TRENDnet TL2-FG142 User Manual

Download

TRENDnet User’s Guide

Cover Page

TRENDnet User’s Guide

Table of Contents

Contents

1. Introduction ................................................................................ 1

1.1 Introduction of the management functions ............................................................. 1

1.2 General Features ...................................................................................................... 2

1.3 Layer-2 Switching ..................................................................................................... 3

1.4 Multicast .................................................................................................................. 3

1.5 Carrier Ethernet ....................................................................................................... 3

1.6 Quality of Service ..................................................................................................... 3

1.7 Security .................................................................................................................... 3

1.8 Standard References ................................................................................................ 3

1.9 Front Panel LEDs Indicators ..................................................................................... 4

1.10 Rear Panel Connectors ........................................................................................... 4

2. Hardware Installation .................................................................. 5

2.1 Unpacking ................................................................................................................ 5

2.2 Switch Installation ................................................................................................... 5

2.3 Adding Module ........................................................................................................ 5

3. Console ....................................................................................... 5

3.1 Console Setup........................................................................................................... 5

3.2 Login ........................................................................................................................ 6

4. Configuring with WEB .................................................................. 6

4.1 Login ........................................................................................................................ 7

4.2 Web Menus .............................................................................................................. 7

4.3 Configuration ....................................................................................................... 8

4.3.1 System......................................................................................................... 8

4.3.1.1 Information .............................................................................................. 8

4.3.1.2 IP .............................................................................................................. 8

4.3.1.3 NTP ......................................................................................................... 10

4.3.1.4 Time ....................................................................................................... 10

4.3.1.5 Log ......................................................................................................... 12

4.3.2 Green Ethernet ......................................................................................... 12

4.3.2.1 Port Power Savings ................................................................................ 12

4.3.3 Port ........................................................................................................... 13

4.3.4 DHCP ......................................................................................................... 15

4.3.4.1 Server-Mode .......................................................................................... 15

4.3.4.2 Server-Excluded IP ................................................................................. 15

4.3.4.3 Server-pool ............................................................................................ 16

4.3.4.4 Snooping ................................................................................................ 16

4.3.4.5 Relay ...................................................................................................... 17

4.3.5 Security ..................................................................................................... 17

4.3.5.1 User........................................................................................................ 17

4.3.5.2Privilege Levels ....................................................................................... 18

4.3.5.3Authentication Method Configuration ................................................... 19

4.3.5.4SSH Configuration ................................................................................... 19

4.3.5.5HTTPS Configuration ............................................................................... 20

4.3.5.6Access Management Configuration ........................................................ 20

4.3.5.7Limit Control ........................................................................................... 21

4.3.5.8NAS ......................................................................................................... 22

4.3.6 SNMP ........................................................................................................ 25

4.3.6.1System .................................................................................................... 25

4.3.6.2 Trap ........................................................................................................ 26

4.3.6.3Communit ............................................................................................... 27

4.3.6.4 User........................................................................................................ 27

4.3.6.5 Group ..................................................................................................... 28

4.3.6.6 View ....................................................................................................... 29

4.3.6.7 Access .................................................................................................... 29

4.3.7 RMON ....................................................................................................... 30

4.3.7.1 Statistics ................................................................................................. 30

4.3.7.2 History ................................................................................................... 30

4.3.7.3 Alarm ..................................................................................................... 30

4.3.7.4 Event ...................................................................................................... 31

4.3.8 ACL ............................................................................................................ 32

4.3.8.1 Ports ....................................................................................................... 32

4.3.8.2 Rate Limiters .......................................................................................... 33

4.3.8.3 Access Control List ................................................................................. 34

4.3.9 IP Source Guard ........................................................................................ 37

4.3.9.1 IP Source Guard Configuration .............................................................. 37

TRENDnet User’s Guide

Table of Contents

4.3.9.2 IP Static Table......................................................................................... 37

4.3.10 ARP Inspection ........................................................................................ 38

4.3.10.1 Port Configuration ............................................................................... 38

4.3.10.2 VLAN Mode Configuration ................................................................... 39

4.3.10.3 Static ARP Inspection Table ................................................................. 39

4.3.10.4 Dynamic ARP Inspection Table ............................................................ 40

4.3.11 AAA ......................................................................................................... 40

4.3.11.1 RADIUS Server Configuration ............................................................... 40

4.3.11.2 TACACS+ Server Configuration ............................................................ 41

4.3.12 Aggregation ............................................................................................. 42

4.3.12.1 Static .................................................................................................... 42

4.3.12.2 LACP ..................................................................................................... 43

4.3.13 Link OAM ................................................................................................ 44

4.3.13.1 Port Settings......................................................................................... 44

4.3.13.2 Event Settings ...................................................................................... 45

4.3.14 Loop Protection ...................................................................................... 46

4.3.15 Spanning Tree ......................................................................................... 47

4.3.15.1 Bridge Setting....................................................................................... 47

4.3.15.2 MSTI Mapping ...................................................................................... 48

4.3.15.3 MSTI Priorities ...................................................................................... 49

4.3.15.4 CIST Ports ............................................................................................. 49

4.3.15.5 MSTI Ports ............................................................................................ 50

4.3.16 IPMC Profile ............................................................................................ 51

4.3.16.1 Profile Table ......................................................................................... 51

4.3.16.2 Address Entry ....................................................................................... 52

4.3.17 MVR ........................................................................................................ 52

4.3.18 IPMC ........................................................................................................ 55

4.3.18.1 IGMP Snooping-Base Cfg ..................................................................... 55

4.3.18.2 IGMP Snooping-VLAN Cfg .................................................................... 55

4.3.18.3 IGMP Snooping- Port Filtering Profile .................................................. 57

4.3.18.3 MLD Snooping- Base Cfg ...................................................................... 57

4.3.18.4 MLD Snooping- VLAN Cfg ..................................................................... 58

4.3.18.4 MLD Snooping- Port Filter profile ........................................................ 60

4.3.19 LLDP ........................................................................................................ 60

4.3.19.1 LLDP Configuration .............................................................................. 60

4.3.19.2 LLDP-MED ............................................................................................ 62

4.3.20 EPS .......................................................................................................... 65

4.3.21 MEP ......................................................................................................... 66

5. Monitor .................................................................................... 96

4.3.22 MAC Table .............................................................................................. 66

4.3.23 VLAN Translation .................................................................................... 67

4.3.23.1 Port to Group Mapping........................................................................ 67

4.3.23.2 VID Translation Mapping ..................................................................... 68

4.3.24 VLANs ...................................................................................................... 69

4.3.25 Private VLANs ......................................................................................... 72

4.3.25.1 Private VLAN Membership .................................................................. 72

4.3.25.2 Port Isolation ....................................................................................... 72

4.3.26 VCL .......................................................................................................... 73

4.3.26.1 MAC-based VLAN ................................................................................. 73

4.3.26.2 Protocol-based VLAN ........................................................................... 73

4.3.26.3 IP Subnet-based VLAN ......................................................................... 75

4.3.27 Voice VLAN ............................................................................................. 76

4.3.27.1 Configuration ....................................................................................... 76

4.3.27.2 OUI ....................................................................................................... 77

4.3.28 Ethernet Services .................................................................................... 77

4.3.28.1 Port ...................................................................................................... 77

4.3.28.2 Bandwidth Profiles............................................................................... 78

4.3.28.3 EVCs ..................................................................................................... 79

4.3.28.4 ECEs ..................................................................................................... 80

4.3.29 QoS ......................................................................................................... 81

4.3.29.1 Port Classification ................................................................................ 81

4.3.29.2 Port Policing ......................................................................................... 82

4.3.29.3 Queue Policing ..................................................................................... 83

4.3.29.4 Port Scheduler ..................................................................................... 84

4.3.29.5 Port Shaping ........................................................................................ 85

4.3.29.6 Port Tag Remarking ............................................................................. 86

4.3.29.7 Port DSCP ............................................................................................. 88

4.3.29.8 DSCP-Based QoS .................................................................................. 88

4.3.29.9 DSCP Translation .................................................................................. 89

4.3.29.10 DSCP Classification ............................................................................. 90

4.3.29.11 QoS Control List ................................................................................. 90

4.3.29.12 Storm Control .................................................................................... 93

4.3.30 Mirror ..................................................................................................... 94

4.3.31 sFlow ....................................................................................................... 94

5.1 System ......................................................................................................... 96

TRENDnet User’s Guide

Table of Contents

iii

5.1.1 Information ............................................................................................... 96

5.1.2 CPU Load ................................................................................................... 97

5.1.3 IP Status .................................................................................................... 97

5.1.4 Log............................................................................................................. 98

5.1.5 Detailed Log .............................................................................................. 98

5.2 Green Ethernet ............................................................................................ 98

5.2.1 Port Power Savings ................................................................................... 98

5.3 Ports ............................................................................................................. 99

5.3.1 State .......................................................................................................... 99

5.3.2 Port Statistics Overview ............................................................................ 99

5.3.3 QoS Statistics ............................................................................................ 99

5.3.4 QCL Status ............................................................................................... 100

5.3.5 Detailed Port Statistics ............................................................................ 100

5.3.6 DDMI ....................................................................................................... 101

5.4 Link OAM ................................................................................................... 101

5.4.1 Statistics .................................................................................................. 101

5.4.2 Port status ............................................................................................... 102

5.4.3 Event Status ............................................................................................ 102

5.5 Security ...................................................................................................... 102

5.5.1 Access Management Statistics ................................................................ 102

5.5.2 Port Security - Switch .............................................................................. 103

5.5.3 Port Security - Port .................................................................................. 104

5.5.4 NAS - Switch ............................................................................................ 104

5.5.5 NAS - Port ................................................................................................ 105

5.5.6 ACL Status ............................................................................................... 105

5.5.7 ARP inspection ........................................................................................ 105

5.5.8 IP Source Guard ...................................................................................... 105

5.5.9 AAA Radius .............................................................................................. 106

5.5.10 AAA Overview ....................................................................................... 106

5.5.11 ROM Statistics ....................................................................................... 106

5.5.12 ROM History.......................................................................................... 107

5.5.13 ROM Alarm ........................................................................................... 107

5.5.14 ROM Event ............................................................................................ 107

5.6 LACP ........................................................................................................... 107

5.6.1 System Status .......................................................................................... 107

5.6.2 LACP Status ............................................................................................. 107

5.6.3 LACP Statistics ......................................................................................... 108

5.7 Loop Protection ......................................................................................... 108

6. Diagnostics.............................................................................. 112

5.8 Spanning Tree ............................................................................................ 108

5.8.1 Bridge Status ........................................................................................... 108

5.8.2 Port Status .............................................................................................. 108

5.8.3 Port Statistics .......................................................................................... 108

5.9 MVR ........................................................................................................... 108

5.9.1 Statistics .................................................................................................. 108

5.9.2 MVR Channel Groups .............................................................................. 109

5.9.3 MVR SFM Information ............................................................................ 109

5.10 IPMC ........................................................................................................ 109

5.10.1 IGMP Status .......................................................................................... 109

5.10.2 IGMP Group Information ...................................................................... 109

5.10.3 IGMP SFM Information ......................................................................... 109

5.10.4 MLD Status ............................................................................................ 110

5.10.5 MLD group Information ........................................................................ 110

5.10.6 MLD SFM Information .......................................................................... 110

5.11 LLDP ......................................................................................................... 110

5.11.1 Neighbours ........................................................................................... 110

5.11.2 LLDP-MED Neighbour Information ....................................................... 110

5.11.3 EEE ........................................................................................................ 110

5.11.4 Port Statistics ........................................................................................ 111

5.12 Ethernet Services ..................................................................................... 111

5.12.1 EVC Statistics ........................................................................................ 111

5.13 MAC Table................................................................................................ 111

5.14 VLANs ....................................................................................................... 111

5.14.1 VLAN Membership ................................................................................ 111

5.14.2 VLAN Port ............................................................................................. 111

5.15 VCL ........................................................................................................... 112

5.15.1 MAC-Based VLAN .................................................................................. 112

5.16 sFlow ........................................................................................................ 112

6.1 Ping ...................................................................................................................... 112

6.2 Link OAM ............................................................................................................. 113

6.2.1 MIB Retrieval .......................................................................................... 113

6.3 Ping6 .................................................................................................................... 113

6.4 VeriPHY ................................................................................................................ 114

TRENDnet User’s Guide

Table of Contents

7. Maintenance ........................................................................... 115

7.1 Restart Device ..................................................................................................... 115

7.2 Factory Default .................................................................................................... 115

7.3 Software............................................................................................................... 115

7.3.1 Upload..................................................................................................... 115

7.3.2 Image Select ............................................................................................ 115

7.4 Configuration ....................................................................................................... 116

7.4.1 Save startup-config ................................................................................. 116

7.4.2 Download ................................................................................................ 116

7.4.3 Upload..................................................................................................... 117

7.4.4 Activate ................................................................................................... 117

7.4.5 Delete ...................................................................................................... 117

Technical Specifications............................................................... 119

Troubleshooting .......................................................................... 123

Appendix .................................................................................... 124

TRENDnet User’s Guide

TL2-FG142

1. Introduction

TL2-FG142 supports 14 fiber ports SFP type with 100/1000M bps and 2 RJ-45 Copper port with adaptive 10/100/1000M bps.

1.1 Introduction of the management functions

The Switch supports in-band management function from Http/Telnet/SNMP interfaces. Console is supported for local command-line settings. It supports network configuration functions, like VLAN, Trunking, Port Mirror, QoS, spanning tree and software backup/update. Users can configure these functions for different network applications. The following is a brief introduction about these functions before the detail operation sections.

1. VLAN (Virtual LAN)

The trunk connection supports redundant function. If any trunk cable is broken, the traffic going through that cable will be transferred to another trunk cable automatically. For example, if traffic of user port 6 is assigned to Port 1 in a Trunk and Port 1 connection breaks, Port 2 will take over the traffic for Port 6 automatically. (It could be used for redundant application.)

3. Spanning Tree Protocol / Rapid Spanning Tree Protocol Spanning tree is a protocol to prevent network loop in network topology. If network

loop happens, it will cause switches in the network unstable because more and more traffic will loop in the network. If network loop happens, spanning tree protocol will block one connection in the loop automatically. But it will also cause a period of delay (30 seconds for STP and shorter time for RSTP) if any network connection is changed because of the network topology detection operation of the protocol.

Because there could be more than one switch in the network, users can configure this function for their network spanning tree application.

4. Port Mirror This switch operates in store-and-forward algorithm so it is not possible to monitor

network traffic from another connection port. But the port mirror function can copy packets from some monitored port to another port for network monitor.

VLAN can divide the switch to several broadcast domains to prevent network traffic between different user groups. This switch supports 802.1Q tag-based VLAN and Portbased VLAN. Users with the same VLAN ID can transfer data to each other. The network traffic will be blocked if they have different VLAN ID. VLAN Stacking function for

802.1Q tag-based VLAN is supported. It allows two VLAN tags in a packet for 802.1Q VLAN tunnelling application through a central network.

2. Trunk If two switches are cascaded together, the bottleneck will happen at the cascading

connection. If more cables could be used for the cascading connection, it will reduce the bottleneck problem. In normal case, switches will become unstable because of traffic looping when more than one cable is connected between them. If the switches support trunk function, they can treat these cables as one connection between them. The traffic looping will not happen between these cables and the switches will work stable with bigger bandwidth between them.

Notes: About redundant application

5. QoS For Quality of Service request in a network, packets could be classified to different

forwarding priorities. For real-time network traffic (like video, audio), it needs higher priority than normal network traffic. With the definition of packet priority, it could have 8 priority levels (from 0 to 7). This switch supports eight priority level queues on each port. It could be configured for port-based, 802.1P tagged based, or DiffServ of IP packets priority. User can define the mapping of priority values to the priority queues.

6. Static Mac ID in ARL table

The switch can learn the Mac address from user’s packets and keep these Mac address

in the ARL table for store-and-forward table lookup operation. But these Mac addresses will be deleted from ARL table after some time when users do not send any packets to the switch. This operation is called aging and the time is called aging time. It is about 5 minutes normally (it could be changed by users.) If users want to keep a Mac address always in ARL table on some port, they can assign the Mac address to ARL table. These Mac ID are called Static Mac address. This switch supports static Mac address assignment. The static Mac address assignment will also limit the Mac address could be

TRENDnet User’s Guide

TL2-FG142

used on the assigned port only with the port security configuration function. For example, assigning “00-00-e2-11-22-33” to Port 5 will always keep this Mac ID alive on Port 5 but also limit this Mac address could work on Port 5 only.

Note: About Static Mac Address Filter-in (port binding) function There is a Mac Security function for port security. If Mac Table Learning is set to

“Secure”, only these static Mac addresses can access network through the assigned port. The other Mac addresses will be forbidden for network access through that port. This function can be used for port binding security application. Please refer to Section

6.3 for the details of the Mac address filter-in operation of the switch.

7. Dynamic Mac ID Number Limit Beside Static Mac ID Limit, there is another Dynamic Mac ID Number Limit function for

Mac address security on port. This function can limit the Mac ID number to access network through a port. For example, five Mac ID are allowed for Port 2. That means

up to five users are allowed, but don’t care who the users are. It is done by “Limit Control” function in “Security - Network” function.

multicast VLAN to be shared by subscribers in different VLANs. That can reduce the multicast traffic for VLANs.

12. IP Source Guard This function can limit the IP address for accessing network from switch port. That can

prevent illegal IP problem in network.

13. ACL (Access Control List) This function is used to define network access control policy - a list of packet filtering

rules. The filtering conditions are Layer2 ~ Layer4 - including Mac address, VLAN ID, Ethernet Type, IP address, ARP Packets, ... If conditions are matched, the traffic could be discarded, forwarded, logging or rate limit.

14. LLDP (Link Layer Discover Protocol) LLDP protocol is used by network devices to advertise their identity, capabilities, and

interconnections on a LAN network. This switch can advertise its system information, and show the information of the connected network devices by LLDP protocol.

8. IEEE 802.1x Port Security Function If the 802.1x function is enabled, the switch will act as an authenticator for users

accessing network through the switch. It will need a RADIUS server for the authentication function. Users will be asked for username and password before network access. If the RADIUS server authenticates it, the switch will enable the port for network access. This function is very useful for network security application to prevent illegal users access network through the switch.

9. Rate Control This function can limit the traffic rate for physical ports. The traffic could be ingress

traffic or egress traffic. This function can limit the network bandwidth utilization of users.

10. IP Multicast with IGMP Snooping IP multicast function can forward packets to a group of users connected on different

ports. The user group is learned by the switch from packets of IGMP active router with IGMP snooping function. It is often used for video applications

11. MVR (Multicast VLAN Registration) VLAN function will isolate traffic between VLAN groups. But it will also isolate IP

multicast traffic for subscribers in different VLANs. The MVR function allows one

15. Software Backup/Update This switch supports backup and update functions for its internal software and its

network configuration. It could be done in two ways. a. From web browser : doing by http protocol and by web browser for run-time code

and configuration backup/update. b. From telnet or console command : doing by tftp protocol for run-time code and

configuration backup/update.

1.2 General Features

 All 1G Ethernet ports are tri-speed 10/100/1000 Mbps ports for RJ-45 port  Fully non-blocking wire-speed switching performance for all frame sizes  Eight priorities and eight queues per port  Dual leaky bucket policing per queue and per port  DWRR scheduler/shaper per queue and per port with a mix of strict and weighted

queues

TRENDnet User’s Guide

TL2-FG142

Document

Title

Revision

IEEE

IEEE 802.1ad

802.1Q Amendment 4: Provider Bridges

-2005

IEEE P802.1ag

802.1Q Amendment 5: Connectivity Fault Management (CFM)

Evolving IEEE 802.1D

Media Access Control (MAC) Bridges

-2004

IEEE 802.1Q

Virtual Bridged Local Area Networks

-2005

IEEE 802.3

Local and metropolitan area networks — Specific requirements Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications

-2008

 256 TCAM-based egress tagging entries  Up to 256 TCAM-based classification entries for Quality of Service (QoS) and VLAN

membership

 Up to 512 host identity entries for source IP guarding  Energy Efficient Ethernet (IEEE 802.3az) is supported by both the switch core and

the internal copper PHYs

1.3 Layer-2 Switching

 8,192 MAC addresses  4,096 VLANs (IEEE 802.1Q)  Push/pop/translate up to two VLAN tags; translation on ingress and/or on egress  Up to 256 QoS and VLAN TCAM entries  256 VLAN egress tagging TCAM entries  Link aggregation (IEEE 802.3ad)  Independent and shared VLAN learning  Provider Bridging (VLAN Q-in-Q) support (IEEE 802.1ad)  Rapid Spanning Tree Protocol support (IEEE 802.1w)

 OAM hardware for generating CCM messages, CCM checking is done by software  Software for OAM and protection switching

1.6 Quality of Service

 Eight QoS queues per port with strict or deficit weighted round-robin scheduling

(DWRR)

 256 QoS and VLAN TCAM entries  DSCP translation, both ingress and/or egress  DSCP remarking based on QoS class and drop precedence level  VLAN (PCP, DEI, and VID) translation, both ingress and egress  PCP and DEI remarking based on QoS class and drop precedence level  Per-queue and per-port policing and shaping, programmable in steps of 100 kbps  Per-flow policing through TCAM-based pattern matching, up to 256 policers  Full-duplex flow control (IEEE 802.3X) and half-duplex backpressure, symmetric

and asymmetric

1.7 Security

 Generic storm controllers for flooded broadcast, flooded multicast, and flooded

unicast traffic

 Port-based and MAC-based access control (IEEE 802.1X)  Per-port ingress and egress mirroring

1.8 Standard References

This switch uses the following industry references.

