Planet Technology WGSD-1022, WGSD-8000 User Manual

WGSD-1022
8-Port 10/100Mbps
User’s Manual of WGSD-1022/WGSD-8000
User's Manual
WGSD-8000
8-Port 10/100/1000Mbps with 2 Shared SFP Managed Ethernet Switch
- 1 –
User’s Manual of WGSD-1022/WGSD-8000
Trademarks
Copyright © PLANET Technology Corp. 2007.
Contents subject to which revision without prior notice.
PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no
warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for
a particular purpose.
PLANET has made every effort to ensure that this User's Manual is accurate; PLANET disclaims liability for any inaccuracies or
omissions that may have occurred.
Information in this User's Manual is subject to change without notice and does not represent a commitment on the part of
PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User's Manual. PLANET makes
no commitment to update or keep current the information in this User's Manual, and reserves the right to make improvements to
this User's Manual and/or to the products described in this User's Manual, at any time without notice.
If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and
suggestions.
FCC Warning
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC
Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated
in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and
used in accordance with the Instruction manual, may cause harmful interference to radio communications. Operation of this
equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the
interference at whose own expense.
CE Mark Warning
This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be
required to take adequate measures.
WEEE Warning
To avoid the potential effects on the environment and human health as a result of the presence of hazardous
substances in electrical and electronic equipment, end users of electrical and electronic equipment should
understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted
municipal waste and have to collect such WEEE separately.
Revision
PLANET 8-Port Desktop Managed Ethernet Switch User's Manual
FOR MODELS: WGSD-1022 / WGSD-8000
REVISION: 1.1 (MAY.2007)
. Part No: EM- WGSD-1022 / WGSD-8000_v1.0 (2081-A34030-001)
- 2 –
User’s Manual of WGSD-1022/WGSD-8000
TABLE OF CONTENTS
1. INTRODUCTION ....................................................................................................................................................................14
How to Use This Manual......................................................................................................................................................14
Product Feature...................................................................................................................................................................15
Product Specification ...........................................................................................................................................................16
2. INSTALLATION .......................................................................................................................................................................18
2.1 Product Description .......................................................................................................................................................18
2.1.1 Product Overview ................................................................................................................................................18
2.1.2 Switch Front Panel ..............................................................................................................................................18
2.1.3 LED Indications ...................................................................................................................................................19
2.1.4 Switch Rear Panel ...............................................................................................................................................19
2.2 Install the Switch............................................................................................................................................................20
2.2.1 Desktop Installation .............................................................................................................................................20
2.2.2 Rack Mounting.....................................................................................................................................................21
2.2.3 Installing the SFP transceiver ..............................................................................................................................22
3. CONFIGURATION..................................................................................................................................................................24
3.1 Management Access Overview......................................................................................................................................24
3.1.1 Administration Console........................................................................................................................................25
3.1.2 Direct Access.......................................................................................................................................................25
3.2 Web Management .........................................................................................................................................................26
3.3 SNMP-Based Network Management .............................................................................................................................26
3.4 Protocols........................................................................................................................................................................26
3.4.1 Virtual Terminal Protocols ....................................................................................................................................26
3.4.2 SNMP Protocol ....................................................................................................................................................26
3.4.3 Management Architecture....................................................................................................................................27
4. Web Configuration ..................................................................................................................................................................28
4.1 Main Screen...................................................................................................................................................................30
4.2 Setup .............................................................................................................................................................................31
4.2.1 Summary .............................................................................................................................................................31
4.2.2 Network Settings .................................................................................................................................................32
4.2.3 Time.....................................................................................................................................................................34
4.3 Port Configuration..........................................................................................................................................................36
4.3.1 Port settings.........................................................................................................................................................36
4.3.2 Link Aggregation..................................................................................................................................................40
4.3.3 LACP ...................................................................................................................................................................42
4.4 VLAN Configuration .......................................................................................................................................................43
4.4.1 Create VLAN .......................................................................................................................................................44
4.4.2 Port setting ..........................................................................................................................................................45
4.4.3 Ports to VLAN......................................................................................................................................................46
- 3 –
User’s Manual of WGSD-1022/WGSD-8000
4.4.4 VLAN to Ports......................................................................................................................................................47
4.4.5 GVRP ..................................................................................................................................................................49
4.5 Statistics ........................................................................................................................................................................51
4.5.1 RMON Statistic ....................................................................................................................................................51
4.5.2 RMON History .....................................................................................................................................................53
4.5.3 RMON Alarm .......................................................................................................................................................55
4.5.4 RMON Events......................................................................................................................................................58
4.5.5 Port Utilization .....................................................................................................................................................60
4.5.6 802.1x Statistic ....................................................................................................................................................61
4.5.7 GVRP Statistics ...................................................................................................................................................62
4.6 ACL................................................................................................................................................................................64
4.6.1 IP Based ACL ......................................................................................................................................................64
4.6.2 IP Based ACL Configure Sample.........................................................................................................................66
4.6.3 MAC Based ACL..................................................................................................................................................70
4.6.4 MAC Based ACL Configure Sample ....................................................................................................................71
4.7 Security..........................................................................................................................................................................75
4.7.1 ACL Binding .........................................................................................................................................................75
4.7.2 Radius .................................................................................................................................................................76
4.7.3 TACACS+ ............................................................................................................................................................78
4.7.4 802.1x settings ....................................................................................................................................................80
4.7.5 Port Security ........................................................................................................................................................84
4.7.6 Multiple Hosts ......................................................................................................................................................87
4.7.7 Storm control .......................................................................................................................................................88
4.8 QoS ...............................................................................................................................................................................89
4.8.1 CoS Settings........................................................................................................................................................89
4.8.2 Queue Setting......................................................................................................................................................90
4.8.3 DSCP Settings.....................................................................................................................................................91
4.8.4 Bandwidth............................................................................................................................................................92
4.8.5 Basic Mode..........................................................................................................................................................94
4.8.6 Advanced Mode...................................................................................................................................................94
4.9. Spanning Tree.............................................................................................................................................................100
4.9.1 STP Status.........................................................................................................................................................106
4.9.2 The Global STP .................................................................................................................................................108
4.9.3 STP Port Settings ..............................................................................................................................................109
4.9.4 RSTP Port settings ............................................................................................................................................ 111
4.9.5 MSTP Properties ...............................................................................................................................................113
4.9.6 MSTP Instance Settings .................................................................................................................................... 11 4
4.9.7 MSTP Interface Settings.................................................................................................................................... 116
4.10 Multicast ....................................................................................................................................................................118
4.10.1 IGMP Snooping ...............................................................................................................................................120
- 4 –
User’s Manual of WGSD-1022/WGSD-8000
4.10.2 Bridge Multicast ...............................................................................................................................................121
4.10.3 Bridge Multicast Forward All ............................................................................................................................123
4.11 SNMP.........................................................................................................................................................................125
4.11.1 Global Parameters...........................................................................................................................................125
4.11.2 Views ...............................................................................................................................................................126
4.11.3 Group Profile....................................................................................................................................................128
4.11.4 Group Membership ..........................................................................................................................................129
4.11.5 Communities....................................................................................................................................................131
4.11.6 Notification Filter ..............................................................................................................................................133
4.11.7 Notification Recipient .......................................................................................................................................134
4.12 Admin.........................................................................................................................................................................137
4.12.1 User Authentication .........................................................................................................................................137
4.12.2 Static Address..................................................................................................................................................138
4.12.3 Dynamic Address.............................................................................................................................................139
4.12.4 Logging............................................................................................................................................................141
4.12.5 Port Mirroring...................................................................................................................................................143
4.12.6 Cable Test........................................................................................................................................................143
4.12.7 Save Configuration ..........................................................................................................................................144
4.12.8 Firmware Upgrade...........................................................................................................................................146
4.12.9 Reboot .............................................................................................................................................................147
4.12.10 Factory Defaults.............................................................................................................................................148
4.12.11 Server Logs ...................................................................................................................................................149
4.12.12 Memory Logs.................................................................................................................................................150
4.12.13 Flash Logs .....................................................................................................................................................151
5. COMMAND STRUCTURE....................................................................................................................................................153
5.1 Connect to PC’s RS-232 serial port .............................................................................................................................153
5.2 Using the CLI...............................................................................................................................................................153
5.2.1 CLI Command Modes........................................................................................................................................153
5.2.2 Starting the CLI..................................................................................................................................................156
5.2.3 Editing Features ................................................................................................................................................157
5.3 AAA Commands...........................................................................................................................................................160
5.3.1 aaa authentication login.....................................................................................................................................160
5.3.2 aaa authentication enable..................................................................................................................................161
5.3.3 login authentication............................................................................................................................................163
5.3.4 enable authentication ........................................................................................................................................163
5.3.5 ip http authentication .........................................................................................................................................164
5.3.6 ip https authentication........................................................................................................................................165
5.3.7 show authentication methods ............................................................................................................................166
5.3.8 password ...........................................................................................................................................................166
5.3.9 enable password ...............................................................................................................................................167
- 5 –
User’s Manual of WGSD-1022/WGSD-8000
5.3.10 username.........................................................................................................................................................168
5.3.11 show users accounts .......................................................................................................................................168
5.4 Address Table Commands...........................................................................................................................................169
5.4.1 bridge address...................................................................................................................................................169
5.4.2 bridge multicast filtering.....................................................................................................................................170
5.4.3 bridge multicast address....................................................................................................................................170
5.4.4 bridge multicast forbidden address....................................................................................................................171
3.4.5 bridge multicast forward-unregistered ...............................................................................................................172
5.4.6 bridge multicast forbidden forward-unregistered................................................................................................173
5.4.7 bridge multicast forward-all................................................................................................................................174
5.4.8 bridge multicast forbidden forward-all................................................................................................................174
5.4.9 bridge aging-time...............................................................................................................................................175
5.4.10 clear bridge......................................................................................................................................................176
5.4.11 port security .....................................................................................................................................................176
5.4.12 port security routed secure-address ................................................................................................................177
5.4.13 show bridge address-table...............................................................................................................................178
5.4.14 show bridge address-table static .....................................................................................................................179
5.4.15 show bridge address-table count.....................................................................................................................179
5.4.16 show bridge multicast address-table................................................................................................................180
5.4.17 show bridge multicast filtering..........................................................................................................................181
5.4.18 show ports security..........................................................................................................................................182
5.5 Clock Commands ........................................................................................................................................................183
5.5.1 clock set.............................................................................................................................................................183
5.5.2 clock source.......................................................................................................................................................183
5.5.3 clock timezone...................................................................................................................................................184
5.5.4 clock summer-time ............................................................................................................................................185
5.5.5 sntp authentication-key......................................................................................................................................186
5.5.6 sntp authenticate ...............................................................................................................................................187
5.5.7 sntp trusted-key .................................................................................................................................................187
5.5.8 sntp client poll timer...........................................................................................................................................188
5.5.9 sntp broadcast client enable..............................................................................................................................189
5.5.10 sntp anycast client enable ...............................................................................................................................189
5.5.11 sntp client enable (interface)............................................................................................................................190
5.5.12 sntp unicast client enable ................................................................................................................................190
5.5.13 sntp unicast client poll......................................................................................................................................191
5.5.14 sntp server.......................................................................................................................................................192
5.5.15 show clock .......................................................................................................................................................193
5.5.16 show sntp configuration...................................................................................................................................193
5.5.17 show sntp status..............................................................................................................................................194
5.6 Configuration and Image Files .....................................................................................................................................195
- 6 –
User’s Manual of WGSD-1022/WGSD-8000
5.6.1 copy...................................................................................................................................................................195
5.6.4 show startup-config............................................................................................................................................199
5.7 Ethernet Configuration Commands..............................................................................................................................201
5.7.1 interface ethernet...............................................................................................................................................201
5.7.2 interface range ethernet.....................................................................................................................................201
5.7.3 shutdown ...........................................................................................................................................................202
5.7.4 description .........................................................................................................................................................203
5.7.5 speed.................................................................................................................................................................203
5.7.6 duplex................................................................................................................................................................204
5.7.7 negotiation .........................................................................................................................................................205
5.7.8 flowcontrol .........................................................................................................................................................205
5.7.9 mdix...................................................................................................................................................................206
5.7.10 back-pressure..................................................................................................................................................207
5.7.11 port jumbo-frame..............................................................................................................................................207
5.7.12 clear counters ..................................................................................................................................................208
5.7.13 set interface active...........................................................................................................................................208
5.7.14 show interfaces configuration ..........................................................................................................................209
5.7.15 show interfaces status .....................................................................................................................................210
5.7.16 show interfaces description .............................................................................................................................212
5.7.17 show interfaces counters.................................................................................................................................212
5.7.18 show ports jumbo-frame ..................................................................................................................................215
5.7.20 port storm-control broadcast enable ................................................................................................................216
5.7.21 port storm-control broadcast rate.....................................................................................................................216
5.7.22 show ports storm-control .................................................................................................................................217
5.8 GVRP Commands .......................................................................................................................................................218
5.8.1 gvrp enable (global)...........................................................................................................................................218
5.8.2 gvrp enable (interface).......................................................................................................................................218
5.8.3 garp timer ..........................................................................................................................................................219
5.8.4 gvrp vlan-creation-forbid....................................................................................................................................220
5.8.5 gvrp registration-forbid.......................................................................................................................................221
5.8.7 clear gvrp statistics ............................................................................................................................................221
5.8.8 show gvrp configuration.....................................................................................................................................222
5.8.9 show gvrp statistics............................................................................................................................................223
5.8.10 show gvrp error-statistics.................................................................................................................................224
5.9 IGMP Snooping Commands ........................................................................................................................................225
5.9.1 ip igmp snooping (Global)..................................................................................................................................225
5.9.2 ip igmp snooping (Interface) ..............................................................................................................................225
5.9.3 ip igmp snooping mrouter ..................................................................................................................................226
