short decreases the performance of the Switch. If the aging time is too long, excessive invalid MAC Address entries are maintained by the Switch and may ﬁll up the MAC Address Table. This prevents the MAC Address Table from updating any Network changes. If the aging time is too short the Switch may remove valid MAC address entries, causing the Switch to require re-learning of the deleted MAC entry, decreasing the forwarding performance of the Switch. We recommended

keeping the default value.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

CAUTION: Dynamic MAC settings will be restored to defaults if the

5.4.4 MAC Filtering

MAC Filtering is used to control which packets are forwarded. MAC Filtering is added or removed manually and is independent of the Aging Time. MAC Filtering allows the Switch to ﬁ lter the packets based on the source address or destination address. MAC Filtering entries act on all Ports and in all corresponding VLANs.

Choose the menu Switching>>MAC Address>>MAC Filtering to load the following page.

Switch is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to non-volatile memory.

Figure 5-16 MAC Filtering

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Add MAC Address Filter

MAC Address:

VLAN ID:

Search Option

Search Option:

MAC Filter Table

Select:

MAC Address:

VLAN ID:

Port:

Type:

Aging Status:

CAUTION: MAC Filtering settings will be restored to defaults if the

Enter the MAC Address to be ﬁltered.

Enter the corresponding VLAN ID of the MAC address.

Select a Search Option from the drop-down and click the Search button to ﬁnd your desired entry in the MAC Filter Table.



MAC: Enter the MAC address the desired entry.



VLAN ID: Enter the VLAN ID number the desired entry/entries.

Select the entry/entries to delete the corresponding MAC Filter(s).

Displays the Filtered MAC Address.

Displays the corresponding VLAN ID.

Displays the Port number, blank indicates no speciﬁed Port.

Displays the Type of the MAC address.

Displays the Aging Status of the MAC address.

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

NOTE: MAC Address(es) in the MAC Filter Table cannot be added to the

Static MAC Table or be bound to a Port dynamically.

NOTE: MAC Filtering is not available if 802.1X/RADIUS/RADIUS is enabled.

6 VLAN

Virtual Local Area Network (VLAN) is a Network topology conﬁgured in logical scheme rather than a physical layout. VLAN technology was developed as a way for Switches to control broadcast in load in the Local Area Network (LAN). By creating VLANs in a physical LAN, you can divide the LAN into multiple logical LANs, each of which has a broadcast domain of its own. Hosts in the same VLAN communicate with one another

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

as if they are in a LAN. However, hosts in different VLANs cannot communicate with one another directly. Broadcast packets are limited to the ports or hosts assigned to the same VLAN. Hosts in the same VLAN communicate with one another via Layer 2 (Broadcast Domain), hosts in different VLANs can communicate with one another through Boundary devices such as Routers or the Layer 3 Switches. The following ﬁ gure illustrates a simple VLAN implementation.

Figure 6-1 VLAN implementation

VLAN conﬁ gurations enjoy the following advantages.



Broadcasts are conﬁ ned to the VLAN. This decreases bandwidth utilization and improves Network performance.



Network security is improved, VLANs cannot communicate with one another directly. A host in a VLAN cannot access resources in another VLAN directly, Boundary devices such as Routers or Layer 3 Switches are required.



VLANs can be used to group speciﬁ c client devices. When the physical location of a client device changes, you do not need to change its Network conﬁ guration, simply make sure the client device is still a member of its original VLAN.

A VLAN can span multiple Switches. This enables client devices in a VLAN to be dispersed across your entire infrastructure and still maintain isolation. The Switch supports three VLAN modes, 802.1Q based VLAN, MAC based VLAN and Protocol based VLAN. VLAN tags are used to allow the Switch to identify packets of different VLANs.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The Switch can analyze the received untagged packets on the Port and match the packets with the MAC VLAN, Protocol VLAN and/or 802.1Q VLAN in turn. If a packet is matched, the Switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN.

6.1 802.1Q VLAN

VLAN tags used in the packets are necessary for the Switch to identify packets of different VLANs. The Switch works at Layer 2 or the Data Link Layer in OSI model and it can identify the Data link layer encapsulation of the packet only, the VLAN tag ﬁ eld is added into the Data Link Layer encapsulation for identiﬁ cation.

In 1999 IEEE ratiﬁ ed the IEEE 802.1Q protocol to standardize VLAN implementation, deﬁ ning the structure of VLAN-tagged packets. IEEE 802.1Q protocol deﬁ nes that a 4-byte VLAN tag is encapsulated after the Destination MAC Address and Source MAC Address to identify the VLAN membership of the packet.

As shown in the following ﬁ gure, a VLAN tag contains four ﬁ elds, including TPID (Tag Protocol Identiﬁ er), Priority, CFI (Canonical Format Indicator), and VLAN ID.

Figure 6-2 Format of VLAN Tag



TPID: TPID is a 16-bit ﬁ eld, indicating that this Data frame is VLAN-tagged. (By default it is set to 0x8100 or no VLAN ID.)



Priority: Priority is a 3-bit ﬁ eld related to 802.1p priority. Refer to the QoS section of the users guide for more details.



CFI: CFI is a 1-bit ﬁ eld, indicating whether the MAC address is encapsulated in the standard format or modiﬁ ed format. This ﬁ eld is not described in detail in this chapter.



VLAN ID: VLAN ID is a 12-bit ﬁ eld indicating the ID of the VLAN to which this packet belongs. It has a range of 0 to 4,095. IDs 0 and 4,095 are not used leaving the valid entries for the ﬁ eld in the range of 1 to 4,094.

The VLAN ID identiﬁ es the VLAN to which a packet belongs. When the Switch receives an untagged packet, it will encapsulate a VLAN tag with the default VLAN ID of the Ingress Port, the packet will be assigned to the default VLAN of the Ingress Port for transmission.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

In this User Guide “tagged packet” refers to a packet with a VLAN tag, “untagged packet” refers to a packet without VLAN tag and “priority-tagged” packet refers to a packet with VLAN tag whose VLAN ID is 0.

Link Types of Ports

When creating the 802.1Q VLAN, you should set the link type for the Port according to the conﬁguration of the connected device. The link type of a Port includes the following three types:



ACCESS: The ACCESS Port can be added to a single VLAN the Egress Rule of the Port is UNTAG. The PVID will be the same as the current VLAN ID. If the ACCESS Port is added to another VLAN, it will be removed from its current VLAN automatically.