 Multiple Spanning Tree Protocol support (IEEE 802.1s)  Jumbo frame support up to 9.6 kilobytes with programmable MTU per port

1.4 Multicast

 8K IPv4/IPv6 multicast groups  Internet Group Management Protocol version 2 (IGMPv2) support  Internet Group Management Protocol version 3 (IGMPv3) support with source

specific multicast forwarding

1.5 Carrier Ethernet

 Provider Bridge (Q-in-Q) switch 8K MACs, 4K VLANs  Per port per queue Dual Leaky Bucket Service Policers with PCP or DSCP remarking

per Service Point

 Statistics and Tagging options per Service Point

TRENDnet User’s Guide

TL2-FG142

IEEE 802.3az

Standard for Information Technology – Telecommunications and Information Exchange Between Systems - Local and Metropolitan Area Networks Specific Requirements Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications - Amendment: Media Access Control Parameters, Physical Layers and Management Parameters for Energy-Efficient Ethernet

-2010

IEEE 1588

Precision Clock Synchronization Protocol for Networked Measurement and Control Systems

-2008 MEF

MEF-9

Abstract Test Suite for Ethernet Services at the UNI

October 2004

MEF-10.1

Ethernet Services Attributes Phase 2

November 2006

MEF-14

Abstract Test Suite for Traffic Management Phase 1

November 2005

MEF-16

Ethernet Local Management Interface (E-LMI)

January 2006

ITU-T

Y.1731

OAM Functions and Mechanisms for Ethernet Based Networks

5/22/2006 G.8261

Timing and Synchronization Aspects in Packet Networks

12/14/2006

IETF

RFC-2236

Internet Group Management Protocol, Version 2 (IGMPv2)

November 1997

RFC-2710

Multicast Listener Discovery for IPv6 (MLDv1)

October 1999

RFC-2819

Remote Network Monitoring (RMON) MIB

May 2000

RFC-2863

The Interfaces Group MIB

June 2000

RFC-3376

Internet Group Management Protocol, Version 3 (IGMPv3)

October 2002

RFC-3635

Definitions of Managed Objects for Ethernet-like Interface Types

September 2003

Other

ENG-46158

Cisco Serial GMII (SGMII) Specification

1.7

EDCS-540123

Cisco QSGMII Specification

1.3

JESD79

DDR2 SDRAM Specification

LED

Color

State

Indication

Power

Green

-Power on

OFF

- Power off

Run

Green

OFF

- System failed

Blinking

-System is ready

Fiber(Link)

Green

-Connection (or link) at 1000Mbps

Amber

-Connection (or link) at 100Mbps

OFF

-Disconnection

Blinking

-Sending & Receiving data

1.9 Front Panel LEDs Indicators

The LEDs provide useful information about the switch and the status of all individual ports.

1.10 Rear Panel Connectors

The rear panel is provided the power connecter.

TRENDnet User’s Guide

TL2-FG142

2. Hardware Installation

This chapter provides unpacking and installation information for the Switch

2.1 Unpacking

Open the shipping carton and carefully unpack its contents. Please consult the packing list located in the User Manual to make sure all items are present and undamaged. If any item is missing or damaged, please contact your local reseller for replacement.

 One Gigabit Management Switch  One AC power cord (*for AC power model only)  One console cable  This user's manual

If any item is found missing or damaged, please contact the local reseller for replacement.

2.2 Switch Installation

For safe switch installation and operation, it is recommended that you:  Visually inspect the power cord to see that it is secured fully to the AC power

connector.

 Make sure that there is proper heat dissipation and adequate ventilation around

the switch.

 Do not place heavy objects on the switch

Desktop Installation

When installing the switch on a desktop, make sure that there is enough ventilation space between the device and the objects around it.

Rack Installation

The switch can be mounted in an EIA standard size 19-inch rack, which can be placed in a wiring closet with other equipment. To install, attach the mounting brackets to the

switch’s side panels (one on each side) and secure them with the screws provided

(please note that these brackets are not designed for palm size switches). Then, use the screws provided with the equipment rack to mount the switch in the rack. Please be aware of following safety Instructions when installing:

1. Elevated Operating Ambient - If installed in a closed or multi-unit rack assembly,

the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the

equipment in an environment compatible with the maximum ambient temperature specified by the manufacturer.

2. Reduced Air Flow - Installation of the equipment in a rack should be such that the

amount of air flow required for safe operation of the equipment is not compromised.

3. Mechanical Loading - Mounting of the equipment in the rack should be such that a

hazardous condition is not achieved due to uneven mechanical loading.

4. Circuit Overloading - Consideration should be given to the connection of the

equipment to the supply circuit, and the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.

2.3 Adding Module

This switch supports SFP (for 100/1000SX/LX/…modules) connectors for fiber optic connection. Because the SFP slots support hot-swap function, you can plug/unplug SFP transceiver to/from the SFP slot directly. The switch can auto-detect the fiber optic connection from SFP slot.

3. Console

The TC-224T Switch allows hyper terminal to perform configuration and monitoring by using the Command Line Interface (CLI) via console port or telnet.

3.1 Console Setup

Step 1: Connect computer to the device through the console port. Step 2: Open the terminal emulator software (like Hyper-Terminal on Microsoft

Windows machine, or “ Minicom” on Linux machine), then select the proper COM port for the connection. Set the terminal and port to the following parameters:

- Terminal Mode: VT-100

- Baud rate : 115200 bps

- Data bits : 8

- Parity : None

TRENDnet User’s Guide

TL2-FG142

- Stop bits : 1

- Flow Control : None

Turning on the switch, then after few seconds of machine initialization, the system management terminal will display the login screen as show below.

3.2 Login

 # configure terminal  (config)# interface vlan 1

■ Enter “ admin ” for the switch.

■ Without the Password .

■ You can see “＃”.

If you want to set IP address of switch, you can enter configuration mode to setup the IP address as the below.

 (config-if-vlan)# ip address 192.168.1.240 255.255.255.0  (config-if-vlan)#

4. Configuring with WEB

You are able to manage the switch with Http Web Browser. The default IP settingis192.168.0.1 and Net Mask 255.255.255.0. The default Gateway is 0.0.0.0. Before http connection, IP address configuration of the switch should be changed first.

1. Please follow the instruction in Section 3.1 to complete the console connection.

2. Login with “admin” (password is also none by default.)

3. Use “show” command to check IP address of the switch first.

4. Enter “show running-config interface vlan 1” command, and the prompt will show

the IP address of the switch as the below.

TRENDnet User’s Guide

TL2-FG142

# show running-config interface vlan 1 Building configuration... interface vlan 1 ip address 192.168.0.1 255.255.255.0 end #.

5. If IP address needs to be changed, please login to the configuration mode as the

below setps... # configure terminal (config)# interface vlan 1 (config-if-vlan)# ip address 192.168.1.240 255.255.255.0 (config-if-vlan)#

After IP address configuration done and the switch is connected to network, you are able to start Http connection by entering IP address of the switch in the web browser as the below section.

 Configure your PC to the same network segment as the switch. For example, you

could set the PC to IP address 192.168.10.x with a subnet mask of 255.255.255.0.

 Connect the PC to any of LAN port designated 1 to 24 on the Front Panel.  Open the Web browser.  Enter the IP address of the GSHDSL.in the address field of the browser as example:

http://192.168.10.200 and then press <Enter> to connect.

 There is a default User Name “admin” for the GSHDSL.  Without password.

Then the management home page will be showed as the below.

4.1 Login

When connected, the Switch has the following pre-configured switch IP addresses “192.168.10.200 “as shown below.

To access the Web Utility,

4.2 Web Menus

This section introduces how to use web browser to manage the switch. There are 3 areas of the web-based management screen. Left part of the management screen is a function list. Users can select one of them for status monitoring or switch configuration.

There are four operation groups in the function list.

1. Configuration: provide configure switch.

2. Monitor: get the function status and statistics of the switch.

3. Diagnostics: provide some tools for testing the switch

4. Maintenance: provide the maintenance features, for example firmware upgrade,

configuration backup/restore, system reset,...

Middle part of the management screen is the main operation area for each function. There are to icons logout and help menu at the Right part of the management screen.

TRENDnet User’s Guide

TL2-FG142

Items

Description

System Contact

The textual identification of the contact person for this managed node, together with information on how to contact this person. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126.

System Name

An administratively assigned name for this managed node. By convention, this is the node's fully-qualified domain name. A domain name is a text string drawn from the alphabet (A-Z a-z), digits (0-9), minus sign (-). No space characters are permitted as part of a name. The first character must be an alpha character.

And the first or last character must not be a minus sign. The allowed string length is 0 to 255.

System Location

The physical location of this node (e.g., telephone closet, 3rd floor). The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126.

Logout icon, click to exit the switch.

Help icon, click to get the on-line help menus

4.3 Configuration

The features and functions of the Switch can be configured for optimum use through the Web-based Management Utility.

4.3.1 System

The System Setting allows the user to configure the IP address and the basic system information of the Switch.

4.3.1.1 Information

The switch system information is provided here. In this menu, user can setup the system contact, system name and system location, as below figure.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.1.2 IP

Configure IP basic settings, control IP interfaces and IP routes, as below figure. The maximum number of interfaces supported is 8 and the maximum number of routes is

32.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Mode

Configure whether the IP stack should act as a Host or a Router. In Host mode, IP traffic between interfaces will not be routed. In Router mode traffic is routed between all interfaces.

DNS Server

This setting controls the DNS name resolution done by the switch. The following modes are supported:

From any DHCP interfaces. The first DNS server offered from a DHCP lease to a DHCP-enabled interface will be used.

No DNS server. No DNS server will be used. Configured. Explicitly provide the IP address of the DNS Server in dotted

decimal notation. From this DHCP interface. Specify from which DHCP-enabled interface a

provided DNS server should be preferred.

DNS Proxy

When DNS proxy is enabled, system will relay DNS requests to the currently configured DNS server, and reply as a DNS resolver to the client devices on the network.

Items

Description

Delete

Select this option to delete an existing IP interface

VLAN

The VLAN associated with the IP interface. Only ports in this VLAN will be able to access the IP interface. This field is only available for input when creating an new interface.

IPv4 DHCP Enabled

Enable the DHCP client by checking this box. If this option is enabled, the system will configure the IPv4 address and mask of the interface using the DHCP protocol. The DHCP client will announce the configured System Name as hostname to provide DNS lookup.

IPv4 DHCP

Enable the DHCP client by checking this box. If this option is enabled, the system will configure the IPv4 address and mask of the interface using the

Fallback Timeout

DHCP protocol. The DHCP client will announce the configured System Name as hostname to provide DNS lookup.

IPv4 DHCP Fallback Timeout

The number of seconds for trying to obtain a DHCP lease. After this period expires, a configured IPv4 address will be used as IPv4 interface address. A value of zero disables the fallback mechanism, such that DHCP will keep retrying until a valid lease is obtained. Legal values are 0 to 4294967295 seconds.

IPv4 DHCP Current Lease

For DHCP interfaces with an active lease, this column show the current interface address, as provided by the DHCP server.

IPv4 Address

The IPv4 address of the interface in dotted decimal notation. If DHCP is enabled, this field is not used. The field may also be left blank if IPv4

operation on the interface is not desired.

IPv4 Mask

The IPv4 network mask, in number of bits (prefix length). Valid values are between 0 and 30 bits for a IPv4 address.

If DHCP is enabled, this field is not used. The field may also be left blank if IPv4 operation on the interface is not desired.

IPv6 Address

The IPv6 address of the interface. A IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, fe80::215:c5ff:fe03:4dc7. The symbol :: is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, ::192.1.2.34.

The field may be left blank if IPv6 operation on the interface is not desired.

IPv6 Mask

The IPv6 network mask, in number of bits (prefix length). Valid values are between 1 and 128 bits for a IPv6 address.

The field may be left blank if IPv6 operation on the interface is not desired.

IP Configuration

IP Interface

Button

Click to add a new IP interface. A maximum of 8 interfaces is supported.

IP Routes

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

Select this option to delete an existing IP route.

Mask Length

The destination IP network or host mask, in number of bits (prefix length). It defines how much of a network address that must match, in order to qualify for this route. Valid values are between 0 and 32 bits respectively 128 for IPv6 routes. Only a default route will have a mask length of 0 (as it will match anything).

Gateway

The IP address of the IP gateway. Valid format is dotted decimal notation or a valid IPv6 notation. Gateway and Network must be of the same type.

Next Hop VLAN (Only for IPv6)

The VLAN ID (VID) of the specific IPv6 interface associated with the gateway. The given VID ranges from 1 to 4094 and will be effective only when the

corresponding IPv6 interface is valid. If the IPv6 gateway address is link-local, it must specify the next hop VLAN for

the gateway. If the IPv6 gateway address is not link-local, system ignores the next hop VLAN

for the gateway.

Items

Description

Mode

Indicates the NTP mode operation. Possible modes are: Enabled: Enable NTP client mode operation. Disabled: Disable NTP client mode operation.

Server #

Provide the IPv4 or IPv6 address of a NTP server. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, '::192.1.2.34'.

Button

Click to add a new IP route. A maximum of 32 routes is supported.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.1.3 NTP

NTP is an acronym for Network Time Protocol, a network protocol for synchronizing the clocks of computer systems. NTP uses UDP (datagrams) as transport layer. Configure NTP on this page.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.1.4 Time

This page allows you to configure the Time Zone.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Time Zone

Lists various Time Zones worldwide. Select appropriate Time Zone from the drop down and click Save to set..

Acronym

User can set the acronym of the time zone. This is a User configurable acronym to identify the time zone. ( Range : Up to 16 characters )

Items

Description

Daylight Saving Time

This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration. Select 'Disable' to disable the Daylight Saving Time configuration. Select 'Recurring' and configure the Daylight Saving Time duration to repeat the configuration every year. Select 'Non-Recurring' and configure the Daylight Saving Time duration for single time configuration. ( Default : Disabled )

Items

Description

Week

Select the starting week number.

Day

Select the starting day.

Month

Select the starting month.

Hours

Select the starting hour.

Minutes

Select the starting minute.

Items

Description

Week

Select the ending week number.

Day

Select the ending day.

Month

Select the ending month.

Hours

Select the ending hour.

Minutes

Select the ending minute.

Items

Description

Offset

Enter the number of minutes to add during Daylight Saving Time. ( Range: 1 to 1440 )

Start time settings

End time settings

Time Zone Configuration

Offset settings

Daylight Saving Time Configuration

This page is used to setup Daylight Saving Time Configuration

Button

TRENDnet User’s Guide

TL2-FG142

Items

Description

Server Mode

Indicates the server mode operation. When the mode operation is enabled, the syslog message will send out to syslog server. The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments. The syslog packet will always send out even if the syslog server does not exist. Possible modes are:

Enabled: Enable server mode operation. Disabled: Disable server mode operation.

Server Address

Indicates the IPv4 host address of syslog server. If the switch provide DNS feature, it also can be a host name.

Syslog Level

Indicates what kind of message will send to syslog server. Possible modes are: Info: Send information, warnings and errors. Warning: Send warnings and errors. Error: Send errors.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.1.5 Log

Configure System Log on this page.

4.3.2 Green Ethernet

Green Ethernet is a feature that reduces energy consumption on the switch. This way, the switch is more environmentally friendly, and your costs to run the switch are reduced. This section explains how to configure Green Ethernet on the Managed Switch.

4.3.2.1 Port Power Savings

Before introduce this feature, let us talk about EEE.

What is EEE? EEE is a power saving option that reduces the power usage when there is low or no

traffic utilization. EEE works by powering down circuits when there is no traffic. When a port gets data to

be transmitted all circuits are powered up. The time it takes to power up the circuits is named wakeup time. The default wakeup time is 17 us for 1Gbit links and 30 us for other link speeds. EEE devices must agree upon the value of the wakeup time in order to make sure that both the receiving and transmitting device has all circuits powered up when traffic is transmitted. The devices can exchange wakeup time information using the LLDP protocol.

EEE works for ports in auto-negotiation mode, where the port is negotiated to either 1G or 100 Mbit full duplex mode.

For ports that are not EEE-capable the corresponding EEE checkboxes are grayed out and thus impossible to enable EEE for.

When a port is powered down for saving power, outgoing traffic is stored in a buffer until the port is powered up again. Because there are some overhead in turning the port down and up, more power can be saved if the traffic can be buffered up until a large burst of traffic can be transmitted. Buffering traffic will give some latency in the traffic.

This page allows the user to configure the port power savings features.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Optimize EEE for

The switch can be set to optimize EEE for either best power saving or least traffic latency.

Items

Description

Port

The switch port number of the logical port.

ActiPHY

Link down power savings enabled. ActiPHY works by lowering the power for a port when there is no link. The port is

power up for short moment in order to determine if cable is inserted.

Perfect Reach

Cable length power savings enabled. Perfect Reach works by determining the cable length and lowering the power for

ports with short cables.

EEE

Controls whether EEE is enabled for this switch port. For maximizing power savings, the circuit isn't started at once transmit data is

ready for a port, but is instead queued until a burst of data is ready to be transmitted. This will give some traffic latency.

If desired it is possible to minimize the latency for specific frames, by mapping the frames to a specific queue (done with QOS), and then mark the queue as an urgent queue. When an urgent queue gets data to be transmitted, the circuits will be powered up at once and the latency will be reduced to the wakeup time.

EEE Urgent Queues

Queues set will activate transmission of frames as soon as data is available. Otherwise the queue will postpone transmission until a burst of frames can be transmitted.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Port Power Savings Configuration

4.3.3 Port

This page displays current port configurations. Ports can also be configured here.

Port Configuration

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

This is the logical port number for this row.

Link

The current link state is displayed graphically. Green indicates the link is up and red that it is down.

Current

Provides the current link speed of the port.

Configured

Selects any available link speed for the given switch port. Only speeds supported by the specific port is shown. Possible speeds are:

Disabled - Disables the switch port operation. Auto - Port auto negotiating speed with the link partner and selects the

highest speed that is compatible with the link partner. 10Mbps HDX - Forces the cu port in 10Mbps half duplex mode. 10Mbps FDX - Forces the cu port in 10Mbps full duplex mode. 100Mbps HDX - Forces the cu port in 100Mbps half duplex mode. 100Mbps FDX - Forces the cu port in 100Mbps full duplex mode. 1Gbps FDX - Forces the port in 1Gbps full duplex

2.5Gbps FDX - Forces the Serdes port in 2.5Gbps full duplex mode.

SFP_Auto_AMS - Automatically determines the speed of the SFP. Note: There is no standardized way to do SFP auto detect, so here it is done by reading the SFP rom. Due to the missing standardized way of doing SFP auto detect some SFPs might not be detectable. The port is set in AMS mode. Cu port is set in Auto mode.

100-FX - SFP port in 100-FX speed. Cu port disabled. 100-FX_AMS - Port in AMS mode. SFP port in 100-FX speed. Cu port in

Auto mode. 1000-X - SFP port in 1000-X speed. Cu port disabled. 1000-X_AMS - Port in AMS mode. SFP port in 1000-X speed. Cu port in

Auto mode. Ports in AMS mode with 1000-X speed has Cu port preferred. Ports in AMS mode with 1000-X speed has fiber port preferred. Ports in AMS mode with 100-FX speed has fiber port preferred.

Flow Control Configured

When Auto Speed is selected on a port, this section indicates the flow control capability that is advertised to the link partner.

When a fixed-speed setting is selected, that is what is used. The Current Rx column indicates whether pause frames on the port are obeyed, and the Current Tx column indicates whether pause frames on the port are transmitted. The Rx and Tx settings are determined by the result of the last Auto-Negotiation.

Check the configured column to use flow control. This setting is related to the setting for Configured Link Speed.

Maximum Frame Size

Enter the maximum frame size allowed for the switch port, including FCS.

Excessive Collision Mode

Configure port transmit collision behavior. Discard: Discard frame after 16 collisions (default). Restart: Restart back off algorithm after 16 collisions.

Port Configuration

Button

TRENDnet User’s Guide

TL2-FG142

Items

Description

Mode

Configure the operation mode per system. Possible modes are: Enabled: Enable DHCP server per system. Disabled: Disable DHCP server pre system.

Items

Description

VLAN Range

Indicate the VLAN range in which DHCP server is enabled or disabled. The first VLAN ID must be smaller than or equal to the second VLAN ID. BUT, if the VLAN range contains only 1 VLAN ID, then you can just input it into either one of the first and second VLAN ID or both.

On the other hand, if you want to disable existed VLAN range, then you can follow the steps.

1. press Add VLAN Range to add a new VLAN range.

2. input the VLAN range that you want to disable.

3. choose Mode to be Disabled.

4. press Save to apply the change. Then, you will see the disabled VLAN range is removed from the DHCP

Server mode configuration page.

Mode

Indicate the the operation mode per VLAN. Possible modes are: Enabled: Enable DHCP server per VLAN. Disabled: Disable DHCP server pre VLAN.

Items

Description

IP Range

Define the IP range to be excluded IP addresses. The first excluded IP must be smaller than or equal to the second excluded IP. BUT, if the IP range contains only 1 excluded IP, then you can just input it to either one of the first and second excluded IP or both.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Click to refresh the page. Any changes made locally will be undone.

4.3.4 DHCP

DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server.

4.3.4.1 Server-Mode

This page configures global mode and VLAN mode to enable/disable DHCP server per system and per VLAN.

4.3.4.2 Server-Excluded IP

This page configures excluded IP addresses. DHCP server will not allocate these excluded IP addresses to DHCP client.

Global Mode

Configure operation mode to enable/disable DHCP server per system.

VLAN Mode

Configure operation mode to enable/disable DHCP server per VLAN.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Name

Configure the pool name that accepts all printable characters, except white space. If you want to configure the detail settings, you can click the pool name to go into the configuration page.

Type

Display which type of the pool is. Network: the pool defines a pool of IP addresses to service more than

one DHCP client. Host: the pool services for a specific DHCP client identified by client

identifier or hardware address. If "-" is displayed, it means not defined.

Display network number of the DHCP address pool. If "-" is displayed, it means not defined.

Subnet Mask

Display subnet mask of the DHCP address pool. If "-" is displayed, it means not defined

Lease Time

Display lease time of the pool.

Items

Description

Snooping Mode

Indicates the DHCP snooping mode operation. Possible modes are: Enabled: Enable DHCP snooping mode operation. When DHCP snooping

mode operation is enabled, the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports.

Disabled: Disable DHCP snooping mode operation.

Port Mode Configuration

Indicates the DHCP snooping port mode. Possible port modes are: Trusted: Configures the port as trusted source of the DHCP messages. Untrusted: Configures the port as untrusted source of the DHCP

messages.

4.3.4.3 Server-pool

This page manages DHCP pools. According to the DHCP pool, DHCP server will allocate IP address and deliver configuration parameters to DHCP client.

