How to Use This Manual......................................................................................................................................................14
2.1.2 Switch Front Panel ..............................................................................................................................................18
2.1.3 LED Indications ...................................................................................................................................................19
2.2 Install the Switch............................................................................................................................................................20
3.1.2 Direct Access.......................................................................................................................................................25
3.2 Web Management .........................................................................................................................................................26
4. Web Configuration ..................................................................................................................................................................28
4.1 Main Screen...................................................................................................................................................................30
4.3 Port Configuration..........................................................................................................................................................36
4.3.1 Port settings.........................................................................................................................................................36
4.3.2 Link Aggregation..................................................................................................................................................40
4.4.2 Port setting ..........................................................................................................................................................45
4.4.3 Ports to VLAN......................................................................................................................................................46
- 3 –
User’s Manual of WGSD-1022/WGSD-8000
4.4.4 VLAN to Ports......................................................................................................................................................47
4.5.2 RMON History .....................................................................................................................................................53
4.5.5 Port Utilization .....................................................................................................................................................60
4.6.1 IP Based ACL ......................................................................................................................................................64
4.6.2 IP Based ACL Configure Sample.........................................................................................................................66
4.6.3 MAC Based ACL..................................................................................................................................................70
4.6.4 MAC Based ACL Configure Sample ....................................................................................................................71
4.7.5 Port Security ........................................................................................................................................................84
4.7.7 Storm control .......................................................................................................................................................88
4.8.1 CoS Settings........................................................................................................................................................89
4.9.2 The Global STP .................................................................................................................................................108
4.9.3 STP Port Settings ..............................................................................................................................................109
4.9.4 RSTP Port settings ............................................................................................................................................ 111
4.11.1 Global Parameters...........................................................................................................................................125
4.11.3 Group Profile....................................................................................................................................................128
4.11.4 Group Membership ..........................................................................................................................................129
4.12.1 User Authentication .........................................................................................................................................137
4.12.5 Port Mirroring...................................................................................................................................................143
4.12.7 Save Configuration ..........................................................................................................................................144
4.12.11 Server Logs ...................................................................................................................................................149
5.1 Connect to PC’s RS-232 serial port .............................................................................................................................153
5.2 Using the CLI...............................................................................................................................................................153
5.2.2 Starting the CLI..................................................................................................................................................156
5.2.3 Editing Features ................................................................................................................................................157
5.3.5 ip http authentication .........................................................................................................................................164
5.3.6 ip https authentication........................................................................................................................................165
5.3.7 show authentication methods ............................................................................................................................166
5.3.11 show users accounts .......................................................................................................................................168
5.4.11 port security .....................................................................................................................................................176
5.4.12 port security routed secure-address ................................................................................................................177
5.4.13 show bridge address-table...............................................................................................................................178
5.4.14 show bridge address-table static .....................................................................................................................179
5.4.15 show bridge address-table count.....................................................................................................................179
5.4.16 show bridge multicast address-table................................................................................................................180
5.4.17 show bridge multicast filtering..........................................................................................................................181
5.4.18 show ports security..........................................................................................................................................182
5.5.15 show clock .......................................................................................................................................................193
5.5.16 show sntp configuration...................................................................................................................................193
5.5.17 show sntp status..............................................................................................................................................194
5.6 Configuration and Image Files .....................................................................................................................................195
5.6.4 show startup-config............................................................................................................................................199
5.7.2 interface range ethernet.....................................................................................................................................201
5.7.11 port jumbo-frame..............................................................................................................................................207
5.7.13 set interface active...........................................................................................................................................208
5.7.14 show interfaces configuration ..........................................................................................................................209
5.7.15 show interfaces status .....................................................................................................................................210
5.7.16 show interfaces description .............................................................................................................................212
5.7.17 show interfaces counters.................................................................................................................................212
5.7.18 show ports jumbo-frame ..................................................................................................................................215
5.7.20 port storm-control broadcast enable ................................................................................................................216
5.7.21 port storm-control broadcast rate.....................................................................................................................216
5.7.22 show ports storm-control .................................................................................................................................217
5.8.8 show gvrp configuration.....................................................................................................................................222
5.8.9 show gvrp statistics............................................................................................................................................223
5.8.10 show gvrp error-statistics.................................................................................................................................224
5.9.1 ip igmp snooping (Global)..................................................................................................................................225
5.9.2 ip igmp snooping (Interface) ..............................................................................................................................225
5.9.3 ip igmp snooping mrouter ..................................................................................................................................226
5.9.4 ip igmp snooping host-time-out..........................................................................................................................226
5.9.5 ip igmp snooping mrouter-time-out ....................................................................................................................227
- 7 –
User’s Manual of WGSD-1022/WGSD-8000
5.9.6 ip igmp snooping leave-time-out........................................................................................................................228
5.9.7 show ip igmp snooping mrouter.........................................................................................................................228
5.9.8 show ip igmp snooping interface .......................................................................................................................229
5.9.9 show ip igmp snooping groups ..........................................................................................................................230
5.10 IP Addressing Commands .........................................................................................................................................231
5.10.1 ip address ........................................................................................................................................................231
5.10.2 ip address dhcp ...............................................................................................................................................231
5.10.3 ip default-gateway ...........................................................................................................................................232
5.10.4 show ip interface..............................................................................................................................................233
5.10.8 show arp..........................................................................................................................................................235
5.11.4 show lacp ethernet...........................................................................................................................................238
5.11.5 show lacp port-channel ....................................................................................................................................239
5.12 Line Commands.........................................................................................................................................................240
5.12.4 show line..........................................................................................................................................................241
5.13.5 show management access-list.........................................................................................................................246
User Guidelines ..........................................................................................................................................................246
5.13.6 show management access-class.....................................................................................................................247
5.14.1 test copper-port tdr ..........................................................................................................................................247
5.14.2 show copper-ports tdr......................................................................................................................................248
5.14.3 show copper-ports cable-length.......................................................................................................................249
5.14.4 show fiber-ports optical-transceiver .................................................................................................................249
5.15 Port Channel Commands ..........................................................................................................................................251
5.15.2 interface range port-channel............................................................................................................................252
5.15.4 show interfaces port-channel...........................................................................................................................253
5.16 Port Monitor Commands............................................................................................................................................254
5.16.1 port monitor .....................................................................................................................................................254
5.16.2 show ports monitor ..........................................................................................................................................255
5.17.2 show qos .........................................................................................................................................................257
5.17.5 priority-queue out num-of-queues....................................................................................................................260
5.17.6 show qos interface...........................................................................................................................................260
5.17.10 qos cos ..........................................................................................................................................................265
5.17.11 qos cos override.............................................................................................................................................266
5.17.12 show qos map ...............................................................................................................................................267
5.18.7 show radius-servers ........................................................................................................................................273
5.19.1 show rmon statistics ........................................................................................................................................274
5.19.3 show rmon collection history............................................................................................................................276
5.19.4 show rmon history ...........................................................................................................................................277
5.19.6 show rmon alarm-table ....................................................................................................................................281
5.19.7 show rmon alarm .............................................................................................................................................282
5.19.9 show rmon events............................................................................................................................................285
5.19.10 show rmon log ...............................................................................................................................................286
5.20.1 snmp-server community ..................................................................................................................................288
5.20.8 show snmp ......................................................................................................................................................293
5.21.15 show spanning-tree .......................................................................................................................................303
5.22 SSH and SLOGIN Commands...................................................................................................................................305
5.22.1 ip ssh port ........................................................................................................................................................305
5.22.2 ip ssh server ....................................................................................................................................................306
5.22.5 ip ssh pubkey-auth ..........................................................................................................................................308
5.22.9 show ip ssh......................................................................................................................................................311
5.22.10 show crypto key mypubkey............................................................................................................................312
5.22.11 show crypto key pubkey-chain ssh ................................................................................................................312
5.23 System Management.................................................................................................................................................313
5.23.7 show users ......................................................................................................................................................321
5.23.8 show sessions .................................................................................................................................................322
5.23.9 show system....................................................................................................................................................323
5.23.10 show version..................................................................................................................................................324
5.24.1 logging on ........................................................................................................................................................324
5.24.9 show logging....................................................................................................................................................330
5.24.10 show logging file ............................................................................................................................................331
5.24.11 show syslog-servers ......................................................................................................................................332
5.25.5 show tacacs.....................................................................................................................................................336
5.26 User Interface Commands.........................................................................................................................................337
5.26.7 end ..................................................................................................................................................................340
5.26.10 history size.....................................................................................................................................................342
5.26.12 show history...................................................................................................................................................342
5.26.13 show privilege................................................................................................................................................343
5.27.5 interface range vlan .........................................................................................................................................346
5.27.11 switchport general allowed vlan .....................................................................................................................350
5.27.12 switchport general pvid..................................................................................................................................351
5.27.13 switchport general ingress-filtering disable ....................................................................................................352
5.27.14 switchport general acceptable-frame-type taggedonly...................................................................................352
5.27.17 switchport general map protocols-group vlan ................................................................................................355
5.27.18 ip internal-usage-vlan ....................................................................................................................................355
5.27.19 show vlan.......................................................................................................................................................356
5.27.20 show vlan internal usage ...............................................................................................................................357
5.27.22 show interfaces switchport.............................................................................................................................357
5.28 Web Server Commands.............................................................................................................................................359
5.28.1 ip http server....................................................................................................................................................359
5.28.2 ip http port........................................................................................................................................................359
5.28.3 ip https server ..................................................................................................................................................360
5.28.4 ip https port......................................................................................................................................................361
5.28.6 show ip http .....................................................................................................................................................362
5.28.7 show ip https....................................................................................................................................................362
5.29.12 show dot1x ....................................................................................................................................................370
5.29.13 show dot1x users...........................................................................................................................................372
- 12 –
User’s Manual of WGSD-1022/WGSD-8000
5.29.14 show dot1x statistics......................................................................................................................................374
5.29.19 show dot1x advanced....................................................................................................................................377
A.3 Available Modules .......................................................................................................................................................382
- 13 –
User’s Manual of WGSD-1022/WGSD-8000
1. INTRODUCTION
Thank you for purchasing PLANET Desktop Managed Switch- WGSD-1022 and WGSD-8000. If any of these are missing or
damaged, please contact your dealer immediately, if possible, retain the carton including the original packing material, and use
them against to repack the product in case there is a need to return it to us for repair.
Package Contents
Check the contents of your package for following parts:
• The WGSD Managed Switch x1
• CD-ROM user's manual x1
• Quick installation guide x1
• 19" rack mounting kit x1
• AC adapter x1
• RS-232 console cable x 1
• Rubber feet x 4
How to Use This Manual
This User Manual is structured as follows:
•Section 2, Installation
The section explains the functions of the Switch and how to physically install the Switch.
•Section 3, Configuration
The section contains the information about the software function of the Switch.
•Section 4, Web Configuration
The section explains how to manage the switch by Web interface.
•Section 5, COMMAND STRUCTURE
The section explains how to manage the switch by Console interface..
•Appendex A
The section contains cable information of the Switch.
In the following section, terms "Switch" with upper case denotes the WGSD-1022/WGSD-8000 Managed Ethernet switch.
Terms with lower case "switch" means other Ethernet switch devices.
- 14 –
User’s Manual of WGSD-1022/WGSD-8000
Product Feature
¾Physical Port
WGSD-1022
8-Port 10/100Base-TX RJ-45
2 10/100/1000Base-T RJ-45
2 SFP slots, shared with Port-9(g1) and Port-10(g2)
Console interface for Switch basic management and setup
WGSD-8000
8-Port 10/100/1000Base-T RJ-45
2 SFP slots, shared with Port-7 and Port-8
Console interface for Switch basic management and setup
¾ Layer 2 Features
Complies with the IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.3z Gigabit Ethernet standard
Supports Auto-negotiation and half duplex/full duplex modes for all 10Base-T/100Base-TX and 1000Base-T ports.