TRUNK: The TRUNK Port can be added to multiple VLANs the Egress Rule of the Port is TAG. The TRUNK Port type is generally used to connect other Network devices (i.e. Switches, routers, access points) it receives and forwards packets from multiple VLANs. Packets forwarded by a TRUNK Port will not have any changes made to the existing VLAN tag. The PVID can be set to the VID number of any VLAN the Port belongs to.



GENERAL: The GENERAL Port can be added to multiple VLANs and can have various Egress Rules in different VLANs. The default Egress Rule is UNTAG. The PVID can be set to the VID number of any VLAN the Port belongs to.

PVID

PVID (Port VLAN ID) is the default VID of the Port. When the Switch receives an untagged packet, it will add a VLAN tag to the packet according to the PVID of the Ingress Port.

When creating VLANs the PVID of each Port indicates the default VLAN to which the Port belongs, and is an important parameter with the following two purposes:



When the Switch receives an untagged packet, it will add a VLAN tag to the packet of the PVID of its Ingress Port



PVID determines the default broadcast domain of the Port, when the Port receives broadcast packets, the Port will broadcast the packets to all members of the same PVID.

Tagged and untagged will be processed in different ways after being received by Ports of different link types, as illustrated in the following table.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Port Type Received Packets Forwarded Packets

Untagged Packets Tagged Packets

If the VID of packet is the same as the PVID of the Port, the packet

Access

When untagged packets are received, the Port will add the

Trunk

General

default VLAN tag, i.e. the PVID of the Ingress Port, to the packets.

Table 6-1 Relationship between Port Types and VLAN Packets Processing

will be received.

If the VID of packet is not the same as the PVID of the Port, the packet will be dropped.

If the VID of packet is allowed by the Port, the packet will be received.

If the VID of packet is forbidden by the Port, the packet will be dropped.

The packet will be forwarded after removing its VLAN tag.

The packet will be forwarded with its current VLAN tag.

If the Egress Rule of Port is TAG, the packet will be forwarded with its current VLAN tag.

If the Egress Rule of Port is UNTAG, the packet will be forwarded after removing its VLAN tag.

IEEE 802.1Q VLAN function is implemented on the VLAN Conﬁ g and Port VLAN Conﬁ g pages.

6.1.1 VLAN Conﬁ g

On this page, you can view the current created 802.1Q VLAN.

Choose the menu VLAN»802.1Q VLAN»VLAN Conﬁ g to load the following page.

Figure 6-3 VLAN Table

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

To ensure normal communication across the Switch the default VLAN of all Ports is set to VLAN1 and VLAN1 cannot be deleted.

The following entries are displayed on this screen:

VLAN Table

VLAN ID Select:

Select:

VLAN ID:

Description:

Members:

Operation:

Click Create button to create a new VLAN.

Click the Select button to quick-select the corresponding entry based on the VLAN ID you entered.

Select the desired entry to delete the corresponding VLAN(s).

Displays the ID of the VLAN.

Displays the description of the VLAN.

Displays the Port members of the VLAN.

Allows you to view or modify the information for each entry.



Edit: Click to modify the settings of a VLAN.



Detail: Click to get detailed information on a VLAN.

Figure 6-4 Create or Edit 802.1Q VLAN

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

VLAN Conﬁg

VLAN ID:

Description:

Check:

T VLAN Members

Port Select:

Select:

Port:

Link Type:

Egress Rule:

LAG:

Enter the ID number of VLAN.

A description of the VLAN for identiﬁcation.

Click the Check button to verify if the VLAN ID entered is valid and available.

Click the Select button to quick-select the corresponding entry based on the Port number you entered.

Select the desired Port(s) to be added as a member of the VLAN or leave it blank to not add it to the VLAN.

Displays the Port number.

Displays the Link Type of the Port. It can be change in Port VLAN Conﬁg screen.

Select the Egress Rule for the VLAN Port member. The default Egress Rule for all ports until the Link Type is changed is UNTAG.



TAG: All packets forwarded by the Port are tagged.



UNTAG: All packets forwarded by the Port are untagged.

Displays the LAG to which the Port belongs.

CAUTION: VLAN Conﬁg settings will be restored to defaults if the

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

6.1.2 Port Conﬁg

When creating an 802.1Q VLAN please survey all the devices connected to the Switch in order to conﬁgure the Port Link Type properly for the connected device.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Choose the menu VLAN>>802.1Q VLAN>>Port Conﬁ g to load the following page.

Figure 6-5 Port VLAN Conﬁ g

The following entries are displayed on this screen:

VLAN Conﬁ g

Port Select:

Select:

Port:

Link Type:

PVID:

LAG:

VLAN:

Click the Select button to quick-select the corresponding entry based on the Port number entered.

Select the desired Port(s) for conﬁ guration.

Displays the Port number.

Select the Link Type from the pull-down list for the Port.



ACCESS: can only be added to a single VLAN, the Egress Rule of the Port is UNTAG. The PVID is same as the current VLAN ID. If the current VLAN is deleted the PVID will be set back to VLAN ID 1.



TRUNK: can be added to multiple VLANs, the Egress Rule of the Port is TAG. The PVID can be set as the PVID of any VLAN the Port belongs to, this will also be the PVID used if an Untagged packet is forwarded by the port.



GENERAL: can be added to multiple VLANs, various Egress tagging Rules can be applied to the different VLANs the port is a member of. The default Egress Rule is UNTAG. The PVID can be set as the PVID of any VLAN the Port belongs to and if set to TAG will be added to any Untagged packets forwarded by the port.

Enter the PVID number of the Port.

Displays the LAG Group the Port belongs to.

Click the Details link to view the information of the VLAN the Port belongs to.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

CAUTION: Port Conﬁ g settings will be restored to defaults if the Switch

6.2 MAC VLAN

MAC VLAN technology is used to classify and assign VLANs according to the MAC Address of Client Devices. Each MAC Address corresponds to a single VLAN ID. Devices in a MAC VLAN can be connected to another member Port in the MAC VLAN and forward trafﬁ c without changing the conﬁ guration of VLAN members.

Packets in a MAC VLAN are processed in the following manner:



When receiving an untagged packet the Switch will attempt to match the packet with the current MAC VLAN. If the packet is matched the Switch will add the corresponding MAC VLAN tag. If no MAC VLAN is matched to the packet the Switch will add a tag to the packet corresponding to the PVID of the receiving Port.



When receiving tagged packets the Switch will process them based on the VLAN settings corresponding to the tag in the packet received. If the receiving Port is a member of the VLAN to which the tagged packet belongs the packet will be forwarded normally, if it is not the packet will be discarded.



