Smc SMCGS10P-SMART MANAGEMENT GUIDE
MANAGEMENT GUIDE
Web Smart
10-Port GE PoE Switch
SMCGS10P-Smart
Web Smart 10-Port GE PoE Switch
Management Guide
No. 1, Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
TEL: +886 3 5638888
Fax: +886 3 6686111
February 2012
Pub. # 149100000169A
SMC-UG-0212-02
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable.
However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or
other rights of third parties which may result from its use. No license is granted by implication or
otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications
at any time without notice.
Copyright © 2012 by
SMC Networks, Inc.
No. 1 Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
All rights reserved
Trademarks:
SMC is a registered trademark; and Barricade, EZ Switch, TigerStack, TigerSwitch, and TigerAccess
are trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.
WARRANTY AND PRODUCT REGISTRATION
To register SMC products and to review the detailed warranty statement,
please refer to the Support Section of the SMC Website at http://
www.smc.com.
– 4 –
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause loss of data, or
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
– 5 –
A
BOUT THIS GUIDE
REVISION HISTORY This section summarizes the changes in each revision of this guide.
FEBRUARY 2012 REVISION
This is the second version of this guide. This guide is valid for software
release v1.0.0.3. It includes the following changes:
◆ Updated phone and fax numbers for SMC headquarters
◆ Corrrected PVLAN ID range to 1-10
OCTOBER 2011 REVISION
This is the first version of this guide. This guide is valid for software release
v1.0.0.3.
– 6 –
CONTENTS
WARRANTY AND PRODUCT REGISTRATION 4
BOUT THIS GUIDE 5
A
ONTENTS 7
C
IGURES 13
F
ABLES 17
T
SECTION I GETTING STARTED 19
1INTRODUCTION 20
Key Features 20
Description of Software Features 21
System Defaults 25
2INITIAL SWITCH CONFIGURATION 28
SECTION II WEB CONFIGURATION 30
3USING THE WEB INTERFACE 31
Navigating the Web Browser Interface 31
Home Page 31
Configuration Options 32
Panel Display 32
Main Menu 33
4CONFIGURING THE SWITCH 41
Configuring System Information 41
Setting an IP Address 42
Setting an IPv4 Address 42
Setting an IPv6 Address 44
Configuring NTP Service 46
Configuring Remote Log Messages 47
Configuring Power Reduction 48
– 7 –
C
ONTENTS
Controlling LED Intensity 48
Reducing Power to Idle Queue Circuits 50
Configuring Thermal Protection 51
Configuring Port Connections 52
Configuring Security 55
Configuring User Accounts 55
Configuring User Privilege Levels 57
Configuring The Authentication Method For Management Access 59
Configuring SSH 61
Configuring HTTPS 62
Filtering IP Addresses for Management Access 63
Using Simple Network Management Protocol 65
Configuring Port Limit Controls 75
Configuring Authentication Through Network Access Servers 77
Filtering Traffic with Access Control Lists 88
Configuring DHCP Snooping 99
Configuring DHCP Relay and Option 82 Information 101
Configuring IP Source Guard 102
Configuring ARP Inspection 106
Specifying Authentication Servers 109
Creating Trunk Groups 111
Configuring Static Trunks 112
Configuring LACP 114
Configuring the Spanning Tree Algorithm 116
Configuring Global Settings for STA 118
Configuring Multiple Spanning Trees 122
Configuring Spanning Tree Bridge Priorities 124
Configuring STP/RSTP/CIST Interfaces 125
Configuring MIST Interfaces 129
Multicast VLAN Registration 130
IGMP Snooping 133
Configuring Global and Port-Related Settings for IGMP Snooping 134
Configuring VLAN Settings for IGMP Snooping and Query 137
Configuring IGMP Filtering 139
MLD Snooping 140
Configuring Global and Port-Related Settings for MLD Snooping 140
– 8 –
C
ONTENTS
Configuring VLAN Settings for MLD Snooping and Query 143
Configuring MLD Filtering 145
Link Layer Discovery Protocol 146
Configuring LLDP Timing and TLVs 146
Configuring LLDP-MED TLVs 149
Power over Ethernet 155
Configuring the MAC Address Table 158
IEEE 802.1Q VLANs 160
Assigning Ports to VLANs 161
Configuring VLAN Attributes for Port Members 162
Configuring Private VLANs 165
Using Port Isolation 166