Auto-MDI/MDI-X detection on each RJ-45 port
Prevents packet loss with back pressure (Half-Duplex) and IEEE 802.3x PAUSE frame flow control (Full-Duplex)
High performance Store and Forward architecture, broadcast storm control, runt/CRC filtering eliminates erroneous
packets to optimize the network bandwidth
8K MAC address table, automatic source address learning and ageing
1Mbit embedded memory for packet buffers
Supports IEEE 802.1Q Tagged based VLAN
GVRP protocol for VLAN Management
Support up to 4 Trunk groups, each trunk for up to maximum 4 port with 800Mbps bandwidth(Duplex Mode)
IEEE802.1d, IEEE802.1w, classic Spanning Tree Algorithm or Rapid Spanning Tree support
Supports the IEEE 802.1s specification for multiple spanning trees on a single port (spanning tree per VLAN).
¾ Quality of Service
4 priority queues on all switch ports.
Support for strict priority and weighted round robin (WRR) CoS policies
Support QoS and bandwidth control on each port
Traffic-policing policies on the switch port
¾ Multicast
Support IGMP Snooping v1 and v2
Port Mirroring to monitor the incoming or outgoing traffic on a particular port
¾ Security
802.1x Port-Based Authentication
IP-Based Access Control List (ACL)
MAC-Based Access Control List
Port Security
¾ Management
- 15 –
User’s Manual of WGSD-1022/WGSD-8000
WEB-Based, Telnet, Console Command Line management
SSH( Secure Shell), SSL
Access through SNMPv1,v2c and v3 security set and get requests.
Four groups (history, statistics, alarms, and events) of embedded remote monitoring (RMON) agents for network
monitoring and traffic analysis
Built-in Trivial File Transfer Protocol (TFTP) client
Virtual Cable Test (VCT) technology provides the mechanism to detect and report potential cabling issues, such as
cable opens, cable shorts, etc. on Copper Links
EMI standards comply with FCC, CE class A, WEEE RoHS
Lights to indicate the link through that port is successfully established.
Blink: indicate that the switch is actively sending or receiving data over that port.
Lights to indicate the port is running in 100Mbps speed.
Off: indicate that the port is operating at 10Mbps.
Lights to indicate the link through that port is successfully established.
LNK/ACT
Green
Blink: indicate that the switch is actively sending or receiving data over that port.
Lights to indicate the port is running in 1000Mbps speed.
1000
Orange
Off: indicate that the port is operating at 10Mbps or 100Mbps.
2.1.4 Switch Rear Panel
Figure 2-3 and Figure 2-4 shows the rear panel of the switches
Figure 2-3 WGSD-1022 rear panel
- 19 –
User’s Manual of WGSD-1022/WGSD-8000
2.0A
Figure 2-4 WGSD-8000 rear panel
Power Notice:
1. The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the
time, please consider using UPS (Uninterrupted Power Supply) for your device. It will prevent you from network data
loss or network downtime.
2. In some area, installing a surge suppression device may also help to protect your switch from being damaged by
unregulated surge or current to the Switch or the power adapter.
2.2 Install the Switch
This section describes how to install the Ethernet Switch and make connections to it. Please read the following topics and
perform the procedures in the order being presented.
2.2.1 Desktop Installation
To install the Switch on desktop or shelf, please follows these steps:
Step1: Attach the rubber feet to the recessed areas on the bottom of the switch.
Step2: Place the switch on the desktop or the shelf near an AC power source.
Step3: Keep enough ventilation space between the switch and the surrounding objects.
When choosing a location, please keep in mind the environmental restrictions discussed in Chapter
#Note:
Step4:Connect the Switch to network devices
A. Connect one end of a standard network cable to the 10/100 RJ-45 ports or Gigabit RJ-45 / SFP mini-GBIC slot on the
front of the Switch
1, Section 4, and Specification.
B. Connect the other end of the cable to the network devices such as printer servers, workstations or routers…etc.
Connection to the Switch requires UTP Category 5 network cabling with RJ-45 tips. For more
#Note:
Step5:Supply power to the switch.
A. Connect one end of the power cable to the switch.
B. Connect the power plug of the power cable to a standard wall outlet.
When the switch receives power, the Power LED should remain solid Green.
information, please see the Cabling Specification in Appendix A.
- 20 –
User’s Manual of WGSD-1022/WGSD-8000
2.2.2 Rack Mounting
To install the switch in a 19-inch standard rack, please follows the instructions described below.
Step1: Place the switch on a hard flat surface, with the front panel positioned towards the front side.
Step2: Attach the rack-mount bracket to each side of the switch with supplied screws attached to the package. Figure 2-5 shows
how to attach brackets to one side of the switch.
Figure 2-5 Attach brackets to the switch.
Caution:
You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws
would invalidate the warranty.
Step3: Secure the brackets tightly.
Step4: Follow the same steps to attach the second bracket to the opposite side.
Step5: After the brackets are attached to the Switch, use suitable screws to securely attach the brackets to the rack, as shown in
Figure 2-6
Figure 2-6 Mounting the Switch in a Rack
- 21 –
User’s Manual of WGSD-1022/WGSD-8000
Step6: Proceeds with the steps 4 and steps 5 of session 2.2.1 Desktop Installation to connect the network cabling and supply
power to the switch.
2.2.3 Installing the SFP transceiver
The sections describe how to insert an SFP transceiver into an SFP slot.
The SFP transceivers are hot-pluggable and hot-swappable. You can plug-in and out the transceiver to/from any SFP port
without having to power down the Switch. As the Figure 2-7 appears.
Figure 2-7 Plug-in the SFP transceiver
Approved PLANET SFP Transceivers
PLANET WGSD-Switch support both single mode and multi mode SFP transceiver. The following list of approved PLANET SFP
transceivers is correct at the time of publication:
■MGB-SX SFP (1000BASE-SX SFP transceiver )
■MGB-LX SFP (1000BASE-LX SFP transceiver )
It recommends using PLANET SFPs on the Switch. If you insert a SFP transceiver that is not
#Note:
Before connect the other switches, workstation or Media Converter.
1. Make sure both side of the SFP transfer are with the same media type, for example: 1000Base-SX to 1000Base-SX,
1000Bas-LX to 1000Base-LX.
supported, the Switch will not recognize it.
2. Check the fiber-optic cable type match the SFP transfer model.
¾ To connect to 1000Base-SX SFP transfer, use the multi-mode fiber cable- with one side must be male duplex LC
connector type.
¾ To connect to 1000Base-LX SFP transfer, use the single-mode fiber cable-with one side must be male duplex LC
connector type.
Connect the fiber cable
- 22 –
User’s Manual of WGSD-1022/WGSD-8000
1. Attach the duplex LC connector on the network cable into the SFP transceiver.
2. Connect the other end of the cable to a device – switches with SFP installed, fiber NIC on a workstation or a Media
Converter..
3. Check the LNK/ACT LED of the SFP slot on the front of the Switch. Ensure that the SFP transceiver is operating correctly.
4. Check the Link mode of the SFP port if the link failed. Co works with some fiber-NICs or Media Converters, set the Link
mode to “1000 Force” is needed.
Remove the transceiver module
1. Make sure there is no network activity by consult or check with the network administrator. Or through the management
interface of the switch/converter (if available) to disable the port in advance.
2. Remove the Fiber Optic Cable gently.
3. Turn the handle of the MGB/MFB module to horizontal.
4. Pull out the module gently through the handle.
Figure 2-8 Pull Out the SFP transceiver
Never pull out the module without pull the handle or the push bolts on the module. Direct pull out the
#Note:
module with violent could damage the module and SFP module slot of the device.
- 23 –
User’s Manual of WGSD-1022/WGSD-8000
3. CONFIGURATION
This chapter explains the methods that you can use to configure management access to the switch. It describes the types of
management applications and the communication and management protocols that deliver data between your management
device (work-station or personal computer) and the system. It also contains information about port connection options.
This chapter covers the following topics:
Management Access Overview
Key Concepts
Key Guidelines for Implementation
Administration Console Access
Web Management Access
SNMP Access
Standards, Protocols, and Related Reading
3.1 Management Access Overview
The switch gives you the flexibility to access and manage the switch using any or all of the following methods:
An administration console
Web browser interface
An external SNMP-based network management application
The administration console and Web browser interface support are embedded in the switch software and are available for
immediate use. Each of these management methods has their own advantages. Table 3-1 compares the three management
methods.
Method Advantages Disadvantages
Console
‧No IP address or subnet needed
‧Text-based
‧Telnet functionality and HyperTerminal built into
Windows 95/98/NT/2000/ME/XP operating
systems
‧Must be near switch or use dial-up connection
‧Not convenient for remote users
‧Modem connection may prove to be unreliable
or slow
Web
Browser
SNMP
Agent
‧Secure
‧Ideal for configuring the switch remotely
‧Compatible with all popular browsers
‧Can be accessed from any location
‧Most visually appealing
‧Communicates with switch functions at the MIB
level
‧Based on open standards
- 24 –
‧Security can be compromised (hackers need
only know the IP address and subnet mask)
‧May encounter lag times on poor connections
‧Requires SNMP manager software
‧Least visually appealing of all three methods
‧Some settings require calculations
User’s Manual of WGSD-1022/WGSD-8000
‧Security can be compromised (hackers need
only know the community name)
Table 3-1 Management Methods Comparison
3.1.1 Administration Console
The administration console is an internal, character-oriented, and command line user interface for performing system
administration such as displaying statistics or changing option settings. Using this method, you can view the administration
console from a terminal, personal computer, Apple Macintosh, or workstation connected to the switch's console (serial) port.
There are two ways to use this management method: via direct access or modem port access. The following sections describe
these methods. For more information about using the console, refer to Chapter 5 Command Line Interface Console
Management.
3.1.2 Direct Access
Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a
terminal-emulation program (such as HyperTerminal) to the switch console (serial) port.
When using this management method, a null-modem cable is required to connect the switch to the PC. After making this
connection, configure the terminal-emulation program to use the following parameters:
The default parameters are:
384,00 bps
8 data bits
No parity
1 stop bit
You can change these settings, if desired, after you log on. This management method is often preferred because you can
remain connected and monitor the system during system reboots. Also, certain error messages are sent to the serial port,
regardless of the interface through which the associated action was initiated. A Macintosh or PC attachment can use any
terminal-emulation program for connecting to the terminal serial port. A workstation attachment under UNIX can use an emulator
such as TIP.
- 25 –
User’s Manual of WGSD-1022/WGSD-8000
3.2 Web Management
The switch provides a browser interface that lets you configure and manage the switch remotely. After you set up your IP
address for the switch, you can access the switch's Web interface applications directly in your Web browser by entering the IP
address of the switch. You can then use your Web browser to list and manage switch configuration parameters from one central
location, just as if you were directly connected to the switch's console port.
Web Management requires either Microsoft Internet Explorer 4.01 or later or Netscape Navigator 4.03 or later.
3.3 SNMP-Based Network Management
You can use an external SNMP-based application to configure and manage the switch. This management method requires the
SNMP agent on the switch and the SNMP Network Management Station to use the same community string. This management
method, in fact, uses two community strings: the get community string and the set community string. If the SNMP Net-work
management Station only knows the set community string, it can read and write to the MIBs. However, if it only knows the get
community string, it can only read MIBs. The default gets and sets community strings for the switch are public.
3.4 Protocols
The switch supports the following protocols:
Virtual terminal protocols, such as Telnet
Simple Network Management Protocol (SNMP)
3.4.1 Virtual Terminal Protocols
A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a
Macintosh, a PC, or a UNIX workstation. Because Telnet runs over TCP/IP, you must have at least one IP address configured on
the switch before you can establish access to it with a virtual terminal protocol.
Terminal emulation differs from a virtual terminal protocol in that you must connect a terminal directly
#Note:
to the console (serial) port.
3.4.2 SNMP Protocol
Simple Network Management Protocol (SNMP) is the standard management protocol for multi-vendor IP networks. SNMP
supports transaction-based queries that allow the protocol to format messages and to transmit information between reporting
devices and data-collection programs. SNMP runs on top of the User Datagram Protocol (UDP), offering a connectionless-mode
service.
- 26 –
User’s Manual of WGSD-1022/WGSD-8000
3.4.3 Management Architecture
All of the management application modules use the same Messaging Application Programming Interface (MAPI). By unifying
management methods with a single MAPI, configuration parameters set using one method (console port, for example) are
immediately displayable by the other management methods (for example, SNMP agent of Web browser).