Add or delete pools.

Adding a pool and giving a name is to create a new pool with "default" configuration. If you want to configure all settings including type, IP subnet mask and lease time, you can click the pool name to go into the configuration page.

4.3.4.4 Snooping

Configure DHCP Snooping on this page.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Relay Mode

Indicates the DHCP relay mode operation. Possible modes are: Enabled: Enable DHCP relay mode operation. When DHCP relay mode

operation is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain. And the DHCP broadcast message won't be flooded for security considerations.

Disabled: Disable DHCP relay mode operation. Relay Server

Relay Server

Indicates the DHCP relay server IP address.

Relay Information Mode

Indicates the DHCP relay information mode option operation. The option 82 circuit ID format as "[vlan_id][module_id][port_no]". The first four characters represent the VLAN ID, the fifth and sixth characters are the module ID(in standalone device it always equal 0, in stackable device it means switch ID), and the last two characters are the port number. For example, "00030108" means the DHCP message receive form VLAN ID 3, switch ID 1, port No 8. And the option 82 remote ID value is equal the switch MAC address.

Possible modes are: Enabled: Enable DHCP relay information mode operation. When DHCP

relay information mode operation is enabled, the agent inserts specific information (option 82) into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client. It only works when DHCP relay operation mode is enabled.

Disabled: Disable DHCP relay information mode operation.

Relay Information Policy

Indicates the DHCP relay information option policy. When DHCP relay information mode operation is enabled, if the agent receives a DHCP message that already contains relay agent information it will enforce the policy. The 'Replace' policy is invalid when relay information mode is disabled. Possible policies are:

Replace: Replace the original relay information when a DHCP message that already contains it is received.

Keep: Keep the original relay information when a DHCP message that already contains it is received.

Drop: Drop the package when a DHCP message that already contains relay information is received.

Items

Description

4.3.4.5 Relay

A DHCP relay agent is used to forward and to transfer DHCP messages between the clients and the server when they are not in the same subnet domain. It stores the incoming interface IP address in the GIADDR field of the DHCP packet. The DHCP server can use the value of GIADDR field to determine the assigned subnet. For such condition, please make sure the switch configuration of VLAN interface IP address and PVID(Port VLAN ID) correctly.

4.3.5 Security

There are several security features that have been embedded in switch software. There are switch, network and AAA.

4.3.5.1 User

This page provides an overview of the current users. Currently the only way to login as another user on the web server is to close and reopen the browser.

The displayed values for each user are:

TRENDnet User’s Guide

TL2-FG142

User Name

The name identifying the user. This is also a link to Add/Edit User.

Privilege Level

The privilege level of the user. The allowed range is 1 to 15. If the privilege level value is 15, it can access all groups, i.e. that is granted the fully control of the device. But others value need to refer to each group privilege level. User's privilege should be same or greater than the group privilege level to have the access of that group. By default setting, most groups privilege level 5 has the read-only access and privilege level 10 has the read-write access. And the system maintenance (software upload, factory defaults and etc.) need user privilege level 15. Generally, the privilege level 15 can be used for an administrator account, privilege level 10 for a standard user account and privilege level 5 for a guest account.

Items

Description

Group Name

The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of

Button

Click to add a new user.

4.3.5.2Privilege Levels

This page provides an overview of the privilege levels.

TRENDnet User’s Guide

TL2-FG142

them contains more than one. The following description defines these privilege level groups in details:

System: Contact, Name, Location, Timezone, Daylight Saving Time, Log. Security: Authentication, System Access Management, Port (contains

Dot1x port, MAC based and the MAC Address Limit), ACL, HTTPS, SSH, ARP Inspection, IP source guard.

IP: Everything except 'ping'. Port: Everything except 'VeriPHY'. Diagnostics: 'ping' and 'VeriPHY'. Maintenance: CLI- System Reboot, System Restore Default, System

Password, Configuration Save, Configuration Load and Firmware Load. Web- Users, Privilege Levels and everything in Maintenance.

Debug: Only present in CLI.

Privilege Levels

Every group has an authorization Privilege level for the following sub groups: configuration read-only, configuration/execute read-write, status/statistics read-only, status/statistics read-write (e.g. for clearing of statistics). User Privilege should be same or greater than the authorization Privilege level to have the access to that group.

Items

Description

Client

The management client for which the configuration below applies.

Methods

Method can be set to one of the following values: no: Authentication is disabled and login is not possible. local: Use the local user database on the switch for authentication. radius: Use remote RADIUS server(s) for authentication. tacacs+: Use remote TACACS+ server(s) for authentication. Methods that involves remote servers are timed out if the remote servers

are offline. In this case the next method is tried. Each method is tried from left to right and continues until a method either approves or rejects a user. If a remote server is used for primary authentication it is recommended to configure secondary authentication as 'local'. This will enable the management client to login via the local user database if none of the configured authentication servers are alive.

The table has one row for each client type and a number of columns, which are:

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.5.3Authentication Method Configuration

This page allows you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.5.4SSH Configuration

Configure SSH on this page.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Mode

Indicates the SSH mode operation. Possible modes are: Enabled: Enable SSH mode operation. Disabled: Disable SSH mode operation.

Items

Description

Mode

Indicates the HTTPS mode operation. When the current connection is HTTPS, to apply HTTPS disabled mode operation will automatically redirect web browser to an HTTP connection. Possible modes are:

Enabled: Enable HTTPS mode operation. Disabled: Disable HTTPS mode operation.

Automatic Redirect

Indicates the HTTPS redirect mode operation. It only significant if HTTPS mode "Enabled" is selected. Automatically redirects web browser to an

HTTPS connection when both HTTPS mode and Automatic Redirect are enabled. Possible modes are:

Enabled: Enable HTTPS redirect mode operation. Disabled: Disable HTTPS redirect mode operation.

Items

Description

Mode

Indicates the access management mode operation. Possible modes are: Enabled: Enable access management mode operation. Disabled: Disable access management mode operation.

Delete

Check to delete the entry. It will be deleted during the next save.

VLAN ID

Indicates the VLAN ID for the access management entry.

Start IP address

Indicates the start IP address for the access management entry.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.5.5HTTPS Configuration

Configure HTTPS on this page.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.5.6Access Management Configuration

Configure access management table on this page. The maximum number of entries is

16. If the application's type match any one of the access management entries, it will allow access to the switch.

TRENDnet User’s Guide

TL2-FG142

End IP address

Indicates the end IP address for the access management entry.

HTTP/HTTPS

Indicates that the host can access the switch from HTTP/HTTPS interface if the host IP address matches the IP address range provided in the entry.

SNMP

Indicates that the host can access the switch from SNMP interface if the host IP address matches the IP address range provided in the entry.

TELNET/SSH

Indicates that the host can access the switch from TELNET/SSH interface if the host IP address matches the IP address range provided in the entry.

Items

Description

Mode

Indicates if Limit Control is globally enabled or disabled on the switch. If globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled.

Aging Enabled

If checked, secured MAC addresses are subject to aging as discussed under Aging Period .

Aging Period

If Aging Enabled is checked, then the aging period is controlled with this input. If other modules are using the underlying port security for securing MAC addresses, they may have other requirements to the aging period. The underlying port security will use the shorter requested aging period of all modules that use the functionality.

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.5.7Limit Control

This page allows you to configure the Port Security Limit Control system and port settings.

Limit Control allows for limiting the number of users on a given port. A user is identified by a MAC address and VLAN ID. If Limit Control is enabled on a port, the limit specifies the maximum number of users on the port. If this number is exceeded, an action is taken. The action can be one of the four different actions as described below.

The Limit Control module utilizes a lower-layer module, Port Security module, which manages MAC addresses learnt on the port.

The Limit Control configuration consists of two sections, a system- and a port-wide.

System Configuration

TRENDnet User’s Guide

TL2-FG142

The Aging Period can be set to a number between 10 and 10,000,000 seconds.

To understand why aging may be desired, consider the following scenario: Suppose an end-host is connected to a 3rd party switch or hub, which in turn is connected to a port on this switch on which Limit Control is enabled. The end-host will be allowed to forward if the limit is not exceeded. Now suppose that the end-host logs off or powers down. If it wasn't for aging, the end-host would still take up resources on this switch and will be allowed to forward. To overcome this situation, enable aging. With aging enabled, a timer is started once the end-host gets secured. When the timer expires, the switch starts looking for frames from the end-host, and if such frames are not seen within the next Aging Period, the end-host is assumed to be disconnected, and the correspon

Items

Description

Port

The port number to which the configuration below applies.

Mode

Controls whether Limit Control is enabled on this port. Both this and the Global Mode must be set to Enabled for Limit Control to be in effect. Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port.

Limit

The maximum number of MAC addresses that can be secured on this port. This number cannot exceed 1024. If the limit is exceeded, the corresponding action is taken.

The switch is "born" with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Securityenabled port. Since all ports draw from the same pool, it may happen that a configured maximum cannot be granted, if the remaining ports have already used all available MAC addresses.

Action

If Limit is reached, the switch can take one of the following actions: None: Do not allow more than Limit MAC addresses on the port, but

take no further action.

Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap. If Aging is disabled, only one SNMP trap will be sent, but with Aging enabled, new SNMP traps will be sent every time the limit gets exceeded.

Shutdown: If Limit + 1 MAC addresses is seen on the port, shut down the port. This implies that all secured MAC addresses will be removed from the port, and no new address will be learned. Even if the link is physically disconnected and reconnected on the port (by disconnecting the cable), the port will remain shut down. There are three ways to re-open the port:

1) Boot the switch,

2) Disable and re-enable Limit Control on the port or the switch,

3) Click the Reopen button. Trap & Shutdown: If Limit + 1 MAC addresses is seen on the port, both

the "Trap" and the "Shutdown" actions described above will be taken.

State

This column shows the current state of the port as seen from the Limit Control's point of view. The state takes one of four values:

Disabled: Limit Control is either globally disabled or disabled on the port. Ready: The limit is not yet reached. This can be shown for all actions. Limit Reached: Indicates that the limit is reached on this port. This state

can only be shown if Action is set to None or Trap. Shutdown: Indicates that the port is shut down by the Limit Control

module. This state can only be shown if Action is set to Shutdown or Trap & Shutdown.

Re-open Button

If a port is shutdown by this module, you may reopen it by clicking this button, which will only be enabled if this is the case. For other methods, refer to Shutdown in the Action section.

Note that clicking the reopen button causes the page to be refreshed, so non-committed changes will be lost.

Port Configuration

The table has one row for each port on the switch and a number of columns, which are:

4.3.5.8NAS

This page allows you to configure the IEEE 802.1X and MAC-based authentication system and port settings.

TRENDnet User’s Guide

TL2-FG142

The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. One or more central servers, the backend servers, determine whether the user is allowed access to the network. These backend (RADIUS) servers are

configured on the "Configuration→Security→AAA" page. The IEEE802.1X standard

defines port-based operation, but non-standard variants overcome security limitations as shall be explored below.

MAC-based authentication allows for authentication of more than one user on the same port, and doesn't require the user to have special 802.1X supplicant software installed on his system. The switch uses the user's MAC address to authenticate against the backend server. Intruders can create counterfeit MAC addresses, which makes MACbased authentication less secure than 802.1X authentication.

The NAS configuration consists of two sections, a system- and a port-wide.

System Configuration

TRENDnet User’s Guide

TL2-FG142

Items

Description

Mode

Indicates if NAS is globally enabled or disabled on the switch. If globally disabled, all ports are allowed forwarding of frames.

Reauthentication Enabled

If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached.

For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed. It does not involve communication between the switch and the client, and therefore doesn't imply that a client is still present on a port (see Aging Period below).

Reauthentication Period

Determines the period, in seconds, after which a connected client must be reauthenticated. This is only active if the Reauthentication Enabled checkbox is checked. Valid values are in the range 1 to 3600 seconds.

EAPOL Timeout

Determines the time for retransmission of Request Identity EAPOL frames.

Valid values are in the range 1 to 65535 seconds. This has no effect for MAC-based ports.

Aging Period

This setting applies to the following modes, i.e. modes using the Port Security functionality to secure MAC addresses:

If reauthentication is enabled and the port is in an 802.1X-based mode, this is not so critical, since supplicants that are no longer attached to the port will get removed upon the next reauthentication, which will fail. But if reauthentication is not enabled, the only way to free resources is by aging the entries.

For ports in MAC-based Auth. mode, reauthentication doesn't cause direct communication between the switch and the client, so this will not detect whether the client is still attached or not, and the only way to free any resources is to age the entry.

Hold Time

This setting applies to the following modes, i.e. modes using the Port Security functionality to secure MAC addresses:

• Single 802.1X

• Multi 802.1X

• MAC-Based Auth.

If a client is denied access - either because the RADIUS server denies the client access or because the RADIUS server request times out (according to the timeout specified on the "Configuration→Security→AAA" page) - the client is put on hold in the Unauthorized state. The hold timer does not count during an ongoing authentication.

In MAC-based Auth. mode, the switch will ignore new frames coming from the client during the hold time.

The Hold Time can be set to a number between 10 and 1000000 seconds.

RADIUS-Assigned QoS Enabled

RADIUS-assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch. The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature (see RADIUS-Assigned QoS Enabled below for a detailed description).

The "RADIUS-Assigned QoS Enabled" checkbox provides a quick way to globally enable/disable RADIUS-server assigned QoS Class functionality. When checked, the individual ports' ditto setting determine whether RADIUS-assigned QoS Class is enabled on that port. When unchecked, RADIUS-server assigned QoS Class is disabled on all ports

RADIUS-Assigned VLAN Enabled

RADIUS-assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch. Incoming traffic will be classified to and switched on the RADIUS-assigned VLAN. The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature (see RADIUS-Assigned VLAN Enabled below for a detailed description).

The "RADIUS-Assigned VLAN Enabled" checkbox provides a quick way to globally enable/disable RADIUS-server assigned VLAN functionality. When checked, the individual ports' ditto setting determine whether RADIUS-assigned VLAN is enabled on that port.

TRENDnet User’s Guide

TL2-FG142

When unchecked, RADIUS-server assigned VLAN is disabled on all ports.

Guest VLAN Enabled

A Guest VLAN is a special VLAN - typically with limited network access

- on which 802.1X-unaware clients are placed after a network administrator-defined timeout. The switch follows a set of rules for entering and leaving the Guest VLAN as listed below.

The "Guest VLAN Enabled" checkbox provides a quick way to globally enable/disable Guest VLAN functionality. When checked, the individual ports' ditto setting determines whether the port can be moved into Guest VLAN. When unchecked, the ability to move to the Guest VLAN is disabled on all ports.

Guest VLAN ID

This is the value that a port's Port VLAN ID is set to if a port is moved into the Guest VLAN. It is only changeable if the Guest VLAN option is globally enabled.

Valid values are in the range [1; 4095].

Max. Reauth. Count

The number of times the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting. The value can only be changed if the Guest VLAN option is globally enabled.

Valid values are in the range [1; 255].

Allow Guest VLAN if EAPOL Seen

The switch remembers if an EAPOL frame has been received on the port for the life-time of the port. Once the switch considers whether to enter the Guest VLAN, it will first check if this option is enabled or disabled. If disabled (unchecked; default), the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life-time of the port. If enabled (checked), the switch will consider entering the Guest VLAN even if an EAPOL frame has been received on the port for the life-time of the port.

The value can only be changed if the Guest VLAN option is globally enabled.

Items

Description

Mode

Indicates the SNMP mode operation. Possible modes are: Enabled: Enable SNMP mode operation. Disabled: Disable SNMP mode operation.

Version

Indicates the SNMP supported version. Possible versions are: SNMP v1: Set SNMP supported version 1. SNMP v2c: Set SNMP supported version 2c. SNMP v3: Set SNMP supported version 3.

Read Community

Indicates the community read access string to permit access to SNMP agent. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 33 to 126.

The field is applicable only when SNMP version is SNMPv1 or SNMPv2c. If SNMP version is SNMPv3, the community string will be associated with SNMPv3 communities table. It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string. In addition to community string, a particular range of source addresses can be used to restrict source subnet.

Write Community

Indicates the community write access string to permit access to SNMP agent. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 33 to 126.

4.3.6 SNMP

4.3.6.1System

Configure SNMP on this page.

TRENDnet User’s Guide

TL2-FG142

to community string, a particular range of source addresses can be used to restrict source subnet.

Engine ID

Indicates the SNMPv3 engine ID. The string must contain an even number(in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed. Change of the Engine ID will clear all original local users.

Items

Description

Mode

Indicates the SNMP trap mode operation. Possible modes are: Enabled: Enable SNMP trap mode operation. Disabled: Disable SNMP trap mode operation.

Items

Description

Name

Indicates the trap Configuration's name. Indicates the trap destination's name.

Enable

Indicates the trap destination mode operation. Possible modes are: Enabled: Enable SNMP trap mode operation. Disabled: Disable SNMP trap mode operation.

Version

Indicates the SNMP trap supported version. Possible versions are: SNMPv1: Set SNMP trap supported version 1. SNMPv2c: Set SNMP trap supported version 2c. SNMPv3: Set SNMP trap supported version 3.

Trap Community

Indicates the community access string when sending SNMP trap packet. The allowed string length is 0 to 255, and the allowed content is ASCII characters from 33 to 126.

Destination Address

Indicates the SNMP trap destination address. It allow a valid IP address in dotted decimal notation ('x.y.z.w').

And it also allow a valid hostname. A valid hostname is a string drawn from the alphabet (A-Za-z), digits (0-9), dot (.), dash (-). Spaces are not allowed, the first character must be an alpha character, and the first and last characters must not be a dot or a dash.

Indicates the SNMP trap destination IPv6 address. IPv6 address is in 128bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, '::192.1.2.34'.

Destination port

Indicates the SNMP trap destination port. SNMP Agent will send SNMP message via this port, the port range is 1~65535.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.6.2 Trap

Configure SNMP trap on this page.

Global Settings

Trap Destination Configurations

Configure trap destinations on this page.

Button

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Community

Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string.

Source IP

Indicates the SNMP access source address. A particular range of source addresses can be used to restrict source subnet when combined with source mask.

Source Mask

Indicates the SNMP access source address mask.

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Engine ID

An octet string identifying the engine ID that this entry should belong to. The string must contain an even number(in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed. The SNMPv3 architecture uses the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control. For the USM entry, the usm User Engine ID and usm User Name are the entry's keys. In a simple agent, usm User Engine ID is always that agent's own snmp Engine ID value. The value can also take the value of the snmp Engine ID of a remote SNMP engine with which this user can communicate. In other words, if user engine ID equal system engine ID then it is local user; otherwise it's remote user.

User Name

A string identifying the user name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

Security Level

Indicates the security model that this entry should belong to. Possible security models are:

NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy.

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.6.3Communit

Configure SNMPv3 community table on this page. The entry index key is Community.

4.3.6.4 User

Configure SNMPv3 user table on this page. The entry index keys are Engine ID and User Name.

Button

Click to save changes.

Click to add a new access management entry.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

The value of security level cannot be modified if entry already exists. That means it must first be ensured that the value is set correctly.

Authentication Protocol

Indicates the authentication protocol that this entry should belong to. Possible authentication protocols are:

None: No authentication protocol. MD5: An optional flag to indicate that this user uses MD5 authentication

protocol. SHA: An optional flag to indicate that this user uses SHA authentication

protocol. The value of security level cannot be modified if entry already exists. That

means must first ensure that the value is set correctly.

Authentication Password

A string identifying the authentication password phrase. For MD5 authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string length is 8 to 40. The allowed content is ASCII characters from 33 to 126.

Privacy Protocol Indicates the privacy protocol that this entry should belong to. Possible

privacy protocols are: None: No privacy protocol. DES: An optional flag to indicate that this user uses DES authentication

protocol. AES: An optional flag to indicate that this user uses AES authentication

protocol.

Privacy Password

A string identifying the privacy password phrase. The allowed string length is 8 to 32, and the allowed content is ASCII characters from 33 to

126.

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Security Model

Indicates the security model that this entry should belong to. Possible security models are:

v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM).

Security Name

A string identifying the security name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

Group Name

A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

4.3.6.5 Group

Configure SNMPv3 group table on this page. The entry index keys are Security Model and Security Name.

Button

Click to save changes.

Click to add a new access management entry.

Click to undo any changes made locally and revert to previously saved values.

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

View Name

A string identifying the view name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

View Type

Indicates the view type that this entry should belong to. Possible view types are:

included: An optional flag to indicate that this view subtree should be included.

excluded: An optional flag to indicate that this view subtree should be excluded.

In general, if a view entry's view type is 'excluded', there should be another view entry existing with view type as 'included' and it's OID subtree should overstep the 'excluded' view entry.

OID Subtree

The OID defining the root of the subtree to add to the named view. The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk(*).

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Group Name

A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

Security Model

Indicates the security model that this entry should belong to. Possible security models are:

any: Any security model accepted(v1|v2c|usm). v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM).

Security Level

Indicates the security model that this entry should belong to. Possible security models are:

NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy.

Read View Name

The name of the MIB view defining the MIB objects for which this request may request the current values. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

4.3.6.6 View

Configure SNMPv3 view table on this page. The entry index keys are View Name and OID Sub tree..

4.3.6.7 Access

Configure SNMPv3 access table on this page. The entry index keys are Group Name, Security Model and Security Level..

Click to undo any changes made locally and revert to previously saved values.

Button

Click to save changes.

Click to add a new access management entry.

TRENDnet User’s Guide

TL2-FG142

Write View Name

The name of the MIB view defining the MIB objects for which this request may potentially set new values. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Indicates the index of the entry. The range is from 1 to 65535.

Data Source

Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000*(switch ID-1), for example, if the port is switch 3 port 5, the value is 2005

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Indicates the index of the entry. The range is from 1 to 65535.

Data Source

Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000*(switch ID-1), for example, if the port is switch 3 port 5, the value is 2005

Interval

Indicates the interval in seconds for sampling the history statistics data. The range is from 1 to 3600, default value is 1800 seconds.

Buckets

Indicates the maximum data entries associated this History control entry stored in RMON. The range is from 1 to 3600, default value is 50.

Buckets Granted

The number of data shall be saved in the RMON.

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.7 RMON

4.3.7.1 Statistics

Configure RMON Statistics table on this page. The entry index key is ID.