If the MAC address of a Client Device is assigned to a MAC VLAN, please set the connected Port of Switch as a member of the corresponding VLAN to ensure all packets are forwarded normally.

On the following page, you can create a MAC VLAN and view the current MAC VLANs in the table.

is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to nonvolatile memory.

Choose the menu VLAN>>MAC VLAN to load the following page.

Figure 6-6 Create and View MAC VLAN

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

The following entries are displayed on this screen:

VLAN Table

MAC Address:

Description:

VLAN ID:

MAC VLAN Table

MAC Select:

Select:

MAC Address:

Description:

VLAN ID:

Operation:

Enter the MAC address.

Give a description to the MAC address for identiﬁcation.

Enter the VLAN ID of the MAC VLAN. This VLAN should be one of the

802.1Q VLANs the Ingress Port belongs to.

Click the Select button to quick-select the corresponding.

Select the desired entry(ies).

Displays the MAC address.

Displays the user-deﬁned description of the MAC address.

Displays the corresponding VLAN ID of the MAC address.

Click the Edit button to modify the settings of the entry, then click the Modify button to apply your changes.

Conﬁguration Procedure:

Step Operation Description

Set the desired link type of the Port.

Create a VLAN. On the VLAN>>802.1Q VLAN>>VLAN Conﬁg page,

Create MAC VLAN. On the VLAN>>MAC VLAN page, create the MAC

On the VLAN>>802.1Q VLAN>>Port Conﬁg page, set the link type for the Port based on its connected device. Options include Access, Trunk and General.

click the Create button to create a VLAN. Enter the VLAN ID, the description for the VLAN and specify its member Ports.

VLAN device entry(ies). For device(s) in a MAC VLAN, it is required that the Port of Switch the device(s) are connected too, be a member of the VLAN ID created for the MAC VLAN to ensure normal communication.

User Guide

CAUTION: MAC VLAN settings will be restored to defaults if the Switch

is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

6.3 Protocol VLAN

Protocol VLAN is a way to classify VLANs based on Network protocol used by the packets. Protocol VLANs can be sorted by IP, IPX, DECnet, AppleTalk, Banyan and so forth. Using Protocol VLANs, the broadcast domain can span multiple Switches and the Host can change its physical position in the Network. All with its VLAN membership role always remaining in effect. By creating Protocol VLANs, you can manage the connected devices based on their actual applications and services.

Using Protocol VLAN the Switch can analyze received Untagged packets on the Port and match the packets with the user-deﬁ ned Protocol Template. If a packet is matched, the Switch will add a corresponding VLAN Tag automatically and assigning the Data of speciﬁ c protocol automatically to a corresponding VLAN for transmission.

Encapsulation Format of Ethernet Data

This section introduces the common types of encapsulation format for Ethernet Data. At present there are two encapsulation formats of Ethernet Data, Ethernet II encapsulation and 802.2/802.3 encapsulation:



Ethernet II encapsulation

Figure 6-7 Ethernet II encapsulation



802.2/802.3 encapsulation

Figure 6-8 802.2/802.3 encapsulation

• DA and SA refer to Destination MAC Address and Source MAC Address. The

number listed in each section indicates the length of the ﬁ eld in bytes. For example the length of a Source MAC Address is 12 bytes.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

• The maximum amount of Ethernet Data in a standard packet is 1500 bytes, the

Length ﬁ eld in 802.2/802.3 encapsulation is 2 bytes ranging from 0x0000 to 0x05DC and the Type ﬁ eld in Ethernet II encapsulation is also 2 bytes ranging from 0x0600 to 0xFFF. The Type or Length ﬁ eld in the Data range of 0x05DD to 0x05FF is illegal and any packets with a value in that range will be discarded. The Switch will identify whether a packet is Ethernet II or 802.2/802.3 according to the value in the Type or Length ﬁ eld.

802.2/802.3 encapsulation contains the following three extended formats:



802.3 raw encapsulation

Figure 6-9 802.3 raw encapsulation

• Only the Length ﬁ eld is encapsulated after source MAC address ﬁ eld and desti-

nation MAC address ﬁ eld, followed by DATA ﬁ eld without other header ﬁ elds. Currently only the IPX protocol supports raw encapsulation format. The last two bytes of the Length ﬁ eld in 802.3 raw encapsulation is 0xFFFF.



802.2LLC (Logic Link Control) encapsulation

Figure 6-10 802.2LLC encapsulation

• The Length ﬁ eld, DSAP (Destination Service Access Point) ﬁ eld, SSAP (Source

Service Access Point) ﬁ eld and Control ﬁ eld are encapsulated after Source MAC Address and Destination MAC Address ﬁ elds. The value of Control ﬁ eld will always be 3 in a valid packet. The DSAP and SSAP ﬁ elds in 802.2 LLC encapsulation are used to identify the upper layer protocol. For example when both the two ﬁ elds are set to 0xE0, it indicates the upper layer protocol is IPX.



802.2: 802.2 SNAP (Sub-Network Access Protocol) is encapsulated based on the

802.3 standard. In 802.2 SNAP encapsulation,

• The values of both DSAP ﬁ eld and SSAP ﬁ eld will always be 0XAA in a valid

packet and the value of Control ﬁ eld will be 3. The Switch differentiates 802.2 LLC and SNAP encapsulation formats according to the values of DSAP and SSAP ﬁ elds.

• The connected device determines the encapsulation format of its sent packets,

devices can send out packets of two encapsulation formats simultaneously. Ethernet II encapsulation is the most common format used. 802.3 and Ethernet II encapsulation formats are supported in IP, ARP and RARP protocols, but not supported in all other protocols. The Switch identiﬁ es the protocol of the packet by matching values of the encapsulation format.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The Identiﬁ cation Process of the Switch using Packet Protocols

Figure 6-11 ID Process Switch using Packet Protocols

Implementing a Protocol VLAN

The Switch can match packets using a Protocol Template and transmit packets within the speciﬁ ed VLAN corresponding to the protocol. The Protocol Template, comprising encapsulation format and protocol type, is the standard to determine the protocol which a packet belongs to. The following table shows commonly used encapsulation formats supported in Network layer protocol and the Protocol Templates are provided for reference. Some Protocol Templates have been preset for use in the Switch, you can create a custom Protocol VLAN using the corresponding Protocol Template.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Encapsulation Protocol

IP (0x0800)

IPX (0x8137)

AppleTalk (0x809B)

Ethernet II 802.3 raw 802.2 LLC 802.2 SNAP

Supported Not Supported Not Supported Supported

Supported Supported Supported Supported

Supported Not Supported Not Supported Supported

Table 6-2 Protocol types in common use

Protocol VLAN packets are processed in the following manner:



When receiving an Untagged packet, the Switch attempts to match the packet with the current Protocol VLAN. If the packet is matched, the Switch will add a corresponding Protocol VLAN Tag. If no Protocol VLAN is matched, the Switch will add the Tag of the PVID of the receiving Port. Assigning the packet automatically to the corresponding VLAN for transmission.