The management architecture of the switch adheres to the IEEE open standard. This compliance assures customers that the
switch is compatible with, and will interoperate with other solutions that adhere to the same open standard.
- 27 –
User’s Manual of WGSD-1022/WGSD-8000
4. Web Configuration
The WGSD-1022 can be configured through an Ethernet connection, make sure the manager PC must be set on same the IP
subnet address with the switch. For example, if you have changed the default IP address of the Switch to 192.168.1.1 with
subnet mask 255.255.255.0 via console, then the manager PC should be set at 192.168.1.x (where x is a number between 1
and 253) with subnet mask 255.255.255.0. Or you can use the factory default IP address 192.168.1.254 to do the relative
configuration on manager PC. The sceen in Figure 4-1 appears.
Figure 4-1 Web Management via ethernet
1. Logging on the switch
1. Use Internet Explorer 5.0 or above Web browser. Enter the factory-default IP address to access the Web interface. The
factory-default IP Address as following:
http://192.168.1.254
2. When the following login screen appears, the system will ask you to enter the username and password.
Default User name: admin
Default Password: admin
The login screen in Figure 4-2 appears.
- 28 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-2 WGSD-Switch Web Login screen
3. After entering the username and password, the main screen appears as Figure 4-3.
Figure 4-3 Web Main Screen of WGSD-Switch
Now, you can use the Web management interface to continue the switch management or manage the switch by console
interface.
#Note:
It is recommended to use Internet Explore 6.0 or above to access WGSD-Switch.
- 29 –
User’s Manual of WGSD-1022/WGSD-8000
4.1 Main Screen
The Switch provides a Web-based browser interface for configuring and managing the Switch. This interface allows you to
access the switch using the Web browser of your choice. This chapter describes how to use the switch’s Web browser interface
to con-figure and manage the switch.
Description
Main Functions Menu Sub Menu
Port Link Status
Main Screen
Figure 4-1
Via the Web-Management, the administrator can setup the WGSD-Switch by select the functions those listed in the Main
The summary screen provides Device and System Information about the Switch.
Figure 4-3 System Summary screen
The page contains the following informations:
Device Information
• System Name
• IP Address
• Subnet Mask
Display your system name
Display the current IP address of the device
Display the subnet mask setting of the device
- 31 –
User’s Manual of WGSD-1022/WGSD-8000
• DNS Servers
• Default Gateway
• Address Mode
• Base MAC Address
System Information
• Serial Number
• Model Name
• Hardware Version
• Boot Version
Display the current DNS Servers, no matter by manual setting or assigned by
the DHCP server
Display the current default gateway setting
Show the IP Address mode of the system – By Static or Dynamic (DHCP)
The MAC address of the Switch displays here
The unique box serial number for this switch
The product name of this switch
The release version maintenance number of the hardware
The version of boot system currently running on the switch
• Firmware Version
• System Location
• System Con tact
• System Up Time
• Current Time
The operating system currently running on the switch
Display where the Switch is located
Display the administrative contact person
The time in days, hours and minutes since the last switch reboot
Specifies the time and date. The format is hour, minute, second, month, day,
year
4.2.2 Network Settings
The Basic Setup Table include the Network Settings (see figure 4-3), which allows you to assign DHCP or static IP settings to
interfaces and assign default gateways.
In the Networking Setting screen, you can set these parts as below:
- 32 –
User’s Manual of WGSD-1022/WGSD-8000
The page includes the following fields:
Identification:
• System Name
• System Location
• System Con tact
• System Object ID
• Base MAC Address
IP Configuration:
Type your system name
Type where the Switch is located
Enter the administrative contact person
Tthe system object identifier is in this field
The MAC address of the Switch displays here
Figure 4-4 Network Setting screen
• Management VLAN
• IP Address Mode
• Host Name
• IP Address
Where you can select the Management VLAN.
The default Managemanet VLAN is VLAN 1
Where select Static or Dynamic IP address configuration.
The Default Mode is Static
In this field you can enter the DHCP Host Name
Enter the IP address when you want to use a static address.
The default IP Address is 192.168.1.254
- 33 –
User’s Manual of WGSD-1022/WGSD-8000
• Subnet Mask
• Deafau lt Gateway
• DNS Ser ver
Enter the IP subnet mask for the interface.
The factory default value is 255.255.255.0
Enter the default gateway for the IP interface.
The factory default value is 0.0.0.0
Enter the IP Address of the DNS Server. The Domain Name System (DNS)
converts user-defined domain names into IP addresses.
4.2.3 Time
In the Basic Setup Table, you can see the Time Setup (see figure 4-5), by which you can configure the time settings for the
Switch.
You can select SNTP Servers: Server1 for the primary SNTP server and Server2 for the secondary SNTP server.
Figure 4-5 Time screen
The Time page includes the following fields:
Set Time
• Use System Time
• Use SNTP Time
Local Time
Specifies that the system time is not set by an external source but the Local time
settings.
Specifies that the system time is set via an SNTP server
- 34 –
User’s Manual of WGSD-1022/WGSD-8000
• Hours / Minuntes /
Seconds
• Month / Day / Year
• Time Zone
Daylight Saving
•Daylight Saving
Defines the system time. The field format is HH:MM:SS, for example, 21:15:03.
Defines the system date. The field format is Day:Month:Year, for example, 04 May
2050.
The difference between Greenwich Mean Time (GMT) and local time. For example,
the Time Zone Offset for Paris is GMT +1, while the local time in Taipei is GTM +8.
Enables the Daylight Savings Time (DST) on the device based on the devices
location. The possible field values are:
•USA -- The device switches to DST at 2 a.m. on the first Sunday of April, and
reverts to standard time at 2 a.m. on the last Sunday of October.
•European -- The device switches to DST at 1:00 am on the last Sunday in
March and reverts to standard time at 1:00 am on the last Sunday in October.
The European option applies to EU members, and other European countries
using the EU standard.
•Other -- The DST definitions are user-defined based on the device locality. If
Other is selected, the From and To fields must be defined.
• Time Set Offset
• From
• To
For non USA and European countries, the amount of time for DST can be set in
minutes. The value range is (1-1440).
The default time is 60 minutes.
Defines the time that DST begins in countries other than USA or Europe, in the
format DayMonthYear in one field and time in another. For example, DST begins on
the 25th October 2007 5:00 am, the two fields will be 25Oct07 and 5:00. The
possible field values are:
• Date -- The date at which DST begins. The possible field range is 1-31.
• Month -- The month of the year in which DST begins. The possible field range
is Jan-Dec.
• Year-- The year in which the configured DST begins.
• Time -- The time at which DST begins. The field format is Hour:Minute, for
example, 05:30.
Defines the time that DST ends in countries other than USA or European in the
format DayMonthYear in one field and time in another. For example, DST ends on
the 23rd March 2008 12:00 am, the two fields will be 23Mar08 and 12:00. The
possible field values are:
• Date -- The date at which DST ends. The possible field range is 1-31.
• Month -- The month of the year in which DST ends. The possible field range
is Jan-Dec.
• Year-- The year in which the configured DST ends.
• Time -- The time at which DST starts. The field format is Hour:Minute, for
example, 05:30.
• Recurring
• From
Defines the time that DST starts in countries other than USA or Europe where the
DST is constant year to year. The possible field values are:
Defines the time that DST begins each year. For example, DST begins locally every
second Sunday in April at 5:00 am. The possible field values are:
•Day -- The day of the week from which DST begins every year. The possible
field range is Sunday-Saturday.
•Week -- The week within the month from which DST begins every year. The
- 35 –
User’s Manual of WGSD-1022/WGSD-8000
possible field range is 1-5.
•Month -- The month of the year in which DST begins every year. The possible
field range is Jan.-Dec.
•Time -- The time at which DST begins every year. The field format is
Hour:Minute, for example, 02:10.
•To
SNTP Server
• Server1
• Server2
• Poll Interval
(60-86400 sec)
Defines the recurring time that DST ends each year. For example, DST ends locally
every fourth Friday in October at 5:00 am. The possible field values are:
•Day -- The day of the week at which DST ends every year. The possible field
range is Sunday-Saturday.
•Week -- The week within the month at which DST ends every year. The
possible field range is 1-5.
•Month --The month of the year in which DST ends every year. The possible
field range is Jan.-Dec.
•Time -- The time at which DST ends every year. The field format is
Hour:Minute, for example, 05:30.
Enter a user-defined SNTP server IP addresses or hostname. Up to twot SNTP
servers can be defined.
The primary server provides SNTP information.
The backup server provides SNTP information.
Defines the interval (in seconds) at which the SNTP server is polled for Unicast
information.
The factory default value is 1024.
#Note:
The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network
device clock time synchronization up to the millisecond. Time synchronization is performed by a
network SNTP server. SNTP operates only as a client, and cannot provide time services to other
systems.
4.3 Port Configuration
In this field, you can see these parts, such as port settings, Link aggregation, LACP.
4.3.1 Port settings
To use the port settings screen for setting up each of the switch’s ports.
It shows these parts: port, description, admin status, link status, speed, duplex,
MDI/MDIX, Flow control, type, LAG, PVE (see Figure 4-6):
- 36 –
Figure 4-6 Port Settings screen
The Port Settings screen contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
• Port
• Description
• Admin Status
• Link Status
• Speed
• Duplex
Shows the port number. You can click on the Detail button of the appropriate port
(G1, G2) to use an SFP module, and the Detail button shows the Port Configuration
Detail screen, which include port, description, port type, admin status, current port
status ……
Click up the Detail button to make a brief description of the port
When to choose the UP button, the port can be accessed normally, to choose the
Down button, the port will be taken offline
Shows an active connection when you choose the UP button, there is no active
connection or the port has been taken offline by an Admiinistrator when you choose
the Down button
Shows the connection speed of the port and the speed can be configured only
when auto-negotiation is disabled on that port
The port duplex mode, Full (transmission occurs in both directions simultaneously)
or Half (transmission occurs in only one direction at a time). This mode can be
• MDI/ MDIX
• Flow control
configured only when auto-negotiation is disabled and port speed is set to 10Mbps
or 100Mbps.
It cannot be configured on Link Aggregation Groups (LAGs)
Shows the MDI/MDIX status of the port. To use the MDI setting if the port is
connected to an end station. To use the MDIX setting if the port is connected to a
hub or another switch
Shows the flow control status of the port. It is active when the port uses Full Duplex
- 37 –
Mode
User’s Manual of WGSD-1022/WGSD-8000
• Type
• LAG
• PVE
• Detail
Click the Detail button for more detail port configuration.
Port Configuration Detail screen (see figure 4-7)
Shows the port type
Shows whether the port is part of a LAG
It bypasses the Forwarding Database and forwards all unicast, multicast, and
broadcast traffic to an uplink when a port is a Private VLAN Edge (PVE) port,
Uplinks can be ports or LAGs.
It will open the port configuration detail screen
Figure 4-7 Per Port Configuration detail screen
The Port Configuration screen contains the following fields:
•Port Indicates the number of the port
- 38 –
User’s Manual of WGSD-1022/WGSD-8000
• Description Where can be entered by clicking on the Detail button
• Port Type This is the port type
• Admin Status The port can be taken offline by selecting the Down option.
When Up is selected, the port can be accessed normally.
• Current Port Status The current status of the port is displayed here
• Reactivate
Suspended Port
• Operational Status This indicates whether or not the port is active
• Admin Speed Change the speed of the port here
• Current Port Speed The current speed of the port is displayed here
• Admin Duplex Change the duplex mode here
• Current Duplex
Mode
• Auto Negotiation You can enable or disable the port’s Auto Negotiation feature. If using an SFP
• Current Auto
Negotiation
• Admin
Advertisement
If you want to reactivate a port that has been suspended, click the checkbox
Tthis is the duplex mode of the port
module, Auto Negotiation for the specific port should be set to disable
This is the current setting of the port’s Auto Negotiation feature
Specifies the capabilities to be advertised by the port. Multiple options may be
selected or Max Capability can be selected to cover all of the options.
The available options are:
Max Capability, which indicates that the port speeds and duplex mode settings
can be accepted.