5.9.4 ip igmp snooping host-time-out..........................................................................................................................226
5.9.5 ip igmp snooping mrouter-time-out ....................................................................................................................227
- 7 –
User’s Manual of WGSD-1022/WGSD-8000
5.9.6 ip igmp snooping leave-time-out........................................................................................................................228
5.9.7 show ip igmp snooping mrouter.........................................................................................................................228
5.9.8 show ip igmp snooping interface .......................................................................................................................229
5.9.9 show ip igmp snooping groups ..........................................................................................................................230
5.10 IP Addressing Commands .........................................................................................................................................231
5.10.1 ip address ........................................................................................................................................................231
5.10.2 ip address dhcp ...............................................................................................................................................231
5.10.3 ip default-gateway ...........................................................................................................................................232
5.10.4 show ip interface..............................................................................................................................................233
5.10.5 arp ...................................................................................................................................................................234
5.10.6 arp timeout.......................................................................................................................................................234
5.10.7 clear arp-cache................................................................................................................................................235
5.10.8 show arp..........................................................................................................................................................235
5.11 LACP Commands ......................................................................................................................................................236
5.11.1 lacp system-priority..........................................................................................................................................236
5.11.2 lacp port-priority ...............................................................................................................................................237
5.11.3 lacp timeout .....................................................................................................................................................237
5.11.4 show lacp ethernet...........................................................................................................................................238
5.11.5 show lacp port-channel ....................................................................................................................................239
5.12 Line Commands.........................................................................................................................................................240
5.12.1 line...................................................................................................................................................................240
5.12.2 speed...............................................................................................................................................................240
5.12.3 exec-timeout ....................................................................................................................................................241
5.12.4 show line..........................................................................................................................................................241
5.13 Management ACL Commands...................................................................................................................................242
5.13.1 management access-list..................................................................................................................................242
5.13.2 permit (management) ......................................................................................................................................244
5.13.3 deny (management) ........................................................................................................................................244
5.13.4 management access-class ..............................................................................................................................245
5.13.5 show management access-list.........................................................................................................................246
User Guidelines ..........................................................................................................................................................246
5.13.6 show management access-class.....................................................................................................................247
5.14 PHY Diagnostics Commands.....................................................................................................................................247
5.14.1 test copper-port tdr ..........................................................................................................................................247
5.14.2 show copper-ports tdr......................................................................................................................................248
5.14.3 show copper-ports cable-length.......................................................................................................................249
5.14.4 show fiber-ports optical-transceiver .................................................................................................................249
5.15 Port Channel Commands ..........................................................................................................................................251
5.15.1 interface port-channel......................................................................................................................................251
5.15.2 interface range port-channel............................................................................................................................252
- 8 –
User’s Manual of WGSD-1022/WGSD-8000
5.15.3 channel-group..................................................................................................................................................252
5.15.4 show interfaces port-channel...........................................................................................................................253
5.16 Port Monitor Commands............................................................................................................................................254
5.16.1 port monitor .....................................................................................................................................................254
5.16.2 show ports monitor ..........................................................................................................................................255
5.17 QoS Commands ........................................................................................................................................................256
5.17.1 qos...................................................................................................................................................................256
5.17.2 show qos .........................................................................................................................................................257
5.17.3 wrr-queue cos-map..........................................................................................................................................258
5.17.4 wrr-queue bandwidth .......................................................................................................................................259
5.17.5 priority-queue out num-of-queues....................................................................................................................260
5.17.6 show qos interface...........................................................................................................................................260
5.17.7 qos map dscp-queue .......................................................................................................................................263
5.17.8 qos trust (Global) .............................................................................................................................................264
5.17.9 qos trust (Interface) .........................................................................................................................................265
5.17.10 qos cos ..........................................................................................................................................................265
5.17.11 qos cos override.............................................................................................................................................266
5.17.12 show qos map ...............................................................................................................................................267
5.18 Radius Commands ....................................................................................................................................................268
5.18.1 radius-server host............................................................................................................................................268
5.18.2 radius-server key .............................................................................................................................................270
5.18.3 radius-server retransmit...................................................................................................................................270
5.18.4 radius-server source-ip ....................................................................................................................................271
5.18.5 radius-server timeout.......................................................................................................................................271
5.18.6 radius-server deadtime ....................................................................................................................................272
5.18.7 show radius-servers ........................................................................................................................................273
5.19 RMON Commands ....................................................................................................................................................274
5.19.1 show rmon statistics ........................................................................................................................................274
5.19.2 rmon collection history.....................................................................................................................................276
5.19.3 show rmon collection history............................................................................................................................276
5.19.4 show rmon history ...........................................................................................................................................277
5.19.5 rmon alarm ......................................................................................................................................................280
5.19.6 show rmon alarm-table ....................................................................................................................................281
5.19.7 show rmon alarm .............................................................................................................................................282
5.19.8 rmon event.......................................................................................................................................................284
5.19.9 show rmon events............................................................................................................................................285
5.19.10 show rmon log ...............................................................................................................................................286
5.19.11 rmon table-size ..............................................................................................................................................287
5.20 SNMP Commands .....................................................................................................................................................288
5.20.1 snmp-server community ..................................................................................................................................288
- 9 –
User’s Manual of WGSD-1022/WGSD-8000
5.20.2 snmp-server contact ........................................................................................................................................289
5.20.3 snmp-server location .......................................................................................................................................290
5.20.4 snmp-server enable traps ................................................................................................................................290
5.20.5 snmp-server trap authentication ......................................................................................................................291
5.20.6 snmp-server host.............................................................................................................................................291
5.20.7 snmp-server set...............................................................................................................................................292
5.20.8 show snmp ......................................................................................................................................................293
5.21 Spanning-Tree Commands ........................................................................................................................................295
5.21.1 spanning-tree...................................................................................................................................................295
5.21.2 spanning-tree mode.........................................................................................................................................295
5.21.3 spanning-tree forward-time..............................................................................................................................296
5.21.4 spanning-tree hello-time ..................................................................................................................................296
5.21.5 spanning-tree max-age....................................................................................................................................297
5.21.6 spanning-tree priority.......................................................................................................................................298
5.21.7 spanning-tree disable ......................................................................................................................................298
5.21.8 spanning-tree cost ...........................................................................................................................................299
5.21.9 spanning-tree port-priority................................................................................................................................300
5.21.10 spanning-tree portfast....................................................................................................................................300
5.21.11 spanning-tree link-type...................................................................................................................................301
5.21.13 spanning-tree bpdu........................................................................................................................................302
5.21.14 clear spanning-tree detected-protocols..........................................................................................................303
5.21.15 show spanning-tree .......................................................................................................................................303
5.22 SSH and SLOGIN Commands...................................................................................................................................305
5.22.1 ip ssh port ........................................................................................................................................................305
5.22.2 ip ssh server ....................................................................................................................................................306
5.22.3 crypto key generate dsa ..................................................................................................................................307
5.22.4 crypto key generate rsa ...................................................................................................................................307
5.22.5 ip ssh pubkey-auth ..........................................................................................................................................308
5.22.6 crypto key pubkey-chain ssh ...........................................................................................................................308
5.22.7 user-key...........................................................................................................................................................309
5.22.8 key-string .........................................................................................................................................................310
5.22.9 show ip ssh......................................................................................................................................................311
5.22.10 show crypto key mypubkey............................................................................................................................312
5.22.11 show crypto key pubkey-chain ssh ................................................................................................................312
5.23 System Management.................................................................................................................................................313
5.23.1 ping..................................................................................................................................................................313
5.23.2 traceroute ........................................................................................................................................................314
5.23.3 telnet................................................................................................................................................................317
5.23.4 resume.............................................................................................................................................................319
5.23.5 reload...............................................................................................................................................................320
- 10 –
User’s Manual of WGSD-1022/WGSD-8000
5.23.6 hostname.........................................................................................................................................................321
5.23.7 show users ......................................................................................................................................................321
5.23.8 show sessions .................................................................................................................................................322
5.23.9 show system....................................................................................................................................................323
5.23.10 show version..................................................................................................................................................324
5.24 Syslog Commands.....................................................................................................................................................324
5.24.1 logging on ........................................................................................................................................................324
5.24.2 logging .............................................................................................................................................................325
5.24.3 logging console................................................................................................................................................326
5.24.4 logging buffered...............................................................................................................................................327
5.24.5 logging buffered size........................................................................................................................................327
5.24.6 clear logging ....................................................................................................................................................328
5.24.7 logging file .......................................................................................................................................................328
5.24.8 clear logging file...............................................................................................................................................329
5.24.9 show logging....................................................................................................................................................330
5.24.10 show logging file ............................................................................................................................................331
5.24.11 show syslog-servers ......................................................................................................................................332
5.25 TACACS Commands .................................................................................................................................................333
5.25.1 tacacs-server host ...........................................................................................................................................333
5.25.2 tacacs-server key.............................................................................................................................................334
5.25.3 tacacs-server timeout ......................................................................................................................................334
5.25.4 tacacs-server source-ip ...................................................................................................................................335
5.25.5 show tacacs.....................................................................................................................................................336
5.26 User Interface Commands.........................................................................................................................................337
5.26.1 enable..............................................................................................................................................................337
5.26.2 disable .............................................................................................................................................................338
5.26.3 configure..........................................................................................................................................................338
5.26.4 login.................................................................................................................................................................339
5.26.5 exit(configuration) ............................................................................................................................................339
5.26.6 exit(EXEC).......................................................................................................................................................340
5.26.7 end ..................................................................................................................................................................340
5.26.8 help..................................................................................................................................................................341
5.26.9 history..............................................................................................................................................................341
5.26.10 history size.....................................................................................................................................................342
5.26.12 show history...................................................................................................................................................342
5.26.13 show privilege................................................................................................................................................343
5.27 VLAN Commands ......................................................................................................................................................344
5.27.1 vlan database ..................................................................................................................................................344
5.27.2 vlan..................................................................................................................................................................344
5.27.3 default-vlan disable..........................................................................................................................................345
- 11 –
User’s Manual of WGSD-1022/WGSD-8000
5.27.4 interface vlan ...................................................................................................................................................346
5.27.5 interface range vlan .........................................................................................................................................346
5.27.6 name................................................................................................................................................................347
5.27.7 switchport mode ..............................................................................................................................................347
5.27.8 switchport access vlan.....................................................................................................................................348
5.27.9 switchport trunk allowed vlan...........................................................................................................................349
5.27.10 switchport trunk native vlan ...........................................................................................................................350
5.27.11 switchport general allowed vlan .....................................................................................................................350
5.27.12 switchport general pvid..................................................................................................................................351
5.27.13 switchport general ingress-filtering disable ....................................................................................................352
5.27.14 switchport general acceptable-frame-type taggedonly...................................................................................352
5.27.15 switchport forbidden vlan ...............................................................................................................................353
5.27.16 map protocol protocols-group ........................................................................................................................354
5.27.17 switchport general map protocols-group vlan ................................................................................................355
5.27.18 ip internal-usage-vlan ....................................................................................................................................355
5.27.19 show vlan.......................................................................................................................................................356
5.27.20 show vlan internal usage ...............................................................................................................................357
5.27.22 show interfaces switchport.............................................................................................................................357
5.28 Web Server Commands.............................................................................................................................................359
5.28.1 ip http server....................................................................................................................................................359
5.28.2 ip http port........................................................................................................................................................359
5.28.3 ip https server ..................................................................................................................................................360
5.28.4 ip https port......................................................................................................................................................361
5.28.5 crypto certificate generate ...............................................................................................................................361
5.28.6 show ip http .....................................................................................................................................................362
5.28.7 show ip https....................................................................................................................................................362
5.29 802.1x Commands.....................................................................................................................................................363
5.29.1 aaa authentication dot1x..................................................................................................................................363
5.29.2 dot1x system-auth-control ...............................................................................................................................364
5.29.3 dot1x port-control.............................................................................................................................................364
5.29.4 dot1x re-authentication ....................................................................................................................................365
5.29.5 dot1x timeout re-authperiod.............................................................................................................................366
5.29.6 dot1x re-authenticate.......................................................................................................................................366
5.29.7 dot1x timeout quiet-period ...............................................................................................................................367
5.29.8 dot1x timeout tx-period ....................................................................................................................................368
5.29.9 dot1x max-req..................................................................................................................................................368
5.29.10 dot1x timeout supp-timeout ...........................................................................................................................369
5.29.11 dot1x timeout server-timeout .........................................................................................................................370
5.29.12 show dot1x ....................................................................................................................................................370
5.29.13 show dot1x users...........................................................................................................................................372
- 12 –
User’s Manual of WGSD-1022/WGSD-8000
5.29.14 show dot1x statistics......................................................................................................................................374
5.29.15 dot1x auth-not-req .........................................................................................................................................375
5.29.17 dot1x multiple-hosts.......................................................................................................................................376
5.29.18 dot1x single-host-violation .............................................................................................................................376
5.29.19 show dot1x advanced....................................................................................................................................377
TROUBLE SHOOTING.............................................................................................................................................................379
APPENDEX A...........................................................................................................................................................................380
A.1 Switch's RJ-45 Pin Assignments .................................................................................................................................380
A.2 RJ-45 cable pin assignment ........................................................................................................................................380
A.3 Available Modules .......................................................................................................................................................382
- 13 –
User’s Manual of WGSD-1022/WGSD-8000