When receiving a Tagged packet, the Switch will process it based on the 802.1Q VLAN ID of the packet. If the receiving Port is the member of the VLAN to which the tagged packet belongs to the packet will be forwarded normally. If the receiving Port is not a member of the VLAN the tagged packets belongs to the packet will be discarded.



If a Protocol VLAN is created please remember to conﬁ gure it as a member of the corresponding 802.1Q VLAN to ensure the packets are forwarded normally.

6.3.1 Protocol Group Table

On this page, you can create a Protocol VLAN and view the information of the deﬁ ned Protocol VLANs.

Choose the menu VLAN>>Protocol VLAN>>Protocol Group Table to load the following page.

Figure 6-12 Protocol Group Table

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Protocol Group Table

Select:

Protocol:

VLAN ID:

Member:

Conﬁ guration:

CAUTION: Protocol VLAN settings will be restored to defaults if the

6.3.2 Protocol Group

On this page, you can create a Protocol Group.

Choose the menu VLAN>>Protocol VLAN>>Protocol Group to load the following page.

Select the desired entry or entries.

Displays the Protocol of the Protocol Group.

Displays the corresponding VLAN ID of the Protocol Group.

Displays the member(s) of the Protocol Group.

Click the Edit button to modify the settings of the entry, then click the Modify button to apply your changes.

Switch is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to non-volatile memory.

Figure 6-13 Create Protocol VLAN

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

The following entries are displayed on this screen:

Protocol Group Conﬁ g

Protocol:

VLAN ID:

Protocol Group Member

Select the desired Port(s) for Protocol VLAN Group.

CAUTION: Protocol Group settings will be restored to defaults if the

6.3.3 Protocol Template

The Protocol Template must be created before conﬁ guring the corresponding Protocol VLAN. By default the Switch has the predeﬁ ned templates for the; IP, ARP, RARP, IPX and AT Protocols. You can add more Protocol Templates via this page.

Choose the menu VLAN>>Protocol VLAN>>Protocol Template to load the following page.

Select the desired Protocol Template.

Enter the ID number of the Protocol VLAN. This VLAN must be one of the 802.1Q VLANs the Ingress Port belongs too.

Switch is restarted and you have not selected Save Conﬁ g from the main menu and saved your running conﬁ guration to non-volatile memory.

Figure 6-14 Create and View Protocol Template

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Create Protocol Template

Protocol Name:

Ether Type:

Frame Type:

Protocol Template Table

Select:

Protocol Name:

Ether Type:

Frame Type

CAUTION: Protocol Template settings will be restored to defaults if the

NOTE: The Protocol Template bound to VLAN cannot be deleted.

Description name of the Protocol Template.

Enter the Ethernet Protocol Type in the Protocol Template.

Select a Frame Type for the Protocol Template.

Select the desired entry(ies).

Displays the ID of the Protocol Template.

Displays the Name of the Protocol Template.

Displays the Ethernet Protocol Type of the Protocol Template.

Displays the Frame Type of the Protocol Template.

Switch is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to non-volatile memory.

Step Operation Description

Set the link type of the member Port.

Create a VLAN. On the VLAN>>802.1Q VLAN>>VLAN Conﬁg page click the

Create or Select a Protocol Template.

Create a Protocol VLAN. On the VLAN>>Protocol VLAN>>Protocol VLAN page

On the VLAN>>802.1Q VLAN>>Port Conﬁg page set the link type for the Port based on its Connected Device.

Create button to create a VLAN. Enter the VLAN ID , a Description for the VLAN and specify its member Ports.

On the VLAN>>Protocol VLAN>>Protocol Template page Create or Select the Protocol Template before conﬁguring the Protocol VLAN.

select the Protocol Type and enter the VLAN ID to create a Protocol VLAN.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

6.4 Application Example for 802.1Q VLAN

Network Requirements



Switch A is connecting to PC A and Server B;



Switch B is connecting to PC B and Server A;



PC A and Server A are in the same VLAN;



PC B and Server B are in the same VLAN;



PCs in the two VLANs cannot communicate with each other.

Network Diagram

User Guide

Figure 6-15 Network Diagram 802.1Q VLAN

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Conﬁguration Procedure



Conﬁgure Switch A

Step Operation Description

Conﬁgure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a



Conﬁgure Switch B

Operation Description

Step

Conﬁgure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

On VLAN>>802.1Q VLAN>>Port Conﬁg page conﬁgure the link type of Port 2 as ACCESS, Port 3 as TRUNK and Port 4 as ACCESS

VLAN with a VLANID of 10 with members being Port 2 and Port 3

VLAN with a VLANID of 20 with members being Port 3 and Port 4.

On VLAN>>802.1Q VLAN>>Port Conﬁg page conﬁgure the link type of Port 7 as ACCESS, Port 6 as TRUNK and Port 8 as ACCESS

VLAN with a VLANID of 10 with members being Port 6 and Port 8

VLAN with a VLANID of 20 with members being Port 6 and Port 7.

6.5 Application Example for MAC VLAN

Network Requirements



Switch A and Switch B are connected to meeting room A and meeting room B respectively, and the two rooms used by all departments;



Notebook A and Notebook B, are from two different departments;



The two departments use VLAN10 and VLAN20 respectively. The two notebooks can only access the Server of their own departments;



The MAC address of Notebook A is 00-19-56-8A-4C-71, Notebook B’s MAC address is 00-19-56-82-3B-70.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Network Diagram

Figure 6-16 Network Diagram MAC VLAN

Conﬁ guration Procedure



Conﬁ gure Switch A

User Guide

Step Operation Description

Conﬁ gure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁ g page create a

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁ g page create a

Conﬁ gure MAC VLAN 10 On VLAN>>MAC VLAN page create MAC VLAN10 with a

Conﬁ gure MAC VLAN 20 On VLAN>>MAC VLAN page create MAC VLAN20 with a

Other trademarks and registered trademarks are the proper ty of their respective owners

On VLAN>>802.1Q VLAN>>Port Conﬁ g page conﬁ gure the link type of Port 11 as GENERAL and Port 12 as TRUNK.