• Current
Advertisement
• Neighbor
Advertisement
• Back Pressure
• Current Back
Pressure
10 Half, indicates that the port is advertising a 10Mbps half duplex mode setting.
10 Full, indicates that the port is advertising a 10Mbps full duplex mode setting.
100 Half, indicates that the port is advertising a 100Mbps half duplex mode
setting.
100 Full, indicates that the port is advertising a 100Mbps full duplex mode
setting.
1000 Full, indicates that the port is advertising a 1000Mbps full duplex mode
setting
The port advertises its capabilities to its neighbor port to begin the negotiation
process. This field displays the current advertisement settings.
Tthe neighbor port (the port to which the selected interface is connected) advertises
its capabilities to the port to start the negotiation process. This field displays the
neighbor’s current settings
The Back Pressure feature of the selected port can be enabled or disabled
Displays whether Back Pressure is enabled or disabled on the currently selected
port
- 39 –
User’s Manual of WGSD-1022/WGSD-8000
• Flow Control The Flow Control feature of the selected port can be enabled or disabled
• Current Flow
Control
• MDI/ MDIX • Auto - the port to automatically detect the cable type.
• Current MDI/MDIX This is the current MDI/MDIX status of the port
• PVE For Gigabit Ethernet switches ONLY. When a port is a Private VLAN Edge (PVE)
Click the Save Settings button to save your changes.
Displays whether Flow Control is enabled or disabled on the currently selected port
• MDI - if the port is connected to an end station.
• MDIX - if the port is connected to a hub or another switch
port, it bypasses the Forwarding Database and forwards all unicast, multicast, and
broadcast traffic to an uplink. Uplinks can be ports or LAGs.
4.3.2 Link Aggregation
When you enter the Link Aggregation, you can see these parts (see figure 4-8), such as:
LAG, shows whether the port is part of a LAG.
Figure 4-8 Link Aggregation screen
The Link Aggregation page contains the following fields:
•LAG Indicates the number of the LAG interface. Up to eight LAG interface can be
configured.
• Description Indicates the description of the LAG ports
• Administrative
Status
Up indicates that the port is available and down shows administrator has taken the
port offline. You can click the Save Settings option to save this option.
- 40 –
User’s Manual of WGSD-1022/WGSD-8000
• Type The port types that comprise the LAG.
• Link Status Shows an active connection when you choose the UP button, there is no active
connection or the port has been taken offline by an Admiinistrator when you choose
the Down button
•Speed Shows the connection speed of the port and the speed can be configured only
when auto-negotiation is disabled on that port
•Duplex The port duplex mode, Full (transmission occurs in both directions simultaneously)
or Half (transmission occurs in only one direction at a time). This mode can be
configured only when auto-negotiation is disabled and port speed is set to 10Mbps
or 100Mbps.
•Flow control Shows the flow control status of the port. It is active when the port uses Full Duplex
Mode
•LAG Mode Shows the current mode of the LAG interface
Click the Detail button for more detail port configuration.
Linkl Aggregation detail configuration
At per-LAG detail configuration page, the administrator can select ports to be the members of the LAG interface. The scree
appears as follow:
- 41 –
User’s Manual of WGSD-1022/WGSD-8000
4.3.3 LACP
Aggregated Links can be manually setup or automatically established on the relevant links by enabling Link Aggregation Control
Protocol (LACP).
Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed, set to
full-duplex operation.
The LACP screen contains fields for configuring LACP LAG s (see figure 4-9)
- 42 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-9 LACP configuration screen
The page contains the following fields:
• LACP System
Priority
• Port
• LACP Port Priority
• LACP Timeout
• Admin Key
Indicates the global LACP priority value. The possible range is 1- 65535 and the
default value is 1.
Set the port number which need to timeout and the priority values are assigned
Where set the LACP priority value for the port and the field range is 1-65535
Administrative LACP timeout. A short or long timeout value can be selected. Long is
the default
A channel will only be formed between ports having the same admin key, in other
words, this only applies to ports located on the same switch.
4.4 VLAN Configuration
A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain. It allows you to isolate network traffic so
only members of the VLAN receive traffic from the same VLAN members. Basically, creating a VLAN from a switch is logically
equivalent of reconnecting a group of network devices to another Layer 2 switch. However, all the network devices are still plug
into the same switch physically.
The WGSD-Switch supports 802.1Q (tagged-based) and GVRP Dynamic VLAN setting in web management page. In the default
configuration, VLAN support is “802.1Q”.
IEEE 802.1Q VLANs
- 43 –
User’s Manual of WGSD-1022/WGSD-8000
IEEE 802.1Q (tagged) VLAN are implemented on the Switch. 802.1Q VLAN require tagging, which enables them to span the
entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLAN allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN will only
be forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this includes broadcast,
multicast and unicast packets from unknown sources.
VLAN can also provide a level of security to your network. IEEE 802.1Q VLAN will only deliver packets between stations that are
members of the VLAN. Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLAN
allows VLAN to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLAN
to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all
ports and work normally.
Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLAN allows VLAN to work
with legacy switches that don’t recognize VLAN tags in packet headers. The tagging feature allows VLAN to span multiple
802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work
normally.
Frame Income
Frame Leave
Leave port is tagged Frame remains tagged Tag is inserted
Leave port is untagged Tag is removed Frame remain untagged
Income Frame is tagged Income Frame is untagged
In this field, there are five items, such as Create VLAN, Port setting, Ports to VLAN, VLAN to Ports, GVRP…
4.4.1 Create VLAN
In this table, the information and global parameters for configuring and working with VLAN s will be provided (see figure 4-10).
- 44 –
The page contains the following fields:
Single VLAN
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-10 Create VLAN screen
• VLAN ID (2-4094)
• VLAN Name
• VL AN Range
VLAN Table
The VLAN Table displays a list of all configured VLANs, include the
• VLAN ID,
• VLAN Name,
• Status
To remove a VLAN, click the Remove button.
You can configure the ID number of the VLAN by this item. Up to 256 VLANs can be
created. This field is used to add VLANs one at a time. If you want to add the
defined VLAN ID number, you can press the Add button.
Where shows the user-defined VLAN name
Indicates a range of VLANs configured. To add the defined range of VLAN ID
numbers, press the Add Range button
4.4.2 Port setting
In this port setting screen (refer to figure 4-11), the parameters managing ports that are part of a VLAN will be provided, and you
can set the default VLAN ID (PVID). All untagged packets arriving to the device are tagged by the ports PVID.
Figure 4-11 VLAN Port Setting screen
The page contains the following fields:
- 45 –
• Port Displays the port number included in the VLAN
• Mode Indicates the port mode. Possible values are:
• General - The port belongs to VLANs, and each VLAN is user-defined as
tagged or untagged (full 802.1Q mode).
•Access - The port belongs to a single untagged VLAN. When a port is in
Access mode, the packet types which are accepted on the port (packet type)
cannot be designated. It is also not possible to enable/ disable ingress filtering
on an access port.
•Trunk - The port belongs to VLANs in which all ports are tagged (except for an
optional single native VLAN).
User’s Manual of WGSD-1022/WGSD-8000
• Acceptable Frame
Type
• PVID Assigns a VLAN ID to untagged packets. The possible values are 2 to 4094. VLAN
• Ingress Filtering Enables or disables Ingress filtering on the port. Ingress filtering discards packets
• LAG Indicates the LAG to which the VLAN is defined
Port Mode VLAN Membership Frame Leave
Access Belongs to a single untagged VLAN
General
Packet type accepted on the port. Possible values are:
• Admit Tag Only - indicates that only tagged packets are accepted on the port.
• Admit All - indicates that both tagged and untagged packets are accepted on
the port.
4095 is defined as per standard and industry practice as the discard VLAN. Packets
classified to the Discard VLAN are dropped
which do not include an ingress port
Untagged
( Tag=PVID be removed)
Allowed to belongs to multiple untagged
VLANs at the same time
Untagged
(Tag=PVID be removed)
Trunk
Allowed to belongs to multiple Tagged
VLANs at the same time
(Tag=PVID or Original VID be remained)
Tagged
4.4.3 Ports to VLAN
The Ports to VLAN screen contains fields for configuring ports to a VLAN. The port default VLAN ID (PVID) is configured on the
Create VLAN screen. All untagged packets arriving to the device are tagged by the ports PVID. The Ports to VLAN screen
contains a Port Table for VLAN parameters for each port. Ports are assigned VLAN membership by selecting and configuring
the presented configuration options, you can refer to figure 4-12.
- 46 –
Figure 4-12 Ports to VLAN screen
User’s Manual of WGSD-1022/WGSD-8000
The page contains the following fields:
• VLAN
• Access
• Trunk
• General
• Tagged
• Untagged
• Forbidden
• Exclude
Where means the VLAN number
Indicates the port belongs to a single untagged VLAN. When a port is in Access
mode, the packet types which are accepted on the port cannot be designated.
Ingress filtering cannot be enabled/disabled on an access port.
Which indicates the port belongs to VLANs in which all ports are tagged, except for
one port that can be untagged
Which indicates the port belongs to VLANs, and each VLAN is user-defined as
tagged or untagged (full 802.1Q mode)
Defines the interface as a tagged member of a VLAN. All packets forwarded by the
interface are tagged. The packets contain VLAN information
Packets forwarded by the interface are untagged
Forbidden ports are not included in the VLAN
Excludes the interface from the VLAN. However, the interface can be added to the
VLAN through GVRP
4.4.4 VLAN to Ports
The VLAN to Ports screen (see figure 4-13) contains fields for configuring VLANs to a port. This screen displays these parts,
such as:
- 47 –
The page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-13 VLA N to Ports
• Port
• Mode
• Join VLAN
• VLANs
• LAG
Press the “Join VLAN” button to selecet and add VLAN to per port. The screen in Figure 4-14 appears.
Displays the interface number
By which indicates the port to VLAN mode. Possible field values are:
•General - By which indicates the port belongs to VLANs, and each VLAN is
user-defined as tagged or untagged (full 802.1Q mode).
•Access - Indicates the port belongs to a single untagged VLAN. When a port is
in Access mode, the packet types which are accepted on the port cannot be
designated. Ingress filtering cannot be enabled/disabled on an access port.
•Trunk - Which indicates these ports belong to VLANs in which all ports are
tagged, except for one port that can be untagged.
Defines the VLANs to which the interface is joined.
Displays the PVID tag
Indicates whether the port is a member of a LAG. If it is a member of a LAG, it
cannot be configured to a VLAN. The LAG to which belongs can be configured to a
VLAN
- 48 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-14 Join VLAN to Port screen
4.4.5 GVRP
GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information
among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without
having to individually configure each bridge and register VLAN membership.
The Global System LAG information displays the same field information as the ports, but represent the LAG GVRP information.
The GVRP screen (refer to 4-15) is divided into two areas, GVRP and GVRP Table. The field definitions for both areas are the
same.
Figure 4-15 GVRP configuration screen
- 49 –
The page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
• Enable GVRP
• Interface
• GVRP State
• Dynamic VLAN
Creation
• GVRP Registration
• Update
Enables and disables GVRP on the device
Displays the interface on which GVRP is enabled. Possible field values are:
Port - indicates the port number on which GVRP is enabled.
LAG - indicates the LAG number on which GVRP is enabled.
When the checkbox is checked, GVRP is enabled on the interface
When the checkbox is checked, Dynamic VLAN creation is enabled on the interface
When the checkbox is checked, VLAN registration through GVRP is enabled on the
device..
The Update button adds the configured GVRP setting to the table at the bottom of
the screen
- 50 –
User’s Manual of WGSD-1022/WGSD-8000
4.5 Statistics
The Statistic of the switch
This field includes these parts as below:
4.5.1 RMON Statistic
The RMON Statistics screen (refer to figure 4-16) contains fields for viewing information about device utilization and errors that
occurred on the device.
The page contains the following fields:
• Interface
• Refresh Rate
Indicates the device for which statistics are displayed. The possible field values are:
• Port - defines the specific port for which RMON statistics are displayed.
• LAG - defines the specific LAG for which RMON statistics are displayed.
Defines the amount of time that passes before the interface statistics are refreshed.