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.7.2 History

Configure RMON History table on this page. The entry index key is ID.

4.3.7.3 Alarm

Configure RMON Alarm table on this page. The entry index key is ID.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Indicates the index of the entry. The range is from 1 to 65535.

Interval

Indicates the interval in seconds for sampling and comparing the rising and falling threshold. The range is from 1 to 2^31-1.

Variable

Indicates the particular variable to be sampled, the possible variables are: InOctets: The total number of octets received on the interface, including

framing characters. InUcastPkts: The number of uni-cast packets delivered to a higher-layer

protocol. InNUcastPkts: The number of broad-cast and multi-cast packets delivered

to a higher-layer protocol. InDiscards: The number of inbound packets that are discarded even the

packets are normal. InErrors: The number of inbound packets that contained errors preventing

them from being deliverable to a higher-layer protocol. InUnknownProtos: the number of the inbound packets that were

discarded because of the unknown or un-support protocol. OutOctets: The number of octets transmitted out of the interface ,

including framing characters. OutUcastPkts: The number of uni-cast packets that request to transmit. OutNUcastPkts: The number of broad-cast and multi-cast packets that

request to transmit. OutDiscards: The number of outbound packets that are discarded event

the packets is normal. OutErrors: The The number of outbound packets that could not be

transmitted because of errors. OutQLen: The length of the output packet queue (in packets).

Sample Type

The method of sampling the selected variable and calculating the value to be compared against the thresholds, possible sample types are:

Absolute: Get the sample directly.

Delta: Calculate the difference between samples (default).

Value

The value of the statistic during the last sampling period.

Startup Alarm

The method of sampling the selected variable and calculating the value to be compared against the thresholds, possible sample types are:

RisingTrigger alarm when the first value is larger than the rising threshold. FallingTrigger alarm when the first value is less than the falling threshold. RisingOrFallingTrigger alarm when the first value is larger than the rising

threshold or less than the falling threshold (default).

Rising Threshold

Rising threshold value (-2147483648-2147483647). Rising Index

Rising event index (1-65535).

Falling Threshold

Falling threshold value (-2147483648-2147483647) Falling Index

Falling event index (1-65535).

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Indicates the index of the entry. The range is from 1 to 65535.

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.7.4 Event

Configure RMON Event table on this page. The entry index key is ID.

TRENDnet User’s Guide

TL2-FG142

Desc

Indicates this event, the string length is from 0 to 127, default is a null string.

Type

Indicates the notification of the event, the possible types are: none: The total number of octets received on the interface, including

framing characters. log The number of uni-cast packets delivered to a higher-layer protocol. snmptrap: The number of broad-cast and multi-cast packets delivered to

a higher-layer protocol. logandtrap: The number of inbound packets that are discarded even the

packets are normal.

Community

Specify the community when trap is sent, the string length is from 0 to 127, default is "public".

Event Last Time

Indicates the value of sysUpTime at the time this event entry last generated an event.

Items

Description

Port

The logical port for the settings contained in the same row.

Policy ID

Select the policy to apply to this port. The allowed values are 0 through

255. The default value is 0.

Action

Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit".

Rate Limiter ID

Select which rate limiter to apply on this port. The allowed values are Disabled or the values 1 through 16. The default value is "Disabled".

Button

Click to add a new access management entry.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.8 ACL

4.3.8.1 Ports

Configure the ACL parameters (ACE) of each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE.

TRENDnet User’s Guide

TL2-FG142

EVC Policer

Select whether EVC policer is enabled or disabled. The default value is "Disabled".

EVC Policer ID

Select which EVC policer ID to apply on this port. The allowed values are Disabled or the values 1 through 256.

Port Redirect

Select which port frames are redirected on. The allowed values are Disabled or a specific port number and it can't be set when action is permitted. The default value is "Disabled".

Mirror

Specify the mirror operation of this port. The allowed values are: Enabled: Frames received on the port are mirrored. Disabled: Frames received on the port are not mirrored. The default value is "Disabled".

Logging

Specify the logging operation of this port. The allowed values are: Enabled: Frames received on the port are stored in the System Log. Disabled: Frames received on the port are not logged. The default value is "Disabled". Please note that the System Log memory

size and logging rate is limited.

Shutdown

Specify the port shut down operation of this port. The allowed values are: Enabled: If a frame is received on the port, the port will be disabled. Disabled: Port shut down is disabled. The default value is "Disabled".

State

Specify the port state of this port. The allowed values are: Enabled: To reopen ports by changing the volatile port configuration of

the ACL user module. Disabled: To close ports by changing the volatile port configuration of the

ACL user module. The default value is "Enabled".

Counter

Counts the number of frames that match this ACE.

Items

Description

Rate Limiter ID

The rate limiter ID for the settings contained in the same row.

Rate

The allowed values are: 0-3276700 in pps or 0, 100, 200, 300, ..., 1000000 in kbps.

Click to undo any changes made locally and revert to previously saved values.

Click to refresh the page. Note that non-committed changes will be lost.

Click to clear the counters.

4.3.8.2 Rate Limiters

Configure the rate limiter for the ACL of the switch.

Button

Click to save changes.

TRENDnet User’s Guide

TL2-FG142

Action

Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit".

Unit

Specify the rate unit. The allowed values are: pps: packets per second. kbps: Kbits per second.

Items

Description

Ingress Port

Indicates the ingress port of the ACE. Possible values are: All: The ACE will match all ingress port. Port: The ACE will match a specific ingress port.

Policy / Bitmask

Indicates the policy number and bitmask of the ACE.

Frame Type

Indicates the frame type of the ACE. Possible values are: Any: The ACE will match any frame type.

EType: The ACE will match Ethernet Type frames. Note that an Ethernet Type based ACE will not get matched by IP and ARP frames.

ARP: The ACE will match ARP/RARP frames. IPv4: The ACE will match all IPv4 frames. IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol. IPv4/UDP: The ACE will match IPv4 frames with UDP protocol. IPv4/TCP: The ACE will match IPv4 frames with TCP protocol. IPv4/Other: The ACE will match IPv4 frames, which are not

ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames.

Action

Indicates the forwarding action of the ACE. Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped. Filter: Frames matching the ACE are filtered.

Rate Limiter

Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.

Port Redirect

Indicates the port redirect operation of the ACE. Frames matching the ACE are redirected to the port number. The allowed values are Disabled or a specific port number. When Disabled is displayed, the port redirect operation is disabled.

Mirror

Specify the mirror operation of this port. Frames matching the ACE are mirrored to the destination mirror port. The allowed values are:

Enabled: Frames received on the port are mirrored. Disabled: Frames received on the port are not mirrored. The default value is "Disabled".

Counter

The counter indicates the number of times the ACE was hit by a frame.

Modification Buttons

You can modify each ACE (Access Control Entry) in the table using the following buttons:

Add: Inserts a new ACE before the current row. Edit: Edits the ACE row. Up: Moves the ACE up the list.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.8.3 Access Control List

This page shows the Access Control List (ACL), which is made up of the ACEs defined on this switch. Each row describes the ACE that is defined. The maximum number of ACEs is 256 on each switch.

Click on the lowest plus sign to add a new ACE to the list. The reserved ACEs used for internal protocol, cannot be edited or deleted, the order sequence cannot be changed and the priority is highest.

TRENDnet User’s Guide

TL2-FG142

Down: Moves the ACE down the list. Delete: Deletes the ACE. Add: The lowest plus sign adds a new entry at the bottom of the ACE

listings.

Items

Description

Ingress Port

Select the ingress port for which this ACE applies. All: The ACE applies to all port. Port n: The ACE applies to this port number, where n is the number of the

switch port.

Policy Filter

Specify the policy number filter for this ACE. Any: No policy filter is specified. (policy filter status is "don't-care".) Specific: If you want to filter a specific policy with this ACE, choose this

value. Two field for entering an policy value and bitmask appears. Policy Value When "Specific" is selected for the policy filter, you can enter a specific

policy value. The allowed range is 0 to 255. Policy Bitmask When "Specific" is selected for the policy filter, you can enter a specific

policy bitmask. The allowed range is 0x0 to 0xff.

Frame Type

Select the frame type for this ACE. These frame types are mutually exclusive.

Button

Check this box to refresh the page automatically. Automatic refresh

occurs every 3 seconds.

Click to refresh the page; any changes made locally will be undone.

Click to clear the counters.

Click to remove all ACEs.

ACE Configuration

Configure an ACE (Access Control Entry) on this page. An ACE consists of several parameters. These parameters vary according to the frame

type that you select. First select the ingress port for the ACE, and then select the frame type. Different parameter options are displayed depending on the frame type selected.

A frame that hits this ACE matches the configuration that is defined here.

TRENDnet User’s Guide

TL2-FG142

Any: Any frame can match this ACE. Ethernet Type: Only Ethernet Type frames can match this ACE. The IEEE

802.3 describes the value of Length/Type Field specifications to be greater than or equal to 1536 decimal (equal to 0600 hexadecimal).

ARP: Only ARP frames can match this ACE. Notice the ARP frames won't match the ACE with ethernet type.

IPv4: Only IPv4 frames can match this ACE. Notice the IPv4 frames won't match the ACE with ethernet type.

IPv6: Only IPv6 frames can match this ACE. Notice the IPv6 frames won't match the ACE with Ethernet type.

Action

Specify the action to take with a frame that hits this ACE. Permit: The frame that hits this ACE is granted permission for the ACE

operation. Deny: The frame that hits this ACE is dropped. Filter: Frames matching the ACE are filtered.

Rate Limiter

Specify the rate limiter in number of base units. The allowed range is 1 to

16. Disabled indicates that the rate limiter operation is disabled.

EVC Policer

Select whether EVC policer is enabled or disabled. The default value is "Disabled".

EVC Policer ID Select which EVC policer ID to apply on this ACE. The allowed values are

Disabled or the values 1 through 256. Port Redirect Frames that hit the ACE are redirected to the port number specified here.

The rate limiter will affect these ports. The allowed range is the same as the switch port number range. Disabled indicates that the port redirect operation is disabled and the specific port number of 'Port Redirect' can't be set when action is permitted.

Mirror

Specify the mirror operation of this port. Frames matching the ACE are mirrored to the destination mirror port. The rate limiter will not affect frames on the mirror port. The allowed values are:

Enabled: Frames received on the port are mirrored. Disabled: Frames received on the port are not mirrored.

The default value is "Disabled".

Logging

Specify the logging operation of the ACE. The allowed values are: Enabled: Frames matching the ACE are stored in the System Log. Disabled: Frames matching the ACE are not logged. Please note that the System Log memory size and logging rate is limited.

Shutdown

Specify the port shut down operation of the ACE. The allowed values are: Enabled: If a frame matches the ACE, the ingress port will be disabled. Disabled: Port shut down is disabled for the ACE.

Counter

The counter indicates the number of times the ACE was hit by a frame.

Items

Description

802.1Q Tagged

Specify whether frames can hit the action according to the 802.1Q tagged. The allowed values are:

Any: Any value is allowed ("don't-care"). Enabled: Tagged frame only. Disabled: Untagged frame only. The default value is "Any".

VLAN ID Filter

Specify the VLAN ID filter for this ACE. Any: No VLAN ID filter is specified. (VLAN ID filter status is "don't-care".) Specific: If you want to filter a specific VLAN ID with this ACE, choose this

value. A field for entering a VLAN ID number appears. VLAN ID When "Specific" is selected for the VLAN ID filter, you can enter a specific

VLAN ID number. The allowed range is 1 to 4095. A frame that hits this ACE matches this VLAN ID value.

Tag Priority

Specify the tag priority for this ACE. A frame that hits this ACE matches this tag priority. The allowed number range is 0 to 7 or range 0-1, 2-3, 45, 6-7, 0-3 and 4-7. The value Any means that no tag priority is specified (tag priority is "don't-care".)

VLAN Parameters

TRENDnet User’s Guide

TL2-FG142

Items

Description

Mode

Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled.

Items

Description

Mode

Specify IP Source Guard is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, IP Source Guard is enabled on this given port.

Max Dynamic Clients

Specify the maximum number of dynamic clients that can be learned on given port. This value can be 0, 1, 2 or unlimited. If the port mode is enabled and the value of max dynamic client is equal to 0, it means only allow the IP packets forwarding that are matched in static entries on the specific port.

Items

Description

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Mode of IP Source Guard Configuration

Return to the previous page.

4.3.9 IP Source Guard

IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings. It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host

4.3.9.1 IP Source Guard Configuration

This page provides IP Source Guard related configuration.

Port Mode Configuration

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Click to translate all dynamic entries to static entries.

4.3.9.2 IP Static Table

This page provides Static IP Source guard configuration.

TRENDnet User’s Guide

TL2-FG142

Delete

Check to delete the entry. It will be deleted during the next save.

Port

The logical port for the settings.

VLAN ID

The vlan id for the settings.

IP Address

Allowed Source IP address.

MAC address

Allowed Source MAC address.

Items

Description

Mode

Enable the Global ARP Inspection or disable the Global ARP Inspection.

Items

Description

Mode

Specify ARP Inspection is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port. Possible modes are:

Enabled: Enable ARP Inspection operation.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Click to translate all dynamic entries to static entries.

4.3.10 ARP Inspection

ARP Inspection is a secure feature. Several types of attacks can be launched against a host or devices connected to Layer 2 networks by "poisoning" the ARP caches. This feature is used to block such attacks. Only valid ARP requests and responses can go through the switch device.

4.3.10.1 Port Configuration

This page provides ARP Inspection related configuration.

ARP Inspection Configuration

Port Mode Configuration

TRENDnet User’s Guide

TL2-FG142

Disabled: Disable ARP Inspection operation.

Check VLAN

If you want to inspect the VLAN configuration, you have to enable the setting of "Check VLAN". The default setting of "Check VLAN" is disabled. When the setting of "Check VLAN" is disabled, the log type of ARP Inspection will refer to the port setting. And the setting of "Check VLAN" is enabled, the log type of ARP Inspection will refer to the VLAN setting. Possible setting of "Check VLAN" are:

Enabled: Enable check VLAN operation. Disabled: Disable check VLAN operation.

Log Type

Only the Global Mode and Port Mode on a given port are enabled, and the setting of "Check VLAN" is disabled, the log type of ARP Inspection will refer to the port setting. There are four log types and possible types are:

None: Log nothing. Deny: Log denied entries. Permit: Log permitted entries. ALL: Log all entries.

Items

Description

VLAN ID

Specify ARP Inspection is enabled on which VLANs. First, you have to enable the port setting on Port mode configuration web page. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port. Second, you can specify which VLAN will be inspected on VLAN mode configuration web page. The log type also can be configured on per VLAN setting.

Possible types are:

Log Type

None: Log nothing. Deny: Log denied entries. Permit: Log permitted entries. ALL: Log all entries.

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Port

The logical port for the settings.

Button

Click to add a new VLAN to the ARP Inspection VLAN table.

4.3.10.2 VLAN Mode Configuration

This page provides ARP Inspection related configuration.

4.3.10.3 Static ARP Inspection Table

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Each page shows up to 9999 entries from the VLAN table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.

The "VLAN" input fields allow the user to select the starting point in the VLAN Table. Clicking the Refresh button will update the displayed table starting from that or the closest next VLAN Table match. The >> will use the next entry of the currently displayed VLAN entry as a basis for the next lookup. When the end is reached the warning message is shown in the displayed table. Use the |<< button to start over.

TRENDnet User’s Guide

TL2-FG142

VLAN ID

The vlan id for the settings.

MAC Address

Allowed Source MAC address in ARP request packets.

IP Address

Allowed Source IP address in ARP request packets.

Items

Description

Port

Switch Port Number for which the entries are displayed.

VLAN ID

VLAN-ID in which the ARP traffic is permitted.

VLAN ID

The vlan id for the settings.

MAC Address

User MAC address of the entry.

IP Address

User IP address of the entry.

Translate to static

Select the checkbox to translate the entry to static entry.

Button

Click to add a new VLAN to the ARP Inspection VLAN table.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.10.4 Dynamic ARP Inspection Table

Entries in the Dynamic ARP Inspection Table are shown on this page. The Dynamic ARP Inspection Table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address.

The "Start from port address", "VLAN", "MAC address" and "IP address" input fields allow the user to select the starting point in the Dynamic ARP Inspection Table. Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match. In addition, the two input fields will - upon a Refresh button click - assume the value of the first displayed entry, allowing for continuous refresh with the same start address.

The >> will use the last entry of the currently displayed table as a basis for the next lookup. When the end is reached the text "No more entries" is shown in the displayed table. Use the |<< button to start over

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.11 AAA

4.3.11.1 RADIUS Server Configuration

This page allows you to configure the RADIUS servers.

Global Configuration

TRENDnet User’s Guide

TL2-FG142

Items

Description

Timeout

Timeout is the number of seconds, in the range 1 to 1000, to wait for a reply from a RADIUS server before retransmitting the request.

Retransmit

Retransmit is the number of times, in the range 1 to 1000, a RADIUS request is retransmitted to a server that is not responding. If the server has not responded after the last retransmit it is considered to be dead.

Deatime

Deadtime, which can be set to a number between 0 to 1440 minutes, is the period during which the switch will not send new requests to a server that has failed to respond to a previous request. This will stop the switch from continually trying to contact a server that it has already determined as dead.

Setting the Deadtime to a value greater than 0 (zero) will enable this feature, but only if more than one server has been configured.

Key

The secret key - up to 63 characters long - shared between the RADIUS server and the switch..

NAS-IPAddress (Attribute 4)

The IPv4 address to be used as attribute 4 in RADIUS Access-Request packets. If this field is left blank, the IP address of the outgoing interface is used.

NAS-IPv6Address (Attribute 95)

The IPv6 address to be used as attribute 95 in RADIUS Access-Request packets. If this field is left blank, the IP address of the outgoing interface is used.

NASIdentifier (Attribute 32)

The identifier - up to 255 characters long - to be used as attribute 32 in RADIUS Access-Request packets. If this field is left blank, the NASIdentifier is not included in the packet.

Items

Description

Delete

To delete a RADIUS server entry, check this box. The entry will be deleted during the next Save.

Hostname

The IP address or hostname of the RADIUS server.

Auth Port

The UDP port to use on the RADIUS server for authentication.

Acct Port

The UDP port to use on the RADIUS server for accounting.

Timeout

This optional setting overrides the global timeout value. Leaving it blank will use the global timeout value.

Retransmit

This optional setting overrides the global retransmit value. Leaving it blank will use the global retransmit value.

Key

This optional setting overrides the global key. Leaving it blank will use the global key.

These setting are common for all of the RADIUS servers.

Button

Click Add New Server to add a new RADIUS server. An empty row is

added to the table, and the RADIUS server can be configured as needed. Up to 5 servers are supported.

The Delete button can be used to undo the addition of the new server.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.11.2 TACACS+ Server Configuration

This page allows you to configure the TACACS+ servers.

Server Configuration

The table has one row for each RADIUS server and a number of columns, which are:

TRENDnet User’s Guide

TL2-FG142

Items

Description

Timeout

Timeout is the number of seconds, in the range 1 to 1000, to wait for a reply from a TACACS+ server before it is considered to be dead.

Deadtime

Setting the Deadtime to a value greater than 0 (zero) will enable this feature, but only if more than one server has been configured.

Key

The secret key - up to 63 characters long - shared between the TACACS+ server and the switch.

Items

Description

Delete

To delete a TACACS+ server entry, check this box. The entry will be deleted during the next Save.

Hostname

The IP address or hostname of the TACACS+ server.

Port

The TCP port to use on the TACACS+ server for authentication.

Timeout

This optional setting overrides the global timeout value. Leaving it blank will use the global timeout value.

Key

This optional setting overrides the global key. Leaving it blank will use the global key.

Button

Click Add New Server to add a new TACACS+ server. An empty row is

Global Configuration These setting are common for all of the TACACS+ servers.

added to the table, and the TACACS+ server can be configured as needed. Up to 5 servers are supported.

The Delete button can be used to undo the addition of the new server.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.12 Aggregation

Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability.

4.3.12.1 Static

This page is used to configure the Aggregation hash mode and the aggregation group.

Server Configuration The table has one row for each TACACS+ server and a number of columns, which are:

TRENDnet User’s Guide

TL2-FG142

Items

Description

Source MAC Address

The Source MAC address can be used to calculate the destination port for the frame. Check to enable the use of the Source MAC address, or uncheck to disable. By default, Source MAC

Destination MAC Address

The Destination MAC Address can be used to calculate the destination port for the frame. Check to enable the use of the Destination MAC Address, or uncheck to disable. By default, Destination MAC Address is disabled.

IP Address

The IP address can be used to calculate the destination port for the frame. Check to enable the use of the IP Address, or uncheck to disable. By default, IP Address is enabled

TCP/UDP Port Number

The TCP/UDP port number can be used to calculate the destination port for the frame. Check to enable the use of the TCP/UDP Port Number, or uncheck to disable. By default, TCP/UDP Port Number is enabled.

Items

Description

Group ID

Indicates the group ID for the settings contained in the same row. Group ID "Normal" indicates there is no aggregation. Only one group ID is valid per port.

Port Members

Each switch port is listed for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and ports must be in the same speed in each group.

Items

Description

Port

The switch port number.

LACP Enabled

Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner.

Key

The Key value incurred by the port, range 1-65535 . The Auto setting will set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3. Using the Specific setting, a user-defined value can be entered. Ports with the same Key value can participate in the same aggregation group, while ports with different keys cannot.

Role

The Role shows the LACP activity status. The Active will transmit LACP packets each second, while Passive will wait for a LACP packet from a partner (speak if spoken to).

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Hash Code Contributors

4.3.12.2 LACP

This page allows the user to inspect the current LACP port configurations, and possibly change them as well.

Aggregation Group Configuration

TRENDnet User’s Guide

TL2-FG142

Timeout

The Timeout controls the period between BPDU transmissions. Fast will transmit LACP packets each second, while Slow will wait for 30 seconds before sending a LACP packet.

Prio

The Prio controls the priority of the port. If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role. Lower number means greater priority.

Items

Description

Port

The switch port number.

OAM Enabled

Controls whether Link OAM is enabled on this switch port. Enabling Link OAM provides the network operators the ability to monitor the health of the network and quickly determine the location of failing links or fault conditions.