1. INTRODUCTION

Thank you for purchasing PLANET Desktop Managed Switch- WGSD-1022 and WGSD-8000. If any of these are missing or
damaged, please contact your dealer immediately, if possible, retain the carton including the original packing material, and use
them against to repack the product in case there is a need to return it to us for repair.
Package Contents
Check the contents of your package for following parts:
The WGSD Managed Switch x1
CD-ROM user's manual x1
Quick installation guide x1
19" rack mounting kit x1
AC adapter x1
RS-232 console cable x 1
Rubber feet x 4

How to Use This Manual

This User Manual is structured as follows:
Section 2, Installation
The section explains the functions of the Switch and how to physically install the Switch.
Section 3, Configuration
The section contains the information about the software function of the Switch.
Section 4, Web Configuration The section explains how to manage the switch by Web interface.
Section 5, COMMAND STRUCTURE
The section explains how to manage the switch by Console interface..
Appendex A
The section contains cable information of the Switch.
In the following section, terms "Switch" with upper case denotes the WGSD-1022/WGSD-8000 Managed Ethernet switch. Terms with lower case "switch" means other Ethernet switch devices.
- 14 –
User’s Manual of WGSD-1022/WGSD-8000

Product Feature

¾ Physical Port
WGSD-1022
8-Port 10/100Base-TX RJ-45
2 10/100/1000Base-T RJ-45
2 SFP slots, shared with Port-9(g1) and Port-10(g2)
Console interface for Switch basic management and setup
WGSD-8000
8-Port 10/100/1000Base-T RJ-45
2 SFP slots, shared with Port-7 and Port-8
Console interface for Switch basic management and setup
¾ Layer 2 Features
Complies with the IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3z Gigabit Ethernet standard
Supports Auto-negotiation and half duplex/full duplex modes for all 10Base-T/100Base-TX and 1000Base-T ports.
Auto-MDI/MDI-X detection on each RJ-45 port
Prevents packet loss with back pressure (Half-Duplex) and IEEE 802.3x PAUSE frame flow control (Full-Duplex)
High performance Store and Forward architecture, broadcast storm control, runt/CRC filtering eliminates erroneous
packets to optimize the network bandwidth
8K MAC address table, automatic source address learning and ageing
1Mbit embedded memory for packet buffers
Supports IEEE 802.1Q Tagged based VLAN
GVRP protocol for VLAN Management
Support up to 4 Trunk groups, each trunk for up to maximum 4 port with 800Mbps bandwidth(Duplex Mode)
IEEE802.1d, IEEE802.1w, classic Spanning Tree Algorithm or Rapid Spanning Tree support
Supports the IEEE 802.1s specification for multiple spanning trees on a single port (spanning tree per VLAN).
¾ Quality of Service
4 priority queues on all switch ports.
Support for strict priority and weighted round robin (WRR) CoS policies
Support QoS and bandwidth control on each port
Traffic-policing policies on the switch port
¾ Multicast
Support IGMP Snooping v1 and v2
Port Mirroring to monitor the incoming or outgoing traffic on a particular port
¾ Security
802.1x Port-Based Authentication
IP-Based Access Control List (ACL)
MAC-Based Access Control List
Port Security
¾ Management
- 15 –
User’s Manual of WGSD-1022/WGSD-8000
WEB-Based, Telnet, Console Command Line management
SSH( Secure Shell), SSL
Access through SNMPv1,v2c and v3 security set and get requests.
Four groups (history, statistics, alarms, and events) of embedded remote monitoring (RMON) agents for network
monitoring and traffic analysis
Built-in Trivial File Transfer Protocol (TFTP) client
Virtual Cable Test (VCT) technology provides the mechanism to detect and report potential cabling issues, such as
cable opens, cable shorts, etc. on Copper Links
EMI standards comply with FCC, CE class A, WEEE RoHS

Product Specification

Product WGSD-1022 WGSD-8000
Description
Hardware Specification
10/100Base-TX Ports
10/100/1000Base-T Ports
SFP/mini-GBIC Slots
Switch Architecture
Switch Fabric
Switch Throughput
Address Table
Share data Buffer
Flow Control
Jumbo Frame
8-Port 10/100Mbps + 2 Gigabit TP / SFP combo Managed Ethernet Switch
8 RJ-45 Auto-MDI/MDI-X ports ---
2 RJ-45 Auto-MDI/MDI-X ports 8 RJ-45 Auto-MDI/MDI-X ports
2 SFP interfaces ( Shared with Port-9 and Port-10 )
Store-and-forward
5.6Gbps / Non-Blocking 16Gbps / Non-Blocking
4.17Mpps / Wire-Speed 11.9Mpps / Wire-Speed
8K entries
1 Mbit
Back pressure for Half-Duplex, IEEE 802.3x Pause Frame for Full-Duplex
9K bytes per 10/100/1000Base-T Ports
8-Port 10/100/1000Mbps with 2 shared
SFP Managed Ethernet Switch
2 SFP interfaces ( Shared with Port-7 and Port-8 )
Dimension
Weight
Power Requirement
Layer 2 function
Management Interface
Port configuration
267 x 170 x 45mm (W x D x H), 1U height
1.2 KG
100~240V AC, 50-60, Auto-sensing
Console. Telnet, SSH, Web Browser, SSL, SNMPv1, v2c and v3
Port disable/enable. Auto-negotiation 10/100Mbps full and half duplex mode selection.
Flow Control disable / enable.
Bandwidth control on each port.
- 16 –
User’s Manual of WGSD-1022/WGSD-8000
Port Status
VLAN
Link Aggregation
QoS
IGMP Snooping
SNMP MIBs
Display each port’s speed duplex mode, link status, Flow control status.
Auto negotiation status, trunk status.
802.1q Tagged Based VLAN ,up to 255 VLAN groups
Supports 4 groups of 4-Port trunk support
IEEE 802.3ad LACP
Traffic classification based on Port Number, 802.1p priority and DS/TOS field
in IP Packet
Allow to be disabled or enable. Supports IGMP Snooping v1 and v2
RFC-1213 MIB-2
RFC-2863 Interface MIB
RFC-2665 EtherLike MIB
RFC-1493 Bridge MIB
RFC-2674 Extended Bridge MIB
RFC-2819 RMON MIB (Group 1, 2, 3 and 9)
RFC-2737 Entity MIB
RFC-2618 RADIUS Client MIB
Standards Conformance
Regulation Compliance
Standards Compliance
Environment
Regulation Compliance
Operating Temperature
FCC Part 15 Class A, CE
IEEE802.3 10BASE-T
IEEE802.3u 100BASE-TX/100BASE-FX
IEEE802.3z Gigabit SX/LX
IEE802.3ab Gigabit 1000T
IEEE802.3x Flow Control and Back pressure
IEEE802.3ad Port trunk with LACP
IEEE802.1d Spanning tree protocol
IIEEE802.1w Rapid spanning tree protocol
IEEE802.1p Class of service
IEEE802.1Q VLAN Tagging
FCC Part 15 Class A, CE
0~50,
Storage Temperature
Operating Humidity
Storage Humidity
-40~70,
5% to 90%, relative humidity, non-condensing
5% to 90%, relative humidity, non-condensing
- 17 –
User’s Manual of WGSD-1022/WGSD-8000

2. INSTALLATION

This section describes the functionalities of the Switch's components and guides how to install it on the desktop or shelf. Basic
knowledge of networking is assumed. Please read this chapter completely before continuing.

2.1 Product Description

The PLANET WGSD-Series are Full Managed Desktop Switches with gigabit interfaces equipped. It boasts a high performance
switch architecture that is capable of providing non-blocking switch fabric and wire-speed throughput as high as 5.6Gbps and
16Gbps. Its two built-in SFP/mini-GBIC slots also offer incredible extensibility, flexibility and connectivity to the Core switch or
Servers.

2.1.1 Product Overview

PLANET WGSD-Switch is loaded with powerful traffic management and QoS features to enhance services offered by telcos. It
provides 4 priority queues per port for different types of traffics, allowing administrators to set policies for classified filtering and
rule-based rate limitation. The WGSD-Switch prioritizes applications with WFQ (Weighted Fair Queuing) scheduling algorithm to
allocate more bandwidth to key traffics such as voice transmission, empowering the enterprise to take full advantages of the
limited network resources and guarantee the best performance.
PLANET WGSD-Switch offers comprehensive Access Control List (ACL) for enforcing security to the edge. Its protection
mechanisms comprised of port-based 802.1x user and device authentication. The administrators can now construct highly
secured corporate networks with time and effort considerably less then before.
With its built-in web-based management, the PLANET WGSD-Switch offers an easy-to-use, platform-independent management
and configuration facility. The PLANET WGSD-Switch supports standard Simple Network Management Protocol (SNMP) and
can be managed via any standard-based management software. For text-based management, the WGSD-Switch can also be
accessed via Telnet and the console port. For secure remote management, the WGSD-Switch support SSL and SSH
connection which encrypt the packet content at each session.

2.1.2 Switch Front Panel

Figure 2-1 and Figure 2-2 shows the front panel of WGSD-1022 and WGSD-8000.
PWR
LNK/ACT
100
mini-GBIC
38400, N, 8, 1
G1/G2
LNK/ACT
1000
Intelligent 8-Port 10/100Mbps+2 Gigabit Ethernet Switch
G1 G2
mini-GBIC
13574268910
910
Figure 2-1 WGSD-1022 front panel.
- 18 –
User’s Manual of WGSD-1022/WGSD-8000
LNK/ACT
1000
PWR
13574268

2.1.3 LED Indications

System
LED Color Function
PWR
Green
Per 10/100Mbps port
LED Color Function
LNK/ACT
100
Green
Orange
Lights to indicate that the Switch has power.
Lights to indicate the link through that port is successfully established. Blink: indicate that the switch is actively sending or receiving data over that port. Lights to indicate the port is running in 100Mbps speed. Off: indicate that the port is operating at 10Mbps.
8-Port Gigabit / 2 Shared SFP Managed Ethernet Switch
Figure 2-2 WGSD-8000 front panel.
38400, N, 8, 1
mini-GBIC
78
Per 10/100/1000Base-T port /SFP interfaces
LED Color Function
Lights to indicate the link through that port is successfully established.
LNK/ACT
Green
Blink: indicate that the switch is actively sending or receiving data over that port. Lights to indicate the port is running in 1000Mbps speed.
1000
Orange
Off: indicate that the port is operating at 10Mbps or 100Mbps.

2.1.4 Switch Rear Panel

Figure 2-3 and Figure 2-4 shows the rear panel of the switches
Figure 2-3 WGSD-1022 rear panel
- 19 –
User’s Manual of WGSD-1022/WGSD-8000
2.0A
Figure 2-4 WGSD-8000 rear panel
Power Notice:
1. The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the
time, please consider using UPS (Uninterrupted Power Supply) for your device. It will prevent you from network data
loss or network downtime.
2. In some area, installing a surge suppression device may also help to protect your switch from being damaged by
unregulated surge or current to the Switch or the power adapter.

2.2 Install the Switch

This section describes how to install the Ethernet Switch and make connections to it. Please read the following topics and
perform the procedures in the order being presented.

2.2.1 Desktop Installation

To install the Switch on desktop or shelf, please follows these steps:
Step1: Attach the rubber feet to the recessed areas on the bottom of the switch. Step2: Place the switch on the desktop or the shelf near an AC power source. Step3: Keep enough ventilation space between the switch and the surrounding objects.
When choosing a location, please keep in mind the environmental restrictions discussed in Chapter
#Note:
Step4: Connect the Switch to network devices
A. Connect one end of a standard network cable to the 10/100 RJ-45 ports or Gigabit RJ-45 / SFP mini-GBIC slot on the
front of the Switch
1, Section 4, and Specification.
B. Connect the other end of the cable to the network devices such as printer servers, workstations or routers…etc.
Connection to the Switch requires UTP Category 5 network cabling with RJ-45 tips. For more
#Note:
Step5: Supply power to the switch.
A. Connect one end of the power cable to the switch.
B. Connect the power plug of the power cable to a standard wall outlet.
When the switch receives power, the Power LED should remain solid Green.
information, please see the Cabling Specification in Appendix A.
- 20 –
User’s Manual of WGSD-1022/WGSD-8000

2.2.2 Rack Mounting

To install the switch in a 19-inch standard rack, please follows the instructions described below. Step1: Place the switch on a hard flat surface, with the front panel positioned towards the front side. Step2: Attach the rack-mount bracket to each side of the switch with supplied screws attached to the package. Figure 2-5 shows
how to attach brackets to one side of the switch.
Figure 2-5 Attach brackets to the switch.
Caution:
You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws
would invalidate the warranty.
Step3: Secure the brackets tightly. Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Switch, use suitable screws to securely attach the brackets to the rack, as shown in
Figure 2-6
Figure 2-6 Mounting the Switch in a Rack
- 21 –
User’s Manual of WGSD-1022/WGSD-8000
Step6: Proceeds with the steps 4 and steps 5 of session 2.2.1 Desktop Installation to connect the network cabling and supply
power to the switch.

2.2.3 Installing the SFP transceiver

The sections describe how to insert an SFP transceiver into an SFP slot.
The SFP transceivers are hot-pluggable and hot-swappable. You can plug-in and out the transceiver to/from any SFP port
without having to power down the Switch. As the Figure 2-7 appears.
Figure 2-7 Plug-in the SFP transceiver
Approved PLANET SFP Transceivers
PLANET WGSD-Switch support both single mode and multi mode SFP transceiver. The following list of approved PLANET SFP
transceivers is correct at the time of publication:
MGB-SX SFP (1000BASE-SX SFP transceiver )
MGB-LX SFP (1000BASE-LX SFP transceiver )
It recommends using PLANET SFPs on the Switch. If you insert a SFP transceiver that is not
#Note:
Before connect the other switches, workstation or Media Converter.
1. Make sure both side of the SFP transfer are with the same media type, for example: 1000Base-SX to 1000Base-SX,
1000Bas-LX to 1000Base-LX.
supported, the Switch will not recognize it.
2. Check the fiber-optic cable type match the SFP transfer model.
¾ To connect to 1000Base-SX SFP transfer, use the multi-mode fiber cable- with one side must be male duplex LC
connector type.
¾ To connect to 1000Base-LX SFP transfer, use the single-mode fiber cable-with one side must be male duplex LC
connector type.
Connect the fiber cable
- 22 –
User’s Manual of WGSD-1022/WGSD-8000
1. Attach the duplex LC connector on the network cable into the SFP transceiver.
2. Connect the other end of the cable to a device – switches with SFP installed, fiber NIC on a workstation or a Media
Converter..
3. Check the LNK/ACT LED of the SFP slot on the front of the Switch. Ensure that the SFP transceiver is operating correctly.
4. Check the Link mode of the SFP port if the link failed. Co works with some fiber-NICs or Media Converters, set the Link
mode to “1000 Force” is needed.
Remove the transceiver module
1. Make sure there is no network activity by consult or check with the network administrator. Or through the management
interface of the switch/converter (if available) to disable the port in advance.
2. Remove the Fiber Optic Cable gently.
3. Turn the handle of the MGB/MFB module to horizontal.
4. Pull out the module gently through the handle.
Figure 2-8 Pull Out the SFP transceiver
Never pull out the module without pull the handle or the push bolts on the module. Direct pull out the
#Note:
module with violent could damage the module and SFP module slot of the device.
- 23 –
User’s Manual of WGSD-1022/WGSD-8000

3. CONFIGURATION

This chapter explains the methods that you can use to configure management access to the switch. It describes the types of
management applications and the communication and management protocols that deliver data between your management
device (work-station or personal computer) and the system. It also contains information about port connection options.
This chapter covers the following topics:
Management Access Overview
Key Concepts
Key Guidelines for Implementation
Administration Console Access
Web Management Access
SNMP Access
Standards, Protocols, and Related Reading