The possible field values are:
• No Refresh, indicates that the RMON statistics are not refreshed.
• 15 Sec, which indicates that the RMON statistics are refreshed every 15
• 30 Sec, which indicates that the RMON statistics are refreshed every 30
• 60 Sec, which indicates that the RMON statistics are refreshed every 60
Figure 4-16 RMON Statistics screen
seconds.
seconds.
seconds.
- 51 –
User’s Manual of WGSD-1022/WGSD-8000
• Drop Events
• Received Bytes
(Octets)
• Received Packets
• Broadca st Packets
Received
• Multicast Packets
Received
• CRC & Align Errors
• Undersize Pa ckets
which displays the number of dropped events that have occurred on the interface
since the device was last refreshed
Displays the number of octets received on the interface since the device was last
refreshed. This number includes bad packets and FCS octets, but excludes framing
bits
Displays the number of packets received on the interface, including bad packets,
Multicast and broadcast packets, since the device was last refreshed
Which displays the number of good broadcast packets received on the interface
since the device was last refreshed. This number does not include Multicast
packets
Displays the number of good Multicast packets received on the interface since the
device was last refreshed
which displays the number of CRC and Align errors that have occurred on the
interface since the device was last refreshed
Displays the number of undersized packets (less than 64 octets) received on the
interface since the device was last refreshed
• Oversize Pack ets
• Fragments
• Jabbers
• Collisions
• Frames of xx Bytes
Displays the number of oversized packets (over 1518 octets) received on the
interface since the device was last refreshed.
Indicates the number of fragments (packets with less than 64 octets, excluding
framing bits, but including FCS octets) received on the interface since the device
was last refreshed
Indicates the total number of received packets that were longer than 1518 octets.
This number excludes frame bits, but includes FCS octets that had either a bad
Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a
bad FCS with a non-integral octet (Alignment Error) number. The field range to
detect jabbers is between 20 ms and 150 ms
Displays the number of collisions received on the interface since the device was
last refreshed
Number of xx-byte frames received on the interface since the device was last
refreshed.
Clear Counters button, this option will reset all of the statistic counts.
Refresh Now button, which use this option to refresh the statistics.
- 52 –
User’s Manual of WGSD-1022/WGSD-8000
4.5.2 RMON History
The RMON History contains information about samples of data taken from ports. For example, the samples may include
interface definitions or polling periods.
The RMON History Control screen is divided into RMON History and Log Table.
Log Table includes the following parts (see figure 4-17)
The page contains the following fields:
RMON History
• Source Interface
• Sampling Interval
• Sampling Req uested
Displays the interface from which the history samples were taken. The possible
field values are:
Port, specifies the port from which the RMON information was taken.
LAG, specifies the port from which the RMON information was taken.
Indicates (in seconds) the time that samplings are taken from the ports. The field
range is 1-3600.
The default is 1800 seconds (equal to 30 minutes)
Displays the number of samples to be saved. The field range is 1-65535.
The default value is 50
Figure 4-17 RMON History screen
• Current Number of
Samples
Displays the current number of samples taken. View History button. This button
opens the RMON History screen
- 53 –
User’s Manual of WGSD-1022/WGSD-8000
•Owner
Use the Add to List button when you add the configured RMON sampling to the Log Table at the bottom of the screen
1. RMON Histo ry Table
The RMON History screen (see figure 4-18) contains interface specific statistical network samplings. Each table entry
represents all counter values compiled during a single sample.
Where displays the RMON station or user that requested the RMON information.
The field range is 0-20 characters
Figure 4-18 RMON History Table screen
• Sample No
• Received Bytes
(Octets)
• Received Packets
• Broadca st Packets
• Multicast Packets
• CRC Align Errors
Which indicates the sample number from which the statistics were taken
Displays the number of octets received on the interface since the device was last
refreshed. This number includes bad packets and FCS octets, but excludes framing
bits
Displays the number of packets received on the interface since the device was last
refreshed, including bad packets, Multicast and Broadcast packets
Displays the number of good Broadcast packets received on the interface since the
device was last refreshed. This number does not include Multicast packets
Displays the number of good Multicast packets received on the interface since the
device was last refreshed
Which displays the number of CRC and Align errors that have occurred on the
interface since the device was last refreshed.
- 54 –
User’s Manual of WGSD-1022/WGSD-8000
• Undersize Pa ckets
• Oversize Pack ets
• Fragments
• Jabbers
4.5.3 RMON Alarm
Displays the number of undersized packets (less than 64 octets) received on the
interface since the device was last refreshed
Displays the number of oversized packets (over 1518 octets) received on the
interface since the device was last refreshed
Displays the number of fragments (packets with less than 64 octets, excluding
framing bits, but including FCS octets) received on the interface since the device
was last refreshed.
Displays the total number of received packets that were longer than 1518 octets.
This number excludes frame bits, but includes FCS octets that had either a bad
Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a
bad FCS with a non-integral octet (Alignment Error) number. The field range to
detect jabbers is between 20 ms and 150 ms.
The RMON Alarm screen (see figure 4-19) contains fields for setting network alarms. Network alarms occur when a network
problem, or event, is detected. Rising and falling thresholds generate events.
The page contains the following fields:
Figure 4-19 RMON Alarm screen
- 55 –
User’s Manual of WGSD-1022/WGSD-8000
• larm Entry
• Source Interface
• Counter Name
• Sample Type
• Rising Threshold
Indicates a specific alarm
Displays the interface for which RMON statistics are displayed. The possible field
values are:
• Port, displays the selected port of the RMON statistics.
• LAG, displays the RMON statistics for the selected LAG.
Displays the selected MIB variable
Defines the sampling method for the selected variable and comparing the value
against the thresholds. The possible field values are:
•Absolute, compares the values directly with the thresholds at the end of the
sampling interval.
•Delta, subtracts the last sampled value from the current value. The difference in
the values is compared to the threshold.
Displays the rising counter value that triggers the rising threshold alarm. The rising
threshold is presented on top of the graph bars. Each monitored variable is
designated a color
• Rising E vent
• Falling Threshold
• Falling Event
Displays the mechanism in which the alarms are reported. The possible field values
are:
•LOG. Indicates there is not a saving mechanism for either the device or in the
management system. If the device is not reset, the entry remains in the Log
Table.
•TRAP, indicates that an SNMP trap is generated, and sent via the Trap
mechanism. The Trap can also be saved using the Trap mechanism.
•Both, indicates that both the Log and Trap mechanism are used to report
alarms.
Displays the falling counter value that triggers the falling threshold alarm. The
falling threshold is graphically presented on top of the graph bars. Each monitored
variable is designated a color.
Displays the mechanism in which the alarms are reported. The possible field values
are:
•LOG, indicates there is not a saving mechanism for either the device or in the
management system. If the device is not reset, the entry remains in the Log
Table.
•TRAP, indicates that a SNMP trap is generated, and sent via the Trap
mechanism. The Trap can also be saved using the Trap mechanism.
• Startup Alarm
• Both, indicates that both the Log and Trap mechanism are used to report
alarms.
Displays the trigger that activates the alarm generation. Rising is defined by
crossing the threshold from a low-value threshold to a higher-value threshold
- 56 –
User’s Manual of WGSD-1022/WGSD-8000
• Interval
• Owner
Use the Add to List button when you add the RMON Alarms Table entry.
Defines the alarm interval time in seconds
Dhere displays the device or user that defined the alarm
- 57 –
User’s Manual of WGSD-1022/WGSD-8000
4.5.4 RMON Events
The RMON Events screen (see figure 4-20) contains fields for defining RMON events.
The page contains the following fields:
Add Event:
• Event Entry
• Community
• Description
• Type
Displays the event
where displays the community to which the event belongs
Displays the user-defined event description
Describes the event type. Possible values are:
• None, where indicates that no event occurred.
• Log, indicates that the event is a log entry.
• Trap, indicates that the event is a trap.
• Log and Trap, indicates that the event is both a log entry and a trap.
Figure 4-20 RMON Event screen
•Owner
The Event Table area contains the following additional field:
Where displays the device or user that defined the event. Use the Add to List button
when you add the configured RMON event to the Event Table at the bottom of the
screen (see figure 4-21)
- 58 –
User’s Manual of WGSD-1022/WGSD-8000
•Time
Press the RMON Event Log button to display the log store in the flash. Only the Event type is Log or Log and Trap, then the
entries appear. The screen in Figure 4-21 appears.
Where displays the time that the event occurred
Figure 4-21 RMON Event Log Screen
- 59 –
User’s Manual of WGSD-1022/WGSD-8000
4.5.5 Port Utilization
The Port Utilization screen (see figure 4-22) indicates the amount of resources each interface is currently consuming. Ports in
green are functioning normally, while ports in red are currently transmitting an excessive amount of network traffic.
The page includes the following fields:
•Refresh Rate
Indicates the amount of time that passes before the port utilization statistics are
refreshed. The possible field values are:
• No Refresh - indicates that the statistics are not refreshed.
• 15 Sec - indicates that the statistics are refreshed every 15 seconds.
• 30 Sec - indicates that the statistics are refreshed every 30 seconds.
• 60 Sec - indicates that the statistics are refreshed every 60 seconds.
Figure 4-22 Port Utilization screen
- 60 –
User’s Manual of WGSD-1022/WGSD-8000
4.5.6 802.1x Statistic
The 802.1X Statistic screen (see figure 4-23) contains information about EAP packets received on a specific port.
The page includes the following fields:
• Port
• Refresh Rate
• Name
Indicates the port, which is polled for statistics
Indicates the amount of time that passes before the EAP statistics are refreshed.
The possible field values are:
• No Refresh, indicates that the EAP statistics are not refreshed.
• 15 Sec, which indicates that the EAP statistics are refreshed every 15
• 30 Sec, which indicates that the EAP statistics are refreshed every 30
• 60 Sec, which indicates that the EAP statistics are refreshed every 60 seconds
Displays the measured 802.1x statistic
Figure 4-23 802.1x Statistics screen
seconds.
seconds.
• Description
• Packet
Describes the measured 802.1x statistic
Displays the amount of packets measured for the particular 802.1x statistic
- 61 –
User’s Manual of WGSD-1022/WGSD-8000
4.5.7 GVRP Statistics
The GVRP Statistics screen (see figure 4-24) contains device statistics for GVRP.
The GVRP Statistics screen is divided into two areas, GVRP Statistics Table and GVRP Error Statistics Table.
Figure 4-24 GVRP Statistics screen
The following fields are relevant for both tables:
• Interface
• Refresh Rate
Specifies the interface type for which the statistics are displayed
• Port, indicates port statistics are displayed.
• LAG, indicates LAG statistics are displayed.
Indicates the amount of time that passes before the GVRP statistics are refreshed.
The possible field values are:
• No Refresh, indicates that the GVRP statistics are not refreshed.
• 15 Sec, which indicates that the GVRP statistics are refreshed every 15
seconds.
•30 Sec, which indicates that the GVRP statistics are refreshed every 30
seconds.
•60 Sec, which indicates that the GVRP statistics are refreshed every 60
seconds.
The GVRP Statistics Table contains the following fields:
• Join Empty
• Empty
Which displays the device GVRP Join Empty statistics
Displays the device GVRP Empty statistics
- 62 –
User’s Manual of WGSD-1022/WGSD-8000
• Leave Empty
• Join In
• Leave In
• Leave All
The GVRP Error Statistics Table contains the following fields:
• Invalid Protocol ID
• Invalid Attribute
Type
• Attribut e Value
• Invalid Events
By which displays the device GVRP Leave Empty statistics
By which displays the device GVRP Join In statistics
By which displays the device GVRP Leave in statistics
By which displays the device GVRP Leave all statistics
Where displays the device GVRP Invalid Protocol ID statistics
Where displays the device GVRP Invalid Attribute ID statistics. Invalid
Displays the device GVRP Invalid Attribute Value statistics. Invalid Attribute Length,
where displays the device GVRP Invalid Attribute Length statistics
Where displays the device GVRP Invalid Events statistics. The Clear All Counters
button resets all tables
- 63 –
User’s Manual of WGSD-1022/WGSD-8000
4.6 ACL
An ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a
rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the
interfaces to which an ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the
ACL are specified/created using the ACL Rule Configuration menu.