OAM Mode

Configures the OAM Mode as Active or Passive. The default mode is Passive.

Active mode

DTE's configured in Active mode initiate the exchange of Information OAMPDUs as defined by the Discovery process. Once the Discovery process completes, Active DTE's are permitted to send any OAMPDU while connected to a remote OAM peer entity in Active mode. Active DTE's operate in a limited respect if the remote OAM entity is operating

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.13 Link OAM

OAM is an acronym for Operation Administration and Maintenance. It is a protocol described in ITU-T Y.1731 used to implement carrier Ethernet

functionality. MEP functionality like CC and RDI is based on this.

4.3.13.1 Port Settings

This page allows the user to inspect the current Link OAM port configurations, and change them as well.

TRENDnet User’s Guide

TL2-FG142

in Passive mode. Active devices should not respond to OAM remote loopback commands and variable requests from a Passive peer.

Passive mode

DTE's configured in Passive mode do not initiate the Discovery process. Passive DTE's react to the initiation of the Discovery process by the remote DTE. This eliminates the possibility of passive to passive links. Passive DTE's shall not send Variable Request or Loopback Control OAMPDUs.

Loopback Support

Controls whether the loopback support is enabled for the switch port. Link OAM remote loopback can be used for fault localization and link performance testing. Enabling the loopback support will allow the DTE to execute the remote loopback command that helps in the fault detection.

Link Monitor Support

Controls whether the Link Monitor support is enabled for the switch port. On enabling the Link Monitor support, the DTE supports event notification that permits the inclusion of diagnostic information.

MIB Retrieval Support

Controls whether the MIB Retrieval Support is enabled for the switch port. On enabling the MIB retrieval support, the DTE supports polling of various Link OAM based MIB variables' contents.

Loopback Operation

If the Loopback support is enabled, enabling this field will start a loopback operation for the port.

Items

Description

Port

The switch port number.

Event Name

Name of the Link Event which is being configured.

Error Window

Represents the window period in the order of 1 sec for the observation of various link events.

Error Threshold

Represents the threshold value for the window period for the appropriate Link event so as to notify the peer of this error.

Error Frame Event

The Errored Frame Event counts the number of errored frames detected during the specified period. The period is specified by a time interval ( Window in order of 1 sec). This event is generated if the errored frame count is equal to or greater than the specified threshold for that period (Period Threshold). Errored frames are frames that had transmission errors as detected at the Media Access Control sublayer. Error Window for 'Error Frame Event' must be an integer value between 1-60 and its default value is '1'. Whereas Error Threshold must be between 00xffffffff and its default value is '0'.

Symbol Period Error Event

The Errored Symbol Period Event counts the number of symbol errors that occurred during the specified period. The period is specified by the number of symbols that can be received in a time interval on the underlying physical layer. This event is generated if the symbol error count is equal to or greater than the specified threshold for that period. Error Window for 'Symbol Period Error Event' must be an integer value between 1-60 and its default value is '1'. Whereas Error Threshold must be between 0-0xffffffff and its default value is '0'.

Seconds Summary Event

The Errored Frame Seconds Summary Event TLV counts the number of errored frame seconds that occurred during the specified period. The period is specified by a time interval. This event is generated if the number of errored frame seconds is equal to or greater than the

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.13.2 Event Settings

This page allows the user to inspect the current Link OAM Link Event configurations, and change them as well.

TRENDnet User’s Guide

TL2-FG142

specified threshold for that period. An errored frame second is a one second interval wherein at least one frame error was detected. Errored frames are frames that had transmission errors as detected at the Media Access Control sublayer. Error Window for 'Seconds Summary Event' must be an integer value between 10-900 and its default value is '60'. Whereas Error Threshold must be between 0-0xffff and its default value is '1'.

Items

Description

Enable Loop Protection

Controls whether loop protections is enabled (as a whole).

Transmission Time

The interval between each loop protection PDU sent on each port. valid values are 1 to 10 seconds.

Shutdown Time

The period (in seconds) for which a port will be kept disabled in the event of a loop is detected (and the port action shuts down the port). Valid values are 0 to 604800 seconds (7 days). A value of zero will keep a port disabled (until next device restart).

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.14 Loop Protection

This page allows the user to inspect the current Loop Protection configurations, and possibly change them as well.

General Settings

Port Configuration

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The switch port number of the port.

Enable

Controls whether loop protection is enabled on this switch port.

Action

Configures the action performed when a loop is detected on a port. Valid values are Shutdown Port, Shutdown Port and Log or Log Only

Tx Mode

Controls whether the port is actively generating loop protection PDU's, or whether it is just passively looking for looped PDU's.

Items

Description

Protocol Version

The MSTP / RSTP / STP protocol version setting. Valid values are STP, RSTP and MSTP.

Bridge Priority

Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier.

For MSTP operation, this is the priority of the CIST. Otherwise, this is the priority of the STP/RSTP bridge.

Forward Delay

The delay used by STP Bridges to transit Root and Designated Ports to Forwarding (used in STP compatible mode). Valid values are in the range 4 to 30 seconds.

Max Age

The maximum age of the information transmitted by the Bridge when it is the Root Bridge. Valid values are in the range 6 to 40 seconds, and Max Age must be <= (FwdDelay-1)*2.

Maximum Hop Count

This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region. It defines how many

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.15 Spanning Tree

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling or disabling of these backup links.

4.3.15.1 Bridge Setting

This page allows you to configure STP system settings. The settings are used by all STP Bridge instances in the Switch.

Basic Settings

TRENDnet User’s Guide

TL2-FG142

bridges a root bridge can distribute its BPDU information to. Valid values are in the range 6 to 40 hops.

Transmit Hold Count

The number of BPDU's a bridge port can send per second. When exceeded, transmission of the next BPDU will be delayed. Valid values are in the range 1 to 10 BPDU's per second.

Items

Description

Edge Port BPDU Filtering

Control whether a port explicitly configured as Edge will transmit and receive BPDUs.

Edge Port BPDU Guard

Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU. The port will enter the error-disabled state, and will be removed from the active topology.

Port Error Recovery

Control whether a port in the error-disabled state automatically will be enabled after a certain time. If recovery is not enabled, ports have to be disabled and re-enabled for normal STP operation. The condition is also cleared by a system reboot.

Port Error Recovery Timeout

The time to pass before a port in the error-disabled state can be enabled. Valid values are between 30 and 86400 seconds (24 hours).

Items

Description

Configuration Name

The name identifying the VLAN to MSTI mapping. Bridges must share the name and revision (see below), as well as the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI's (Intra-region). The name is at most 32 characters.

Configuration Revision

The revision of the MSTI configuration named above. This must be an integer between 0 and 65535.

Items

Description

Advanced Settings

Configuration Identification

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.15.2 MSTI Mapping

This page allows the user to inspect the current STP MSTI bridge instance priority configurations, and possibly change them as well.

MSTI Mapping

TRENDnet User’s Guide

TL2-FG142

MSTI

The bridge instance. The CIST is not available for explicit mapping, as it will receive the VLANs not explicitly mapped.

VLANs Mapped

The list of VLANs mapped to the MSTI. The VLANs can be given as a single (xx, xx being between 1 and 4094) VLAN, or a range (xx-yy), each of which must be separated with comma and/or space. A VLAN can only be mapped to one MSTI. An unused MSTI should just be left empty. (I.e. not having any VLANs mapped to it.) Example: 2,5,20-40.

Items

Description

MSTI

The bridge instance. The CIST is the default instance, which is always active.

Priority

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.15.3 MSTI Priorities

This page allows the user to inspect the current STP MSTI bridge instance priority configurations, and possibly change them as well.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.15.4 CIST Ports

This page allows the user to inspect the current STP CIST port configurations, and possibly change them as well.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The switch port number of the logical STP port.

STP Enabled

Controls whether STP is enabled on this switch port.

Path Cost

Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network. Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports. Valid values are in the range 1 to 200000000

Priority

Controls the port priority. This can be used to control priority of ports having identical port cost. (See above).

operEdge (state flag)

Operational flag describing whether the port is connecting directly to edge devices. (No Bridges attached). Transition to the forwarding state is faster for edge ports (having operEdge true) than for other ports. The value of this flag is based on AdminEdge and AutoEdge fields. This flag is displayed as Edge in Monitor->Spanning Tree -> STP Detailed Bridge Status.

AdminEdge

Controls whether the operEdge flag should start as set or cleared. (The initial operEdge state when a port is initialized).

AutoEdge

Controls whether the bridge should enable automatic edge detection on the bridge port. This allows operEdge to be derived from whether BPDU's are received on the port or not.

Restricted Role

If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an Alternate Port after the Root Port has been selected. If set, it can cause lack of spanning tree connectivity. It can be set by a network administrator to prevent bridges external to a core region of the network influence the spanning tree active topology, possibly because those bridges are not under the full control of the administrator. This feature is also known as Root Guard.

Restricted TCN

If enabled, causes the port not to propagate received topology change notifications and topology changes to other ports. If set it can cause temporary loss of connectivity after changes in a spanning tree's active topology as a result of persistently incorrect learned station location information. It is set by a network administrator to prevent bridges external to a core region of the network, causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently

BPDU Guard

If enabled, causes the port to disable itself upon receiving valid BPDU's. Contrary to the similar bridge setting, the port Edge status does not effect this setting.

A port entering error-disabled state due to this setting is subject to the bridge Port Error Recovery setting as well.

Point-toPoint

Controls whether the port connects to a point-to-point LAN rather than to a shared medium. This can be automatically determined, or forced either true or false. Transition to the forwarding state is faster for pointto-point LANs than for shared media.

This page contains settings for physical and aggregated ports.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.15.5 MSTI Ports

This page allows the user to inspect the current STP MSTI port configurations, and possibly change them as well.

An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options.

This page contains MSTI port settings for physical and aggregated ports.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The switch port number of the corresponding STP CIST (and MSTI) port.

Path Cost

Priority

Controls the port priority. This can be used to control priority of ports having identical port cost. (See above).

Items

Description

Global Profile Mode

Enable/Disable the Global IPMC Profile.

Delete

Check to delete the entry. The designated entry will be deleted during the next save.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.16 IPMC Profile

This page provides IPMC Profile related configurations.

4.3.16.1 Profile Table

The IPMC profile is used to deploy the access control on IP multicast streams. It is allowed to create at maximum 64 Profiles with at maximum 128 corresponding rules for each.

System starts to do filtering based on profile settings only when the global profile mode is enabled.

TRENDnet User’s Guide

TL2-FG142

Profile Name

The name used for indexing the profile table. Each entry has the unique name which is composed of at maximum 16

alphabetic and numeric characters. At least one alphabet must be present.

Profile Description

Additional description, which is composed of at maximum 64 alphabetic and numeric characters, about the profile.

No blank or space characters are permitted as part of description. Use "_" or "-" to separate the description sentence.

Rule

When the profile is created, click the edit button to enter the rule setting page of the designated profile. Summary about the designated profile will be shown by clicking the view button. You can manage or inspect the rules of the designated profile by using the following buttons:

Navigate: List the rules associated with the designated profile. Edit: Adjust the rules associated with the designated profile.

Items

Description

Delete

Check to delete the entry. The designated entry will be deleted during the next save.

Entry Name

The name used for indexing the address entry table. Each entry has the unique name which is composed of at maximum 16

alphabetic and numeric characters. At least one alphabet must be present.

Start Address

The starting IPv4/IPv6 Multicast Group Address that will be used as an address range.

End Address

The ending IPv4/IPv6 Multicast Group Address that will be used as an address range.

Button

Click to add new IPMC profile. Specify the name and configure the

new entry. Click "Save".

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.16.2 Address Entry

This page provides address range settings used in IPMC profile.

The address entry is used to specify the address range that will be associated with IPMC Profile. It is allowed to create at maximum 128 address entries in the system.

Button

Click to add new address range. Specify the name and

configure the addresses. Click "Save"

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.17 MVR

This page provides MVR related configurations.

TRENDnet User’s Guide

TL2-FG142

Items

Description

MVR Mode

Enable/Disable the Global MVR.The designated entry will be deleted during the next save.

The Unregistered Flooding control depends on the current configuration in IGMP/MLD Snooping.

It is suggested to enable Unregistered Flooding control when the MVR group table is full.

The MVR feature enables multicast traffic forwarding on the Multicast VLANs. In a multicast television application, a PC or a network television or a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port. When a subscriber selects a channel, the set-top box or PC sends an IGMP/MLD report message to Switch A to join the appropriate multicast group address. Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports. It is allowed to create at maximum 8 MVR VLANs with corresponding channel settings for each Multicast VLAN. There will be totally at maximum 256 group addresses for channel settings.

TRENDnet User’s Guide

TL2-FG142

Delete

Check to delete the entry. The designated entry will be deleted during the next save.

MVR VID

Specify the Multicast VLAN ID. Be Caution: MVR source ports are not recommended to be overlapped

with management VLAN ports.

MVR Name

MVR Name is an optional attribute to indicate the name of the specific MVR VLAN. Maximum length of the MVR VLAN Name string is 32. MVR VLAN Name can only contain alphabets or numbers. When the optional MVR VLAN name is given, it should contain at least one alphabet. MVR VLAN name can be edited for the existing MVR VLAN entries or it can be added to the new entries.

IGMP Address

Define the IPv4 address as source address used in IP header for IGMP control frames.

When the IGMP address is not set, system uses IPv4 management address of the IP interface associated with this VLAN.

When the IPv4 management address is not set, system uses the first available IPv4 management address.

Otherwise, system uses a pre-defined value. By default, this value will be

192.0.2.1.

Mode

Specify the MVR mode of operation. In Dynamic mode, MVR allows dynamic MVR membership reports on source ports. In Compatible mode, MVR membership reports are forbidden on source ports. The default is Dynamic mode.

Tagging

Specify whether the traversed IGMP/MLD control frames will be sent as Untagged or Tagged with MVR VID. The default is Tagged.

Priority

Specify how the traversed IGMP/MLD control frames will be sent in prioritized manner. The default Priority is 0.

LLQI

Define the maximum time to wait for IGMP/MLD report memberships on a receiver port before removing the port from multicast group membership. The value is in units of tenths of a seconds. The range is from 0 to 31744. The default LLQI is 5 tenths or one-half second.

Interface Channel Profile

When the MVR VLAN is created, select the IPMC Profile as the channel filtering condition for the specific MVR VLAN. Summary about the Interface Channel Profiling (of the MVR VLAN) will be shown by clicking the view button. Profile selected for designated interface channel is not allowed to have overlapped permit group address.

Profile Management Button

You can inspect the rules of the designated profile by using the following button:

Navigate: List the rules associated with the designated profile.

Port

The logical port for the settings.

Port Role

Configure an MVR port of the designated MVR VLAN as one of the following roles.

Inactive: The designated port does not participate MVR operations. Source: Configure uplink ports that receive and send multicast data as

source ports. Subscribers cannot be directly connected to source ports. Receiver: Configure a port as a receiver port if it is a subscriber port and

should only receive multicast data. It does not receive data unless it becomes a member of the multicast group by issuing IGMP/MLD messages.

Be Caution: MVR source ports are not recommended to be overlapped with management VLAN ports.

Select the port role by clicking the Role symbol to switch the setting. I indicates Inactive; S indicates Source; R indicates Receiver The default Role is Inactive.

Immediate Leave

Enable the fast leave on the port.

Button

Click to add new MVR VLAN. Specify the VID and configure the new

entry. Click "Save".

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Snooping Enabled

Enable the Global IGMP Snooping

Unregistered IPMCv4 Flooding Enabled

Enable unregistered IPMCv4 traffic flooding. The flooding control takes effect only when IGMP Snooping is enabled. When IGMP Snooping is disabled, unregistered IPMCv4 traffic flooding is

always active in spite of this setting.

IGMP SSM Range

SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address range.

Leave Proxy Enabled

Enable IGMP Leave Proxy. This feature can be used to avoid forwarding unnecessary leave messages to the router side.

Proxy Enabled

Enable IGMP Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side.

Items

Description

Router Port

Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier.

If an aggregation member port is selected as a router port, the whole aggregation will act as a router port.

Fast Leave

Enable the fast leave on the port.

Throttling

Enable to limit the number of multicast groups to which a switch port can belong.

4.3.18 IPMC

4.3.18.1 IGMP Snooping-Base Cfg

IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.

This page provides IGMP Snooping related configuration.

Port Related Configuration

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.18.2 IGMP Snooping-VLAN Cfg

Navigating the IGMP Snooping VLAN Table Each page shows up to 99 entries from the VLAN table, default being 20, selected

through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

Check to delete the entry. The designated entry will be deleted during the next save.

VLAN ID

The VLAN ID of the entry.

IGMP Snooping Enabled

Enable the per-VLAN IGMP Snooping. Up to 32 VLANs can be selected for IGMP Snooping.

Querier Election

Enable to join IGMP Querier election in the VLAN. Disable to act as an IGMP Non-Querier

Querier Address

Define the IPv4 address as source address used in IP header for IGMP Querier election.

When the Querier address is not set, system uses IPv4 management address of the IP interface associated with this VLAN.

When the IPv4 management address is not set, system uses the first available IPv4 management address.

Otherwise, system uses a pre-defined value. By default, this value will be

192.0.2.1

Compatibility

Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network.

The allowed selection is IGMP-Auto, Forced IGMPv1, Forced IGMPv2, Forced IGMPv3, default compatibility value is IGMP-Auto.

PRI

Priority of Interface. It indicates the IGMP control frame priority level generated by the

system. These values can be used to prioritize different classes of traffic. The allowed range is 0 (best effort) to 7 (highest), default interface

priority value is 0.

Robustness Variable. The Robustness Variable allows tuning for the expected packet loss on a

network. The allowed range is 1 to 255, default robustness variable value is 2.

Query Interval. The Query Interval is the interval between General Queries sent by the

Querier. The allowed range is 1 to 31744 seconds, default query interval is 125

seconds.

QRI

Query Response Interval. The Maximum Response Delay used to calculate the Maximum Response

Code inserted into the periodic General Queries. The allowed range is 0 to 31744 in tenths of seconds, default query

response interval is 100 in tenths of seconds (10 seconds).

LLQI (LMQI for IGMP)

Last Member Query Interval. The Last Member Query Time is the time value represented by the Last

Member Query Interval, multiplied by the Last Member Query Count. The allowed range is 0 to 31744 in tenths of seconds, default last

member query interval is 10 in tenths of seconds (1 second)

The "VLAN" input fields allow the user to select the starting point in the VLAN Table. Clicking the Refresh button will update the displayed table starting from that or the next closest VLAN Table match.

The >> will use the last entry of the currently displayed entry as a basis for the next lookup. When the end is reached the text "No more entries" is shown in the displayed table. Use the |<< button to start over.

IGMP Snooping VLAN Table Columns

TRENDnet User’s Guide

TL2-FG142

URI

Unsolicited Report Interval. The Unsolicited Report Interval is the time between repetitions of a host's initial report of membership in a group.

The allowed range is 0 to 31744 seconds, default unsolicited report interval is 1 second.

Items

Description

Port

The logical port for the settings.

Filtering Profile

Select the IPMC Profile as the filtering condition for the specific port. Summary about the designated profile will be shown by clicking the view button.

Profile Management Button

You can inspect the rules of the designated profile by using the following button:

Navigate: List the rules associated with the designated profile

Button

Add New IGMP VLAN : Click to add new IGMP VLAN. Specify the VID and configure the new entry. Click "Save". The specific IGMP VLAN starts working after the corresponding static VLAN is also created

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.18.3 IGMP Snooping- Port Filtering Profile

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.18.3 MLD Snooping- Base Cfg

MLD is an acronym for Multicast Listener Discovery for IPv6. MLD is used by IPv6 routers to discover multicast listeners on a directly attached link, much as IGMP is used in IPv4. The protocol is embedded in ICMPv6 instead of using a separate protocol.

This page provides MLD Snooping related configuration.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Snooping Enabled

Enable the Global MLD Snooping.

Unregistered IPMCv6 Flooding Enabled

Enable unregistered IPMCv6 traffic flooding. The flooding control takes effect only when MLD Snooping is enabled. When MLD Snooping is disabled, unregistered IPMCv6 traffic flooding is

always active in spite of this setting.

MLD SSM Range

SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address range.

Leave Proxy Enabled

Enable MLD Leave Proxy. This feature can be used to avoid forwarding unnecessary leave messages to the router side.

Proxy Enabled

Enable MLD Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side.

Items

Description

Router Port

Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier.

If an aggregation member port is selected as a router port, the whole aggregation will act as a router port.

Fast Leave

Enable the fast leave on the port.

Throttling

Enable to limit the number of multicast groups to which a switch port can belong.

Port Related Configuration

Button

4.3.18.4 MLD Snooping- VLAN Cfg

Navigating the MLD Snooping VLAN Table Each page shows up to 99 entries from the VLAN table, default being 20, selected

The >> will use the last entry of the currently displayed entry as a basis for the next lookup. When the end is reached the text "No more entries" is shown in the displayed

table. Use the |<< button to start over.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

Check to delete the entry. The designated entry will be deleted during the next save.

VLAN ID

The VLAN ID of the entry.

MLD Snooping Enabled

Enable the per-VLAN MLD Snooping. Up to 32 VLANs can be selected for MLD Snooping.

Querier Election

Enable to join MLD Querier election in the VLAN. Disable to act as a MLD Non-Querier.

Compatibility

Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network.

The allowed selection is MLD-Auto, Forced MLDv1, Forced MLDv2, default compatibility value is MLD-Auto.

PRI

Priority of Interface. It indicates the MLD control frame priority level generated by the

system. These values can be used to prioritize different classes of traffic. The allowed range is 0 (best effort) to 7 (highest), default interface

priority value is 0.

Robustness Variable.

The Robustness Variable allows tuning for the expected packet loss on a link.

The allowed range is 1 to 255, default robustness variable value is 2.

Query Interval. The Query Interval is the interval between General Queries sent by the

Querier. The allowed range is 1 to 31744 seconds, default query interval is 125

seconds.

QRI

Query Response Interval. The Maximum Response Delay used to calculate the Maximum Response

Code inserted into the periodic General Queries. The allowed range is 0 to 31744 in tenths of seconds, default query

response interval is 100 in tenths of seconds (10 seconds).