3.1 Management Access Overview

The switch gives you the flexibility to access and manage the switch using any or all of the following methods:
An administration console
Web browser interface
An external SNMP-based network management application
The administration console and Web browser interface support are embedded in the switch software and are available for
immediate use. Each of these management methods has their own advantages. Table 3-1 compares the three management
methods.
Method Advantages Disadvantages
Console
No IP address or subnet needed
Text-based
Telnet functionality and HyperTerminal built into
Windows 95/98/NT/2000/ME/XP operating
systems
Must be near switch or use dial-up connection
Not convenient for remote users
Modem connection may prove to be unreliable
or slow
Web Browser
SNMP Agent
Secure
Ideal for configuring the switch remotely
Compatible with all popular browsers
Can be accessed from any location
Most visually appealing
Communicates with switch functions at the MIB
level
Based on open standards
- 24 –
Security can be compromised (hackers need
only know the IP address and subnet mask)
May encounter lag times on poor connections
Requires SNMP manager software
Least visually appealing of all three methods
Some settings require calculations
User’s Manual of WGSD-1022/WGSD-8000
Security can be compromised (hackers need
only know the community name)
Table 3-1 Management Methods Comparison
3.1.1 Administration Console
The administration console is an internal, character-oriented, and command line user interface for performing system
administration such as displaying statistics or changing option settings. Using this method, you can view the administration
console from a terminal, personal computer, Apple Macintosh, or workstation connected to the switch's console (serial) port.
There are two ways to use this management method: via direct access or modem port access. The following sections describe
these methods. For more information about using the console, refer to Chapter 5 Command Line Interface Console
Management.
3.1.2 Direct Access
Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a
terminal-emulation program (such as HyperTerminal) to the switch console (serial) port.
When using this management method, a null-modem cable is required to connect the switch to the PC. After making this
connection, configure the terminal-emulation program to use the following parameters:
The default parameters are:
384,00 bps 8 data bits No parity 1 stop bit
You can change these settings, if desired, after you log on. This management method is often preferred because you can
remain connected and monitor the system during system reboots. Also, certain error messages are sent to the serial port,
regardless of the interface through which the associated action was initiated. A Macintosh or PC attachment can use any
terminal-emulation program for connecting to the terminal serial port. A workstation attachment under UNIX can use an emulator
such as TIP.
- 25 –
User’s Manual of WGSD-1022/WGSD-8000

3.2 Web Management

The switch provides a browser interface that lets you configure and manage the switch remotely. After you set up your IP
address for the switch, you can access the switch's Web interface applications directly in your Web browser by entering the IP
address of the switch. You can then use your Web browser to list and manage switch configuration parameters from one central
location, just as if you were directly connected to the switch's console port.
Web Management requires either Microsoft Internet Explorer 4.01 or later or Netscape Navigator 4.03 or later.

3.3 SNMP-Based Network Management

You can use an external SNMP-based application to configure and manage the switch. This management method requires the
SNMP agent on the switch and the SNMP Network Management Station to use the same community string. This management
method, in fact, uses two community strings: the get community string and the set community string. If the SNMP Net-work
management Station only knows the set community string, it can read and write to the MIBs. However, if it only knows the get
community string, it can only read MIBs. The default gets and sets community strings for the switch are public.

3.4 Protocols

The switch supports the following protocols:
Virtual terminal protocols, such as Telnet
Simple Network Management Protocol (SNMP)

3.4.1 Virtual Terminal Protocols

A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a
Macintosh, a PC, or a UNIX workstation. Because Telnet runs over TCP/IP, you must have at least one IP address configured on
the switch before you can establish access to it with a virtual terminal protocol.
Terminal emulation differs from a virtual terminal protocol in that you must connect a terminal directly
#Note:
to the console (serial) port.

3.4.2 SNMP Protocol

Simple Network Management Protocol (SNMP) is the standard management protocol for multi-vendor IP networks. SNMP
supports transaction-based queries that allow the protocol to format messages and to transmit information between reporting
devices and data-collection programs. SNMP runs on top of the User Datagram Protocol (UDP), offering a connectionless-mode
service.
- 26 –
User’s Manual of WGSD-1022/WGSD-8000

3.4.3 Management Architecture

All of the management application modules use the same Messaging Application Programming Interface (MAPI). By unifying
management methods with a single MAPI, configuration parameters set using one method (console port, for example) are
immediately displayable by the other management methods (for example, SNMP agent of Web browser).
The management architecture of the switch adheres to the IEEE open standard. This compliance assures customers that the
switch is compatible with, and will interoperate with other solutions that adhere to the same open standard.
- 27 –
User’s Manual of WGSD-1022/WGSD-8000

4. Web Configuration

The WGSD-1022 can be configured through an Ethernet connection, make sure the manager PC must be set on same the IP
subnet address with the switch. For example, if you have changed the default IP address of the Switch to 192.168.1.1 with
subnet mask 255.255.255.0 via console, then the manager PC should be set at 192.168.1.x (where x is a number between 1 and 253) with subnet mask 255.255.255.0. Or you can use the factory default IP address 192.168.1.254 to do the relative
configuration on manager PC. The sceen in Figure 4-1 appears.
Figure 4-1 Web Management via ethernet
1. Logging on the switch
1. Use Internet Explorer 5.0 or above Web browser. Enter the factory-default IP address to access the Web interface. The
factory-default IP Address as following:
http://192.168.1.254
2. When the following login screen appears, the system will ask you to enter the username and password.
Default User name: admin Default Password: admin
The login screen in Figure 4-2 appears.
- 28 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-2 WGSD-Switch Web Login screen
3. After entering the username and password, the main screen appears as Figure 4-3.
Figure 4-3 Web Main Screen of WGSD-Switch
Now, you can use the Web management interface to continue the switch management or manage the switch by console
interface.
#Note:
It is recommended to use Internet Explore 6.0 or above to access WGSD-Switch.
- 29 –
User’s Manual of WGSD-1022/WGSD-8000

4.1 Main Screen

The Switch provides a Web-based browser interface for configuring and managing the Switch. This interface allows you to
access the switch using the Web browser of your choice. This chapter describes how to use the switch’s Web browser interface
to con-figure and manage the switch.
Description
Main Functions Menu Sub Menu
Port Link Status
Main Screen
Figure 4-1
Via the Web-Management, the administrator can setup the WGSD-Switch by select the functions those listed in the Main
Function. The screen in Figure 4-2 appears.
Figure 4-2 WGSD-Switch Main Funcrions Menu
The following functions can be configured here:
Setup Port Config VLAN Config Statistics ACL
Save Config
- 30 –
Security QoS Spanning Tree Multicast SNMP Admin

4.2 Setup

The Setup menus include the tree sub-menus:
Summary Network Settings Time
User’s Manual of WGSD-1022/WGSD-8000

4.2.1 Summary

The summary screen provides Device and System Information about the Switch.
Figure 4-3 System Summary screen
The page contains the following informations:
Device Information
System Name
IP Address
Subnet Mask
Display your system name
Display the current IP address of the device
Display the subnet mask setting of the device
- 31 –
User’s Manual of WGSD-1022/WGSD-8000
DNS Servers
Default Gateway
Address Mode
Base MAC Address
System Information
Serial Number
Model Name
Hardware Version
Boot Version
Display the current DNS Servers, no matter by manual setting or assigned by the DHCP server
Display the current default gateway setting
Show the IP Address mode of the system – By Static or Dynamic (DHCP)
The MAC address of the Switch displays here
The unique box serial number for this switch
The product name of this switch
The release version maintenance number of the hardware
The version of boot system currently running on the switch
Firmware Version
System Location
System Con tact
System Up Time
Current Time
The operating system currently running on the switch
Display where the Switch is located
Display the administrative contact person
The time in days, hours and minutes since the last switch reboot
Specifies the time and date. The format is hour, minute, second, month, day, year

4.2.2 Network Settings

The Basic Setup Table include the Network Settings (see figure 4-3), which allows you to assign DHCP or static IP settings to
interfaces and assign default gateways.
In the Networking Setting screen, you can set these parts as below:
- 32 –
User’s Manual of WGSD-1022/WGSD-8000
The page includes the following fields:
Identification:
System Name
System Location
System Con tact
System Object ID
Base MAC Address
IP Configuration:
Type your system name
Type where the Switch is located
Enter the administrative contact person
Tthe system object identifier is in this field
The MAC address of the Switch displays here
Figure 4-4 Network Setting screen
Management VLAN
IP Address Mode
Host Name
IP Address
Where you can select the Management VLAN. The default Managemanet VLAN is VLAN 1
Where select Static or Dynamic IP address configuration. The Default Mode is Static
In this field you can enter the DHCP Host Name
Enter the IP address when you want to use a static address. The default IP Address is 192.168.1.254
- 33 –
User’s Manual of WGSD-1022/WGSD-8000
Subnet Mask
Deafau lt Gateway
DNS Ser ver
Enter the IP subnet mask for the interface. The factory default value is 255.255.255.0
Enter the default gateway for the IP interface. The factory default value is 0.0.0.0
Enter the IP Address of the DNS Server. The Domain Name System (DNS) converts user-defined domain names into IP addresses.

4.2.3 Time

In the Basic Setup Table, you can see the Time Setup (see figure 4-5), by which you can configure the time settings for the
Switch.
You can select SNTP Servers: Server1 for the primary SNTP server and Server2 for the secondary SNTP server.
Figure 4-5 Time screen
The Time page includes the following fields:
Set Time
Use System Time
Use SNTP Time
Local Time
Specifies that the system time is not set by an external source but the Local time settings.
Specifies that the system time is set via an SNTP server
- 34 –
User’s Manual of WGSD-1022/WGSD-8000
Hours / Minuntes / Seconds
Month / Day / Year
Time Zone
Daylight Saving
Daylight Saving
Defines the system time. The field format is HH:MM:SS, for example, 21:15:03.
Defines the system date. The field format is Day:Month:Year, for example, 04 May
2050.
The difference between Greenwich Mean Time (GMT) and local time. For example, the Time Zone Offset for Paris is GMT +1, while the local time in Taipei is GTM +8.
Enables the Daylight Savings Time (DST) on the device based on the devices location. The possible field values are:
USA -- The device switches to DST at 2 a.m. on the first Sunday of April, and
reverts to standard time at 2 a.m. on the last Sunday of October.
European -- The device switches to DST at 1:00 am on the last Sunday in
March and reverts to standard time at 1:00 am on the last Sunday in October. The European option applies to EU members, and other European countries using the EU standard.
Other -- The DST definitions are user-defined based on the device locality. If
Other is selected, the From and To fields must be defined.
Time Set Offset
From
To
For non USA and European countries, the amount of time for DST can be set in minutes. The value range is (1-1440).
The default time is 60 minutes.
Defines the time that DST begins in countries other than USA or Europe, in the format DayMonthYear in one field and time in another. For example, DST begins on the 25th October 2007 5:00 am, the two fields will be 25Oct07 and 5:00. The possible field values are:
Date -- The date at which DST begins. The possible field range is 1-31.
Month -- The month of the year in which DST begins. The possible field range
is Jan-Dec.
Year-- The year in which the configured DST begins.
Time -- The time at which DST begins. The field format is Hour:Minute, for
example, 05:30.
Defines the time that DST ends in countries other than USA or European in the format DayMonthYear in one field and time in another. For example, DST ends on the 23rd March 2008 12:00 am, the two fields will be 23Mar08 and 12:00. The possible field values are:
Date -- The date at which DST ends. The possible field range is 1-31.
Month -- The month of the year in which DST ends. The possible field range
is Jan-Dec.
Year-- The year in which the configured DST ends.
Time -- The time at which DST starts. The field format is Hour:Minute, for
example, 05:30.
Recurring
From
Defines the time that DST starts in countries other than USA or Europe where the DST is constant year to year. The possible field values are:
Defines the time that DST begins each year. For example, DST begins locally every second Sunday in April at 5:00 am. The possible field values are:
Day -- The day of the week from which DST begins every year. The possible
field range is Sunday-Saturday.
Week -- The week within the month from which DST begins every year. The
- 35 –
User’s Manual of WGSD-1022/WGSD-8000
possible field range is 1-5.
Month -- The month of the year in which DST begins every year. The possible
field range is Jan.-Dec.
Time -- The time at which DST begins every year. The field format is
Hour:Minute, for example, 02:10.
To
SNTP Server
Server1
Server2
Poll Interval
(60-86400 sec)
Defines the recurring time that DST ends each year. For example, DST ends locally every fourth Friday in October at 5:00 am. The possible field values are:
Day -- The day of the week at which DST ends every year. The possible field
range is Sunday-Saturday.
Week -- The week within the month at which DST ends every year. The
possible field range is 1-5.
Month -- The month of the year in which DST ends every year. The possible
field range is Jan.-Dec.
Time -- The time at which DST ends every year. The field format is
Hour:Minute, for example, 05:30.
Enter a user-defined SNTP server IP addresses or hostname. Up to twot SNTP servers can be defined.
The primary server provides SNTP information.
The backup server provides SNTP information.
Defines the interval (in seconds) at which the SNTP server is polled for Unicast information.
The factory default value is 1024.
#Note:
The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. SNTP operates only as a client, and cannot provide time services to other systems.
4.3 Port Configuration
In this field, you can see these parts, such as port settings, Link aggregation, LACP.
4.3.1 Port settings
To use the port settings screen for setting up each of the switch’s ports.
It shows these parts: port, description, admin status, link status, speed, duplex,
MDI/MDIX, Flow control, type, LAG, PVE (see Figure 4-6):
- 36 –
Figure 4-6 Port Settings screen
The Port Settings screen contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Port
Description
Admin Status
Link Status
Speed
Duplex
Shows the port number. You can click on the Detail button of the appropriate port
(G1, G2) to use an SFP module, and the Detail button shows the Port Configuration
Detail screen, which include port, description, port type, admin status, current port
status ……
Click up the Detail button to make a brief description of the port
When to choose the UP button, the port can be accessed normally, to choose the
Down button, the port will be taken offline
Shows an active connection when you choose the UP button, there is no active
connection or the port has been taken offline by an Admiinistrator when you choose
the Down button
Shows the connection speed of the port and the speed can be configured only
when auto-negotiation is disabled on that port
The port duplex mode, Full (transmission occurs in both directions simultaneously)
or Half (transmission occurs in only one direction at a time). This mode can be
MDI/ MDIX
Flow control
configured only when auto-negotiation is disabled and port speed is set to 10Mbps
or 100Mbps.
It cannot be configured on Link Aggregation Groups (LAGs)
Shows the MDI/MDIX status of the port. To use the MDI setting if the port is
connected to an end station. To use the MDIX setting if the port is connected to a
hub or another switch
Shows the flow control status of the port. It is active when the port uses Full Duplex
- 37 –
Mode
User’s Manual of WGSD-1022/WGSD-8000
Type
LAG
PVE
Detail
Click the Detail button for more detail port configuration. Port Configuration Detail screen (see figure 4-7)
Shows the port type
Shows whether the port is part of a LAG
It bypasses the Forwarding Database and forwards all unicast, multicast, and broadcast traffic to an uplink when a port is a Private VLAN Edge (PVE) port,
Uplinks can be ports or LAGs.
It will open the port configuration detail screen
Figure 4-7 Per Port Configuration detail screen
The Port Configuration screen contains the following fields:
Port Indicates the number of the port
- 38 –
User’s Manual of WGSD-1022/WGSD-8000
Description Where can be entered by clicking on the Detail button
Port Type This is the port type
Admin Status The port can be taken offline by selecting the Down option.
When Up is selected, the port can be accessed normally.
Current Port Status The current status of the port is displayed here
Reactivate
Suspended Port
Operational Status This indicates whether or not the port is active
Admin Speed Change the speed of the port here
Current Port Speed The current speed of the port is displayed here
Admin Duplex Change the duplex mode here
Current Duplex
Mode
Auto Negotiation You can enable or disable the port’s Auto Negotiation feature. If using an SFP
Current Auto
Negotiation
Admin Advertisement
If you want to reactivate a port that has been suspended, click the checkbox
Tthis is the duplex mode of the port
module, Auto Negotiation for the specific port should be set to disable
This is the current setting of the port’s Auto Negotiation feature
Specifies the capabilities to be advertised by the port. Multiple options may be selected or Max Capability can be selected to cover all of the options.
The available options are:
Max Capability, which indicates that the port speeds and duplex mode settings can be accepted.
Current Advertisement
Neighbor Advertisement
Back Pressure
Current Back
Pressure
10 Half, indicates that the port is advertising a 10Mbps half duplex mode setting. 10 Full, indicates that the port is advertising a 10Mbps full duplex mode setting. 100 Half, indicates that the port is advertising a 100Mbps half duplex mode
setting. 100 Full, indicates that the port is advertising a 100Mbps full duplex mode
setting. 1000 Full, indicates that the port is advertising a 1000Mbps full duplex mode
setting
The port advertises its capabilities to its neighbor port to begin the negotiation process. This field displays the current advertisement settings.
Tthe neighbor port (the port to which the selected interface is connected) advertises its capabilities to the port to start the negotiation process. This field displays the neighbor’s current settings
The Back Pressure feature of the selected port can be enabled or disabled
Displays whether Back Pressure is enabled or disabled on the currently selected port
- 39 –
User’s Manual of WGSD-1022/WGSD-8000
Flow Control The Flow Control feature of the selected port can be enabled or disabled
Current Flow
Control
MDI/ MDIX Auto - the port to automatically detect the cable type.
• Current MDI/MDIX This is the current MDI/MDIX status of the port
PVE For Gigabit Ethernet switches ONLY. When a port is a Private VLAN Edge (PVE)
Click the Save Settings button to save your changes.
Displays whether Flow Control is enabled or disabled on the currently selected port
MDI - if the port is connected to an end station.
MDIX - if the port is connected to a hub or another switch
port, it bypasses the Forwarding Database and forwards all unicast, multicast, and broadcast traffic to an uplink. Uplinks can be ports or LAGs.