Configuring MAC-based VLANs 167
Protocol VLANs 168
Configuring Protocol VLAN Groups 169
Mapping Protocol Groups to Ports 170
Managing VoIP Traffic 171
Configuring VoIP Traffic 172
Configuring Telephony OUI 174
Quality of Service 175
Configuring Port Classification 176
Configuring Egress Port Scheduler 178
Configuring Egress Port Shaper 181
Configuring Port Remarking Mode 181
Configuring Port DSCP Translation and Rewriting 184
Configuring DSCP-based QoS Ingress Classification 186
Configuring DSCP Translation 187
Configuring DSCP Classification 188
Configuring QoS Control Lists 189
Configuring Storm Control 193
Configuring Port Mirroring 194
Configuring UPnP 196
5MONITORING THE SWITCH 199
Displaying Basic Information About the System 199
Displaying System Information 199
Displaying CPU Utilization 200
– 9 –
C
ONTENTS
Displaying Log Messages 201
Displaying Log Details 203
Displaying Thermal Protection 203
Displaying Information About Ports 204
Displaying Port Status On the Front Panel 204
Displaying an Overview of Port Statistics 205
Displaying QoS Statistics 205
Displaying QCL Status 206
Displaying Detailed Port Statistics 207
Displaying Information About Security Settings 210
Displaying Access Management Statistics 210
Displaying Information About Switch Settings for Port Security 211
Displaying Information About Learned MAC Addresses 213
Displaying Port Status for Authentication Services 214
Displaying Port Statistics for 802.1X or Remote Authentication
Service 215
Displaying ACL Status 219
Displaying Statistics for DHCP Snooping 221
Displaying DHCP Relay Statistics 222
Displaying MAC Address Bindings for ARP Packets 223
Displaying Entries in the IP Source Guard Table 224
Displaying Information on Authentication Servers 225
Displaying a List of Authentication Servers 225
Displaying Statistics for Configured Authentication Servers 226
Displaying Information on LACP 229
Displaying an Overview of LACP Groups 229
Displaying LACP Port Status 230
Displaying LACP Port Statistics 231
Displaying Information on the Spanning Tree 232
Displaying Bridge Status for STA 232
Displaying Port Status for STA 234
Displaying Port Statistics for STA 235
Displaying MVR Information 236
Displaying MVR Statistics 236
Displaying MVR Group Information 237
Showing IGMP Snooping Information 238
Showing IGMP Snooping Status 238
– 10 –
C
ONTENTS
Showing IGMP Snooping Group Information 239
Showing IPv4 SSM Information 240
Showing MLD Snooping Information 241
Showing MLD Snooping Status 241
Showing MLD Snooping Group Information 242
Showing IPv6 SSM Information 243
Displaying LLDP Information 244
Displaying LLDP Neighbor Information 244
Displaying LLDP-MED Neighbor Information 245
Displaying LLDP Neighbor EEE Information 247
Displaying LLDP Port Statistics 249
Displaying LLDP Neighbor PoE Information 250
Displaying PoE Status 251
Displaying the MAC Address Table 252
Displaying Information About VLANs 253
VLAN Membership 253
VLAN Port Status 254
Displaying Information About MAC-based VLANs 256
6PERFORMING BASIC DIAGNOSTICS 257
Pinging an IPv4 or IPv6 Address 257
Running Cable Diagnostics 258
7PERFORMING SYSTEM MAINTENANCE 261
Restarting the Switch 261
Restoring Factory Defaults 262
Upgrading Firmware 262
Managing Configuration Files 263
Saving Configuration Settings 263
Restoring Configuration Settings 264
SECTION III APPENDICES 265
ASOFTWARE SPECIFICATIONS 266
Software Features 266
Management Features 267
Standards 268
Management Information Bases 268
– 11 –
C
ONTENTS
BTROUBLESHOOTING 270
Problems Accessing the Management Interface 270
Using System Logs 271
CLICENSE INFORMATION 272
The GNU General Public License 272
GLOSSARY 276
NDEX 284
I
– 12 –
FIGURES
Figure 1: Home Page 31
Figure 2: Front Panel Indicators 32
Figure 3: System Information Configuration 42
Figure 4: IP Configuration 44
Figure 5: IPv6 Configuration 46
Figure 6: NTP Configuration 47
Figure 7: Configuring Settings for Remote Logging of Error Messages 48
Figure 8: Configuring LED Power Reduction 49
Figure 9: Configuring EEE Power Reduction 51
Figure 10: Configuring Thermal Protection 52
Figure 11: Port Configuration 54
Figure 12: Showing User Accounts 56