4.6.1 IP Based ACL
The IP Based ACL (Access Control List) screen (see figure 4-25) contains information for defining IP Based ACLs.
The Page contains the following fields:
• ACL Name
• New ACL Name
• Delete ACL
• Action
Displays the user-defined IP based ACLs
Defines a new user-defined IP based ACL
By which deletes the selected ACL
Indicates the action assigned to the packet matching the ACL. Packets are
forwarded or dropped. In addition, the port can be shutdown, a trap can be sent to
Figure 4-25 IP-Base ACL screen
- 64 –
User’s Manual of WGSD-1022/WGSD-8000
the network administrator, or a packet assigned rate limiting restrictions for
forwarding. The options are as follows:
• Permit, by which forwards packets which meet the ACL criteria.
• Deny, which drops packets which meet the ACL criteria.
• Shutdown, where drops packet that meets the ACL criteria, and disables the
port to which the packet was addressed. Ports are reactivated from the Port
Management screen.
• Protocol
• Select from List
By which creates an ACE (Access Control Event) based on a specific protocol
Where selects from a protocols list on which ACE can be based. The possible field
values are:
• Any, matches the protocol to any protocol.
• EIGRP, which indicates that the Enhanced Interior Gateway Routing Protocol
(EIGRP) is used to classify network flows.
•ICMP, which indicates that the Internet Control Message Protocol (ICMP) is
used to classify network flows.
•IGMP, which indicates that the Internet Group Management Protocol (IGMP) is
used to classify network flows.
•TCP, which indicates that the Transmission Control Protocol is used to classify
network flows.
•OSPF, by which matches the packet to the Open Shortest Path First (OSPF)
protocol.
•UDP, which indicates that the User Datagram Protocol is used to classify
network flows.
•Protocol ID to Match, adds user-defined protocols to which packets are
matched to the ACE. Each protocol has a specific protocol number which is
unique. The possible field range is 0-255.
•TCP Flags
This filters packets by TCP flag. Filtered packets are either forwarded or dropped.
Filtering packets by TCP flags increases packet control, and network security. The
values that can be assigned are:
• Set, which enables filtering packets by selected flags.
• Unset, disables filtering packets by selected flags.
• Don’t care, which indicates that selected packets do not influence the packet
filtering process.
The TCP Flags that can be selected are:
• Urg, indicates the packet is urgent.
• Ack, indicates the packet is acknowledged.
• Psh, indicates the packet is pushed.
• Rst, indicates the connection is dropped.
• Syn, indicates request to start a session.
- 65 –
•Fin, indicates request to close a session.
User’s Manual of WGSD-1022/WGSD-8000
• Source Port
• Destination Port
• Source IP Address
• Wildcard Mask
Defines the TCP/UDP source port to which the ACE is matched. This field is active
only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down
menu.
The possible field range is 0 - 65535
Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or
800/17-UDP is selected in the Select from List drop-down menu.
The possible field range is 0 - 65535
Matches the source port IP address to which packets are addressed to the ACE
Defines the source IP address wildcard mask. Wildcard masks specify which bits
are used and which bits are ignored.
A wild card mask of 255.255.255.255 indicates that no bit is important.
A wildcard of 0.0.0.0 indicates that all the bits are important.
For example, if the source IP address 149.36.184.198 and the wildcard mask is
255.36.184.00, the first eight bits of the IP address are ignored, while the last eight
bits are used.
• Destination IP
Address
• Wildcard Mask
• Match DSCP
• Match IP
Precedence
Use the Add to List button when you add the configured IP Based ACLs to the IP Based ACL Table at the bottom of the
screen.
Matches the destination port IP address to which packets are addressed to the ACE
Defines the destination IP address wildcard mask
Matches the packet DSCP value to the ACE. Either the DSCP value or the IP
Precedence value is used to match packets to ACLs.
The possible field range is 0-63
Matches the packet IP Precedence value to the ACE. Either the DSCP value or the
IP Precedence value is used to match packets to ACLs.
The possible field range is 0-7
4.6.2 IP Based ACL Configure Sample
This section shows how to build a IP Based ACL and apply to specify interface.
■ Sample Case: Deny IP packets to specific Class C network
¾Purpose:
Verify a positive and negative matches to network IP address with a Class C (24 bit mask) , no matter the rule defined as
permit or deny.
- 66 –
User’s Manual of WGSD-1022/WGSD-8000
1. Any packets pass through the switch will be dropped – if the Destination IP Addresses match specific Class C.
2. Any packets pass through the switch will be forwarded – if the Destination IP Addresses not match specific Class C.
¾ Case Design:
Action DENY
Match IP
Source IP Address Any
Destination IP Address
Applied Interface Interface g1
¾ Device Connection and Configuration:
Class C
172.16.0.0 / 255.255.255.0
Target
Any
The procedure as following
ID Source Address Destination Address
3 Any
Stream
Protocol
172.16.0.0 /
255.255.255.0
■Create Deny ACL and add to list
1. [DENY Rule]: Choose “New ACL Name”, then key in “Deny-IP Destination A”. Choose “Action”—“Deny”.
(The ACL Name can de entered with other policy name)
2. [DENY Rule]: Keep the “Source IP Address” and “Wild Card Mask” be blanked.
- 67 –
Any
User’s Manual of WGSD-1022/WGSD-8000
3. [DENY Rule]: Enter “172.16.0.0” in the “Destination IP Address” and “0.0.0.255” in the Wild Card Mask.
4. After click “Add to List" button, the entry would be show at the table.
■Create Permit ACL and add to list
5. [Permit Rule]: Within the same ACL “Deny-IP Destination A”, choose “Action”—“Permit”.
6. [Permit Rule]: Keep the “Source IP Address” and “Wild Card Mask” be blanked.
7. [Permit Rule]: Keep the “Destination IP Address” and “Wild Card Mask” be blanked.
8. After click “Add to List" button, the entry would be show at the table.
9. Rember to click the "Save Config" button.
- 68 –
User’s Manual of WGSD-1022/WGSD-8000
■Binding the IP ACL to specify interface
10. Select “Security” \”ACL Binding” in the Menu bar.
11. Choose Port “g1” at the Interface.
12. Choose “IP Based ACL”, select ACL name with “Deny-Source A” – that we had been created at step-1. Click “Add to List" button, the entry would be show at the table.
- 69 –
User’s Manual of WGSD-1022/WGSD-8000
4.6.3 MAC Based ACL
The MAC Based ACL screen (see figure 4-27) allows a MAC based ACL to be defined. ACLs can be added only if the ACL is not
bound to an interface.
The Page contains the following fields:
Figure 4-26 MAC-Base ACL screen
- 70 –
User’s Manual of WGSD-1022/WGSD-8000
• ACL Name
• New ACL Name
• Delete ACL
• Action
• Source MAC
Address
•Wildcard Mask
Displays the user-defined MAC based ACLs
Specifies a new user-defined MAC based ACL name.
By which deletes the selected ACL
Indicates the ACL forwarding action. Possible field values are:
• Permit, by which forwards packets which meet the ACL criteria.
• Deny, drops packets which meet the ACL criteria.
• Shutdown, where drops packet that meet the ACL criteria, and disables the
port to which the packet was addressed.
Matches the source MAC address to which packets are addressed to the ACE.
Defines the source IP address wildcard mask. Wildcard masks specify which bits
are used and ignored.
A wild card mask of 255.255.255.255 indicates that no bit is important.
A wildcard of 0.0.0.0 indicates that all the bits are important.
For example, if the source IP address 149.36.184.198 and the wildcard mask is
255.36.184.00, the first eight bits of the IP address are ignored, while the last eight
bits are used.
• Dest. MAC Address
• VLAN ID
• Ether Type
Use the “Add to List” button to add the configured MAC Based ACLs to the MAC Based ACL Table at the bottom of the
screen.
Where matches the destination MAC address to which packets are addressed to
the ACE.
Wildcard Mask, which defines the destination IP address wildcard mask.
Which matches the packet’s VLAN ID to the ACE.
The possible field values are 2 to 4094.
Where specifies the packet’s Ethernet type.
4.6.4 MAC Based ACL Configure Sample
This chapter will teah you how to configure a MAC based ACL in the WGSD-Switch.
■ Sample Case: Deny IP packets to specific Class C network
¾Purpose:
- 71 –
User’s Manual of WGSD-1022/WGSD-8000
When the workstation with IP address 192.168.99.188 and MAC address 00-11-08-57-E0-1E ping to PC with IP address
192.168.99.57 and MAC address 00-30-4F-1D-9F-DE, use MAC based ACL function from ACL to deny or shutdown and
permit the traffic transmit ability of notebook that connect to port 8 of WGSD-Switch.
¾ Case Design:
Action DENY
Match MAC Address
Source MAC Address 00-11-08-57-E0-1E
Destination MAC Address 00-30-4F-1D-9F-DE
Applied Interface Interface g2
¾Device Connection and Configuration:
Setting procedure from WGSD-Switch Web interface:
■ Create Deny MAC ACL and add to list
1. Please enter into Web interface and choose "ACL" function,
2. Then choose "MAC based ACL" function.
3. Please input a new ACL name, for example: “Deny MAC A”.
4. To defined "Permit", "Deny" or "Shutdown" from Action item.
5. [Deny Rule]: Input Source MAC Address "00:11:08:57:E0:1E" with Wild Card Mask "00:00:00:00:00:00".
6. [Deny Rule]: Enter Dest. Mac Address "00:30:4F:1D:9F:DE" with Wild Card Mask “00:00:00:00:00:00".
7. [Deny Rule]:Input the VLAN ID and default VLAN ID is 1.
8. Press "Add to List" button to complete this setting.
- 72 –
User’s Manual of WGSD-1022/WGSD-8000
■ Create Permit MAC ACL and add to list (
9. [Permit Rule]: Within the same ACL “Deny-MAC A”, choose “Action”—“Permit”.
10. [Permit Rule]: Keep the “Source MAC Address” and “Wild Card Mask” be blanked.
11. [Permit Rule]: Keep the “Destination MAC Address” and “Wild Card Mask” be blanked.
12. After click “Add to List" button, the entry would be show at the table.
To allow all other packets be forwarded)
- 73 –
User’s Manual of WGSD-1022/WGSD-8000
13. Please press "Save Config" to save current setting.
■Binding the MAC ACL to specify interface
14. Select “Security” \”ACL Binding” in the Menu bar.
15. Choose Port “g2” from Interface item.
16. Choose “MAC Based ACL”, select ACL name with “Deny-MAC A” – that we had been created at step-1. Click “Add to List" button, the entry would be show at the table.
17. Please press "Save Config" to save current setting.
#Note:
If action "shutdown" is selected, the port will be force disabled
- 74 –
User’s Manual of WGSD-1022/WGSD-8000
4.7 Security
This section is to control the security access of the switch, includes the user access and management control.
The Security function contains links to the following topics:
• ACL Binding
• RADIUS
• TACACS+
• 802.1x Settings
• Port Security
• Multiple Hosts
• Storm Control
4.7.1 ACL Binding
When an ACL is bound to an interface, all the ACE (Access Control Event) rules that have been defined are applied to the
selected interface. Whenever an ACL is assigned on a port, LAG or, VLAN, flows from that ingress interface that do not match
the ACL are matched to the default rule, which is Drop unmatched packets. You can refer to figure 4-27.
Figure 4-27 ACL Binding screen
The Page contains the following fields:
• Interface
• ACL Name
Indicates the interface to which the ACL is bound. The selection includes:
• Port, indicates port to apply the ACL
• LAG, indicates LAG to apply the ACL
Indicates the ACL which is bound to the interface. The selection includes:
• IP Based ACL
• MAC Based ACL
- 75 –
User’s Manual of WGSD-1022/WGSD-8000
Use theAdd to List button to add the ACL Binding configuration to the ACL Binding Table at the bottom of the screen.
4.7.2 Radius
Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide
a centralized authentication method for web access (see figure 4-28).
The Page contains the following fields:
• IP Address
• Priority
• Authentication Port
• Number o f Retries
• Timeout for Reply
The Authentication Server IP address.