4.3.2 Link Aggregation

When you enter the Link Aggregation, you can see these parts (see figure 4-8), such as:
LAG, shows whether the port is part of a LAG.
Figure 4-8 Link Aggregation screen
The Link Aggregation page contains the following fields:
LAG Indicates the number of the LAG interface. Up to eight LAG interface can be
configured.
Description Indicates the description of the LAG ports
Administrative
Status
Up indicates that the port is available and down shows administrator has taken the port offline. You can click the Save Settings option to save this option.
- 40 –
User’s Manual of WGSD-1022/WGSD-8000
Type The port types that comprise the LAG.
Link Status Shows an active connection when you choose the UP button, there is no active
connection or the port has been taken offline by an Admiinistrator when you choose the Down button
Speed Shows the connection speed of the port and the speed can be configured only
when auto-negotiation is disabled on that port
Duplex The port duplex mode, Full (transmission occurs in both directions simultaneously)
or Half (transmission occurs in only one direction at a time). This mode can be configured only when auto-negotiation is disabled and port speed is set to 10Mbps or 100Mbps.
Flow control Shows the flow control status of the port. It is active when the port uses Full Duplex
Mode
LAG Mode Shows the current mode of the LAG interface
Click the Detail button for more detail port configuration.
Linkl Aggregation detail configuration
At per-LAG detail configuration page, the administrator can select ports to be the members of the LAG interface. The scree
appears as follow:
- 41 –
User’s Manual of WGSD-1022/WGSD-8000

4.3.3 LACP

Aggregated Links can be manually setup or automatically established on the relevant links by enabling Link Aggregation Control
Protocol (LACP).
Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed, set to
full-duplex operation.
The LACP screen contains fields for configuring LACP LAG s (see figure 4-9)
- 42 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-9 LACP configuration screen
The page contains the following fields:
LACP System Priority
Port
LACP Port Priority
LACP Timeout
Admin Key
Indicates the global LACP priority value. The possible range is 1- 65535 and the default value is 1.
Set the port number which need to timeout and the priority values are assigned
Where set the LACP priority value for the port and the field range is 1-65535
Administrative LACP timeout. A short or long timeout value can be selected. Long is the default
A channel will only be formed between ports having the same admin key, in other words, this only applies to ports located on the same switch.

4.4 VLAN Configuration

A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain. It allows you to isolate network traffic so
only members of the VLAN receive traffic from the same VLAN members. Basically, creating a VLAN from a switch is logically
equivalent of reconnecting a group of network devices to another Layer 2 switch. However, all the network devices are still plug
into the same switch physically.
The WGSD-Switch supports 802.1Q (tagged-based) and GVRP Dynamic VLAN setting in web management page. In the default
configuration, VLAN support is “802.1Q”.
IEEE 802.1Q VLANs
- 43 –
User’s Manual of WGSD-1022/WGSD-8000
IEEE 802.1Q (tagged) VLAN are implemented on the Switch. 802.1Q VLAN require tagging, which enables them to span the
entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLAN allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN will only
be forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes broadcast,
multicast and unicast packets from unknown sources.
VLAN can also provide a level of security to your network. IEEE 802.1Q VLAN will only deliver packets between stations that are
members of the VLAN. Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLAN
allows VLAN to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLAN
to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all
ports and work normally.
Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLAN allows VLAN to work
with legacy switches that don’t recognize VLAN tags in packet headers. The tagging feature allows VLAN to span multiple
802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work
normally.
Frame Income
Frame Leave
Leave port is tagged Frame remains tagged Tag is inserted
Leave port is untagged Tag is removed Frame remain untagged
Income Frame is tagged Income Frame is untagged
In this field, there are five items, such as Create VLAN, Port setting, Ports to VLAN, VLAN to Ports, GVRP…

4.4.1 Create VLAN

In this table, the information and global parameters for configuring and working with VLAN s will be provided (see figure 4-10).
- 44 –
The page contains the following fields:
Single VLAN
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-10 Create VLAN screen
VLAN ID (2-4094)
VLAN Name
VL AN Range
VLAN Table
The VLAN Table displays a list of all configured VLANs, include the
VLAN ID,
VLAN Name,
Status
To remove a VLAN, click the Remove button.
You can configure the ID number of the VLAN by this item. Up to 256 VLANs can be
created. This field is used to add VLANs one at a time. If you want to add the defined VLAN ID number, you can press the Add button.
Where shows the user-defined VLAN name
Indicates a range of VLANs configured. To add the defined range of VLAN ID numbers, press the Add Range button

4.4.2 Port setting

In this port setting screen (refer to figure 4-11), the parameters managing ports that are part of a VLAN will be provided, and you
can set the default VLAN ID (PVID). All untagged packets arriving to the device are tagged by the ports PVID.
Figure 4-11 VLAN Port Setting screen
The page contains the following fields:
- 45 –
Port Displays the port number included in the VLAN
Mode Indicates the port mode. Possible values are:
General - The port belongs to VLANs, and each VLAN is user-defined as
tagged or untagged (full 802.1Q mode).
Access - The port belongs to a single untagged VLAN. When a port is in
Access mode, the packet types which are accepted on the port (packet type) cannot be designated. It is also not possible to enable/ disable ingress filtering on an access port.
Trunk - The port belongs to VLANs in which all ports are tagged (except for an
optional single native VLAN).
User’s Manual of WGSD-1022/WGSD-8000
Acceptable Frame
Type
PVID Assigns a VLAN ID to untagged packets. The possible values are 2 to 4094. VLAN
Ingress Filtering Enables or disables Ingress filtering on the port. Ingress filtering discards packets
LAG Indicates the LAG to which the VLAN is defined
Port Mode VLAN Membership Frame Leave
Access Belongs to a single untagged VLAN
General
Packet type accepted on the port. Possible values are:
Admit Tag Only - indicates that only tagged packets are accepted on the port.
Admit All - indicates that both tagged and untagged packets are accepted on
the port.
4095 is defined as per standard and industry practice as the discard VLAN. Packets classified to the Discard VLAN are dropped
which do not include an ingress port
Untagged
( Tag=PVID be removed)
Allowed to belongs to multiple untagged
VLANs at the same time
Untagged
(Tag=PVID be removed)
Trunk
Allowed to belongs to multiple Tagged
VLANs at the same time
(Tag=PVID or Original VID be remained)
Tagged

4.4.3 Ports to VLAN

The Ports to VLAN screen contains fields for configuring ports to a VLAN. The port default VLAN ID (PVID) is configured on the
Create VLAN screen. All untagged packets arriving to the device are tagged by the ports PVID. The Ports to VLAN screen
contains a Port Table for VLAN parameters for each port. Ports are assigned VLAN membership by selecting and configuring
the presented configuration options, you can refer to figure 4-12.
- 46 –
Figure 4-12 Ports to VLAN screen
User’s Manual of WGSD-1022/WGSD-8000
The page contains the following fields:
VLAN
Access
Trunk
General
Tagged
Untagged
Forbidden
Exclude
Where means the VLAN number
Indicates the port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled/disabled on an access port.
Which indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged
Which indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode)
Defines the interface as a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information
Packets forwarded by the interface are untagged
Forbidden ports are not included in the VLAN
Excludes the interface from the VLAN. However, the interface can be added to the VLAN through GVRP

4.4.4 VLAN to Ports

The VLAN to Ports screen (see figure 4-13) contains fields for configuring VLANs to a port. This screen displays these parts,
such as:
- 47 –
The page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-13 VLA N to Ports
Port
Mode
Join VLAN
VLANs
LAG
Press the “Join VLAN” button to selecet and add VLAN to per port. The screen in Figure 4-14 appears.
Displays the interface number
By which indicates the port to VLAN mode. Possible field values are:
General - By which indicates the port belongs to VLANs, and each VLAN is
user-defined as tagged or untagged (full 802.1Q mode).
Access - Indicates the port belongs to a single untagged VLAN. When a port is
in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled/disabled on an access port.
Trunk - Which indicates these ports belong to VLANs in which all ports are
tagged, except for one port that can be untagged.
Defines the VLANs to which the interface is joined.
Displays the PVID tag
Indicates whether the port is a member of a LAG. If it is a member of a LAG, it cannot be configured to a VLAN. The LAG to which belongs can be configured to a VLAN
- 48 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-14 Join VLAN to Port screen

4.4.5 GVRP

GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information
among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without
having to individually configure each bridge and register VLAN membership.
The Global System LAG information displays the same field information as the ports, but represent the LAG GVRP information.
The GVRP screen (refer to 4-15) is divided into two areas, GVRP and GVRP Table. The field definitions for both areas are the
same.
Figure 4-15 GVRP configuration screen
- 49 –
The page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Enable GVRP
Interface
GVRP State
Dynamic VLAN
Creation
GVRP Registration
Update
Enables and disables GVRP on the device
Displays the interface on which GVRP is enabled. Possible field values are:
Port - indicates the port number on which GVRP is enabled. LAG - indicates the LAG number on which GVRP is enabled.
When the checkbox is checked, GVRP is enabled on the interface
When the checkbox is checked, Dynamic VLAN creation is enabled on the interface
When the checkbox is checked, VLAN registration through GVRP is enabled on the
device..
The Update button adds the configured GVRP setting to the table at the bottom of
the screen
- 50 –
User’s Manual of WGSD-1022/WGSD-8000

4.5 Statistics

The Statistic of the switch
This field includes these parts as below:
4.5.1 RMON Statistic
The RMON Statistics screen (refer to figure 4-16) contains fields for viewing information about device utilization and errors that
occurred on the device.
The page contains the following fields:
Interface
Refresh Rate
Indicates the device for which statistics are displayed. The possible field values are:
Port - defines the specific port for which RMON statistics are displayed.
LAG - defines the specific LAG for which RMON statistics are displayed.
Defines the amount of time that passes before the interface statistics are refreshed. The possible field values are:
No Refresh, indicates that the RMON statistics are not refreshed.
15 Sec, which indicates that the RMON statistics are refreshed every 15
30 Sec, which indicates that the RMON statistics are refreshed every 30
60 Sec, which indicates that the RMON statistics are refreshed every 60
Figure 4-16 RMON Statistics screen
seconds.
seconds.
seconds.
- 51 –
User’s Manual of WGSD-1022/WGSD-8000
Drop Events
Received Bytes
(Octets)
Received Packets
Broadca st Packets
Received
Multicast Packets
Received
CRC & Align Errors
Undersize Pa ckets
which displays the number of dropped events that have occurred on the interface since the device was last refreshed
Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits
Displays the number of packets received on the interface, including bad packets, Multicast and broadcast packets, since the device was last refreshed
Which displays the number of good broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets
Displays the number of good Multicast packets received on the interface since the device was last refreshed
which displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed
Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed
Oversize Pack ets
Fragments
Jabbers
Collisions
Frames of xx Bytes
Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed.
Indicates the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed
Indicates the total number of received packets that were longer than 1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms
Displays the number of collisions received on the interface since the device was last refreshed
Number of xx-byte frames received on the interface since the device was last refreshed.
Clear Counters button, this option will reset all of the statistic counts.
Refresh Now button, which use this option to refresh the statistics.
- 52 –
User’s Manual of WGSD-1022/WGSD-8000