Figure 13: Configuring User Accounts 57
Figure 14: Configuring Privilege Levels 58
Figure 15: Authentication Server Operation 59
Figure 16: Authentication Method for Management Access 61
Figure 17: SSH Configuration 62
Figure 18: HTTPS Configuration 63
Figure 19: Access Management Configuration 64
Figure 20: SNMP System Configuration 69
Figure 21: SNMPv3 Community Configuration 70
Figure 22: SNMPv3 User Configuration 72
Figure 23: SNMPv3 Group Configuration 73
Figure 24: SNMPv3 View Configuration 74
Figure 25: SNMPv3 Access Configuration 75
Figure 26: Port Limit Control Configuration 77
Figure 27: Using Port Security 78
Figure 28: Network Access Server Configuration 88
Figure 29: ACL Port Configuration 90
Figure 30: ACL Rate Limiter Configuration 91
Figure 31: Access Control List Configuration 98
– 13 –
F
IGURES
Figure 32: DHCP Snooping Configuration 101
Figure 33: DHCP Relay Configuration 102
Figure 34: Configuring Global and Port-based Settings for IP Source Guard 104
Figure 35: Configuring Static Bindings for IP Source Guard 106
Figure 36: Configuring Global and Port Settings for ARP Inspection 108
Figure 37: Configuring Static Bindings for ARP Inspection 109
Figure 38: Authentication Configuration 110
Figure 39: Static Trunk Configuration 114
Figure 40: LACP Port Configuration 116
Figure 41: STP Root Ports and Designated Ports 117
Figure 42: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 117
Figure 43: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree 118
Figure 44: STA Bridge Configuration 122
Figure 45: Adding a VLAN to an MST Instance 124
Figure 46: Configuring STA Bridge Priorities 125
Figure 47: STP/RSTP/CIST Port Configuration 128
Figure 48: MSTI Port Configuration 130
Figure 49: MVR Concept 131
Figure 50: Configuring MVR 133
Figure 51: Configuring Global and Port-related Settings for IGMP Snooping 136
Figure 52: Configuring VLAN Settings for IGMP Snooping and Query 138
Figure 53: IGMP Snooping Port Group Filtering Configuration 139
Figure 54: Configuring Global and Port-related Settings for MLD Snooping 143
Figure 55: Configuring VLAN Settings for MLD Snooping and Query 145
Figure 56: MLD Snooping Port Group Filtering Configuration 146
Figure 57: LLDP Configuration 149
Figure 58: LLDP-MED Configuration 155
Figure 59: Configuring PoE Settings 158
Figure 60: MAC Address Table Configuration 160
Figure 61: VLAN Membership Configuration 162
Figure 62: VLAN Port Configuration 164
Figure 63: Private VLAN Membership Configuration 166
Figure 64: Port Isolation Configuration 166
Figure 65: Configuring MAC-Based VLANs 168
Figure 66: Configuring Protocol VLANs 170
Figure 67: Assigning Ports to Protocol VLANs 171
– 14 –
F
IGURES
Figure 68: Configuring Global and Port Settings for a Voice VLAN 174
Figure 69: Configuring an OUI Telephony List 175
Figure 70: Configuring Ingress Port QoS Classification 177
Figure 71: Configuring Ingress Port Tag Classification 178
Figure 72: Displaying Egress Port Schedulers 180
Figure 73: Configuring Egress Port Schedulers and Shapers 180
Figure 74: Displaying Egress Port Shapers 181
Figure 75: Displaying Port Tag Remarking Mode 183
Figure 76: Configuring Port Tag Remarking Mode 184
Figure 77: Configuring Port DSCP Translation and Rewriting 186
Figure 78: Configuring DSCP-based QoS Ingress Classification 187
Figure 79: Configuring DSCP Translation and Re-mapping 188
Figure 80: Mapping DSCP to CoS/DPL Values 189
Figure 81: QoS Control List Configuration 193
Figure 82: Storm Control Configuration 194
Figure 83: Mirror Configuration 195
Figure 84: UPnP Configuration 197
Figure 85: System Information 200
Figure 86: CPU Load 201
Figure 87: System Log Information 202
Figure 88: Detailed System Log Information 203
Figure 89: Thermal Protection Status 204
Figure 90: Port State Overview 204
Figure 91: Port Statistics Overview 205
Figure 92: Queueing Counters 206
Figure 93: QoS Control List Status 207
Figure 94: Detailed Port Statistics 209
Figure 95: Access Management Statistics 210
Figure 96: Port Security Switch Status 212
Figure 97: Port Security Port Status 213
Figure 98: Network Access Server Switch Status 215