VLAN with a VLANID of 10 with members being Port 11 and Port 12 and conﬁ gure the Egress Rule of Port 11 as Untag and Port 12 as Tag.

VLAN with a VLANID of 20 with members being Port 11 and Port 12, and conﬁ gure the Egress Rule of Port 11 as Untag and Port 12 as Tag.

MAC Address of 00-19-56-8A-4C-71.

MAC Address of 00-19-56-82-3B-70.

XMS-1024P



Conﬁgure Switch B

Step

Operation Description

Conﬁgure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

Conﬁgure MAC VLAN 10 On VLAN>>MAC VLAN page create MAC VLAN10 with a

Conﬁgure MAC VLAN 20 On VLAN>>MAC VLAN page create MAC VLAN20 with a



Conﬁgure Switch C

Step Operation Description

Conﬁgure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a

On VLAN>>802.1Q VLAN>>Port Conﬁg page conﬁgure the link type of Port 11 as GENERAL and Port 12 as TRUNK.

VLAN with a VLANID of 10 with members being Port 11 and Port 12 and conﬁgure the Egress Rule of Port 11 as Untag and Port 12 as Tag.

VLAN with a VLANID of 20 with members being Port 11 and Port 12, and conﬁgure the Egress Rule of Port 11 as Untag and Port 12 as Tag.

MAC Address of 00-19-56-8A-4C-71.

MAC Address of 00-19-56-82-3B-70.

On VLAN>>802.1Q VLAN>>Port Conﬁg page conﬁgure the link type of Port 2 as GENERAL, Port 3 as GENERAL, Port 4 as ACCESS and Port 5 as ACCESS.

VLAN with a VLANID of 10 with members being Port 2, Port 3 and Port 5.

VLAN with a VLANID of 20 with members being Port 2, Port 3 and Port 4.

6.6 Application Example for Protocol VLAN

Network Requirements



Department A is connected to the company LAN via Port12 of Switch A;



Department A has IP host and AppleTalk host;



IP host, in VLAN10, is served by IP Server while AppleTalk host is served by AppleTalk Server;



Switch B is connected to IP Server and AppleTalk Server.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Network Diagram

Figure 6-17 Network Diagram Protocol VLAN

Conﬁ guration Procedure

User Guide



Conﬁ gure Switch A

Step Operation Description

Conﬁ gure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁ g page create a VLAN

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁ g page create a VLAN

Other trademarks and registered trademarks are the proper ty of their respective owners

On VLAN>>802.1Q VLAN>>Port Conﬁ g page conﬁ gure the link type of Port 11 as ACCESS, Port 13 as ACCESS, and Port 12 as GENERAL.

with a VLANID of 10 with members being Port 12 and Port 13 and conﬁ gure the Egress Rule of Port 12 as Untag.

with a VLANID of 20 with members being Port 11 and Port 12 and conﬁ gure the Egress Rule of Port 12 as Untag.

XMS-1024P



Conﬁgure Switch B

Step Operation Description

Conﬁgure the Link Type of the Ports

Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a VLAN

Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Conﬁg page create a VLAN

Create Protocol Template

Create Protocol VLAN 10

Create Protocol VLAN 20

6.7 GVRP

GVRP (GARP VLAN Registration Protocol) is an implementation of GARP (Generic Attribute Registration Protocol). GVRP allows the Switch to automatically add or remove VLANs via dynamic VLAN registration information and propagate the local VLAN registration information to other Switches, without having to individually conﬁgure each VLAN on each Switch.

On VLAN>>802.1Q VLAN>>Port Conﬁg page conﬁgure the link type of Port 4 as ACCESS, Port 5 as ACCESS and Port 3 as GENERAL.

with a VLANID of 10 with members being Port 3 and Port 4 and conﬁgure the Egress Rule of Port 3 as Untag.

with its VLANID as 20 with members being Port 3 and Port 5 and conﬁgure the Egress Rule of Port 3 as Untag.

On VLAN>>Protocol VLAN>>Protocol Template page conﬁgure the Protocol Template, the IP Network packets are encapsulated in Ethernet II format and its Ether Type is 0800; the AppleTalk Network packets are encapsulated in SNAP format and its Ether Type is 809B.

On VLAN>>Protocol VLAN>>Protocol Group page create protocol VLAN 10 with Protocol as IP and select Port 3.

On VLAN>>Protocol VLAN>>Protocol Group page create protocol VLAN 20 with Protocol as AppleTalk and select Port 3.

GARP

GARP provides a mechanism by which the Switch members in LAN can deliver, propagate and register information among group members. The application complied with GARP is called GARP Implementation and GVRP is another Implementation of GARP. When GARP is implemented on a Port of a device, the Port is called GARP entity.

The information exchanged between GARP entities is completed using three message types. GARP deﬁnes the message types as: Join, Leave and LeaveAll.



Join Message: When a GARP entity expects other Switches to register a certain attribute(s), it sends out a Join message. When receiving a Join Message from another entity or conﬁguring attributes statically, the device also sends out a Join Message to register changes to the other GARP entities.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide



Leave Message: When a GARP entity expects other Switches to un-register certain attributes, it sends out a Leave Message. When receiving a Leave Message from another entity or un-conﬁguring attributes statically, the device also sends out a Leave Message.



LeaveAll Message: Once a GARP entity starts, it also starts the LeaveAll Timer. If the Timer expires, the GARP entity sends a LeaveAll Message. LeaveAll Messages will un-register all attribute information to enable the other GARP entities to re-register attribute information.

Through message exchange, all attribute information to be registered can be propagated to all member Switches in the same Switched Network.

The interval of GARP Messaging is controlled by Timers. GARP uses the following Timers:



Hold Timer: When a GARP entity receives a piece of registration information, it does not send out a Join message immediately. Instead it starts the Hold Timer, then puts all registration information it receives before the timer expires into one Join message and sends out the message after the timer has expired.



Join Timer: To transmit the Join Messages reliably to other entities, a GARP entity sends each Join Message two times. The Join Timer is used to deﬁne the interval between the two sending operations of each Join Message.



Leave Timer: When a GARP entity expects to un-register attribute information, it sends out a Leave Message. Any GARP entity receiving this message starts its Leave Timer, and un-registers the attribute information if it does not receive a Join Message before the timer expires.



LeaveAll Timer: Once a GARP entity starts it also starts the LeaveAll Timer, and sends out a LeaveAll Message after the Timer expires, so the other GARP entities can re-register all the attribute information on this entity. After re-registration the entity restarts the LeaveAll Timer to begin a new cycle.