4.5.2 RMON History

The RMON History contains information about samples of data taken from ports. For example, the samples may include
interface definitions or polling periods. The RMON History Control screen is divided into RMON History and Log Table.
Log Table includes the following parts (see figure 4-17)
The page contains the following fields: RMON History
Source Interface
Sampling Interval
Sampling Req uested
Displays the interface from which the history samples were taken. The possible field values are:
Port, specifies the port from which the RMON information was taken. LAG, specifies the port from which the RMON information was taken.
Indicates (in seconds) the time that samplings are taken from the ports. The field range is 1-3600.
The default is 1800 seconds (equal to 30 minutes)
Displays the number of samples to be saved. The field range is 1-65535. The default value is 50
Figure 4-17 RMON History screen
Current Number of
Samples
Displays the current number of samples taken. View History button. This button opens the RMON History screen
- 53 –
User’s Manual of WGSD-1022/WGSD-8000
Owner
Use the Add to List button when you add the configured RMON sampling to the Log Table at the bottom of the screen
1. RMON Histo ry Table
The RMON History screen (see figure 4-18) contains interface specific statistical network samplings. Each table entry
represents all counter values compiled during a single sample.
Where displays the RMON station or user that requested the RMON information.
The field range is 0-20 characters
Figure 4-18 RMON History Table screen
Sample No
Received Bytes
(Octets)
Received Packets
Broadca st Packets
Multicast Packets
CRC Align Errors
Which indicates the sample number from which the statistics were taken
Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits
Displays the number of packets received on the interface since the device was last refreshed, including bad packets, Multicast and Broadcast packets
Displays the number of good Broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets
Displays the number of good Multicast packets received on the interface since the device was last refreshed
Which displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.
- 54 –
User’s Manual of WGSD-1022/WGSD-8000
Undersize Pa ckets
Oversize Pack ets
Fragments
Jabbers

4.5.3 RMON Alarm

Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed
Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed
Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed.
Displays the total number of received packets that were longer than 1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms.
The RMON Alarm screen (see figure 4-19) contains fields for setting network alarms. Network alarms occur when a network
problem, or event, is detected. Rising and falling thresholds generate events.
The page contains the following fields:
Figure 4-19 RMON Alarm screen
- 55 –
User’s Manual of WGSD-1022/WGSD-8000
larm Entry
Source Interface
Counter Name
Sample Type
Rising Threshold
Indicates a specific alarm
Displays the interface for which RMON statistics are displayed. The possible field values are:
Port, displays the selected port of the RMON statistics.
LAG, displays the RMON statistics for the selected LAG.
Displays the selected MIB variable
Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are:
Absolute, compares the values directly with the thresholds at the end of the
sampling interval.
Delta, subtracts the last sampled value from the current value. The difference in
the values is compared to the threshold.
Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color
Rising E vent
Falling Threshold
Falling Event
Displays the mechanism in which the alarms are reported. The possible field values are:
LOG. Indicates there is not a saving mechanism for either the device or in the
management system. If the device is not reset, the entry remains in the Log Table.
TRAP, indicates that an SNMP trap is generated, and sent via the Trap
mechanism. The Trap can also be saved using the Trap mechanism.
Both, indicates that both the Log and Trap mechanism are used to report
alarms.
Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color.
Displays the mechanism in which the alarms are reported. The possible field values are:
LOG, indicates there is not a saving mechanism for either the device or in the
management system. If the device is not reset, the entry remains in the Log Table.
TRAP, indicates that a SNMP trap is generated, and sent via the Trap
mechanism. The Trap can also be saved using the Trap mechanism.
Startup Alarm
Both, indicates that both the Log and Trap mechanism are used to report
alarms.
Displays the trigger that activates the alarm generation. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold
- 56 –
User’s Manual of WGSD-1022/WGSD-8000
Interval
Owner
Use the Add to List button when you add the RMON Alarms Table entry.
Defines the alarm interval time in seconds
Dhere displays the device or user that defined the alarm
- 57 –
User’s Manual of WGSD-1022/WGSD-8000

4.5.4 RMON Events

The RMON Events screen (see figure 4-20) contains fields for defining RMON events.
The page contains the following fields:
Add Event:
Event Entry
Community
Description
Type
Displays the event
where displays the community to which the event belongs
Displays the user-defined event description
Describes the event type. Possible values are:
None, where indicates that no event occurred.
Log, indicates that the event is a log entry.
Trap, indicates that the event is a trap.
Log and Trap, indicates that the event is both a log entry and a trap.
Figure 4-20 RMON Event screen
Owner
The Event Table area contains the following additional field:
Where displays the device or user that defined the event. Use the Add to List button when you add the configured RMON event to the Event Table at the bottom of the screen (see figure 4-21)
- 58 –
User’s Manual of WGSD-1022/WGSD-8000
Time
Press the RMON Event Log button to display the log store in the flash. Only the Event type is Log or Log and Trap, then the
entries appear. The screen in Figure 4-21 appears.
Where displays the time that the event occurred
Figure 4-21 RMON Event Log Screen
- 59 –
User’s Manual of WGSD-1022/WGSD-8000

4.5.5 Port Utilization

The Port Utilization screen (see figure 4-22) indicates the amount of resources each interface is currently consuming. Ports in
green are functioning normally, while ports in red are currently transmitting an excessive amount of network traffic.
The page includes the following fields:
Refresh Rate
Indicates the amount of time that passes before the port utilization statistics are
refreshed. The possible field values are:
No Refresh - indicates that the statistics are not refreshed.
15 Sec - indicates that the statistics are refreshed every 15 seconds.
30 Sec - indicates that the statistics are refreshed every 30 seconds.
60 Sec - indicates that the statistics are refreshed every 60 seconds.
Figure 4-22 Port Utilization screen
- 60 –
User’s Manual of WGSD-1022/WGSD-8000

4.5.6 802.1x Statistic

The 802.1X Statistic screen (see figure 4-23) contains information about EAP packets received on a specific port.
The page includes the following fields:
Port
Refresh Rate
Name
Indicates the port, which is polled for statistics
Indicates the amount of time that passes before the EAP statistics are refreshed. The possible field values are:
No Refresh, indicates that the EAP statistics are not refreshed.
15 Sec, which indicates that the EAP statistics are refreshed every 15
30 Sec, which indicates that the EAP statistics are refreshed every 30
60 Sec, which indicates that the EAP statistics are refreshed every 60 seconds
Displays the measured 802.1x statistic
Figure 4-23 802.1x Statistics screen
seconds.
seconds.
Description
Packet
Describes the measured 802.1x statistic
Displays the amount of packets measured for the particular 802.1x statistic
- 61 –
User’s Manual of WGSD-1022/WGSD-8000

4.5.7 GVRP Statistics

The GVRP Statistics screen (see figure 4-24) contains device statistics for GVRP. The GVRP Statistics screen is divided into two areas, GVRP Statistics Table and GVRP Error Statistics Table.
Figure 4-24 GVRP Statistics screen
The following fields are relevant for both tables:
Interface
Refresh Rate
Specifies the interface type for which the statistics are displayed
Port, indicates port statistics are displayed.
LAG, indicates LAG statistics are displayed.
Indicates the amount of time that passes before the GVRP statistics are refreshed.
The possible field values are:
No Refresh, indicates that the GVRP statistics are not refreshed.
15 Sec, which indicates that the GVRP statistics are refreshed every 15
seconds.
30 Sec, which indicates that the GVRP statistics are refreshed every 30
seconds.
60 Sec, which indicates that the GVRP statistics are refreshed every 60
seconds.
The GVRP Statistics Table contains the following fields:
Join Empty
Empty
Which displays the device GVRP Join Empty statistics
Displays the device GVRP Empty statistics
- 62 –
User’s Manual of WGSD-1022/WGSD-8000
Leave Empty
Join In
Leave In
Leave All
The GVRP Error Statistics Table contains the following fields:
Invalid Protocol ID
Invalid Attribute
Type
Attribut e Value
Invalid Events
By which displays the device GVRP Leave Empty statistics
By which displays the device GVRP Join In statistics
By which displays the device GVRP Leave in statistics
By which displays the device GVRP Leave all statistics
Where displays the device GVRP Invalid Protocol ID statistics
Where displays the device GVRP Invalid Attribute ID statistics. Invalid
Displays the device GVRP Invalid Attribute Value statistics. Invalid Attribute Length,
where displays the device GVRP Invalid Attribute Length statistics
Where displays the device GVRP Invalid Events statistics. The Clear All Counters
button resets all tables
- 63 –
User’s Manual of WGSD-1022/WGSD-8000

4.6 ACL

An ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a
rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the
interfaces to which an ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the
ACL are specified/created using the ACL Rule Configuration menu.

4.6.1 IP Based ACL

The IP Based ACL (Access Control List) screen (see figure 4-25) contains information for defining IP Based ACLs.
The Page contains the following fields:
ACL Name
New ACL Name
Delete ACL
Action
Displays the user-defined IP based ACLs
Defines a new user-defined IP based ACL
By which deletes the selected ACL
Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shutdown, a trap can be sent to
Figure 4-25 IP-Base ACL screen
- 64 –
User’s Manual of WGSD-1022/WGSD-8000
the network administrator, or a packet assigned rate limiting restrictions for forwarding. The options are as follows:
Permit, by which forwards packets which meet the ACL criteria.
Deny, which drops packets which meet the ACL criteria.
Shutdown, where drops packet that meets the ACL criteria, and disables the
port to which the packet was addressed. Ports are reactivated from the Port Management screen.
Protocol
Select from List
By which creates an ACE (Access Control Event) based on a specific protocol
Where selects from a protocols list on which ACE can be based. The possible field values are:
Any, matches the protocol to any protocol.
EIGRP, which indicates that the Enhanced Interior Gateway Routing Protocol
(EIGRP) is used to classify network flows.
ICMP, which indicates that the Internet Control Message Protocol (ICMP) is
used to classify network flows.
IGMP, which indicates that the Internet Group Management Protocol (IGMP) is
used to classify network flows.
TCP, which indicates that the Transmission Control Protocol is used to classify
network flows.
OSPF, by which matches the packet to the Open Shortest Path First (OSPF)
protocol.
UDP, which indicates that the User Datagram Protocol is used to classify
network flows.
Protocol ID to Match, adds user-defined protocols to which packets are
matched to the ACE. Each protocol has a specific protocol number which is unique. The possible field range is 0-255.
TCP Flags
This filters packets by TCP flag. Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, and network security. The values that can be assigned are:
Set, which enables filtering packets by selected flags.
Unset, disables filtering packets by selected flags.
Don’t care, which indicates that selected packets do not influence the packet
filtering process.
The TCP Flags that can be selected are:
Urg, indicates the packet is urgent.
Ack, indicates the packet is acknowledged.
Psh, indicates the packet is pushed.
Rst, indicates the connection is dropped.
Syn, indicates request to start a session.
- 65 –
Fin, indicates request to close a session.
User’s Manual of WGSD-1022/WGSD-8000
Source Port
Destination Port
Source IP Address
Wildcard Mask
Defines the TCP/UDP source port to which the ACE is matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu.
The possible field range is 0 - 65535
Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu.
The possible field range is 0 - 65535
Matches the source port IP address to which packets are addressed to the ACE
Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored.
A wild card mask of 255.255.255.255 indicates that no bit is important.
A wildcard of 0.0.0.0 indicates that all the bits are important.
For example, if the source IP address 149.36.184.198 and the wildcard mask is
255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used.
Destination IP
Address
Wildcard Mask
Match DSCP
Match IP
Precedence
Use the Add to List button when you add the configured IP Based ACLs to the IP Based ACL Table at the bottom of the
screen.
Matches the destination port IP address to which packets are addressed to the ACE
Defines the destination IP address wildcard mask
Matches the packet DSCP value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
The possible field range is 0-63
Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
The possible field range is 0-7
4.6.2 IP Based ACL Configure Sample
This section shows how to build a IP Based ACL and apply to specify interface.
Sample Case: Deny IP packets to specific Class C network
¾ Purpose:
Verify a positive and negative matches to network IP address with a Class C (24 bit mask) , no matter the rule defined as
permit or deny.
- 66 –
User’s Manual of WGSD-1022/WGSD-8000
1. Any packets pass through the switch will be dropped – if the Destination IP Addresses match specific Class C.
2. Any packets pass through the switch will be forwarded – if the Destination IP Addresses not match specific Class C.
¾ Case Design:
Action DENY Match IP
Source IP Address Any
Destination IP Address
Applied Interface Interface g1
¾ Device Connection and Configuration:
Class C
172.16.0.0 / 255.255.255.0
Target
Any
The procedure as following
ID Source Address Destination Address
3 Any
Stream
Protocol
172.16.0.0 /
255.255.255.0
Create Deny ACL and add to list
1. [DENY Rule]: Choose “New ACL Name”, then key in “Deny-IP Destination A”. Choose “Action”—“Deny”.
(The ACL Name can de entered with other policy name)
2. [DENY Rule]: Keep the “Source IP Address” and “Wild Card Mask” be blanked.
- 67 –
Any
User’s Manual of WGSD-1022/WGSD-8000
3. [DENY Rule]: Enter “172.16.0.0” in the “Destination IP Address” and “0.0.0.255” in the Wild Card Mask.
4. After click “Add to List" button, the entry would be show at the table.
Create Permit ACL and add to list
5. [Permit Rule]: Within the same ACL “Deny-IP Destination A”, choose “Action”—“Permit”.
6. [Permit Rule]: Keep the “Source IP Address” and “Wild Card Mask” be blanked.
7. [Permit Rule]: Keep the “Destination IP Address” and “Wild Card Mask” be blanked.
8. After click “Add to List" button, the entry would be show at the table.
9. Rember to click the "Save Config" button.
- 68 –
User’s Manual of WGSD-1022/WGSD-8000
Binding the IP ACL to specify interface
10. Select “Security” \”ACL Binding” in the Menu bar.
11. Choose Port “g1” at the Interface.
12. Choose “IP Based ACL”, select ACL name with “Deny-Source A” – that we had been created at step-1. Click “Add to List" button, the entry would be show at the table.
- 69 –
User’s Manual of WGSD-1022/WGSD-8000

4.6.3 MAC Based ACL

The MAC Based ACL screen (see figure 4-27) allows a MAC based ACL to be defined. ACLs can be added only if the ACL is not
bound to an interface.
The Page contains the following fields:
Figure 4-26 MAC-Base ACL screen
- 70 –
User’s Manual of WGSD-1022/WGSD-8000
ACL Name
New ACL Name
Delete ACL
Action
Source MAC
Address
Wildcard Mask
Displays the user-defined MAC based ACLs
Specifies a new user-defined MAC based ACL name.
By which deletes the selected ACL
Indicates the ACL forwarding action. Possible field values are:
Permit, by which forwards packets which meet the ACL criteria.
Deny, drops packets which meet the ACL criteria.
Shutdown, where drops packet that meet the ACL criteria, and disables the
port to which the packet was addressed.
Matches the source MAC address to which packets are addressed to the ACE.
Defines the source IP address wildcard mask. Wildcard masks specify which bits are used and ignored.
A wild card mask of 255.255.255.255 indicates that no bit is important.
A wildcard of 0.0.0.0 indicates that all the bits are important.
For example, if the source IP address 149.36.184.198 and the wildcard mask is
255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used.
Dest. MAC Address
VLAN ID
Ether Type
Use the “Add to List button to add the configured MAC Based ACLs to the MAC Based ACL Table at the bottom of the
screen.
Where matches the destination MAC address to which packets are addressed to the ACE.
Wildcard Mask, which defines the destination IP address wildcard mask.
Which matches the packet’s VLAN ID to the ACE. The possible field values are 2 to 4094.
Where specifies the packet’s Ethernet type.