LLQI

Last Listener Query Interval. The Last Listener Query Interval is the Maximum Response Delay used to

calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages. It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages.

The allowed range is 0 to 31744 in tenths of seconds, default last listener query interval is 10 in tenths of seconds (1 second).

URI

Unsolicited Report Interval. The Unsolicited Report Interval is the time between repetitions of a

node's initial report of interest in a multicast address. The allowed range is 0 to 31744 seconds, default unsolicited report

interval is 1 second.

MLD Snooping VLAN Table Columns

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The logical port for the settings.

Filtering Profile

Select the IPMC Profile as the filtering condition for the specific port. Summary about the designated profile will be shown by clicking the view button.

Profile Management Button

You can inspect the rules of the designated profile by using the following button: Navigate: List the rules associated with the designated profile

Items

Description

Tx Interval

The switch periodically transmits LLDP frames to its neighbours for having the network discovery information up-to-date. The interval

4.3.18.4 MLD Snooping- Port Filter profile

those capabilities, and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities. The information distributed via this protocol is stored by its recipients in a standard Management Information Base (MIB), making it possible for the information to be accessed by a Network Management System (NMS) using a management protocol such as the Simple Network Management Protocol (SNMP).

4.3.19.1 LLDP Configuration

This page allows the user to inspect and configure the current LLDP port settings.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.19 LLDP

LLDP is an IEEE 802.1ab standard protocol. The Link Layer Discovery Protocol (LLDP) specified in this standard allows stations

attached to an IEEE 802 LAN to advertise, to other stations attached to the same IEEE 802 LAN, the major capabilities provided by the system incorporating that station, the management address or addresses of the entity or entities that provide management of

LLDP Parameters

TRENDnet User’s Guide

TL2-FG142

between each LLDP frame is determined by the Tx Interval value. Valid values are restricted to 5 - 32768 seconds.

Tx Hold

Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid. The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds. Valid values are restricted to 2 - 10 times.

Tx Delay

If some configuration is changed (e.g. the IP address) a new LLDP frame is transmitted, but the time between the LLDP frames will always be at least the value of Tx Delay seconds. Tx Delay cannot be larger than 1/4 of the Tx Interval value. Valid values are restricted to 1 - 8192 seconds.

Tx Reinit

When a port is disabled, LLDP is disabled or the switch is rebooted, an LLDP shutdown frame is transmitted to the neighboring units, signalling that the LLDP information isn't valid anymore. Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization. Valid values are restricted to 1 - 10 seconds.

Items

Description

Port

The switch port number of the logical LLDP port.

Mode

Select LLDP mode. Rx only The switch will not send out LLDP information, but LLDP

information from neighbour units is analyzed. Tx only The switch will drop LLDP information received from neighbours,

but will send out LLDP information. Disabled The switch will not send out LLDP information, and will drop

LLDP information received from neighbours. Enabled The switch will send out LLDP information, and will analyze LLDP

information received from neighbours.

CDP Aware

Select CDP awareness. The CDP operation is restricted to decoding incoming CDP frames (The

switch doesn't transmit CDP frames). CDP frames are only decoded if LLDP on the port is enabled.

Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbours' table are decoded. All other TLVs are discarded (Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics.). CDP TLVs are mapped onto LLDP neighbours' table as shown below.

CDP TLV "Device ID" is mapped to the LLDP "Chassis ID" field. CDP TLV "Address" is mapped to the LLDP "Management Address" field.

The CDP address TLV can contain multiple addresses, but only the first address is shown in the LLDP neighbours table.

CDP TLV "Port ID" is mapped to the LLDP "Port ID" field. CDP TLV "Version and Platform" is mapped to the LLDP "System

Description" field. Both the CDP and LLDP support "system capabilities", but the CDP

capabilities cover capabilities that are not part of the LLDP. These capabilities are shown as "others" in the LLDP neighbours' table.

If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbour devices. If at least one port has CDP awareness enabled all CDP frames are terminated by the switch.

Note: When CDP awareness on a port is disabled the CDP information isn't removed immediately, but gets removed when the hold time is exceeded.

Port Descr

Optional TLV: When checked the "port description" is included in LLDP information transmitted.

Sys Name

Optional TLV: When checked the "system name" is included in LLDP information transmitted.

Sys Descr

Optional TLV: When checked the "system description" is included in LLDP information transmitted.

Sys Capa

Optional TLV: When checked the "system capability" is included in LLDP information transmitted.

Mgmt Addr

Optional TLV: When checked the "management address" is included in LLDP information transmitted.

LLDP Port Configuration

Button

Click to save changes.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Fast start repeat count

Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in

general. In addition, it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types (for example only advertise the voice network policy to permitted voicecapable devices), both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy.

With this in mind LLDP-MED defines an LLDP-MED Fast Start interaction between the protocol and the application layers on top of the protocol, in order to achieve these related properties. Initially, a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU. Only after an LLDP-MED Endpoint Device is detected, will an LLDP-MED capable Network Connectivity Device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated port. The LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second, when a new LLDP-MED neighbour has been detected in order share LLDP-MED information as fast as possible to new neighbours.

Because there is a risk of an LLDP frame being lost during transmission between neighbours, it is recommended to repeat the fast start transmission multiple times to increase the possibility of the neighbours receiving the LLDP frame. With Fast start repeat count it is possible to specify the number of times the fast start transmission would be repeated. The recommended value is 4 times, given that 4 LLDP frames with a 1 second interval will be transmitted, when an LLDP frame with new information is received.

It should be noted that LLDP-MED and the LLDP-MED Fast Start mechanism is only intended to run on links between LLDP-MED Network Connectivity Devices and Endpoint Devices, and as such does not apply to links between LAN infrastructure elements, including Network Connectivity Devices, or other types of links.

Items

Description

Latitude

Latitude SHOULD be normalized to within 0-90 degrees with a maximum of 4 digits.

It is possible to specify the direction to either North of the equator or South of the equator.

Click to undo any changes made locally and revert to previously saved values.

4.3.19.2 LLDP-MED

LLDP-MED is an extension of IEEE 802.1ab and is defined by the telecommunication industry association (TIA-1057). This page allows you to configure the LLDP-MED. This function applies to VoIP devices which support LLDP-MED.

Fast start repeat count

Coordinates Location

TRENDnet User’s Guide

TL2-FG142

Longitude

Longitude SHOULD be normalized to within 0-180 degrees with a maximum of 4 digits.

It is possible to specify the direction to either East of the prime meridian or West of the prime meridian.

Altitude

Altitude SHOULD be normalized to within -32767 to 32767 with a maximum of 4 digits.

It is possible to select between two altitude types (floors or meters). Meters: Representing meters of Altitude defined by the vertical datum

specified. Floors: Representing altitude in a form more relevant in buildings which

have different floor-to-floor dimensions. An altitude = 0.0 is meaningful even outside a building, and represents ground level at the given latitude and longitude. Inside a building, 0.0 represents the floor level associated with ground level at the main entrance.

Map Datum

The Map Datum is used for the coordinates given in these options: WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code

4327, Prime Meridian Name: Greenwich. NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime

Meridian Name: Greenwich; The associated vertical datum is the North American Vertical Datum of 1988 (NAVD88). This datum pair is to be used when referencing locations on land, not near tidal water (which would use Datum = NAD83/MLLW).

NAD83/MLLW: North American Datum 1983, CRS Code 4269, Prime Meridian Name: Greenwich; The associated vertical datum is Mean Lower Low Water (MLLW). This datum pair is to be used when referencing locations on water/sea/ocean

Items

Description

Country code

The two-letter ISO 3166 country code in capital ASCII letters Example: DK, DE or US.

State

National subdivisions (state, canton, region, province, prefecture).

County

County, parish, gun (Japan), district.

City

City, township, shi (Japan) - Example: Copenhagen.

City district

City division, borough, city district, ward, chou (Japan).

Block (Neighbourhood)

Neighbourhood, block. Street

Street - Example: Poppelvej.

Leading street direction

Leading street direction - Example: N.

Trailing street suffix

Trailing street suffix - Example: SW. Street suffix

Street suffix - Example: Ave, Platz.

House no.

House number - Example: 21.

House no. suffix

House number suffix - Example: A, 1/2.

Landmark

Landmark or vanity address - Example: Columbia University.

Additional location info

Additional location info - Example: South Wing. Name

Name (residence and office occupant) - Example: Flemming Jahn.

Zip code

Postal/zip code - Example: 2791.

Building

Building (structure) - Example: Low Library.

Apartment

Unit (Apartment, suite) - Example: Apt 42.

Floor

Floor - Example: 4.

Room no.

Room number - Example: 450F.

Place type

Place type - Example: Office.

Postal community name

Postal community name - Example: Leonia.

P.O. Box

Post office box (P.O. BOX) - Example: 12345.

Civic Address Location IETF Geopriv Civic Address based Location Configuration Information (Civic Address LCI).

TRENDnet User’s Guide

TL2-FG142

Additional code

Additional code - Example: 1320300003.

Emergency Call Service

Emergency Call Service (e.g. E911 and others), such as defined by TIA or NENA.

Items

Description

Delete

Check to delete the policy. It will be deleted during the next save.

Policy ID

ID for the policy. This is auto generated and shall be used when selecting the polices that shall be mapped to the specific ports.

Application Type

Intended use of the application types:

1. Voice - for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services. These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications.

2. Voice Signalling (conditional) - for use in network topologies that require a different policy for the voice signalling than for the voice media. This application type should not be advertised if all the same network policies apply as those advertised in the Voice application policy.

3. Guest Voice - support a separate 'limited feature-set' voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services.

4. Guest Voice Signalling (conditional) - for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media. This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy.

5. Softphone Voice - for use by softphone applications on typical data centric devices, such as PCs or laptops. This class of endpoints frequently does not support multiple VLANs, if at all, and are typically configured to use an 'untagged' VLAN or a single 'tagged' data specific VLAN. When a network policy is defined for use with an 'untagged' VLAN (see Tagged flag below), then the L2 priority field is ignored and only the DSCP value has relevance.

6. Video Conferencing - for use by dedicated Video Conferencing equipment and other similar appliances supporting real-time interactive video/audio services.

the multitude of network policies that frequently run on an aggregated link interior to the LAN.

Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch

issues with the VLAN configuration, along with the associated Layer 2 and Layer 3 attributes, which apply for a set of specific protocol applications on that port. Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service.

Policies are only intended for use with applications that have specific 'real-time' network policy requirements, such as interactive voice and/or video services.

The network policy attributes advertised are:

1. Layer 2 VLAN ID (IEEE 802.1Q-2003)

2. Layer 2 priority value (IEEE 802.1D-2004)

3. Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474) This network policy is potentially advertised and associated with multiple sets of

application types supported on a given port. The application types specifically addressed are:

1. Voice

2. Guest Voice

3. Softphone Voice

4. Video Conferencing

5. Streaming Video

6. Control / Signalling (conditionally support a separate network policy for the media types above)

A large network may support multiple VoIP policies across the entire organization, and different policies per application type. LLDP-MED allows multiple policies to be advertised per port, each corresponding to a different application type. Different ports on the same Network Connectivity Device may advertise different sets of policies, based on the authenticated user identity or port configuration.

It should be noted that LLDP-MED is not intended to run on links other than between Network Connectivity Devices and Endpoints, and therefore does not need to advertise

TRENDnet User’s Guide

TL2-FG142

7. Streaming Video - for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment. Video applications relying on TCP with buffering would not be an intended use of this application type.

8. Video Signalling (conditional) - for use in network topologies that require a separate policy for the video signalling than for the video media. This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy.

Tag

Tag indicating whether the specified application type is using a 'tagged' or an 'untagged' VLAN.

Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802.1Q-

2003. In this case, both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance.

Tagged indicates that the device is using the IEEE 802.1Q tagged frame format, and that both the VLAN ID and the Layer 2 priority values are being used, as well as the DSCP value. The tagged format includes an additional field, known as the tag header. The tagged frame format also includes priority tagged frames as defined by IEEE 802.1Q-2003.

VLAN ID

VLAN identifier (VID) for the port as defined in IEEE 802.1Q-2003.

L2 Priority

L2 Priority is the Layer 2 priority to be used for the specified application type. L2 Priority may specify one of eight priority levels (0 through 7), as defined by IEEE 802.1D-2004. A value of 0 represents use of the default priority as defined in IEEE 802.1D-2004

DSCP

DSCP value to be used to provide Diffserv node behaviour for the specified application type as defined in IETF RFC 2474. DSCP may contain one of 64 code point values (0 through 63). A value of 0 represents use of the default DSCP value as defined in RFC 2475

Items

Description

Delete

This box is used to mark an EPS for deletion in next Save operation.

EPS ID

The ID of the EPS. Click on the ID of an EPS to enter the configuration page.

Domain

Port: This will create a EPS in the Port Domain. 'W/P Flow' is a Port. Esp: Future use Evc: This will create a EPS in the EVC Domain. 'W/P Flow' is a EVC Mpls: Future use

Architecture

Port: This will create a 1+1 EPS. Port: This will create a 1:1 EPS.

W Flow

The working flow for the EPS - See 'Domain'.

P Flow

The protecting flow for the EPS - See 'Domain'.

W SF MEP

The working Signal Fail reporting MEP.

P SF MEP

The protecting Signal Fail reporting MEP.

APS MEP

The APS PDU handling MEP.

Alarm

There is an active alarm on the EPS.

4.3.20 EPS

The Ethernet (Linear) Protection Switch instances are configured here.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Button

Click to add a new EPS entry.

Click to save changes.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

This box is used to mark an EPS for deletion in next Save operation.

Instance

The ID of the MEP. Click on the ID of a MEP to enter the configuration page.

Domain

Port: This is a MEP in the Port Domain. 'Flow Instance' is a Port. Evc: This is a MEP in the EVC Domain. 'Flow Instance' is a EVC

Mode

MEP: This is a Maintenance Entity End Point. MIP: This is a Maintenance Entity Intermediate Point.

Direction

Up: This is a Down MEP - monitoring ingress OAM and traffic on 'Residence Port'.

Down: This is a Up MEP - monitoring egress OAM and traffic on 'Residence Port'.

Residence Port

The port where MEP is monitoring - see 'Direction'. Level

The MEG level of this MEP.

Flow Instance

The MEP is related to this flow - See 'Domain'.

Tagged VID

Port MEP: An outer C/S-tag (depending on VLAN Port Type) is added with this VID. Entering '0' means no TAG added.

EVC MIP: On Serval, this is the Subscriber VID that identify the subscriber flow in this EVC where the MIP is active.

This MAC

The MAC of this MEP - can be used by other MEP when unicast is selected (Info only).

Alarm

There is an active alarm on the MEP.

Items

Description

Click to undo any changes made locally and revert to previously saved values.

4.3.21 MEP

The Maintenance Entity Point instances are configured here.

Button

Click to add a new MEP entry.

4.3.22 MAC Table

The MAC Address Table is configured on this page. Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here.

Aging Configuration

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Aging Time

By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging.

Configure aging time by entering a value here in seconds; for example, Age time seconds.

The allowed range is 10 to 1000000 seconds. Disable the automatic aging of dynamic entries by checking Disable

automatic aging.

Items

Description

Auto

Learning is done automatically as soon as a frame with unknown SMAC is received.

Disable No learning is done. Secure Only static MAC entries are learned, all other frames are dropped. Note: Make sure that the link used for managing the switch is added to

the Static Mac Table before changing to secure learning mode, otherwise the management link is lost and can only be restored by using another non-secure port or by connecting to the switch via the serial interface.

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

VLAN ID

The VLAN ID of the entry.

MAC Address

The MAC address of the entry.

Port Members

Checkmarks indicate which ports are members of the entry. Check or uncheck as needed to modify the entry.

Button

Click Add New Static Entry to add a new entry to the static MAC

MAC Table Learning

If the learning mode for a given port is greyed out, another module is in control of the mode, so that it cannot be changed by the user. An example of such a module is the MAC-Based Authentication under 802.1X.

Each port can do learning based upon the following settings:

table. Specify the VLAN ID, MAC address, and port members for the new entry. Click "Save".

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.23 VLAN Translation

Q-in-Q tunneling and VLAN translation allow service providers to create a Layer 2 Ethernet connection between two customer sites. Providers can segregate different

customers’ VLAN traffic on a link (for example, if the customers use overlapping VLAN

IDs) or bundle different customer VLANs into a single service VLAN. Data centers can use Q-in-Q tunneling and VLAN translation to isolate customer traffic within a single site or to enable customer traffic flows between cloud data centers in different geographic locations.

4.3.23.1 Port to Group Mapping

This page allows you to map set of Port members to a Group ID for all switch ports.

Static MAC Table Configuration

The static entries in the MAC table are shown in this table. The static MAC table can contain 64 entries.

The MAC table is sorted first by VLAN ID and then by MAC address.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Group ID

A valid Group ID is an integer value form 1 to 26. A set of VLAN Translations are mapped to a group Id. This way a port is mapped to a list of VLAN Translations easily by mapping it to a group. Number of groups in this switch is equal to the number of ports (26) present in this switch. A port can be mapped to any of the groups. Multiple ports can also be mapped to a group with same group Id.

Note: By default, each port is mapped to a group with a group Id equal to the port number. For example, port 1 is mapped to the group with ID=1.

Port Members

A row of radio buttons, one radio button for each port is displayed for each Group ID. To include a port in a Group, click the radio button. A port must belong to at least one group.

Adding a New Port to Group mapping entry Click Add New Entry to add a new entry in Port to Group Mapping

Table. An empty row is added to the table with the Group ID and array of radio buttons, one radio button for each port(click corresponding radio

button to make port to be member of a particular Group). Note that if a VLAN translation is enabled on a management port for management VLAN, it may disrupt the management connectivity in some cases.

Legal values for a VLAN ID are 1 through 4095. The Delete button can be used to undo the addition of new entry.

Items

Description

Delete

To delete a VLAN Translation Group database entry, check this box. The entry will be deleted on the switch during the next Save

Group ID

A valid Group ID is an integer value from 1 to 26. A set of VLAN Translations are mapped to a group Id. This way a port is mapped to a list of VLAN Translations easily by mapping it to a group. Number of groups in a switch is equal to the number of ports present in this switch. A port can be mapped to any of the groups. Multiple ports can also be mapped to a group with same group Id.

Note: By default, each port is mapped to a group with a group Id equal to the port number. For example, port 1 is mapped to the group with ID=1.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.23.2 VID Translation Mapping

This page allows you to map VLAN ID to other VLAN ID for a particular Group ID Globally.

The displayed settings are:

TRENDnet User’s Guide

TL2-FG142

VLAN ID

Indicates the ID to which Group ID will be mapped. A valid VLAN ID ranges from 1-4095.

Translated to VLAN ID

Indicates the VID to which VLAN ID of ingress frames will be changed, if VID in incoming frames if same as configured in VLAN ID field preceded by this field on member ports of a particular group to which this entry belongs.

Adding a New VLAN Translation entry Click Add New Entry to add a new entry in VLAN Translation table. An

empty row is added to the table, the Group ID, VLAN ID and Translated to VID fields can be configured as needed. Legal values for a VLAN ID are 1 through 4095.

The Delete button can be used to undo the addition of new entry.

Items

Description

Allowed Access VLANs

This field shows the allowed Access VLANs, i.e. it only affects ports configured as Access ports. Ports in other modes are members of all VLANs specified in the Allowed VLANs field. By default, only VLAN 1 is enabled. More VLANs may be created by using a list syntax where the individual elements are separated by commas. Ranges are specified with a dash separating the lower and upper bound.

The following example will create VLANs 1, 10, 11, 12, 13, 200, and 300: 1,10-13,200,300. Spaces are allowed in between the delimiters.

Ethertype for Custom Sports

This field specifies the ethertype/TPID (specified in hexadecimal) used for Custom S-ports. The setting is in force for all ports whose Port Type is set to S-Custom-Port.

4.3.24 VLANs

VLANs allow network administrators to group hosts together even if the hosts are not on the same network switch. This can greatly simplify network design and deployment, because VLAN membership can be configured through software. Without VLANs, grouping hosts according to their resource needs necessitates the labor of relocating nodes or rewiring data links.

This page allows for controlling VLAN configuration on the switch. The page is divided into a global section and a per-port configuration section.

Global VLAN Configuration

Port VLAN Configuration

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

This is the logical port number of this row.

Mode

The port mode (default is Access) determines the fundamental behavior of the port in question. A port can be in one of three modes as described below.

Whenever a particular mode is selected, the remaining fields in that row will be either grayed out or made changeable depending on the mode in question.

Grayed out fields show the value that the port will get when the mode is applied.

Access:

Access ports are normally used to connect to end stations. Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes. Access ports have the following characteristics:

Member of exactly one VLAN, the Port VLAN (a.k.a. Access VLAN), which by default is 1

Accepts untagged and C-tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classified to the Access VLAN are transmitted

untagged. Other (dynamically added VLANs) are transmitted tagged

Trunk:

Trunk ports can carry traffic on multiple VLANs simultaneously, and are normally used to connect to other switches. Trunk ports have the following characteristics:

By default, a trunk port is member of all VLANs (1-4095) The VLANs that a trunk port is member of may be limited by the use of

Allowed VLANs Frames classified to a VLAN that the port is not a member of are

discarded

By default, all frames but frames classified to the Port VLAN (a.k.a. Native VLAN) get tagged on egress. Frames classified to the Port VLAN do not get C-tagged on egress

Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted on ingress

Hybrid:

Hybrid ports resemble trunk ports in many ways, but adds additional port configuration features. In addition to the characteristics described for trunk ports, hybrid ports have these abilities:

Can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S-custom-tag aware

Ingress filtering can be controlled Ingress acceptance of frames and configuration of egress tagging can be

configured independently

Port VLAN

Determines the port's VLAN ID (a.k.a. PVID). Allowed VLANs are in the range 1 through 4095, default being 1.

On ingress, frames get classified to the Port VLAN if the port is configured as VLAN unaware, the frame is untagged, or VLAN awareness is enabled on the port, but the frame is priority tagged (VLAN ID = 0).

On egress, frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN.

The Port VLAN is called an "Access VLAN" for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode.

Port Type

Ports in hybrid mode allow for changing the port type, that is, whether a frame's VLAN tag is used to classify the frame on ingress to a particular VLAN, and if so, which TPID it reacts on. Likewise, on egress, the Port Type determines the TPID of the tag, if a tag is required.