Figure 99: NAS Statistics for Specified Port 219
Figure 100: ACL Status 220
Figure 101: DHCP Snooping Statistics 222
Figure 102: DHCP Relay Statistics 223
Figure 103: Dynamic ARP Inspection Table 224
– 15 –
F
IGURES
Figure 104: Dynamic IP Source Guard Table 224
Figure 105: RADIUS Overview 225
Figure 106: RADIUS Details 229
Figure 107: LACP System Status 230
Figure 108: LACP Port Status 231
Figure 109: LACP Port Statistics 231
Figure 110: Spanning Tree Bridge Status 234
Figure 111: Spanning Tree Detailed Bridge Status 234
Figure 112: Spanning Tree Port Status 235
Figure 113: Spanning Tree Port Statistics 236
Figure 114: MVR Statistics 237
Figure 115: MVR Group Information 238
Figure 116: IGMP Snooping Status 239
Figure 117: IGMP Snooping Group Information 240
Figure 118: IPv4 SSM Information 241
Figure 119: MLD Snooping Status 242
Figure 120: MLD Snooping Group Information 243
Figure 121: IPv6 SSM Information 243
Figure 122: LLDP Neighbor Information 245
Figure 123: LLDP-MED Neighbor Information 247
Figure 124: LLDP Neighbor EEE Information 248
Figure 125: LLDP Port Statistics 250
Figure 126: LLDP Neighbor PoE Information 251
Figure 127: Power over Ethernet Status 252
Figure 128: MAC Address Table 253
Figure 129: Showing VLAN Members 254
Figure 130: Showing VLAN Port Status 255
Figure 131: Showing MAC-based VLAN Configuration 256
Figure 132: ICMP Ping 258
Figure 133: VeriPHY Cable Diagnostics 259
Figure 134: Restart Device 261
Figure 135: Factory Defaults 262
Figure 136: Software Upload 263
Figure 137: Configuration Save 264
Figure 138: Configuration Upload 264
– 16 –
TABLES
Table 1: Key Features 20
Table 2: System Defaults 25
Table 3: Web Page Configuration Buttons 32
Table 4: Main Menu 33
Table 5: HTTPS System Support 63
Table 6: SNMP Security Models and Levels 65
Table 7: Dynamic QoS Profiles 81
Table 8: QCE Modification Buttons 92
Table 9: Recommended STA Path Cost Range 126
Table 10: Recommended STA Path Costs 126
Table 11: Default STA Path Costs 126
Table 12: QCE Modification Buttons 190
Table 13: System Capabilities 244
Table 14: Troubleshooting Chart 270
– 17 –
T
ABLES
– 18 –
S
ECTION
GETTING STARTED
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.
This section includes these chapters:
◆ "Introduction" on page 20
◆ "Initial Switch Configuration" on page 28
I
– 19 –
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
Configuration Backup
and Restore
Backup to management station using Web
Authentication Telnet, Web – user name/password, RADIUS, TACACS+
Web – H TTPS
Telne t – S S H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
General Security
Measures
Access Control Lists Supports up to 256 rules
DHCP Client
DNS Client and Proxy service
Port Configuration Speed, duplex mode, flow control, MTU, response to excessive
Rate Limiting Input rate limiting per port (manual setting or ACL)
Port Mirroring 1 sessions, up to 10 source port to one analysis port per session
Port Trunking Supports up to 5 trunks – static or dynamic trunking (LACP)
Congestion Control Throttling for broadcast, multicast, unknown unicast storms
Address Table 8K MAC addresses in the forwarding table, 1000 static MAC
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS
Private VLANs
Port Authentication
Port Security
DHCP Snooping (with Option 82 relay information)
IP Source Guard
collisions, power saving mode
addresses, 1K L2 IGMP multicast groups and 128 MVR groups
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Supported to ensure wire-speed switching while eliminating bad
frames
– 20 –
C
HAPTER
Description of Software Features
1
| Introduction
Table 1: Key Features (Continued)
Feature Description
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private
Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/
Qualify of Service Supports Differentiated Services (DiffServ), and DSCP remarking
Link Layer Discovery
Protocol
Multicast Filtering Supports IGMP snooping and query, MLD snooping, and Multicast
DESCRIPTION OF SOFTWARE FEATURES
The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Storm suppression prevents broadcast,
multicast, and unknown unicast traffic storms from engulfing the network.