4.6.4 MAC Based ACL Configure Sample

This chapter will teah you how to configure a MAC based ACL in the WGSD-Switch.
Sample Case: Deny IP packets to specific Class C network
¾ Purpose:
- 71 –
User’s Manual of WGSD-1022/WGSD-8000
When the workstation with IP address 192.168.99.188 and MAC address 00-11-08-57-E0-1E ping to PC with IP address
192.168.99.57 and MAC address 00-30-4F-1D-9F-DE, use MAC based ACL function from ACL to deny or shutdown and
permit the traffic transmit ability of notebook that connect to port 8 of WGSD-Switch.
¾ Case Design:
Action DENY Match MAC Address
Source MAC Address 00-11-08-57-E0-1E Destination MAC Address 00-30-4F-1D-9F-DE Applied Interface Interface g2
¾ Device Connection and Configuration:
Setting procedure from WGSD-Switch Web interface:
Create Deny MAC ACL and add to list
1. Please enter into Web interface and choose "ACL" function,
2. Then choose "MAC based ACL" function.
3. Please input a new ACL name, for example: “Deny MAC A”.
4. To defined "Permit", "Deny" or "Shutdown" from Action item.
5. [Deny Rule]: Input Source MAC Address "00:11:08:57:E0:1E" with Wild Card Mask "00:00:00:00:00:00".
6. [Deny Rule]: Enter Dest. Mac Address "00:30:4F:1D:9F:DE" with Wild Card Mask “00:00:00:00:00:00".
7. [Deny Rule]:Input the VLAN ID and default VLAN ID is 1.
8. Press "Add to List" button to complete this setting.
- 72 –
User’s Manual of WGSD-1022/WGSD-8000
Create Permit MAC ACL and add to list (
9. [Permit Rule]: Within the same ACL “Deny-MAC A”, choose “Action”—“Permit”.
10. [Permit Rule]: Keep the “Source MAC Address” and “Wild Card Mask” be blanked.
11. [Permit Rule]: Keep the “Destination MAC Address” and “Wild Card Mask” be blanked.
12. After click “Add to List" button, the entry would be show at the table.
To allow all other packets be forwarded)
- 73 –
User’s Manual of WGSD-1022/WGSD-8000
13. Please press "Save Config" to save current setting.
Binding the MAC ACL to specify interface
14. Select “Security” \”ACL Binding” in the Menu bar.
15. Choose Port “g2” from Interface item.
16. Choose “MAC Based ACL”, select ACL name with “Deny-MAC A” – that we had been created at step-1. Click “Add to List" button, the entry would be show at the table.
17. Please press "Save Config" to save current setting.
#Note:
If action "shutdown" is selected, the port will be force disabled
- 74 –
User’s Manual of WGSD-1022/WGSD-8000

4.7 Security

This section is to control the security access of the switch, includes the user access and management control.
The Security function contains links to the following topics:
ACL Binding
RADIUS
TACACS+
802.1x Settings
Port Security
Multiple Hosts
Storm Control

4.7.1 ACL Binding

When an ACL is bound to an interface, all the ACE (Access Control Event) rules that have been defined are applied to the
selected interface. Whenever an ACL is assigned on a port, LAG or, VLAN, flows from that ingress interface that do not match
the ACL are matched to the default rule, which is Drop unmatched packets. You can refer to figure 4-27.
Figure 4-27 ACL Binding screen
The Page contains the following fields:
Interface
ACL Name
Indicates the interface to which the ACL is bound. The selection includes:
Port, indicates port to apply the ACL
LAG, indicates LAG to apply the ACL
Indicates the ACL which is bound to the interface. The selection includes:
IP Based ACL
MAC Based ACL
- 75 –
User’s Manual of WGSD-1022/WGSD-8000
Use the Add to List button to add the ACL Binding configuration to the ACL Binding Table at the bottom of the screen.

4.7.2 Radius

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide
a centralized authentication method for web access (see figure 4-28).
The Page contains the following fields:
IP Address
Priority
Authentication Port
Number o f Retries
Timeout for Reply
The Authentication Server IP address.
Displays the server priority. The possible values are 0-65535, where 1 is the highest value. The RADIUS Server priority is used to configure the server query order
Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication.
The authenticated port default is 1812
Defines the number of transmitted requests sent to RADIUS server before a failure occurs. The possible field values are 1 - 10.
Three is the default value.
This defines the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server.
Figure 4-28 RADIUS screen
- 76 –
The possible field values are 1 - 30. Three is the default value.
User’s Manual of WGSD-1022/WGSD-8000
Dead Time
Key String
Source IP Address
Usage Type
Use the Add to List button when you add the RADIUS configuration to the RADIUS Table at the bottom of the screen.
This defines the amount of time (minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000.
The Dead Time default is 0 minutes.
This defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server.
This key must match the RADIUS encryption.
Defines the source IP address that is used for communication with RADIUS servers.
Specifies the RADIUS server authentication type. The default value is Login. The possible field values are:
Login, indicates that the RADIUS server is used for authenticating user name
and passwords.
802.1X, indicates that the RADIUS server is used for 802.1X authentication.
All, where indicates that the RADIUS server is used for authenticating user
name and passwords, and 802.1X port authentication.
- 77 –
User’s Manual of WGSD-1022/WGSD-8000

4.7.3 TACACS+

The device provides Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides
centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system,
while still retaining consistency with RADIUS and other authentication processes. The TACACS+ protocol ensures network
integrity through encrypted protocol exchanges between the device and TACACS+ server. You can refer to figure 4-29.
The Page contains the following fields:
Host IP Address
Priority
Source IP Address
Key String
Authentication Port
The Timeout for
Reply
Indicates the TACACS+ Server IP address
Displays the order in which the TACACS+ servers are used. The default is 0
By which displays the device source IP address used for the TACACS+ session between the device and the TACACS+ server.
This defines the authentication and encryption key for TACACS+ server. The key must match the encryption key used on the TACACS+ server
Displays the port number through which the TACACS+ session occurs
This displays the amount of time that passes before the connection between the device and the TACACS+ server times out.
The field range is 1-30 seconds.
Figure 4-29 TACACS+ screen
Status
Displays the connection status between the device and the TACACS+ server. The
- 78 –
User’s Manual of WGSD-1022/WGSD-8000
possible field values are:
Connected, there is currently a connection between the device and the
TACACS+ server.
Not Connected, there is not currently a connection between the device and
the TACACS+ server.
Single Connection
Maintains a single open connection between the device and the TACACS+ server when selected the Add to List button to add the TACACS+ configuration to the TACACS+ table at the bottom of the screen.
- 79 –
User’s Manual of WGSD-1022/WGSD-8000

4.7.4 802.1x settings

Understanding IEEE 802.1X Port-Based Authentication
The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized
clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client
connected to a switch port before making available any services offered by the switch or the LAN.
Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic
through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.
This section includes this conceptual information:
Device Roles
Authentication Initiation and Message Exchange
Ports in Authorized and Unauthorized States
Device Roles
With 802.1X port-based authentication, the devices in the network have specific roles as shown below.
z Client—the device (workstation) that requests access to the LAN and switch services and responds to requests from
the switch. The workstation must be running 802.1X-compliant client software such as that offered in the Microsoft
Windows XP operating system. (The client is the supplicant in the IEEE 802.1X specification.)
z Authentication server—performs the actual authentication of the client. The authentication server validates the
identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services.
Because the switch acts as the proxy, the authentication service is transparent to the client. In this release, the Remote
Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP)
extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server version 3.0.
RADIUS operates in a client/server model in which secure authentication information is exchanged between the
RADIUS server and one or more RADIUS clients.
z Switch (802.1X de vice)—controls the physical access to the network based on the authentication status of the client.
The switch acts as an intermediary (proxy) between the client and the authentication server, requesting identity
information from the client, verifying that information with the authentication server, and relaying a response to the client.
- 80 –
User’s Manual of WGSD-1022/WGSD-8000
The switch includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible
Authentication Protocol (EAP) frames and interacting with the authentication server. When the switch receives EAPOL
frames and relays them to the authentication server, the Ethernet header is stripped and the remaining EAP frame is
re-encapsulated in the RADIUS format. The EAP frames are not modified or examined during encapsulation, and the
authentication server must support EAP within the native frame format. When the switch receives frames from the
authentication server, the server's frame header is removed, leaving the EAP frame, which is then encapsulated for
Ethernet and sent to the client.
Authentication Initiation and Message Exchange
The switch or the client can initiate authentication. If you enable authentication on a port by using the dot1x port-control auto
interface configuration command, the switch must initiate authentication when it determines that the port link state transitions
from down to up. It then sends an EAP-request/identity frame to the client to request its identity (typically, the switch sends an
initial identity/request frame followed by one or more requests for authentication information). Upon receipt of the frame, the
client responds with an EAP-response/identity frame.
However, if during bootup, the client does not receive an EAP-request/identity frame from the switch, the client can initiate
authentication by sending an EAPOL-start frame, which prompts the switch to request the client's identity.
If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the
client are dropped. If the client does not receive an EAP-request/identity frame after three attempts
#Notice:
When the client supplies its identity, the switch begins its role as the intermediary, passing EAP frames between the client and
the authentication server until authentication succeeds or fails. If the authentication succeeds, the switch port becomes
authorized.
The specific exchange of EAP frames depends on the authentication method being used. Following screen shows a message
exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server.
to start authentication, the client transmits frames as if the port is in the authorized state. A port in
the authorized state effectively means that the client has been successfully authenticated.
- 81 –
User’s Manual of WGSD-1022/WGSD-8000
Ports in Authorized and Unauthorized States
The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized
state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is
successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.
If a client that does not support 802.1X is connected to an unauthorized 802.1X port, the switch requests the client's identity. In
this situation, the client does not respond to the request, the port remains in the unauthorized state, and the client is not granted
access to the network.
In contrast, when an 802.1X-enabled client connects to a port that is not running the 802.1X protocol, the client initiates the
authentication process by sending the EAPOL-start frame. When no response is received, the client sends the request for a
fixed number of times. Because no response is received, the client begins sending frames as if the port is in the authorized state
If the client is successfully authenticated (receives an Accept frame from the authentication server), the port state changes to
authorized, and all frames from the authenticated client are allowed through the port. If the authentication fails, the port remains
in the unauthorized state, but authentication can be retried. If the authentication server cannot be reached, the switch can
retransmit the request. If no response is received from the server after the specified number of attempts, authentication fails,
and network access is not granted.
When a client logs off, it sends an EAPOL-logoff message, causing the switch port to transition to the unauthorized state.
If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized
- 82 –
User’s Manual of WGSD-1022/WGSD-8000
state.
802.1X Settings of WGSD-Switch Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Refer to figure 4-30.
The Page contains the following fields:
Enable 802.1x
Port
Status Port Control
Enable Periodic
Re-authentication
Place a checkmark in the check box to enable 802.1x, authentication
Indicates the port name
This specifies the port authorization state. The possible field values are as follows:
Force-Authorized, the controlled port state is set to Force-Authorized (forward
Force-Unauthorized, the controlled port state is set to Force-Unauthorized
Permits immediate port re-authentication. The Setting Timer button opens the Setting Timer screen to configure ports for 802.1x functionality.
Figure 4-30 802.1x setting screen
traffic).
(discard traffic).
Setting Timer
- 83 –
On this screen, it includes port, re-authentication, resending EAP ….
(Refer to figure 4-31)
Figure 4-31 Setting Timer parameter screen
User’s Manual of WGSD-1022/WGSD-8000
The Page contains the following fields:
Quiet Period
Resending EAP
Max EAP Requests
Supplicant Timeout
Server Timeout
Specifies the number of seconds that the switch remains in the quiet state following a failed authentication exchange
(Range: 0-65535).
Specifies the number of seconds that the switch waits for a response to an EAP ­request/ identity frame, from the supplicant (client), before resending the requests.
Which the total amount of EAP requests sent. If a response is not received after the defined period, the authentication process is restarted.
The field default is 2 retries.
Which displays the number of seconds that lapses before EAP requests are resent to the supplicant (Range: 1-65535).
The field default is 30 seconds.
Which specifies the number of seconds that lapses before the switch resends a request to the authentication server (Range: 1-65535).
The field default is 30 seconds.