Displays the server priority. The possible values are 0-65535, where 1 is the
highest value. The RADIUS Server priority is used to configure the server query
order
Identifies the authentication port. The authentication port is used to verify the
RADIUS server authentication.
The authenticated port default is 1812
Defines the number of transmitted requests sent to RADIUS server before a failure
occurs. The possible field values are 1 - 10.
Three is the default value.
This defines the amount of the time in seconds the device waits for an answer from
the RADIUS server before retrying the query, or switching to the next server.
Figure 4-28 RADIUS screen
- 76 –
The possible field values are 1 - 30.
Three is the default value.
User’s Manual of WGSD-1022/WGSD-8000
• Dead Time
• Key String
• Source IP Address
• Usage Type
Use the Add to List button when you add the RADIUS configuration to the RADIUS Table at the bottom of the screen.
This defines the amount of time (minutes) that a RADIUS server is bypassed for
service requests. The range is 0-2000.
The Dead Time default is 0 minutes.
This defines the default key string used for authenticating and encrypting all
RADIUS communications between the device and the RADIUS server.
This key must match the RADIUS encryption.
Defines the source IP address that is used for communication with RADIUS
servers.
Specifies the RADIUS server authentication type. The default value is Login. The
possible field values are:
•Login, indicates that the RADIUS server is used for authenticating user name
and passwords.
• 802.1X, indicates that the RADIUS server is used for 802.1X authentication.
• All, where indicates that the RADIUS server is used for authenticating user
name and passwords, and 802.1X port authentication.
- 77 –
User’s Manual of WGSD-1022/WGSD-8000
4.7.3 TACACS+
The device provides Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides
centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system,
while still retaining consistency with RADIUS and other authentication processes. The TACACS+ protocol ensures network
integrity through encrypted protocol exchanges between the device and TACACS+ server. You can refer to figure 4-29.
The Page contains the following fields:
• Host IP Address
• Priority
• Source IP Address
• Key String
• Authentication Port
• The Timeout for
Reply
Indicates the TACACS+ Server IP address
Displays the order in which the TACACS+ servers are used. The default is 0
By which displays the device source IP address used for the TACACS+ session
between the device and the TACACS+ server.
This defines the authentication and encryption key for TACACS+ server. The key
must match the encryption key used on the TACACS+ server
Displays the port number through which the TACACS+ session occurs
This displays the amount of time that passes before the connection between the
device and the TACACS+ server times out.
The field range is 1-30 seconds.
Figure 4-29 TACACS+ screen
•Status
Displays the connection status between the device and the TACACS+ server. The
- 78 –
User’s Manual of WGSD-1022/WGSD-8000
possible field values are:
•Connected, there is currently a connection between the device and the
TACACS+ server.
•Not Connected, there is not currently a connection between the device and
the TACACS+ server.
•Single Connection
Maintains a single open connection between the device and the TACACS+ server
when selected the Add to List button to add the TACACS+ configuration to the
TACACS+ table at the bottom of the screen.
The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized
clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client
connected to a switch port before making available any services offered by the switch or the LAN.
Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic
through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.
This section includes this conceptual information:
•
Device Roles
• Authentication Initiation and Message Exchange
• Ports in Authorized and Unauthorized States
Device Roles
With 802.1X port-based authentication, the devices in the network have specific roles as shown below.
zClient—the device (workstation) that requests access to the LAN and switch services and responds to requests from
the switch. The workstation must be running 802.1X-compliant client software such as that offered in the Microsoft
Windows XP operating system. (The client is the supplicant in the IEEE 802.1X specification.)
zAuthentication server—performs the actual authentication of the client. The authentication server validates the
identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services.
Because the switch acts as the proxy, the authentication service is transparent to the client. In this release, the Remote
Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP)
extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server version 3.0.
RADIUS operates in a client/server model in which secure authentication information is exchanged between the
RADIUS server and one or more RADIUS clients.
zSwitch (802.1X de vice)—controls the physical access to the network based on the authentication status of the client.
The switch acts as an intermediary (proxy) between the client and the authentication server, requesting identity
information from the client, verifying that information with the authentication server, and relaying a response to the client.
- 80 –
User’s Manual of WGSD-1022/WGSD-8000
The switch includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible
Authentication Protocol (EAP) frames and interacting with the authentication server. When the switch receives EAPOL
frames and relays them to the authentication server, the Ethernet header is stripped and the remaining EAP frame is
re-encapsulated in the RADIUS format. The EAP frames are not modified or examined during encapsulation, and the
authentication server must support EAP within the native frame format. When the switch receives frames from the
authentication server, the server's frame header is removed, leaving the EAP frame, which is then encapsulated for
Ethernet and sent to the client.
Authentication Initiation and Message Exchange
The switch or the client can initiate authentication. If you enable authentication on a port by using the dot1x port-control auto
interface configuration command, the switch must initiate authentication when it determines that the port link state transitions
from down to up. It then sends an EAP-request/identity frame to the client to request its identity (typically, the switch sends an
initial identity/request frame followed by one or more requests for authentication information). Upon receipt of the frame, the
client responds with an EAP-response/identity frame.
However, if during bootup, the client does not receive an EAP-request/identity frame from the switch, the client can initiate
authentication by sending an EAPOL-start frame, which prompts the switch to request the client's identity.
If 802.1X is not enabled or supported on the network access device, any EAPOL frames from the
client are dropped. If the client does not receive an EAP-request/identity frame after three attempts
#Notice:
When the client supplies its identity, the switch begins its role as the intermediary, passing EAP frames between the client and
the authentication server until authentication succeeds or fails. If the authentication succeeds, the switch port becomes
authorized.
The specific exchange of EAP frames depends on the authentication method being used. Following screen shows a message
exchange initiated by the client using the One-Time-Password (OTP) authentication method with a RADIUS server.
to start authentication, the client transmits frames as if the port is in the authorized state. A port in
the authorized state effectively means that the client has been successfully authenticated.
- 81 –
User’s Manual of WGSD-1022/WGSD-8000
Ports in Authorized and Unauthorized States
The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized
state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is
successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.
If a client that does not support 802.1X is connected to an unauthorized 802.1X port, the switch requests the client's identity. In
this situation, the client does not respond to the request, the port remains in the unauthorized state, and the client is not granted
access to the network.
In contrast, when an 802.1X-enabled client connects to a port that is not running the 802.1X protocol, the client initiates the
authentication process by sending the EAPOL-start frame. When no response is received, the client sends the request for a
fixed number of times. Because no response is received, the client begins sending frames as if the port is in the authorized state
If the client is successfully authenticated (receives an Accept frame from the authentication server), the port state changes to
authorized, and all frames from the authenticated client are allowed through the port. If the authentication fails, the port remains
in the unauthorized state, but authentication can be retried. If the authentication server cannot be reached, the switch can
retransmit the request. If no response is received from the server after the specified number of attempts, authentication fails,
and network access is not granted.
When a client logs off, it sends an EAPOL-logoff message, causing the switch port to transition to the unauthorized state.
If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized
- 82 –
User’s Manual of WGSD-1022/WGSD-8000
state.
■ 802.1X Settings of WGSD-Switch
Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the
Extensible Authentication Protocol (EAP). Refer to figure 4-30.
The Page contains the following fields:
• Enable 802.1x
• Port
• Status Port Control
• Enable Periodic
Re-authentication
Place a checkmark in the check box to enable 802.1x, authentication
Indicates the port name
This specifies the port authorization state. The possible field values are as follows:
• Force-Authorized, the controlled port state is set to Force-Authorized (forward
• Force-Unauthorized, the controlled port state is set to Force-Unauthorized
Permits immediate port re-authentication. The Setting Timer button opens the
Setting Timer screen to configure ports for 802.1x functionality.
Figure 4-30 802.1x setting screen
traffic).
(discard traffic).
Setting Timer
- 83 –
On this screen, it includes port, re-authentication, resending EAP ….
(Refer to figure 4-31)
Figure 4-31 Setting Timer parameter screen
User’s Manual of WGSD-1022/WGSD-8000
The Page contains the following fields:
• Quiet Period
• Resending EAP
• Max EAP Requests
• Supplicant Timeout
• Server Timeout
Specifies the number of seconds that the switch remains in the quiet state following
a failed authentication exchange
(Range: 0-65535).
Specifies the number of seconds that the switch waits for a response to an EAP request/ identity frame, from the supplicant (client), before resending the requests.
Which the total amount of EAP requests sent. If a response is not received after the
defined period, the authentication process is restarted.
The field default is 2 retries.
Which displays the number of seconds that lapses before EAP requests are resent
to the supplicant (Range: 1-65535).
The field default is 30 seconds.
Which specifies the number of seconds that lapses before the switch resends a
request to the authentication server (Range: 1-65535).
The field default is 30 seconds.
4.7.5 Port Security
Work security screen (see figure 4-32) can be increased by limiting access on a specific port only to users with specific MAC
addresses. MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received
and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC
addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked.
When a packet is received on a locked port, and the packet source MAC address is not tied to that port (either it was learned on
a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options.
- 84 –
User’s Manual of WGSD-1022/WGSD-8000
Unauthorized packets arriving at a locked port are either:
Forwarded, Discarded with no trap, Discarded with a trap,Cause the port to be shut down.
Figure 4-32 Port Security screen
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be
restored after the device has been reset.
Disabled ports are activated from the Port Security page.
• Interface
• Lock In terface
• Learning Mode
Where displays the port or LAG name
Which selecting this option locks the specified interface.
Where defines the locked port type. The Learning Mode field is enabled only if
Locked is selected in the Interface Status field. The possible field values are:
•Classic Lock, by which locks the port using the classic lock mechanism. The
port is immediately locked,
regardless of the number of addresses that have already been learned.
• Max Entries
• Limited Dynamic Lock, which locks the port by deleting the current dynamic
MAC addresses associated with the port. The port learns up to the maximum
addresses allowed on the port. Both relearning and aging MAC addresses are
enabled.
Specifies the number of MAC addresses that can be learned on the port. The Max
Entries field is enabled only if Locked is selected in the Interface Status field. In
addition, the Limited Dynamic Lock mode is selected.
The default is 1.
- 85 –
User’s Manual of WGSD-1022/WGSD-8000
• Action on Violation
• Enable Trap
• Trap Frequency
In order to change the Learning Mode, the Lock Interface must be set to unlocked. Once the mode is
#Note:
changed, the Lock Interface can be reinstated.
Where indicates the action to be applied to packets arriving on a locked port. The
possible field values are:
•Discard, which discards packets from any unlearned source. This is the
default value.
•Forward Normal, forwards packets from an unknown source without learning
the MAC address.
•Discard Disable, which discards packets from any unlearned source and
shuts down the port. The port remains shut down until reactivated, or until the
device is reset.
This enables traps when a packet is received on a locked port.
Which the amount of time (in seconds) between traps.
The default value is 10 seconds
- 86 –
User’s Manual of WGSD-1022/WGSD-8000
4.7.6 Multiple Hosts
The Multiple Hosts screen (see figure 4-33) allows network managers to configure advanced port-based authentication settings
for specific ports and VLANs.
The Page contains the following fields:
• Port
• Enable Multiple
Hosts
•Action on Violation
Displays the port number for which advanced port-based authentication is enabled.
When checked, indicates that multiple hosts are enabled. Multiple hosts must be
enabled in order to either disable the ingress-filter, or to use port-lock security on
the selected port.
This defines the action to be applied to packets arriving in single-host mode, from a
host whose MAC address is not the supplicant MAC address. The possible field
values are:
• Discard, which discards the packets. This is the default value.
• Forward, by which forwards the packet.
• Discard Disable, discards the packets and shuts down the port. The ports
Figure 4-33 Multiple Hosts screen
remains shut down until reactivated, or until the device is reset.
• Enable Traps
• Trap Frequency
When checked, indicates that traps are enabled for Multiple Hosts
Defines the time period by which traps are sent to the host. The Trap Frequency
(1-1000000) field can be defined only if multiple hosts are disabled.
The default is 10 seconds.
- 87 –
User’s Manual of WGSD-1022/WGSD-8000
•Status
Where indicates the host status.
4.7.7 Storm control
A BroadcastStorm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a
single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to
time out.