Untagged (port-based), tagged, and protocol-based VLANs provide traffic
security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across
the network. While multicast filtering provides support for real-time
network applications.
Multiple Spanning Trees (MSTP)
VLANs, and voice VLANs, and QinQ tunnel
UDP port, DSCP, ToS bit, VLAN tag priority, or port
Used to discover basic information about neighboring devices
VLAN Registration
Some of the management features are briefly described below.
CONFIGURATION
BACKUP AND
RESTORE
You can save the current configuration settings to a file on the
management station (using the web interface) or a TFTP server (using the
console interface through Telnet), and later download this file to restore
the switch configuration settings.
AUTHENTICATION This switch authenticates management access via a web browser. User
names and passwords can be configured locally or can be verified via a
remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol
uses Extensible Authentication Protocol over LANs (EAPOL) to request user
credentials from the 802.1X client, and then uses the EAP between the
switch and the authentication server to verify the client’s right to access
the network via an authentication server (i.e., RADIUS or TACACS+
server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access, and MAC address filtering for port access.
– 21 –
C
HAPTER
Description of Software Features
1
| Introduction
ACCESS CONTROL
LISTS
ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP
port number or frame type) or layer 2 frames (based on any destination
MAC address for unicast, broadcast or multicast, or based on VLAN ID or
VLAN tag priority). ACLs can by used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting
access to specific network resources or protocols. Policies can be used to
differentiate service for client ports, server ports, network ports or guest
ports. They can also be used to strictly control network traffic by only
allowing incoming frames that match the source MAC and source IP on
specific port.
PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control
used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Flow
control should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
RATE LIMITING This feature controls the maximum rate for traffic transmitted or received
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within
the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.
PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be
manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 5 trunks.
STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents
traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.
STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.
Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will
– 22 –
C
HAPTER
Description of Software Features
1
| Introduction
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.
IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table
facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 16K addresses.
STORE-AND-FORWARD
SWITCHING
SPANNING TREE
ALGORITHM
The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.
To avoid dropping frames on congested ports, the switch provides 8 MB for
frame buffering. This buffer can queue packets awaiting transmission on
congested networks.
The switch supports these spanning tree protocols:
◆ Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using the
STP backward compatible mode provided by RSTP. STP provides loop
detection. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure
that only one route exists between any two stations on the network.
This prevents the creation of network loops. However, if the chosen
path should fail for any reason, an alternate path will be activated to
maintain the connection.
◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE
802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.
◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for
even faster convergence than RSTP by limiting the size of each region,
and prevents VLAN members from being segmented from the rest of
the group (as sometimes occurs with IEEE 802.1D STP).
– 23 –
C
HAPTER
Description of Software Features
1
| Introduction
VIRTUAL LANS The switch supports up to 4096 VLANs. A Virtual LAN is a collection of
network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:
◆ Eliminate broadcast storms which severely degrade performance in a
flat network.
◆ Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
◆ Provide data security by restricting all traffic to the originating VLAN.
◆ Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.
IEEE 802.1Q
TUNNELING (QINQ)
TRAFFIC
PRIORITIZATION
◆ Use protocol VLANs to restrict traffic to specified interfaces based on
protocol type.
This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s
frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.
This switch prioritizes each packet based on the required level of service,
using four priority queues with strict or Weighted Round Robin queuing. It
uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
provide independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet or the number
of the TCP/UDP port. When these services are enabled, the priorities are
mapped to a Class of Service value by the switch, and the traffic then sent
to the corresponding output queue.
be used to
– 24 –
C
HAPTER
System Defaults
1
| Introduction
QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management
mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2,
Layer 3, or Layer 4 information contained in each packet. Based on
network policies, different kinds of traffic can be marked for different kinds
of forwarding.
MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it
does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration for IPv4 traffic, and MLD Snooping for IPv6 traffic. It also
supports Multicast VLAN Registration (MVR) which allows common
multicast traffic, such as television channels, to be transmitted across a
single network-wide multicast VLAN shared by hosts residing in other
standard or private VLAN groups, while preserving security and data
isolation for normal traffic.