4.7.5 Port Security

Work security screen (see figure 4-32) can be increased by limiting access on a specific port only to users with specific MAC addresses. MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received
and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC
addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked.
When a packet is received on a locked port, and the packet source MAC address is not tied to that port (either it was learned on
a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options.
- 84 –
User’s Manual of WGSD-1022/WGSD-8000
Unauthorized packets arriving at a locked port are either:
Forwarded, Discarded with no trap, Discarded with a trap,Cause the port to be shut down.
Figure 4-32 Port Security screen
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be
restored after the device has been reset.
Disabled ports are activated from the Port Security page.
Interface
Lock In terface
Learning Mode
Where displays the port or LAG name
Which selecting this option locks the specified interface.
Where defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Interface Status field. The possible field values are:
Classic Lock, by which locks the port using the classic lock mechanism. The
port is immediately locked, regardless of the number of addresses that have already been learned.
Max Entries
Limited Dynamic Lock, which locks the port by deleting the current dynamic
MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.
Specifies the number of MAC addresses that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Interface Status field. In addition, the Limited Dynamic Lock mode is selected.
The default is 1.
- 85 –
User’s Manual of WGSD-1022/WGSD-8000
Action on Violation
Enable Trap
Trap Frequency
In order to change the Learning Mode, the Lock Interface must be set to unlocked. Once the mode is
#Note:
changed, the Lock Interface can be reinstated.
Where indicates the action to be applied to packets arriving on a locked port. The possible field values are:
Discard, which discards packets from any unlearned source. This is the
default value.
Forward Normal, forwards packets from an unknown source without learning
the MAC address.
Discard Disable, which discards packets from any unlearned source and
shuts down the port. The port remains shut down until reactivated, or until the device is reset.
This enables traps when a packet is received on a locked port.
Which the amount of time (in seconds) between traps. The default value is 10 seconds
- 86 –
User’s Manual of WGSD-1022/WGSD-8000

4.7.6 Multiple Hosts

The Multiple Hosts screen (see figure 4-33) allows network managers to configure advanced port-based authentication settings
for specific ports and VLANs.
The Page contains the following fields:
Port
Enable Multiple
Hosts
Action on Violation
Displays the port number for which advanced port-based authentication is enabled.
When checked, indicates that multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port.
This defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:
Discard, which discards the packets. This is the default value.
Forward, by which forwards the packet.
Discard Disable, discards the packets and shuts down the port. The ports
Figure 4-33 Multiple Hosts screen
remains shut down until reactivated, or until the device is reset.
Enable Traps
Trap Frequency
When checked, indicates that traps are enabled for Multiple Hosts
Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if multiple hosts are disabled.
The default is 10 seconds.
- 87 –
User’s Manual of WGSD-1022/WGSD-8000
Status
Where indicates the host status.

4.7.7 Storm control

A BroadcastStorm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to time out.
The system measures the incoming Broadcast and Multicast frame rate separately on each port, and discard frames when the rate exceeds a user-defined rate.
The Storm Control page provides fields for enabling and configuring Storm Control. The screen in Figure 4-34 appears.
The Page contains the following fields:
Port
Broadcast Control
Mode
Rate Threshold
Displays the port number for which storm control is enabled
This indicates whether broadcast packet types are forwarded on the specific interface.
By which specifies the Broadcast mode currently enabled on the device. The
possible field values are:
Unknown Unicast, Multicast & Broadcast, counts Unicast, Multicast, and
Multicast & Broadcast, counts Broadcast and Multicast traffic together.
Broadcast Only, counts only Broadcast traffic.
Where the maximum rate (packets per second) at which unknown packets are forwarded. The range is 70 -100000.
The default value is 3500.
Figure 4-34 Storm Control screen
Broadcast traffic.
- 88 –
User’s Manual of WGSD-1022/WGSD-8000

4.8 QoS

Network traffic is usually unpredictable, and the only basic assurance that can be offered is best effort traffic delivery. To
overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is
prioritized according to specified criteria, and that specific traffic receives preferential treatment.
And Cos Settings, Queue settings, Dscp Settings, Bandwidth, Basic Mode, Advanced mode are provided.

4.8.1 CoS Settings

The terms Class of Service (CoS) and QoS are used in the following:
CoS provides varying Layer 2 traffic services. CoS refers to classification of traffic to traffic-classes, which are handled as an aggregate whole, with no per-flow settings. CoS is usually related to the 802.1p service that classifies flows according to their
Layer 2 priority, as set in the VLAN header. QoS refers to Layer 2 traffic and above. QoS handles per-flow settings, even within a
single traffic class.
The CoS Settings screen (see figure 4-35) contains fields for enabling or disabling CoS. In addition, the Trust mode can be
selected. The Trust mode relies on predefined fields within the packet to determine the egress queue settings. (To configure the
Trust Mode, see 4.8.5.)
The CoS Settings screen has two areas, CoS Settings and CoS to Queue.
- 89 –
The Page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-35 CoS Settings screen
CoS Mode
Class of Service
Queue
The Restore Defaults button restores the device factory defaults for mapping CoS values to a forwarding queue.
CoS Default:
The Table contains the following fields:
Interface
This indicates if QoS is enabled on the interface. The possible values are:
Disable, disables QoS on the interface.
Basic, enables QoS on the interface.
Advanced, enables the Advanced Mode QoS on the interface.
Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest
Defines the traffic forwarding queue to which the CoS priority is mapped. Four traffic priority queues are supported
Interface to which the CoS configuration applies
Default CoS
Restore Defaults
LAG
Determines the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0
Restores the device factory defaults for mapping CoS values to a forwarding queue.
LAG to which the CoS configuration applies.

4.8.2 Queue Setting

The Queue Setting screen (see figure 4-36) contains fields for defining the QoS queue forwarding types.
- 90 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-36 Quere Setting screen
The page contains the following fields:
Strict Priority
WRR
Queue
WRR Weight
% of WRR
Bandwidth
This indicates that traffic scheduling for the selected queue is based strictly on the
queue priority.
This indicates that traffic scheduling for the selected queue is based strictly on the WRR.
Shows the queue for which the queue settings are displayed. The possible field range is 1 - 4.
Which displays the WRR weights to queues Default Rate 1:2:4:8
Displays the amount of bandwidth assigned to the queue.
These values are fixed and are not user- defined.
6.67%
13.33%
26.67%
53.33%

4.8.3 DSCP Settings

The DSCP Settings screen (see figure 4-37) enables mapping DSCP values to specific queues
- 91 –
Figure 4-37 DSCP Settings screen
User’s Manual of WGSD-1022/WGSD-8000
The DSCP Settings screen contains the following fields:
DSCP
Queue
.,.
Indicates the Differentiated Services Code Point value in the incoming packet.
Maps the DSCP value to the selected queue

4.8.4 Bandwidth

The Bandwidth screen (refer to figure 4-38) allows network managers to define the bandwidth settings for a specified egress
interface. Modifying queue scheduling affects the queue settings globally. The Bandwidth screen is not used with the Service
mode, as bandwidth settings are based on services.
- 92 –
Figure 4-38 Bandwidth screen
User’s Manual of WGSD-1022/WGSD-8000
Queue shaping can be based per queue and/or per interface. Shaping is determined by the lower specified value. The queue
shaping type is selected in the Bandwidth screen, include interface, port, LAG, Rate Limit, Ingress Rate Limit Status, Rate
Limit….
The page contains the following fields:
Interface
Ingress Rate Limit
Status
Rate Limit (62-1000000 Kbps)
Egress Shap ing Rate on Selected
Indicates the interface for which the queue shaping information is displayed. The possible field values are:
Port, indicates the port for which the bandwidth settings are displayed.
LAG, indicates the LAG for which the bandwidth settings are displayed.
which indicates if rate limiting is defined on the interface
Defines the amount of bandwidth assigned to the interface. The possible field values are 62-1000000 Kbps.
Indicates if rate limiting is enabled on the interface.
Port
Committed Information Rate (CIR)
Defines CIR as the queue shaping type. The possible field value is 64 - 1,000,000 Kbps.
- 93 –

4.8.5 Basic Mode

The Basic Mode screen (see figure 4-39) contains the following fields:
Figure 4-39 Basic Mode screen
User’s Manual of WGSD-1022/WGSD-8000
The page contains the following fields:
Trust Mode
Displays the trust mode. If a packet’s CoS tag and DSCP tag are mapped to different queues, the Trust Mode determines the queue to which the packet is assigned. Possible values are:
CoS, which sets trust mode to CoS on the device and the CoS mapping
DSCP, sets trust mode to the DSCP on the device. The DSCP mapping

4.8.6 Advanced Mode

determined the packet queue.
determines the packet queue.
Advanced QoS mode (see figure 4-40) provides rules for specifying flow classification and assigning rule actions that relate to bandwidth management. The rules are based on the Access Control Lists (see Access Control Tab)
- 94 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-40 Advance Mode screen
MAC A CL s and IP ACLs can be grouped together in more complex structures, called policies. Policies can be applied to an
interface. Policy ACLs are applied in the sequence they appear within the policy. Only a single policy can be attached to a port.
In advanced QoS mode, ACLs can be applied directly to an interface in the Security -ACL Binding. However, a policy and ACL
cannot be simultaneously applied to an interface.
After assigning packets to a specific queue, services such as configuring output queues for the scheduling scheme, or
configuring output shaping for burst size, CIR, or CBS per interface or per queue, can be applied.
Out of Profile DSCP Assignments, this button opens up the DSCP Map screen. (see figure 4-41):
- 95 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-41 Out of Profile DSCP Assignments screen
The page contains the following fields:
DSCP In
DSCP Out
The Policy Settings button opens the Policy Name screen (see figure 4-42):
This displays the DSCP In value. The value is form 0-63.
This displays the current DSCP out value. A new value can be selected from the pull-down menu
Figure 4-42 Policy Settings screen
- 96 –
The page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Policy Name
Add to List
Select Policy
New Policy Name
Class Map
defines a new Policy name
this button will add the policy to the Policy Name table
which selects an existing Policy by name
which defines a new Policy name
where selects an existing Class Map by name
- 97 –
User’s Manual of WGSD-1022/WGSD-8000
Class Map setting
New Class Map, by which the New Class Map button opens the New Class Map screen (see figure 4-33)
The page contains the following fields:
Class Map Name
Preferred ACL
IP ACL
Match
defines a new Class Map name
which indicates if packets are first matched to an IP based ACL or a MAC based ACL, the possible field values are:
Matches packets to IP based ACLs first, and then matches packets to MAC based ACLs.
Criteria used to match IP addresses and /or MAC addresses with an ACL’s address. The possible field values are:
Figure 4-43 Class Map Settings screen
IP Based ACLs, matches packets to IP based ACLs first, then matches
packets to MAC based ACLs.
MAC Based ACLs, matches packets to MAC based ACLs first, then matches
packets to IP based ACLs.
And, both the MAC-based and the IP-based ACL must match a packet.
Or, either the MAC-based or the IP-based ACL must match a packet.
MAC ACL
Matches packets to MAC based ACLs and to IP based ACLs
- 98 –
User’s Manual of WGSD-1022/WGSD-8000
Aggregate Policer, where user-defined aggregate policers. The Aggregate Policer button opens the New Aggregate Policer
screen. Aggregate Policer Setting
New Aggregate Policer screen (see figure 4-44):
The page contains the following fields:
Aggregat e Policer Name
Ingress Committed Information Rate (CIR)
Ingress Committed Burst Size (CBS)
Exceed Action
Where enter a name in this field.
This defines the CIR in bits per second. This field is only relevant when the Police value is Single.
This defines the CBS in bytes per second. This field is only relevant when the Police value is Single.
Action assigned to incoming packets exceeding the CIR.
This field is only relevant when the Police value is Single. Possible values are:
Drop, which drops packets exceeding the defined CIR value.
Figure 4-44 Aggregate Policer Settings screen
Remark DSCP, where remarks packet’s DSCP values exceeding the defined
CIR value.
None, forwarding packets exceeding the defined CIR value.
- 99 –
User’s Manual of WGSD-1022/WGSD-8000

4.9. Spanning Tree

Theory of Spanning Tree Protocol
The IEEE 802.1D Spanning Tree Protocol and IEEE 802.1W Rapid Spanning Tree Protocol allow for the blocking of links
between switches that form loops within the network. When multiple links between switches are detected, a primary link is
established. Duplicated links are blocked from use and become standby links. The protocol allows for the duplicate links to be
used in the event of a failure of the primary link. Once the Spanning Tree Protocol is configured and enabled, primary links are
established and duplicated links are blocked automatically. The reactivation of the blocked links (at the time of a primary link
failure) is also accomplished automatically without operator intervention.
This automatic network reconfiguration provides maximum uptime to network users. However, the concepts of the Spanning
Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood. It is possible
to cause serious degradation of the performance of the network if the Spanning Tree is incorrectly configured. Please read the
following before making any changes from the default values.
The Switch STP performs the following functions:
Creates a single spanning tree from any combination of switching or bridging elements.
Creates multiple spanning trees – from any combination of ports contained within a single switch, in user specified groups.
Automatically reconfigures the spanning tree to compensate for the failure, addition, or removal of any element in the tree.
Reconfigures the spanning tree without operator intervention.
Bridge Protocol Data Units
For STP to arrive at a stable network topology, the following information is used:
The unique switch identifier
The path cost to the root associated with each switch port
The por tidentifier
STP communicates between switches on the network using Bridge Protocol Data Units (BPDUs). Each BPDU contains the
following information:
The unique identifier of the switch that the transmitting switch currently believes is the root switch
The path cost to the root from the transmitting port
The port identifier of the transmitting port
The switch sends BPDUs to communicate and construct the spanning-tree topology. All switches connected to the LAN on
which the packet is transmitted will receive the BPDU. BPDUs are not directly forwarded by the switch, but the receiving switch
uses the information in the frame to calculate a BPDU, and, if the topology changes, initiates a BPDU transmission.
The communication between switches via BPDUs results in the following:
One switch is elected as the root switch
The shortest distance to the root switch is calculated for each switch
A designated switch is selected. This is the switch closest to the root switch through which packets will be forwarded to the
root.
A port for each switch is selected. This is the port providing the best path from the switch to the root switch.
Ports included in the STP are selected.
Creating a Stable STP Topology
- 100 –
Loading...