The system measures the incoming Broadcast and Multicast frame rate separately on each port, and discard frames when the
rate exceeds a user-defined rate.
The Storm Control page provides fields for enabling and configuring Storm Control. The screen in Figure 4-34 appears.
The Page contains the following fields:
• Port
• Broadcast Control
• Mode
• Rate Threshold
Displays the port number for which storm control is enabled
This indicates whether broadcast packet types are forwarded on the specific
interface.
By which specifies the Broadcast mode currently enabled on the device. The
possible field values are:
• Unknown Unicast, Multicast & Broadcast, counts Unicast, Multicast, and
• Multicast & Broadcast, counts Broadcast and Multicast traffic together.
• Broadcast Only, counts only Broadcast traffic.
Where the maximum rate (packets per second) at which unknown packets are
forwarded. The range is 70 -100000.
The default value is 3500.
Figure 4-34 Storm Control screen
Broadcast traffic.
- 88 –
User’s Manual of WGSD-1022/WGSD-8000
4.8 QoS
Network traffic is usually unpredictable, and the only basic assurance that can be offered is best effort traffic delivery. To
overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is
prioritized according to specified criteria, and that specific traffic receives preferential treatment.
And Cos Settings, Queue settings, Dscp Settings, Bandwidth, Basic Mode, Advanced mode are provided.
4.8.1 CoS Settings
The terms Class of Service (CoS) and QoS are used in the following:
CoS provides varying Layer 2 traffic services. CoS refers to classification of traffic to traffic-classes, which are handled as an
aggregate whole, with no per-flow settings. CoS is usually related to the 802.1p service that classifies flows according to their
Layer 2 priority, as set in the VLAN header. QoS refers to Layer 2 traffic and above. QoS handles per-flow settings, even within a
single traffic class.
The CoS Settings screen (see figure 4-35) contains fields for enabling or disabling CoS. In addition, the Trust mode can be
selected. The Trust mode relies on predefined fields within the packet to determine the egress queue settings. (To configure the
Trust Mode, see 4.8.5.)
The CoS Settings screen has two areas, CoS Settings and CoS to Queue.
- 89 –
The Page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-35 CoS Settings screen
• CoS Mode
• Class of Service
• Queue
The Restore Defaults button restores the device factory defaults for mapping CoS values to a forwarding queue.
CoS Default:
The Table contains the following fields:
•Interface
This indicates if QoS is enabled on the interface. The possible values are:
• Disable, disables QoS on the interface.
• Basic, enables QoS on the interface.
• Advanced, enables the Advanced Mode QoS on the interface.
Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest
Defines the traffic forwarding queue to which the CoS priority is mapped.
Four traffic priority queues are supported
Interface to which the CoS configuration applies
• Default CoS
• Restore Defaults
• LAG
Determines the default CoS value for incoming packets for which a VLAN tag is not
defined. The possible field values are 0-7.
The default CoS is 0
Restores the device factory defaults for mapping CoS values to a forwarding
queue.
LAG to which the CoS configuration applies.
4.8.2 Queue Setting
The Queue Setting screen (see figure 4-36) contains fields for defining the QoS queue forwarding types.
- 90 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-36 Quere Setting screen
The page contains the following fields:
• Strict Priority
• WRR
• Queue
• WRR Weight
• % of WRR
Bandwidth
This indicates that traffic scheduling for the selected queue is based strictly on the
queue priority.
This indicates that traffic scheduling for the selected queue is based strictly on the
WRR.
Shows the queue for which the queue settings are displayed.
The possible field range is 1 - 4.
Which displays the WRR weights to queues
Default Rate 1:2:4:8
Displays the amount of bandwidth assigned to the queue.
These values are fixed and are not user- defined.
• 6.67%
• 13.33%
• 26.67%
• 53.33%
4.8.3 DSCP Settings
The DSCP Settings screen (see figure 4-37) enables mapping DSCP values to specific queues
- 91 –
Figure 4-37 DSCP Settings screen
User’s Manual of WGSD-1022/WGSD-8000
The DSCP Settings screen contains the following fields:
• DSCP
• Queue
.,.
Indicates the Differentiated Services Code Point value in the incoming packet.
Maps the DSCP value to the selected queue
4.8.4 Bandwidth
The Bandwidth screen (refer to figure 4-38) allows network managers to define the bandwidth settings for a specified egress
interface. Modifying queue scheduling affects the queue settings globally. The Bandwidth screen is not used with the Service
mode, as bandwidth settings are based on services.
- 92 –
Figure 4-38 Bandwidth screen
User’s Manual of WGSD-1022/WGSD-8000
Queue shaping can be based per queue and/or per interface. Shaping is determined by the lower specified value. The queue
shaping type is selected in the Bandwidth screen, include interface, port, LAG, Rate Limit, Ingress Rate Limit Status, Rate
Limit….
The page contains the following fields:
• Interface
• Ingress Rate Limit
Status
• Rate Limit
(62-1000000 Kbps)
• Egress Shap ing
Rate on Selected
Indicates the interface for which the queue shaping information is displayed. The
possible field values are:
• Port, indicates the port for which the bandwidth settings are displayed.
• LAG, indicates the LAG for which the bandwidth settings are displayed.
which indicates if rate limiting is defined on the interface
Defines the amount of bandwidth assigned to the interface.
The possible field values are 62-1000000 Kbps.
Indicates if rate limiting is enabled on the interface.
Port
• Committed
Information Rate
(CIR)
Defines CIR as the queue shaping type.
The possible field value is 64 - 1,000,000 Kbps.
- 93 –
4.8.5 Basic Mode
The Basic Mode screen (see figure 4-39) contains the following fields:
Figure 4-39 Basic Mode screen
User’s Manual of WGSD-1022/WGSD-8000
The page contains the following fields:
•Trust Mode
Displays the trust mode. If a packet’s CoS tag and DSCP tag are mapped to
different queues, the Trust Mode determines the queue to which the packet is
assigned. Possible values are:
• CoS, which sets trust mode to CoS on the device and the CoS mapping
• DSCP, sets trust mode to the DSCP on the device. The DSCP mapping
4.8.6 Advanced Mode
determined the packet queue.
determines the packet queue.
Advanced QoS mode (see figure 4-40) provides rules for specifying flow classification and assigning rule actions that relate to
bandwidth management. The rules are based on the Access Control Lists (see Access Control Tab)
- 94 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-40 Advance Mode screen
MAC A CL s and IP ACLs can be grouped together in more complex structures, called policies. Policies can be applied to an
interface. Policy ACLs are applied in the sequence they appear within the policy. Only a single policy can be attached to a port.
In advanced QoS mode, ACLs can be applied directly to an interface in the Security -ACL Binding. However, a policy and ACL
cannot be simultaneously applied to an interface.
After assigning packets to a specific queue, services such as configuring output queues for the scheduling scheme, or
configuring output shaping for burst size, CIR, or CBS per interface or per queue, can be applied.
Out of Profile DSCP Assignments, this button opens up the DSCP Map screen. (see figure 4-41):
- 95 –
User’s Manual of WGSD-1022/WGSD-8000
Figure 4-41 Out of Profile DSCP Assignments screen
The page contains the following fields:
• DSCP In
• DSCP Out
The Policy Settings button opens the Policy Name screen (see figure 4-42):
This displays the DSCP In value.
The value is form 0-63.
This displays the current DSCP out value. A new value can be
selected from the pull-down menu
Figure 4-42 Policy Settings screen
- 96 –
The page contains the following fields:
User’s Manual of WGSD-1022/WGSD-8000
• Policy Name
• Add to List
• Select Policy
• New Policy Name
• Class Map
defines a new Policy name
this button will add the policy to the Policy Name table
which selects an existing Policy by name
which defines a new Policy name
where selects an existing Class Map by name
- 97 –
User’s Manual of WGSD-1022/WGSD-8000
Class Map setting
New Class Map, by which the New Class Map button opens the New Class Map screen (see figure 4-33)
The page contains the following fields:
• Class Map Name
• Preferred ACL
• IP ACL
• Match
defines a new Class Map name
which indicates if packets are first matched to an IP based ACL or a MAC based
ACL, the possible field values are:
Matches packets to IP based ACLs first, and then matches packets to MAC based
ACLs.
Criteria used to match IP addresses and /or MAC addresses with an ACL’s
address. The possible field values are:
Figure 4-43 Class Map Settings screen
•IP Based ACLs, matches packets to IP based ACLs first, then matches
packets to MAC based ACLs.
•MAC Based ACLs, matches packets to MAC based ACLs first, then matches
packets to IP based ACLs.
• And, both the MAC-based and the IP-based ACL must match a packet.
• Or, either the MAC-based or the IP-based ACL must match a packet.
• MAC ACL
Matches packets to MAC based ACLs and to IP based ACLs
- 98 –
User’s Manual of WGSD-1022/WGSD-8000
Aggregate Policer, where user-defined aggregate policers. The Aggregate Policer button opens the New Aggregate Policer
screen.
Aggregate Policer Setting
New Aggregate Policer screen (see figure 4-44):
The page contains the following fields:
• Aggregat e Policer
Name
• Ingress Committed
Information Rate
(CIR)
• Ingress Committed
Burst Size (CBS)
•Exceed Action
Where enter a name in this field.
This defines the CIR in bits per second. This field is only relevant when the Police
value is Single.
This defines the CBS in bytes per second. This field is only relevant when the
Police value is Single.
Action assigned to incoming packets exceeding the CIR.
This field is only relevant when the Police value is Single. Possible values are:
• Drop, which drops packets exceeding the defined CIR value.
Figure 4-44 Aggregate Policer Settings screen
•Remark DSCP, where remarks packet’s DSCP values exceeding the defined
CIR value.
•None, forwarding packets exceeding the defined CIR value.
- 99 –
User’s Manual of WGSD-1022/WGSD-8000
4.9. Spanning Tree
■ Theory of Spanning Tree Protocol
The IEEE 802.1D Spanning Tree Protocol and IEEE 802.1W Rapid Spanning Tree Protocol allow for the blocking of links
between switches that form loops within the network. When multiple links between switches are detected, a primary link is
established. Duplicated links are blocked from use and become standby links. The protocol allows for the duplicate links to be
used in the event of a failure of the primary link. Once the Spanning Tree Protocol is configured and enabled, primary links are
established and duplicated links are blocked automatically. The reactivation of the blocked links (at the time of a primary link
failure) is also accomplished automatically without operator intervention.
This automatic network reconfiguration provides maximum uptime to network users. However, the concepts of the Spanning
Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood. It is possible
to cause serious degradation of the performance of the network if the Spanning Tree is incorrectly configured. Please read the
following before making any changes from the default values.
The Switch STP performs the following functions:
。 Creates a single spanning tree from any combination of switching or bridging elements.
。 Creates multiple spanning trees – from any combination of ports contained within a single switch, in user specified groups.
。 Automatically reconfigures the spanning tree to compensate for the failure, addition, or removal of any element in the tree.
。 Reconfigures the spanning tree without operator intervention.
Bridge Protocol Data Units
For STP to arrive at a stable network topology, the following information is used:
。 The unique switch identifier
。 The path cost to the root associated with each switch port
。 The por tidentifier
STP communicates between switches on the network using Bridge Protocol Data Units (BPDUs). Each BPDU contains the
following information:
。 The unique identifier of the switch that the transmitting switch currently believes is the root switch
。 The path cost to the root from the transmitting port
。 The port identifier of the transmitting port
The switch sends BPDUs to communicate and construct the spanning-tree topology. All switches connected to the LAN on
which the packet is transmitted will receive the BPDU. BPDUs are not directly forwarded by the switch, but the receiving switch
uses the information in the frame to calculate a BPDU, and, if the topology changes, initiates a BPDU transmission.
The communication between switches via BPDUs results in the following:
。 One switch is elected as the root switch
。 The shortest distance to the root switch is calculated for each switch
。 A designated switch is selected. This is the switch closest to the root switch through which packets will be forwarded to the
root.
。 A port for each switch is selected. This is the port providing the best path from the switch to the root switch.
。 Ports included in the STP are selected.
Creating a Stable STP Topology
- 100 –
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.