Unaware: On ingress, all frames, whether carrying a VLAN tag or not, get classified

to the Port VLAN, and possible tags are not removed on egress.

C-Port:

TRENDnet User’s Guide

TL2-FG142

On ingress, frames with a VLAN tag with TPID = 0x8100 get classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, they will be tagged with a C-tag.

S-Port: On ingress, frames with a VLAN tag with TPID = 0x8100 or 0x88A8 get

classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, they will be tagged with an S-tag.

S-Custom-Port: On ingress, frames with a VLAN tag with a TPID = 0x8100 or equal to the

Ethertype configured for Custom-S ports get classified to the VLAN ID embedded in the tag. If a frame is untagged or priority tagged, the frame gets classified to the Port VLAN. If frames must be tagged on egress, they will be tagged with the custom S-tag.

Ingress Filtering

Hybrid ports allow for changing ingress filtering. Access and Trunk ports always have ingress filtering enabled.

If ingress filtering is enabled (checkbox is checked), frames classified to a VLAN that the port is not a member of get discarded.

If ingress filtering is disabled, frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine. However, the port will never transmit frames classified to VLANs that it is not a member of.

Ingress Acceptance

Hybrid ports allow for changing the type of frames that are accepted on ingress.

Tagged and Untagged Both tagged and untagged frames are accepted.

Tagged Only Only tagged frames are accepted on ingress. Untagged frames are

discarded.

Untagged Only Only untagged frames are accepted on ingress. Tagged frames are

discarded.

Egress Tagging

Ports in Trunk and Hybrid mode may control the tagging of frames on egress.

Untag Port VLAN Frames classified to the Port VLAN are transmitted untagged. Other

frames are transmitted with the relevant tag.

Tag All All frames, whether classified to the Port VLAN or not, are transmitted

with a tag.

Untag All All frames, whether classified to the Port VLAN or not, are transmitted

without a tag. This option is only available for ports in Hybrid mode.

Allowed VLANs

Ports in Trunk and Hybrid mode may control which VLANs they are allowed to become members of. Access ports can only be member of one VLAN, the Access VLAN.

The field's syntax is identical to the syntax used in the Enabled VLANs field. By default, a Trunk or Hybrid port will become member of all VLANs, and is therefore set to 1-4095.

The field may be left empty, which means that the port will not become member of any VLANs.

Forbidden VLANs

A port may be configured to never be member of one or more VLANs. This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs.

The trick is to mark such VLANs as forbidden on the port in question. The syntax is identical to the syntax used in the Enabled VLANs field.

TRENDnet User’s Guide

TL2-FG142

By default, the field is left blank, which means that the port may become a member of all possible VLANs.

Items

Description

Delete

To delete a private VLAN entry, check this box. The entry will be deleted during the next save.

Private VLAN ID

Indicates the ID of this particular private VLAN.

Port Members

A row of check boxes for each port is displayed for each private VLAN ID. To include a port in a Private VLAN, check the box. To remove or exclude the port from the Private VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked.

Adding a New Private VLAN Click Add New Private VLAN to add a new private VLAN ID. An empty

row is added to the table, and the private VLAN can be configured as needed. The allowed range for a private VLAN ID is the same as the switch port number range. Any values outside this range are not accepted, and a warning message appears. Click "OK" to discard the incorrect entry, or click "Cancel" to return to the editing and make a correction.

The Private VLAN is enabled when you click "Save". The Delete button can be used to undo the addition of new Private

VLANs.

Items

Description

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.25 Private VLANs

In a private VLAN, PVLANs provide layer 2 isolation between ports within the same broadcast domain. Isolated ports configured as part of PVLAN cannot communicate with each other. Member ports of a PVLAN can communicate with each other.

4.3.25.1 Private VLAN Membership

The Private VLAN membership configurations for the switch can be monitored and modified here. Private VLANs can be added or deleted here. Port members of each Private VLAN can be added or removed here.

Private VLANs are based on the source port mask, and there are no connections to VLANs. This means that VLAN IDs and Private VLAN IDs can be identical.

A port must be a member of both a VLAN and a Private VLAN to be able to forward packets. By default, all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1.

A VLAN unaware port can only be a member of one VLAN, but it can be a member of multiple Private VLANs.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.25.2 Port Isolation

This page is used for enabling or disabling port isolation on ports in a Private VLAN. A port member of a VLAN can be isolated to other isolated ports on the same VLAN and

Private VLAN.

TRENDnet User’s Guide

TL2-FG142

Port Members

A check box is provided for each port of a private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port. By default, port isolation is disabled on all ports.

Items

Description

Delete

To delete a MAC-based VLAN entry, check this box and press save. The entry will be deleted in the stack.

MAC Address

Indicates the MAC address.

VLAN ID

Indicates the VLAN ID.

Port Members

A row of check boxes for each port is displayed for each MAC-based VLAN entry. To include a port in a MAC-based VLAN, check the box. To remove or exclude the port from the MAC-based VLAN, make sure the

box is unchecked. By default, no ports are members, and all boxes are unchecked.

Adding a New MAC-based VLAN Click Add New Entry to add a new MAC-based VLAN entry. An empty

row is added to the table, and the MAC-based VLAN entry can be configured as needed. Any unicast MAC address can be configured for the MAC-based VLAN entry. No broadcast or multicast MAC addresses are allowed. Legal values for a VLAN ID are 1 through 4095.

The MAC-based VLAN entry is enabled when you click on "Save". A MACbased VLAN without any port members will be deleted when you click "Save"

. The Delete button can be used to undo the addition of new MACbased VLANs. The maximum possible MAC-based VLAN entries are limited to 256.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.26 VCL

4.3.26.1 MAC-based VLAN

The MAC-based VLAN enties can be configured here. This page allows for adding and deleting MAC-based VLAN entries and assigning the entries to different ports. This page shows only static entries.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.26.2 Protocol-based VLAN

In a switch that supports protocol-based VLANs, traffic is handled on the basis of its protocol. Essentially, this segregates or forwards traffic from a port depending on the

particular protocol of that traffic; traffic of any other protocol is not forwarded on the port.

4.3.26.2.1 Protocol to Group

This page allows you to add new protocols to Group Name (unique for each Group) mapping entries as well as allow you to see and delete already mapped entries for the switch .

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

To delete a Protocol to Group Name map entry, check this box. The entry will be deleted on the switch during the next Save.

Frame Type

Frame Type can have one of the following values: Ethernet LLC SNAP Note: On changing the Frame type field, valid value of the following text

field will vary depending on the new frame type you selected.

Value

Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu.

Below is the criteria for three different Frame Types: For Ethernet: Values in the text field when Ethernet is selected as a

Frame Type is called etype. Valid values for etype ranges from 0x06000xffff

For LLC: Valid value in this case is comprised of two different sub-values. a. DSAP: 1-byte long string (0x00-0xff) b. SSAP: 1-byte long string (0x00-0xff) For SNAP: Valid value in this case also is comprised of two different sub-

values. a. OUI: OUI (Organizationally Unique Identifier) is value in format of xx-

xx-xx where each pair (xx) in string is a hexadecimal value ranges from 0x00-0xff.

b. PID: If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type (EtherType) field value for the protocol running on top of SNAP; if the OUI is an OUI for a particular organization, the protocol ID is a value assigned by that organization to the protocol running on top of SNAP.

In other words, if value of OUI field is 00-00-00 then value of PID will be etype (0x0600-0xffff) and if value of OUI is other than 00-00-00 then valid value of PID will be any value from 0x0000 to 0xffff.

Group Name

A valid Group Name is a unique 16-character long string for every entry which consists of a combination of alphabets (a-z or A-Z) and integers(0-

9). Note: special character and underscore(_) are not allowed. Adding a New Group to VLAN mapping entry Click Add New Entry to add a new entry in mapping table. An empty

row is added to the table; Frame Type, Value and the Group Name can be configured as needed.

The Delete button can be used to undo the addition of new entry. The maximum possible Protocol to Group mappings are limited to 128.

Items

Description

Delete

To delete a Group Name to VLAN map entry, check this box. The entry will be deleted on the switch during the next Save

Group Name

A valid Group Name is a string at the most 16 characters which consists of a combination of alphabets (a-z or A-Z) and integers(0-9), no special character is allowed. whichever Group name you try map to a VLAN

The displayed settings are:

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.26.2.2 Group to VLAN

This page allows you to map a already configured Group Name to a VLAN for the switch.

The displayed settings are:

TRENDnet User’s Guide

TL2-FG142

must be present in Protocol to Group mapping table and must not be pre-used by any other existing mapping entry on this page.

VLAN ID

Indicates the ID to which Group Name will be mapped. A valid VLAN ID ranges from 1-4095.

Port Members A row of check boxes for each port is displayed for each Group Name to

VLAN ID mapping. To include a port in a mapping, check the box. To remove or exclude the port from the mapping, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked.

Adding a New Group to VLAN mapping entry Click Add New Entry to add a new entry in mapping table. An empty

row is added to the table, the Group Name, VLAN ID and port members can be configured as needed. Legal values for a VLAN ID are 1 through

4095. The Delete button can be used to undo the addition of new entry. The

maximum possible Group to VLAN mappings are limited to 64.

Items

Description

Delete

To delete a IP subnet-based VLAN entry, check this box and press save. The entry will be deleted in the stack.

VCE ID

Indicates the index of the entry. It is user configurable. It's value ranges from 0-128. If a VCE ID is 0, application will auto-generate the VCE ID for that entry. Deletion and lookup of IP subnet-based VLAN are based on VCE ID

IP Address

Indicates the IP address.

Mask Length

Indicates the network mask length.

VLAN ID

Indicates the VLAN ID. VLAN ID can be changed for the existing entries.

Port Members

A row of check boxes for each port is displayed for each IP subnet-based VLAN entry. To include a port in a IP subnet-based VLAN, check the box. To remove or exclude the port from the IP subnet-based VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked.

Adding a New IP subnet-based VLAN Click Add New Entry to add a new IP subnet-based VLAN entry. An

empty row is added to the table, and the IP subnet-based VLAN entry can be configured as needed. Any IP address/mask can be configured for the IP subnet-based VLAN entry. Legal values for a VLAN ID are 1 through 4095.

The IP subnet-based VLAN entry is enabled when you click on "Save". The Delete button can be used to undo the addition of new IP subnetbased VLANs. The maximum possible IP subnet-based VLAN entries are limited to 128.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.26.3 IP Subnet-based VLAN

The IP subnet-based VLAN enties can be configured here. This page allows for adding, updating and deleting IP subnet-based VLAN entries and assigning the entries to different ports. This page shows only static entries.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Delete

To delete a IP subnet-based VLAN entry, check this box and press save. The entry will be deleted in the stack.

Mode

Indicates the Voice VLAN mode operation. We must disable MSTP feature before we enable Voice VLAN. It can avoid the conflict of ingress filtering. Possible modes are:

Enabled: Enable Voice VLAN mode operation. Disabled: Disable Voice VLAN mode operation.

VLAN ID

Indicates the Voice VLAN ID. It should be a unique VLAN ID in the system and cannot equal each port PVID. It is a conflict in configuration if the value equals management VID, MVR VID, PVID etc. The allowed range is 1 to 4095.

Aging Time

Indicates the Voice VLAN secure learning aging time. The allowed range is 10 to 10000000 seconds. It is used when security mode or auto detect mode is enabled. In other cases, it will be based on hardware aging time. The actual aging time will be situated between the [age_time; 2 * age_time] interval.

Traffic Class

Indicates the Voice VLAN traffic class. All traffic on the Voice VLAN will apply this class.

Port Mode

Indicates the Voice VLAN port mode. Possible port modes are: Disabled: Disjoin from Voice VLAN. Auto: Enable auto detect mode. It detects whether there is VoIP phone

attached to the specific port and configures the Voice VLAN members automatically.

Forced: Force join to Voice VLAN.

Port Security

Indicates the Voice VLAN port security mode. When the function is enabled, all non-telephonic MAC addresses in the Voice VLAN will be blocked for 10 seconds. Possible port modes are:

Enabled: Enable Voice VLAN security mode operation. Disabled: Disable Voice VLAN security mode operation.

4.3.27 Voice VLAN

Voice VLAN is VLAN configured specially for voice traffic. By adding the ports with voice devices attached to voice VLAN, we can perform QoS-related configuration for voice data, ensuring the transmission priority of voice traffic and voice quality.

4.3.27.1 Configuration

The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN, then the switch can classify and schedule network traffic. It is recommended that there be two VLANs on a port - one for voice, one for data. Before connecting the IP device to the switch, the IP phone should configure the voice VLAN ID correctly. It should be configured through its own GUI.

TRENDnet User’s Guide

TL2-FG142

Port Discovery Protocol

Indicates the Voice VLAN port discovery protocol. It will only work when auto detect mode is enabled. We should enable LLDP feature before configuring discovery protocol to "LLDP" or "Both". Changing the discovery protocol to "OUI" or "LLDP" will restart auto detect process. Possible discovery protocols are:

OUI: Detect telephony device by OUI address. LLDP: Detect telephony device by LLDP. Both: Both OUI and LLDP.

Items

Description

Delete

Check to delete the entry. It will be deleted during the next save.

Telephony OUI

A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE. It must be 6 characters long and the input format is "xxxx-xx" (x is a hexadecimal digit).

Description

The description of OUI address. Normally, it describes which vendor telephony device it belongs to. The allowed string length is 0 to 32.

Items

Description

Port

The logical port for the settings contained in the same row.

DEI Mode

The DEI mode for an NNI port determines whether frames transmitted on the port will have the DEI field in the outer tag marked based on the colour of the frame. The allowed values are:

Coloured: The DEI is 1 for yellow frames and 0 for green frames. Fixed: The DEI value is determined by ECE rules.

4.3.28 Ethernet Services

4.3.28.1 Port

This page displays current EVC port configurations. The settings can also be configured here.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.27.2 OUI

Voice VLAN OUI Configuration Configure VOICE VLAN OUI table on this page. The maximum number of entries is 16.

Modifying the OUI table will restart auto detection of OUI process.

TRENDnet User’s Guide

TL2-FG142

Tag Mode

The tag mode specifying whether the EVC classification must be based on the outer or inner tag. This can be used on NNI ports connected to another service provider, where an outer "tunnel" tag is added together with the inner tag identifying the EVC. The allowed values are:

Inner: Enable inner tag in EVC classification. Outer: Enable outer tag in EVC classification.

Address Mode

The IP/MAC address mode specifying whether the EVC classification must be based on source (SMAC/SIP) or destination (DMAC/DIP) addresses. The allowed values are:

Source: Enable SMAC/SIP matching. Destination: Enable DMAC/DIP matching.

Items

Description

Start Policer ID

The start Policer ID for displaying the table entries. The allowed range is from 1 through 256.

Number of Entries

The number of entries per page. The allowed range is from 2 through

256.

Policer ID

The Policer ID is used to identify one of the 256 policers.

State

The administrative state of the bandwidth profile. The allowed values are:

Enabled: The bandwidth profile enabled.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.28.2 Bandwidth Profiles

This page displays current EVC ingress bandwidth profile configurations. These policers may be used to limit the traffic received on UNI ports. The settings can also be configured here.

TRENDnet User’s Guide

TL2-FG142

Disabled: The bandwidth profile is disabled.

Policer Mode

The colour mode of the bandwidth profile. The allowed values are: Coupled: Colour-aware mode with coupling enabled. Aware: Colour-aware mode with coupling disabled.

CIR

The Committed Information Rate of the bandwidth profile. The allowed range is from 0 through 10000000 kilobit per second.

CBS

The Committed Burst Size of the bandwidth profile. The allowed range is from 0 through 100000 bytes.

EIR

The Excess Information Rate of the bandwidth profile. The allowed range is from 0 through 10000000 kilobit per second.

EBS

The Excess Burst Size of the bandwidth profile. The allowed range is from 0 through 100000 bytes.

Items

Description

EVC ID

The EVC ID identifies the EVC. The range is from 1 through 128.

VID

The VLAN ID in the PB network. It may be inserted in a C-tag, S-tag or Scustom tag depending on the NNI port VLAN configuration. The range is from 1 through 4095.

IVID

The Internal/classified VLAN ID in the PB network. The range is from 1 through 4095.

Learning

The learning mode for the EVC controls whether source MAC addresses are learned for frames matching the EVC. Learning may be disabled if the EVC only includes two UNI/NNI ports. The possible values are:

Enabled: Learning is enabled (MAC addresses are learned). Disabled: Learning is disabled (MAC addresses are not learned).

Inner Tag Type

The inner tag type is used to determine whether an inner tag is inserted in frames forwarded to NNI ports. The possible values are:

None: An inner tag is not inserted. C-tag: An inner C-tag is inserted. S-tag: An inner S-tag is inserted. S-custom-tag: An inner tag is inserted and the tag type is determined by

the VLAN port configuration of the NNI.

Inner VID Mode

The inner VID Mode affects the VID in the inner and outer tag. The possible values are:

Normal: The VID of the two outer tags aren't swapped. Tunnel: The VID of the two outer tags are swapped, so that the VID of

the outer tag is taken from the Inner Tag configuration and the VID of the inner tag is the EVC VID. In this mode, the NNI ports are normally configured to do EVC classification based on the inner tag.

Inner Tag VID

The Inner tag VLAN ID. The allowed range is from 0 through 4095.

Inner Tag PCP/DEI Preservation

The inner tag PCP and DEI preservation. The possible values are: Preserved: The inner tag PCP and DEI is preserved. Fixed: The inner tag PCP and DEI is fixed.

Inner Tag PCP

The inner tag PCP value. The allowed range is from 0 through 7.

Inner Tag DEI

The inner tag DEI value. The allowed value is 0 or 1.

Outer Tag VID

The EVC outer tag VID for UNI ports. The allowed range is from 0 through 4095.

NNI Ports

The list of Network to Network Interfaces for the EVC.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.28.3 EVCs

This page displays current EVC configurations. On this system, only Provider Bridge based EVCs are supported.

TRENDnet User’s Guide

TL2-FG142

Items

Description

UNI Ports

The list of User Network Interfaces for the ECE.

Tag Type

The tag type for mataching the ECE. The possible values are: Any: The ECE will match both tagged and untagged frames.

Untagged: The ECE will match untagged frames only. C-Tagged: The ECE will match coustom tagged frames only. S-Tagged: The ECE will match service tagged frames only. Tagged: The ECE will match tagged frames only.

Frame Type

The frame type for the ECE. The possible values are: Any: The ECE will match any frame type. IPv4: The ECE will match IPv4 frames only. IPv6: The ECE will match IPv6 frames only.

SMAC/DMAC Filter

The source/destination MAC address for matching the ECE. It depend on by the port address mode, when port address mode is set to 'Source' then the field is used for source MAC address. Similarly when port address mode is set to 'Destination' then the field is used for destination MAC address. The possible values are:

Any: No SMAC/DMAC filter is specified. (SMAC/DMAC filter status is "don't-care".)

Specific: If you want to filter a specific SMAC/DMAC value with this ECE, choose this value. A field for entering a specific value appears.

DMAC Type

The destination MAC address for matching the ECE. The possible values are:

Any: No destination MAC address is specified. Unicast: Frame must be unicast. Multicast: Frame must be multicast. Broadcast: Frame must be broadcast.

Direction

The EVCs and ECEs are used to setup flows in one or both directions as determined by the ECE Direction parameter. If the ECE is bidirectional, the ingress rules of the NNI ports will be setup to match the traffic being forwarded to NNI ports. The possible values are:

Both: Bidirectional. UNI-to-NNI: Unidirectional from UNI to NNI. NNI-to-UNI: Unidirectional from NNI to UNI.

EVC ID Filter

The EVC ID for the ECE. The ECE is only active when mapping to an existing EVC. The possible values are:

Modification Buttons You can modify each EVC in the table using the following buttons: Edit: Edits the EVC row. Delete: Deletes the EVC. Add: Adds new EVC.

4.3.28.4 ECEs

This page displays current ECE configurations. The settings can also be configured here..

TRENDnet User’s Guide

TL2-FG142

Any: No EVC ID filter is specified. (EVC ID filter status is "don't-care".) Specific: If you want to filter a specific EVC ID with this ECE, choose this

value. A field for entering a specific value appears.

EVC ID Value

When "Specific" is selected for the VLAN ID filter, you can enter a specific value. The allowed value is from 1 through 256.

Tag Pop Count

The ingress tag pop count for the ECE. The allowed range is from 0 through 2.

Policy ID

The ACL Policy ID for the ECE for matching ACL rules. The allowed range is from 0 through 255.

Class

The traffic class for the ECE. The allowed range is from 0 through 8 or disabled.

Egress Outer Tag

Outer Tag Mode

The outer tag for nni-to-uni direction for the ECE. The possible values are:

Enable: Enable outer tag for nni-to-uni direction for the ECE. Disable: Disable outer tag for nni-to-uni direction for the ECE.

Outer Tag PCP/DEI Preservation

The outer tag PCP and DEI preservation for the ECE. The possible values are:

Preserved: The outer tag PCP and DEI is preserved. Fixed: The outer tag PCP and DEI is fixed.

Outer Tag PCP

The outer tag PCP value for the ECE. The allowed range is from 0 through

Outer Tag DEI

The outer tag DEI value for the ECE. The allowed value is 0 or 1

Items

Description

Port

The port number for which the configuration below applies.

QoS class

Controls the default QoS class.

A communications network transports a multitude of applications and data, including high-quality video and delay-sensitive data such as real-time voice. Networks must provide secure, predictable, measurable, and sometimes guaranteed services.

Achieving the required QoS becomes the secret to a successful end-to-end business solution. Therefore, QoS is the set of techniques to manage network resources.

4.3.29.1 Port Classification

This page allows you to configure the basic QoS Ingress Classification settings for all switch ports.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29 QoS

QoS is an acronym for Quality of Service. It is a method to guarantee a bandwidth relationship between individual applications or protocols.

The displayed settings are:

TRENDnet User’s Guide

TL2-FG142

All frames are classified to a QoS class. There is a one to one mapping between QoS class, queue and priority. A QoS class of 0 (zero) has the lowest priority.