GVRP

GVRP, as an Implementation of GARP and is used to maintain dynamic VLAN registration information and to propagate the information to other Switches.

Once the GVRP feature is enabled on a Switch, the Switch receives the VLAN registration information from other Switches to dynamically update the local VLAN registration information, including VLAN members, Ports through which the VLAN members can be reached, and so on. The Switch also propagates the local VLAN registration information to other member Switches so that all the Switching devices in the same Switched Network can have the same VLAN information. The VLAN registration information includes not only the static registration information conﬁgured locally, but also

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

the dynamic registration information, which is received from other Switches.

On this Switch, only a Port with a TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the following three Port registration modes: Normal, Fixed, and Forbidden.



Normal: In this mode a Port can dynamically register/un-register a VLAN and propagate the dynamic/static VLAN information.



Fixed: In this mode a Port cannot register/un-register a VLAN dynamically. It only propagates static VLAN information. A Port in Fixed mode only permits the packets of its static VLAN to pass.



Forbidden: In this mode a Port cannot register/un-register VLANs. It only propagates VLAN 1 information. A Port in Forbidden mode only permits the packets of the default VLAN (VLAN 1) to pass.

Choose the menu VLAN>>GVRP to load the following page.

Figure 6-18 GVRP Conﬁ g

NOTE: If the GVRP feature is enabled on a member Port of a LAG, please

ensure all the member Ports of this LAG are set to the same Status and Registration Mode.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

The following entries are displayed on this screen:

Global Conﬁg

GVRP:

Port Conﬁg

Port Select:

Select:

Port:

Status:

Registration Mode:

Enable/Disable the GVRP function.

Click the Select button to quick-select the corresponding entry.

Select the desired Port(s) for conﬁguration.

Displays the Port number.

Enable/Disable the GVRP feature on the Port. The Port type must be set to TRUNK before enabling the GVRP feature.

Select the Registration Mode for the Port.



Normal: A Port can dynamically register/un-register a VLAN and propagate the dynamic/static VLAN information.



Fixed: A Port cannot register/un-register a VLAN dynamically. It only propagates static VLAN information.



Forbidden: A Port cannot register/un-register VLANs. It only propagates VLAN1 information

User Guide

LeaveAll Timer:

Once the LeaveAll Timer is set the Port with GVRP enabled can send a LeaveAll message after the timer expires, so the other GARP entities can re-register all the attribute information on this entity. After re-registration the entity restarts the LeaveAll Timer to begin a new cycle. The LeaveAll Timer ranges from 1000 to 30000 centiseconds (10.00 to 300.00 seconds) the default value is 1000 centiseconds.

Join Timer:

To guarantee the transmission of the Join Messages the GARP Port sends each Join Message two times. The Join Timer is used to deﬁne the interval between the two sending operations of each Join Message. The Join Timer ranges from 20 to 1000 centiseconds (0.20 to 10.00 seconds) the default value is 20 centiseconds.

Leave Timer:

Once the Leave Timer is set the GARP Port receiving a Leave message will start its Leave Timer and un-register the attribute information if it does not receive a Join Message again before the Timer expires. The Leave Timer ranges from 60 to 3000 centiseconds (0.60 to 30.00 seconds) the default is 60 centiseconds

LAG:

Other trademarks and registered trademarks are the proper ty of their respective owners

Displays the LAG Group to which the Port belongs.

XMS-1024P

CAUTION: GVRP settings will be restored to defaults if the Switch is

NOTE: LeaveAll Timer >= 10* Leave Timer, Leave Timer >= 2*Join Timer

Conﬁguration Procedure:

Step Operation Description

Set the link type for Port. On the VLAN>>802.1Q VLAN>>Port Conﬁg page set the

Enable GVRP function. On the VLAN>>GVRP page enable GVRP function.

Conﬁgure the registration mode and the timers for the Port.

7 SPANNING TREE

STP (Spanning Tree Protocol), IEEE standard 802.1D, is used to control Network loops in the Data Link layer of a local Network. Devices running STP discover loops in the Network and block Ports by exchanging information. A Network loop can be blocked to form a standard topology loop-free Network preventing packets from being duplicated and forwarded endlessly inside the Network.

restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

link type of the Port to be TRUNK.

On the VLAN>>GVRP page conﬁgure the parameters of the Ports based on the recommended intervals.

BPDU (Bridge Protocol Data Unit) is the protocol Data that STP and RSTP use to pass topology information. Enough information is carried in a BPDU to ensure Spanning Tree operation. STP is used to determine the topology of the Network by transferring BPDUs between devices.

To implement Spanning Tree the Switches in the Network transfer BPDUs between each other to exchange information and all the Switches supporting STP receive and process the BPDUs. BPDUs carry the information needed for Switches to conﬁgure Spanning Tree appropriately.

STP Elements

Bridge ID (Bridge Identiﬁer): Is a value used to identify the Switch to other STP devices in the Network the priority and MAC address of the Switch are used to calculate the Bridge ID. The Bridge ID can be conﬁgured, the Switch with lowest bridge ID has the highest priority.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Root Bridge: Identiﬁes the Switch with the lowest Bridge ID. Conﬁgure the Switch with the lowest latency as the Root Bridge to ensure best Network performance and reliability.

Designated Bridge: Identiﬁes the Switch with the lowest path cost to the Root Bridge in each Network segment. BPDUs are forwarded to the Network segment through the designated bridge. If more than one Switch has the same path cost the Switch with the lowest bridge ID will be chosen as the Designated Bridge.

Root Path Cost: Indicates the sum of the path cost of the root Port and the path cost of all the Switches that packets pass through. The root path cost of the Root Bridge is 0, the path cost of a Designated Bridge will typically be at least 2.

Bridge Priority: The bridge priority can be set to any value in the range 0-32768. The lower the value the higher the priority. A Switch with a higher priority has more chance to be chosen as the Root Bridge.

Root Port: Indicates the Port that has the lowest path cost from this bridge to the Root Bridge and forwards packets to the Root.

Designated Port: Indicates the Port that forwards packets to a downstream Network segment or Switch.

Port Priority: The Port priority can be set to any value in the range 0-255. The lower the value the higher the priority. The Port with the higher priority has more chance to be chosen as the Root Port.

Path Cost: Is the parameter used for choosing the link path of the STP Topology. By calculating the path cost, STP chooses the best links and blocks any redundant links to form a standard topology loop-free Network.