SYSTEM DEFAULTS
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should
be set as the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Authentication User Name “admin”
Password “admin”
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
802.1X Port Authentication Disabled
HTTPS Enabled
SSH Enabled
Port Security Disabled
IP Filtering Disabled
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Disabled
HTTP Secure Server Redirect Disabled
– 25 –
C
HAPTER
Table 2: System Defaults (Continued)
Function Parameter Default
SNMP SNMP Agent Disabled
Community Strings “public” (read only)
“private” (read/write)
1
| Introduction
System Defaults
Traps Global: disabled
SNMP V3 View: default_view
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Rate Limiting Input and output limits Disabled
Po r t Tru n k ing S tati c Trun k s N one
LACP (all ports) Disabled
Storm Protection Status Broadcast: Enabled (1 kpps)
Spanning Tree Algorithm Status Enabled, RSTP
Edge Ports Enabled
Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1
PVID 1
Authentication traps: enabled
Link-up-down events: enabled
Group: default_rw_group
Multicast: disabled
Unknown unicast: disabled
(Defaults: RSTP standard)
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Access
Traffic Prioritization Ingress Port Priority 0
Queue Mode Strict
Weighted Round Robin Queue: 0 1 2 3 4 5 6 7
Weight: Disabled in strict mode
Ethernet Type Disabled
VLAN ID Disabled
VLAN Priority Tag Disabled
ToS Prio r i t y Disa b l e d
IP DSCP Priority Disabled
TCP/UDP Port Priority Disabled
LLDP Status Enabled
– 26 –
C
HAPTER
1
| Introduction
System Defaults
Table 2: System Defaults (Continued)
Function Parameter Default
IP Settings Management. VLAN VLAN 1
IP Address 192.168.1.10
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
DHCP Client: Disabled
Snooping: Disabled
DNS Proxy service: Disabled
Multicast Filtering IGMP Snooping Snooping: Disabled
MLD Snooping Disabled
Multicast VLAN Registration Disabled
System Log
(console only)
NTP Clock Synchronization Disabled
Status Disabled
Messages Logged to Flash All levels
Querier: Disabled
– 27 –
2 INITIAL SWITCH CONFIGURATION
This chapter includes information on connecting to the switch and basic
configuration procedures.
To make use of the management features of your switch, you must first
configure it with an IP address that is compatible with the network in which
it is being installed. This should be done before you permanently install the
switch in the network.
Follow this procedure:
1. Place the switch close to the PC that you intend to use for configuration.
It helps if you can see the front panel of the switch while working on
your PC.
2. Connect the Ethernet port of your PC to any port on the front panel of
the switch. Connect power to the switch and verify that you have a link
by checking the front-panel LEDs.
3. Check that your PC has an IP address on the same subnet as the
switch. The default IP address of the switch is 192.168.1.10 and the
subnet mask is 255.255.255.0, so the PC and switch are on the same
subnet if they both have addresses that start 192.168.1.x. If the PC
and switch are not on the same subnet, you must manually set the PC’s
IP address to 192.168.1.x (where “x” is any number from 1 to 254,
except 10).
4. Open your web browser and enter the address http://192.168.1.10. If
your PC is properly configured, you will see the login page of the
switch. If you do not see the login page, repeat step 3.
5. Enter “admin” for the user name and password, and then click on the
Login button.
6. From the menu, click System, and then IP. To request an address from
a local DHCP Server, mark the DHCP Client check box. To configure a
static address, enter the new IP Address, IP Mask, and other optional
parameters for the switch, and then click on the Save button.
If you need to configure an IPv6 address, select IPv6 from the System
menu, and either submit a request for an address from a local DHCPv6
server by marking the Auto Configuration check box, or configure a
static address by filling in the parameters for an address, network
prefix length, and gateway router.
No other configuration changes are required at this stage, but it is
recommended that you change the administrator’s password before
– 28 –
C
HAPTER
2
| Initial Switch Configuration
logging out. To change the password, click Security and then Users. Select
“admin” from the User Configuration list, fill in the Password fields, and
then click Save.
– 29 –
S
ECTION
WEB CONFIGURATION
This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.
This section includes these chapters:
◆ "Using the Web Interface" on page 31
◆ "Configuring the Switch" on page 41
◆ "Monitoring the Switch" on page 199
◆ "Performing Basic Diagnostics" on page 257
II
◆ "Performing System Maintenance" on page 261
– 30 –
Loading...