If the port is VLAN aware, the frame is tagged and Tag Class. is enabled, then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default QoS class.

The classified QoS class can be overruled by a QCL entry. Note: If the default QoS class has been dynamically changed, then the

actual default QoS class is shown in parentheses after the configured default QoS class.

DP level

Controls the default Drop Precedence Level. All frames are classified to a DP level. If the port is VLAN aware, the frame is tagged and Tag Class. is enabled,

then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default DP level.

The classified DP level can be overruled by a QCL entry.

PCP

Controls the default PCP value. All frames are classified to a PCP value. If the port is VLAN aware and the frame is tagged, then the frame is

classified to the PCP value in the tag. Otherwise the frame is classified to the default PCP value.

DEI

Controls the default DEI value. All frames are classified to a DEI value. If the port is VLAN aware and the frame is tagged, then the frame is

classified to the DEI value in the tag. Otherwise the frame is classified to the default DEI value.

Tag Class.

Shows the classification mode for tagged frames on this port. Disabled: Use default QoS class and DP level for tagged frames. Enabled: Use mapped versions of PCP and DEI for tagged frames. Click on the mode in order to configure the mode and/or mapping.

Note: This setting has no effect if the port is VLAN unaware. Tagged frames received on VLAN unaware ports are always classified to the default QoS class and DP level.

DSCP Based

Click to Enable DSCP Based QoS Ingress Port Classification.

QCL Addr

Controls the QCL address matching mode. SMAC/SIP: Match on source MAC and IP addresses in all QCEs on this

port. DMAC/DIP: Match on destination MAC and IP addresses in all QCEs on

this port.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29.2 Port Policing

This page allows you to configure the Policer settings for all switch ports.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The port number for which the configuration below applies.

Enabled

Controls whether the policer is enabled on this switch port.

Rate

Controls the rate for the policer. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps" or "fps", and it is restricted to 1-3300 when the "Unit" is "Mbps" or "kfps".

Unit

Controls the unit of measure for the policer rate as kbps, Mbps, fps or kfps . The default value is "kbps".

Flow Control

If flow control is enabled and the port is in flow control mode, then pause frames are sent instead of discarding frames.

Items

Description

Port

The port number for which the configuration below applies.

Enabled (E)

Controls whether the queue policer is enabled on this switch port.

Rate

Controls the rate for the queue policer. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps", and it is restricted to 1-3300 when the "Unit" is "Mbps".

This field is only shown if at least one of the queue policers are enabled.

Unit

Controls the unit of measure for the queue policer rate as kbps or Mbps. The default value is "kbps".

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29.3 Queue Policing

This page allows you to configure the Queue Policer settings for all switch ports.

The displayed settings are:

Button

TRENDnet User’s Guide

TL2-FG142

This field is only shown if at least one of the queue policers are enabled.

Items

Description

Port

The logical port for the settings contained in the same row. Click on the port number in order to configure the schedulers.

Mode

Shows the scheduling mode for this port.

Shows the weight for this queue and port.

Items

Description

Scheduler Mode

Controls whether the scheduler mode is "Strict Priority" or "Weighted" on this switch port.

Queue Shaper Enable

Controls whether the queue shaper is enabled for this queue on this switch port.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29.4 Port Scheduler

This page provides an overview of QoS Egress Port Schedulers for all switch ports.

The displayed settings are:

QoS Egress Port Scheduler and Shapers Configuration

This page allows you to configure the Scheduler and Shapers for a specific port.

TRENDnet User’s Guide

TL2-FG142

Queue Shaper Rate

Controls the rate for the queue shaper. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps", and it is restricted to 1-3300 when the "Unit" is "Mbps".

Queue Shaper Unit

Controls the unit of measure for the queue shaper rate as "kbps" or "Mbps". The default value is "kbps".

Queue Shaper Excess

Controls whether the queue is allowed to use excess bandwidth.

Queue Scheduler Weight

Controls the weight for this queue. The default value is "17". This value is restricted to 1-100. This parameter is only shown if "Scheduler Mode" is set to "Weighted".

Queue Scheduler Percent

Shows the weight in percent for this queue. This parameter is only shown if "Scheduler Mode" is set to "Weighted".

Port Shaper Enable

Controls whether the port shaper is enabled for this switch port.

Port Shaper Rate

Controls the rate for the port shaper. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps", and it is restricted to 1-3300 when the "Unit" is "Mbps".

Port Shaper Unit

Controls the unit of measure for the port shaper rate as "kbps" or "Mbps". The default value is "kbps".

Items

Description

Port

The logical port for the settings contained in the same row. Click on the port number in order to configure the shapers.

Mode

Shows "disabled" or actual queue shaper rate - e.g. "800 Mbps".

Shows "disabled" or actual port shaper rate - e.g. "800 Mbps".

The displayed settings are:

QoS Egress Port Scheduler and Shapers Configuration

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Click to undo any changes made locally and return to the previous page.

4.3.29.5 Port Shaping

This page provides an overview of QoS Egress Port Shapers for all switch ports.

This page allows you to configure the Scheduler and Shapers for a specific port.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Scheduler Mode

Controls whether the scheduler mode is "Strict Priority" or "Weighted" on this switch port.

Queue Shaper Enable

Controls whether the queue shaper is enabled for this queue on this switch port.

Queue Shaper Rate

Controls the rate for the queue shaper. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps", and it is restricted to 1-3300 when the "Unit" is "Mbps".

Queue Shaper Unit

Controls the unit of measure for the queue shaper rate as "kbps" or "Mbps". The default value is "kbps".

Queue Shaper Excess

Controls whether the queue is allowed to use excess bandwidth.

Queue Scheduler Weight

Controls the weight for this queue. The default value is "17". This value is restricted to 1-100. This parameter is only shown if "Scheduler Mode" is set to "Weighted".

Queue Scheduler Percent

Shows the weight in percent for this queue. This parameter is only shown if "Scheduler Mode" is set to "Weighted".

Port Shaper Enable

Controls whether the port shaper is enabled for this switch port.

Port Shaper Rate

Controls the rate for the port shaper. The default value is 500. This value is restricted to 100-1000000 when the "Unit" is "kbps", and it is restricted to 1-3300 when the "Unit" is "Mbps".

Port Shaper Unit

Controls the unit of measure for the port shaper rate as "kbps" or "Mbps". The default value is "kbps".

Button

The displayed settings are:

4.3.29.6 Port Tag Remarking

This page provides an overview of QoS Egress Port Tag Remarking for all switch ports.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Click to undo any changes made locally and return to the previous page.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The logical port for the settings contained in the same row. Click on the port number in order to configure tag remarking.

Mode

Shows the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level.

Items

Description

Mode

Controls the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level.

PCP/DEI Configuration

Controls the default PCP and DEI values used when the mode is set to Default.

(QoS class, DP level) to (PCP, DEI) Mapping

Controls the mapping of the classified (QoS class, DP level) to (PCP, DEI) values when the mode is set to Mapped.

The displayed settings are:

QoS Egress Port Tag Remarking Configuration

The QoS Egress Port Tag Remarking for a specific port are configured on this page.

Button

Click to save changes.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port

The Port column shows the list of ports for which you can configure dscp ingress and egress settings.

Ingress

In Ingress settings you can change ingress translation and classification settings for individual ports.

There are two configuration parameters available in Ingress:

1. Translate

2. Classify

1. Translate

To Enable the Ingress Translation click the checkbox.

2. Classify

Classification for a port have 4 different values. Disable: No Ingress DSCP Classification. DSCP=0: Classify if incoming (or translated if enabled) DSCP is 0. Selected: Classify only selected DSCP for which classification is enabled

as specified in DSCP Translation window for the specific DSCP. All: Classify all DSCP.

Egress

Port Egress Rewriting can be one of Disable: No Egress rewrite. Enable: Rewrite enabled without remapping. Remap DP Unaware: DSCP from analyzer is remapped and frame is

remarked with remapped DSCP value. The remapped DSCP value is always taken from the 'DSCP Translation->Egress Remap DP0' table.

Remap DP Aware: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value. Depending on the DP level of the frame, the remapped DSCP value is either taken from the 'DSCP Translation->Egress Remap DP0' table or from the 'DSCP Translation>Egress Remap DP1' table.

Click to undo any changes made locally and revert to previously saved values.

Click to undo any changes made locally and return to the previous page.

4.3.29.7 Port DSCP

This page allows you to configure the basic QoS Port DSCP Configuration settings for all switch ports.

Button

Click to save changes.

The displayed settings are:

4.3.29.8 DSCP-Based QoS

This page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

DSCP

Maximum number of supported DSCP values are 64.

Trust

Controls whether a specific DSCP value is trusted. Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level. Frames with untrusted DSCP values are treated as a non-IP frame.

QoS Class

QoS class value can be any of (0-7)

DPL

Drop Precedence Level (0-1)

Items

Description

DSCP

Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29.9 DSCP Translation

This page allows you to configure the basic QoS DSCP Translation settings for all switches. DSCP translation can be done in Ingress or Egress.

The displayed settings are:

TRENDnet User’s Guide

TL2-FG142

Ingress

Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map.

There are two configuration parameters for DSCP Translation -

1. Translate

2. Classify

1. Translate

DSCP at Ingress side can be translated to any of (0-63) DSCP values.

2. Classify

Click to enable Classification at Ingress side.

Egress

There are the following configurable parameters for Egress side -

1. Remap DP0 Controls the remapping for frames with DP level 0.

2. Remap DP1 Controls the remapping for frames with DP level 1.

1. Remap DP0

Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63.

2. Remap DP1

Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63.

Items

Description

QoS Class

Actual QoS class.

DPL

Actual Drop Precedence Level.

DSCP

Select the classified DSCP value (0-63).

The displayed settings are:

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29.10 DSCP Classification

This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.29.11 QoS Control List

This page shows the QoS Control List(QCL), which is made up of the QCEs. Each row describes a QCE that is defined. The maximum number of QCEs is 256 on each switch.

Click on the lowest plus sign to add a new QCE to the list.

TRENDnet User’s Guide

TL2-FG142

Items

Description

QCE#

Indicates the index of QCE.

Port

Indicates the list of ports configured with the QCE.

Frame Type

Indicates the type of frame to look for incoming frames. Possible frame types are:

Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are

allowed. LLC: Only (LLC) frames are allowed. SNAP: Only (SNAP) frames are allowed. IPv4: The QCE will match only IPV4 frames. IPv6: The QCE will match only IPV6 frames.

SMAC

Displays the Source MAC address. If a port is configured to match on DMAC/DIP, this field is the

Destination MAC address.

DMAC

Specify the type of Destination MAC addresses for incoming frame. Possible values are:

Any: All types of Destination MAC addresses are allowed. Unicast: Only Unicast MAC addresses are allowed. Multicast: Only Multicast MAC addresses are allowed. Broadcast: Only Broadcast MAC addresses are allowed. The default value is 'Any'.

VID

Indicates (VLAN ID), either a specific VID or range of VIDs. VID can be in the range 1-4095 or 'Any'

PCP

Priority Code Point: Valid value PCP are specific(0, 1, 2, 3, 4, 5, 6, 7) or range(0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or 'Any'.

DEI

Drop Eligible Indicator: Valid value of DEI can be any of values between 0, 1 or 'Any'.

Action

Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content.

There are three action fields: Class, DPL and DSCP. Class: Classified QoS class. DPL: Classified Drop Precedence Level. DSCP: Classified DSCP value.

Modification Buttons

You can modify each QCE (QoS Control Entry) in the table using the following buttons: Add: Inserts a new QCE before the current row. Edit: Edits the QCE. Up: Moves the QCE up the list. Down: Moves the QCE down the list. Delete: Deletes the QCE. Add: The lowest plus sign adds a new entry at the bottom of the QCE listings.

QoS Control List Configuration

This page allows to edit|insert a single QoS Control Entry at a time. A QCE consists of several parameters. These parameters vary according to the frame type that you select.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port Members

Check the checkbox button to include the port in the QCL entry. By default all ports are included.

Items

Description

Tag

Tag Value of Tag field can be 'Any', 'Untag' or 'Tag'.

VID

VID Valid value of VLAN ID can be any value in the range 1-4095 or 'Any'; user can enter either a specific value or a range of VIDs.

PCP

PCP Priority Code Point: Valid value PCP are specific(0, 1, 2, 3, 4, 5, 6, 7) or range(0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or 'Any'.

DEI

DEI Drop Eligible Indicator: Valid value of DEI can be any of values between 0, 1 or 'Any'.

SMAC

SMAC Source MAC address: xx-xx-xx-xx-xx-xx or 'Any'. If a port is configured to match on

DMAC/DIP

DMAC/DIP, this field is the Destination MAC address.

DMAC Type

DMAC Type Destination MAC type: possible values are unicast(UC), multicast(MC), broadcast(BC) or 'Any'.

Frame Type

Frame Type can have any of the following values: Any Ethernet LLC SNAP IPv4 IPv6 Note: All frame types are explained below.

1. Any Allow all types of frames.

2. Ethernet Ethernet Type Valid ethernet type can have a value within 0x600-0xFFFF

or 'Any' but excluding 0x800(IPv4) and 0x86DD(IPv6), default value is 'Any'.

3. LLC SSAP Address Valid SSAP(Source Service Access Point) can vary from

0x00 to 0xFF or 'Any', the default value is 'Any'. DSAP Address Valid DSAP(Destination Service Access Point) can vary

from 0x00 to 0xFF or 'Any', the default value is 'Any'. Control Valid Control field can vary from 0x00 to 0xFF or 'Any', the

default value is 'Any'.

4. SNAP PID Valid PID(a.k.a ethernet type) can have value within 0x00-0xFFFF or

'Any', default value is 'Any'.

5. IPv4 Protocol IP protocol number: (0-255, TCP or UDP) or 'Any'. Source IP Specific Source IP address in value/mask format or 'Any'. IP

and Mask are in the format x.y.z.w where x, y, z, and w are decimal numbers between 0 and 255. When Mask is converted to a 32-bit binary

Key Parameters Key configuration is described as below:

TRENDnet User’s Guide

TL2-FG142

string and read from left to right, all bits following the first zero must also be zero. If a port is configured to match on DMAC/DIP, this field is the Destination IP address.

DSCP Diffserv Code Point value (DSCP): It can be a specific value, range of values or 'Any'. DSCP values are in the range 0-63 including BE, CS1CS7, EF or AF11-AF43.

IP Fragment IPv4 frame fragmented option: yes|no|any. Sport Source TCP/UDP port:(0-65535) or 'Any', specific or port range

applicable for IP protocol UDP/TCP. Dport Destination TCP/UDP port:(0-65535) or 'Any', specific or port

range applicable for IP protocol UDP/TCP.

6. IPv6 Protocol IP protocol number: (0-255, TCP or UDP) or 'Any'. Source IP 32 LS bits of IPv6 source address in value/mask format or 'Any'.

If a port is configured to match on DMAC/DIP, this field is the Destination IP address.

DSCP Diffserv Code Point value (DSCP): It can be a specific value, range of values or 'Any'. DSCP values are in the range 0-63 including BE, CS1CS7, EF or AF11-AF43.

Sport Source TCP/UDP port:(0-65535) or 'Any', specific or port range applicable for IP protocol UDP/TCP.

Dport Destination TCP/UDP port:(0-65535) or 'Any', specific or port range applicable for IP protocol UDP/TCP.

Items

Description

Class QoS class

Class QoS class: (0-7) or 'Default'. DPL

DP Valid Drop Precedence Level can be (0-1) or 'Default'.

DSCP

DSCP Valid DSCP value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) or 'Default'.

'Default' means that the default classified value is not modified by this QCE.

Items

Description

Frame Type

The settings in a particular row apply to the frame type listed here: Unicast, Multicast or Broadcast.

Enable

Enable or disable the storm control status for the given frame type.

Rate

The rate unit is packets per second (pps). Valid values are: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K or 1024K.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Click to undo any changes made locally and return to the previous page.

4.3.29.12 Storm Control

There is a unicast storm rate control, multicast storm rate control, and a broadcast storm rate control. These only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present on the MAC Address table.

Action Parameters

The configuration indicates the permitted packet rate for unicast, multicast or broadcast traffic across the switch.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

TRENDnet User’s Guide

TL2-FG142

Items

Description

Port to mirror to

Port to mirror also known as the mirror port. Frames from ports that have either source (rx) or destination (tx) mirroring enabled are mirrored on this port. Disabled disables mirroring.

Items

Description

Port

The logical port for the settings contained in the same row.

Mode

Select mirror mode. Rx only Frames received on this port are mirrored on the mirror port.

Frames transmitted are not mirrored. Tx only Frames transmitted on this port are mirrored on the mirror port.

Frames received are not mirrored. Disabled Neither frames transmitted nor frames received are mirrored. Enabled Frames received and frames transmitted are mirrored on the

mirror port.

4.3.30 Mirror

To debug network problems, selected traffic can be copied, or mirrored, on a mirror port where a frame analyzer can be attached to analyze the frame flow.

Note: For a given port, a frame is only transmitted once. It is therefore not possible to mirror mirror port Tx frames. Because of this, mode for the selected mirror port is limited to Disabled or Rx only.

Button

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.3.31 sFlow

The traffic to be copied on the mirror port is selected as follows: All frames received on a given port (also known as ingress or source mirroring). All frames transmitted on a given port (also known as egress or destination mirroring).

This page allows for configuring sFlow. The configuration is divided into two parts: Configuration of the sFlow receiver (a.k.a. sFlow collector) and configuration of per-port flow and counter samplers.

Mirror Port Configuration The following table is used for Rx and Tx enabling.

TRENDnet User’s Guide

TL2-FG142

Items

Description

IP Address

The IP address used as Agent IP address in sFlow datagrams. It serves as a unique key that will identify this agent over extended periods of time.

Both IPv4 and IPv6 addresses are supported.

Items

Description

Owner

Basically, sFlow can be configured in two ways: Through local management using the Web or CLI interface or through SNMP. This read-only field shows the owner of the current sFlow configuration and assumes values as follows:

• If sFlow is currently unconfigured/unclaimed, Owner contains

<none>.

• If sFlow is currently configured through Web or CLI, Owner contains <Configured through local management>.

• If sFlow is currently configured through SNMP, Owner contains a

string identifying the sFlow receiver. If sFlow is configured through SNMP, all controls - except for the

Release-button - are disabled to avoid inadvertent reconfiguration. The Release button allows for releasing the current owner and

disable sFlow sampling. The button is disabled if sFlow is currently unclaimed. If configured through SNMP, the release must be confirmed (a confirmation request will appear).

IP Address/Hostname

The IP address or hostname of the sFlow receiver. Both IPv4 and IPv6 addresses are supported.

UDP Port

The UDP port on which the sFlow receiver listens to sFlow datagrams. If set to 0 (zero), the default port (6343) is used.

Timeout

The number of seconds remaining before sampling stops and the current sFlow owner is released. While active, the current time left can be updated with a click on the Refresh-button. If locally managed, the timeout can be changed on the fly without affecting any other settings.

Max. Datagram Size

The maximum number of data bytes that can be sent in a single sample datagram. This should be set to a value that avoids

Receiver Configuration

sFlow configuration is not persisted to non-volatile memory, which means that a reboot will disable sFlow sampling.

Agent Configuration

TRENDnet TL2-FG142 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

1. Introduction

1.1 Introduction of the management functions

1. VLAN (Virtual LAN)

3. Spanning Tree Protocol / Rapid Spanning Tree Protocol Spanning tree is a protocol to prevent network loop in network topology. If network

Because there could be more than one switch in the network, users can configure this function for their network spanning tree application.

4. Port Mirror This switch operates in store-and-forward algorithm so it is not possible to monitor

2. Trunk If two switches are cascaded together, the bottleneck will happen at the cascading

Notes: About redundant application

5. QoS For Quality of Service request in a network, packets could be classified to different

6. Static Mac ID in ARL table

7. Dynamic Mac ID Number Limit Beside Static Mac ID Limit, there is another Dynamic Mac ID Number Limit function for

12. IP Source Guard This function can limit the IP address for accessing network from switch port. That can

13. ACL (Access Control List) This function is used to define network access control policy - a list of packet filtering

14. LLDP (Link Layer Discover Protocol) LLDP protocol is used by network devices to advertise their identity, capabilities, and

8. IEEE 802.1x Port Security Function If the 802.1x function is enabled, the switch will act as an authenticator for users

9. Rate Control This function can limit the traffic rate for physical ports. The traffic could be ingress

10. IP Multicast with IGMP Snooping IP multicast function can forward packets to a group of users connected on different

11. MVR (Multicast VLAN Registration) VLAN function will isolate traffic between VLAN groups. But it will also isolate IP

15. Software Backup/Update This switch supports backup and update functions for its internal software and its

1.2 General Features

1.3 Layer-2 Switching

1.6 Quality of Service

1.7 Security

1.8 Standard References

1.4 Multicast

1.5 Carrier Ethernet

1.9 Front Panel LEDs Indicators

1.10 Rear Panel Connectors

2. Hardware Installation

2.1 Unpacking

2.2 Switch Installation

2.3 Adding Module

3. Console

3.1 Console Setup

3.2 Login

4. Configuring with WEB

4.1 Login

4.2 Web Menus

4.3 Configuration

4.3.1 System

4.3.1.1 Information

4.3.1.2 IP

4.3.1.3 NTP

4.3.1.4 Time

4.3.1.5 Log

4.3.2 Green Ethernet

4.3.2.1 Port Power Savings

4.3.3 Port

4.3.4 DHCP

4.3.4.1 Server-Mode

4.3.4.2 Server-Excluded IP

4.3.4.3 Server-pool

4.3.4.4 Snooping

4.3.4.5 Relay

4.3.5 Security

4.3.5.1 User

4.3.5.2Privilege Levels

4.3.5.3Authentication Method Configuration

4.3.5.4SSH Configuration

4.3.5.5HTTPS Configuration

4.3.5.6Access Management Configuration

4.3.5.7Limit Control

4.3.5.8NAS

4.3.6 SNMP

4.3.6.1System

4.3.6.2 Trap

4.3.6.3Communit

4.3.6.4 User

4.3.6.5 Group

4.3.6.6 View

4.3.6.7 Access

4.3.7 RMON

4.3.7.1 Statistics

4.3.7.2 History

4.3.7.3 Alarm

4.3.7.4 Event