The following Network diagram shows a map of a typical Spanning Tree Topology. Switch A, B and C are connected together in order. After STP is enabled, Switch A is chosen as Root Bridge and the path from Port 2 to Port 6 is blocked.



Bridge: Switch A is the Root Bridge in the Network; Switch B is the Designated Bridge of Switch C.



Port: Port 3 is the Root Port of Switch B and Port 5 is the Root Port of Switch C; Port 1 is the Designated Port of Switch A and Port 4 is the Designated Port of Switch B; Port 6 of Switch C and Port 2 of Switch A are blocked to prevent a Network loop.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Figure 7-1 Basic STP diagram

STP Timers

STP uses three timers to manage when BPDU packets are transmitted they include; Hello Time, Max. Age and Forward Delay.

Hello Time: Ranges from 1-10 seconds, default is 2 seconds. It speciﬁ es the interval to send BPDU packets. It is used to test for Network Loops.

Max. Age: Ranges from 6-40 seconds, default is 20 seconds. It speciﬁ es the maximum time the Switch can wait without receiving a BPDU before attempting to reconﬁ gure itself as the Root Bridge.

Forward Delay: Ranges from 4-30 seconds, default is 15 seconds. It speciﬁ es the time needed for a Port to change its state after the Network topology is changed via STP.

When changes to the Network occur, caused by Network malfunction or physical changes, the STP structure will adapt to the corresponding change. However it will take time for the new conﬁ guration BPDUs to spread throughout the whole Network, a temporary loop may occur if the Port changes its state immediately. Because of this STP adopts a state change mechanism, the new Root Port and the Designated Port(s) will begin to forward Data after tow Forward Delay Timers have expires. This ensures the new conﬁ guration BPDUs are spread to the whole Network prior to any temporary loop becoming active.

BPDU Comparison Principle in STP

Assume we have two BPDUs: BPDU X and BPDU Y

If the Root Bridge ID of X is smaller than that of Y, X is superior to Y and X will become the Root Bridge.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

If the Root Bridge ID of X equals that of Y, but the Root Path cost of X is smaller than that of Y, X is superior to Y and X will become the Root Bridge.

If the Root Bridge ID and the Root Path cost of X equal those of Y, but the Bridge ID of X is smaller than that of Y, X is superior to Y and X will become the Root Bridge.

If the Root Bridge ID, the Root Path cost and Bridge ID of X equal those of Y, but the Port ID of X is smaller than that of Y, X is superior to Y and X will become the Root Bridge.

STP Generation



Starting STP

After initially conﬁguring STP each Switch considers itself the Root Bridge and generates a conﬁguration BPDU for each Port as a Root Port. The root path cost will be 0, the ID of the Designated Bridge being that of the Switch itself and the Designated Port being itself.



Comparing BPDUs

Each Switch sends out conﬁguration BPDUs and receives conﬁguration BPDUs on one or more of its own Ports from other Switches. The following table shows the comparison operations.

Step Operation

If the priority of the BPDU received on the Port is lower than that of the BPDU of the Port itself, the Switch discards the BPDU and does not change the BPDU of the Port.

If the priority of the BPDU is higher than that of the BPDU of the Port itself, the Switch replaces the BPDU of the Port with the BPDU received and compares it with those of other Ports on the Switch to ﬁnd the Port with the highest priority.

Table 7-1 Comparing BPDUs



Selecting the Root Bridge

The Root Bridge is selected by comparing BPDUs. The Switch with the lowest Root ID is chosen as the Root Bridge.



Selecting the Root Port and Designated Port

Step Operation

For each Switch (except the Switch chosen as the Root Bridge) in a Network, the Port that receives the BPDU with the highest priority is chosen as the Root Port of the Switch.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Step Operation

Using the Root Port BPDU and the Root Path cost, the Switch generates a Designated Port BPDU for each of its Ports.



Root ID is replaced with that of the Root Port;



Root Path is replaced with the sum of the Root Path cost of the root Port and the path cost between this Port and the Root Port;



The ID of the Designated Bridge is replaced with that of the Switch;



The ID of the Designated Port is replaced with that of the Port.

The Switch compares the resulting BPDU with the BPDU of the desired Port whose role is yet to be determined.



If the resulting BPDU takes precedence over the BPDU of the Port, the Port is chosen as the Designated Port and the BPDU of this Port is replaced with the resulting BPDU.



If the BPDU of this Port takes precedence over the resulting BPDU, the BPDU of this Port is not replaced and the Port is Blocked. The Port can now only receive BPDUs and will not process any other trafﬁc.

Table 7-2 Selecting root Port and designated Port

NOTE: In an STP Network with a stable topology, only the Root Port(s)

and Designated Port(s) can forward Data, the other Ports are Blocked. Blocked Ports only can receive BPDUs and will not process any other trafﬁc.

RSTP (Rapid Spanning Tree Protocol) evolved from the 802.1D STP standard, and enables Ethernet Ports to change their states rapidly. The premise for Ports in RSTP to change states rapidly are as follows.

The condition needed for the Root Port to change its Port state rapidly: The previous Root Port of the Switch stops forwarding Data and the Designated Port of the upstream Switch begins to forward Data.

The condition needed for the Designated Port to change its Port state rapidly: The Designated Port is an edge Port or connected to a point-to-point link. If the designated Port is an edge Port, it can directly change to a forwarding state. If the Designated Port is connected to a point-to-point link, it can change its forwarding state after receiving a response from the downstream Switch through a handshake.

RSTP Enhancements

Edge Port: Indicates a Port connected directly to a Layer 3 device such as a Router.

P2P Link: Indicates a link between two directly connected Switches.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

MSTP (Multiple Spanning Tree Protocol) is compatible with both STP and RSTP and subject to the IEEE 802.1s standard. It not only enables Spanning Tree rapid convergence, but also enables packets of different VLANs to be forwarded along their respective paths to provide redundant links with a better Load-Balancing mechanism.

Features of MSTP:



MSTP combines VLANs and Spanning Tree together via the VLAN-to-Instance mapping table. It binds several VLANs to an instance to save communication cost and Network resources.



MSTP divides a Spanning Tree Network into several regions. Each region has several internal Spanning Trees, which are independent of each other.



MSTP provides a Load-Balancing mechanism for packet transmission in the VLAN.



MSTP is compatible with both STP and RSTP.

MSTP Elements

MST Region (Multiple Spanning Tree Region): An MST Region comprises Switches

with the same region conﬁ guration and VLAN-to-Instance mapping relationships.

IST (Internal Spanning Tree): An IST is a Spanning Tree in an MST.

CST (Common Spanning Tree): A CST is the Spanning Tree in a Switched Network that

connects all MST Regions in the Network.

CIST (Common and Internal Spanning Tree): A CIST comprised of an IST and a CST, is the Spanning Tree in a Switched Network that connects all Switches in the Network.

The following ﬁ gure shows the Network diagram of an MSTP Topology.

Figure 7-2 Basic MSTP diagram

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

MSTP

MSTP divides a Network into several MST Regions. The CST will encompass all MST Regions in the Network, and multiple Spanning Trees can be generated in each MST region. Each Spanning Tree is called an Instance. Like STP MSTP uses BPDUs to generate the Spanning Tree topology. The only difference is that the BPDU for MSTP carries the MSTP conﬁguration information.

Port States

In an MSTP, Ports can have one of the following four states:



Forwarding: The Port can receive/forward Data, receive/send BPDU packets and learn MAC Addresses.



Learning: In this status the Port can receive/send BPDU packets and learn MAC addresses.



Blocking: In this status the Port can only receive BPDU packets and will drop all other trafﬁc received.



Disconnected: In this status the Port is not participating in STP.

Port Roles

In MSTP the following six roles exist:



Root Port: Indicates the Port that has the lowest path cost from this Bridge to the Root Bridge and forwards packets to the root.



Designated Port: Indicates the Port that forwards packets to a downstream Network segment or Switch.



Master Port: Indicates the Port that connects a MST region to the Common Root. The path from the Master Port to the Common Root is the shortest path between this MST Region and the Common Root.



Alternate Port: The Port can become a backup Port of a Root or Master Port.



Backup Port: The Port that is the backup Port of a Designated Port.



Disabled: The Port is not participating in the STP.

The following diagram shows the different Port roles.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

Figure 7-3 Port roles

The Spanning Tree module is used for Spanning Tree conﬁ guration, including four submenus: STP Conﬁ g, Port Conﬁ g, MSTP Instance and STP Security.

7.1 STP Conﬁ g

STP Conﬁ g is used for global conﬁ guration of Spanning Trees implementation and can be implemented on the STP Conﬁ g and STP Summary pages.

7.1.1 STP Conﬁ g

Before conﬁ guring Spanning Tree Protocol you should decide which role each Switch plays in the Spanning Tree instance. One Switch will be the Root Bridge in each Spanning Tree instance. On this page you can globally conﬁ gure the Spanning Tree function and related parameters.

Choose the menu Spanning Tree>>STP Conﬁ g>>STP Conﬁ g to load the following page.

Figure 7-4 STP Conﬁ g

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

The following entries are displayed on this screen:

Global Conﬁg

STP:

Version:

Parameters Conﬁg

CIST Priority:

Hello Time

Max Age:

Forward Delay:

TxHold Count:

Max Hops:

Enable/Disable STP function.

Select the desired STP version.



STP: Spanning Tree Protocol.



RSTP: Rapid Spanning Tree Protocol.



MSTP: Multiple Spanning Tree Protocol.

Enter a value from 0 to 61440 to specify the priority of the Switch for comparison in the CIST. CIST priority is important in determining which Switch will be the Root Bridge. The Switch with the highest priority will be chosen as the Root Bridge. The lower value the higher priority. The default value is 32768 any value used must be evenly divisible by 4096.

Enter a value from 1-10 seconds to specify the interval to send BPDU packets. BPDUs used to test the links for Network loops. The default value is 2 seconds.

Enter a value from 6-40 seconds to specify the maximum time the Switch can wait without receiving a BPDU before attempting to reconﬁgure. The default value is 20 seconds. If adjusting the Max Age the following Rules should be applied: 2*(Hello Time + 1) ≤ Max Age, and 2*(Forward Delay-1) ≥ Max Age.

Enter a value from 4-30 seconds to specify the time for the Port to transit its state after the Network topology has changed. The default value is 15 seconds.

Enter a value from 1-20 to set the maximum number of BPDU packets transmitted per Hello Time interval. The default value is 5pps.

Enter a value from 1-40 to set the maximum number of hops that can occur in a speciﬁc region before the BPDU is discarded. The default value is 20 hops.

CAUTION: STP Conﬁg settings will be restored to defaults if the Switch

is restarted and you have not selected Save Conﬁg from the main menu and saved your running conﬁguration to nonvolatile memory.

CAUTION: It is not recommended to change the Parameter settings

without ﬁrst consulting a Network Administrator with advanced understanding of Spanning Tree functions.

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

User Guide

NOTE: The Forward Delay parameter and the Network size are correlated.

Too short of a Forward Delay parameter may result in temporary loops. Too long of a forward delay may cause the Network to be unable to resume normal operations in an acceptable amount of time. Keeping the default value is recommended.

NOTE: The Hello Time parameter enables the Switch to discover link

failures that occur in the Network without over utilizing Network resources. Too long of a Hello Time may result in normal links being regarded as invalid when packets drops occur on the links, which in turn can result in Spanning Tree being locked in a constant discovery state. Too short of a Hello Time may result in duplicate conﬁguration information being sent, which increases the Network load of the Switches and wastes Network resources. Keeping the default value is recommended.

NOTE: The Max Age parameter allows the Switch to restart the STP

discovery process if no BPDUs are received before the Max Age expires. Too short of a Max Age may result in the Switches regenerating Spanning Trees Instances frequently and cause Network congestions that can be falsely interpreted as link problems. Too long of a Max Age results in the Switches being unable to ﬁnd the link problems in an acceptable period of time, which in turn handicaps Spanning Tree Instance generation and makes the Network less adaptive. Keeping the default value is recommended.

NOTE: The TXHold parameter speciﬁes the number of BPDUs to

send during the Hello Time, the value is speciﬁed in Packets per Second. If the TxHold Count is too large the number of MSTP packets being sent during each Hello Time interval will occupy excessive Network resources. Keeping the default value is recommended.

7.1.2 STP Summary

On this page you can view the active parameters of the Spanning Tree conﬁguration.

Other trademarks and registered trademarks are the proper ty of their respective owners

XMS-1024P

Choose the menu Spanning Tree>>STP Conﬁ g>>STP Summary to load the following page.

Figure 7-5 STP Summary

7.2 Port Conﬁ g

On this page you can conﬁ gure the parameters of the Ports for STP, RSTP and MSTP. Choose the menu Spanning Tree>>Port STP Conﬁ g to load the following page.

Figure 7-6 Port Conﬁ g

100

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Luxul XMS-1024P User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual