Welcome to Westermo i-line MDI-118/MDI-112 Series User Manual. Following
topics are covered in this chapter:
1.1 Overview
1.2 Major Features
1.3 Package Checklist
1.1 Overview
The MDI-118-F2G is equipped with 16 10/100TX Fast Ethernet ports and 2
1000Base-T/Gigabit SFP combo ports. The MDI-112-F4G is equipped with 8
10/100TX Fast Ethernet ports, 2 Gigabit SFP and 2 1000Base-T/Gigabit SFP
Combo ports. The SFP ports of the 2 models accept all types of Gigabit SFP
transceivers, including Gigabit SX, LX, LHX, ZX and XD for several connections
and distances.
The embedded software supports RSTP and Multiple Super Ring technology for
ring redundancy protection. Besides, the switch support full layer 2
management features, such as the VLAN, IGMP Snooping, LACP for network
control, SNMP, LLDP for network management. The secured access is protected
by Port Security, 802.1x and flexible Access Control List. The switch can work
with network management system which can draw the network topology,
automatically update ring and port status, remotely manage the switch or
monitor its status through LLDP and SNMP protocols. With the MDI-118/112
series you can fulfill the technicians’ needs of having the best solution for the
Ethernet networks.
1.2 Major Features
The following are the major features:
MDI-118-F2G has 16 10/100-TX and 2 Gigabit RJ-45/SFP combo ports
(10/100/1000 Base-TX, 1000Base-X)
MDI-112-F4G has 8 10/100-TX, 2 Gigabit SFP and 2 Gigabit RJ-45/SFP
combo ports (10/100/1000 Base-TX, 1000Base-X)
Non-Blocking Switching Performance, high backplane single chip solution
Multiple Super Ring pattern aggregates multiple rings within one unit
IEEE 1588 Precision Time Protocol for precise time synchronization
3
Jumbo Frame up to 9,216 byte
RSTP/STP, 256 802.1Q VLAN, QoS and up to 6/8 trunk groups
IGMP Snooping, GMRP Rate Control for multicast message management
LLDP for network topology live update
SNMP V1/V2c/V3, RMON for remote management
Works with Network Management Systems
Advanced Security supports IP/Port Security, 802.1x and Access Control List
Dual 12-48VDC power inputs
1.3 Package List
The product is shipped with following items:
The switch (no SFP transceivers)
Wall Mount Kit
Console Cable
Quick Installation Guide
Document CD
If any of the above items are missing or damaged, please contact your local sales
representative.
4
2 Hardware Installation
This chapter includes hardware introduction, installation and configuration
information.
Following topics are covered in this chapter:
2.1 Hardware Introduction
Dimension
Panel Layout
Bottom View
2.2 Wiring Power Inputs
2.3 Wiring Digital Input
2.4 Wiring Relay Output
2.5 Wiring Ethernet Ports
2.6 Wiring Combo Ports
2.7 Wiring RS-232 console cable
2.8 DIN-Rail Mounting Installation
2.9 Wall-Mounting Installation
2.10 Safety Warning
2.1 Hardware Introduction
LED
Diagnostic LED:
System: Power 1, Power 2, Ring Master (Green), Relay 1, Relay 2, Ring Failure
(Red)
10/100 RJ-45: Link (Green/Left), Activity (Yellow Blinking/Right)
1000Base-T RJ-45: 10/100/1000 Link (Green/Left), Full Duplex (Yellow/Right),
Activity (Green Blinking)
Gigabit SFP: Link/Activity (Green/Green Blinking)
Dimension
The switch dimension (W x H x D) is 137mm (H) x 96mm (W) x 129mm (D)
5
Figure of MDI-118-F2G
Figure of MDI-112-F4G
6
2.2 Wiring Power Inputs
DC Power Input
Follow below steps to wire the redundant DC power inputs.
1. Insert positive and negative wires into V+ and
V- contacts respectively of the terminal block
connector
2. Tighten the wire-clamp screws to prevent DC
wires from being loosened.
3. Power 1 and Power 2 support power
redundancy and polarity reverse protection
functions.
4. Positive and negative power system inputs are
both accepted, but Power 1 and Power 2 must apply the same mode.
Note 1: It is a good practice to turn off input and load power, and to unplug
power terminal block before making wire connections. Otherwise, your
screwdriver blade can inadvertently short your terminal connections to the
grounded enclosure.
Note 2: The range of the suitable DC electric wire is from 12 to 24 AWG.
Note 3: If the 2 power inputs are connected, the switch will be powered from the
highest connected voltage. The unit will alarm for loss of power, either POWER1
or POWER2.
Note 4: Use a UL Listed Power supply with output rating 12-48VDC, minimum
1 A.
7
2.3 Wiring Digital Output
The switch provides two digital outputs, also known as Relay Output. The relay
contacts are energized (open) for normal operation and will close for fault
conditions. The fault conditions include power failure, Ethernet port link break or
other pre-defined events which can be configured in management UI.
The default (without power) state of the Digital Output is normal CLOSE state.
The ON/OFF states are controlled by software configuration.
Wiring digital output is exactly the same as wiring power input introduced in
chapter 2.2.
8
2.4 Wiring Earth Ground
Straight-through Cabling Schematic
Cross-over Cabling Schematic
Pin MDI-X
Signals
MDI Signals
1
RD+
TD+ 2 RD-
TD- 3 TD+
RD+
6
TD-
RD-
To ensure the system will not be damaged by noise or any electrical shock, we
suggest you to make exact connection with switch with Earth Ground.
For DC input, loosen the earth ground screw using a screw driver; then tighten
the screw after earth ground wire is connected.
2.5 Wiring Fast Ethernet Ports
The Fast Ethernet ports support 10Base-T and 100Base-TX, full or half duplex
modes. All the Fast Ethernet ports will auto-detect the signal from connected
devices to negotiate the link speed and duplex mode. Auto MDI/MDIX allows
users to connect another switch, hub or workstation without changing straight
through or crossover cables.
Note that crossover cables simply cross-connect the transmit lines at each end to
the received lines at the opposite end.
Note that Ethernet cables use pins 1, 2, 3, and 6 of an 8-pin RJ-45 connector. The
signals of these pins are converted by the automatic MDI-X function, as shown in
the table below:
Connect one side of an Ethernet cable into any switch port and connect the other
side to your attached device. The LNK LED will light up when the cable is correctly
connected. Refer to the LED Indicators section for descriptions of each LED
indicator. Always make sure that the cables between the switches and attached
devices (e.g. switch, hub, or workstation) are less than 100 meters (328 feet).
5. After connected, you can see Switch login request.
6. Log into the switch. The default username is “admin”, password,
“westermo”.
15
Switch login: admin
Password:
MDI-118-F2G (version 1.4-20130910-12:15:46).
Switch>
3.2 Preparation for Web Interface
The switch provides HTTP Web Interface and Secured HTTPS Web Interface for
web management.
3.2.1 Web Interface
Web management page is developed by JAVA. It allows you to use a standard
web-browser such as Microsoft Internet Explorer, or Mozilla Firefox, to
configure and/or log the switch from anywhere on the network.
Before you attempt to use the embedded web interface to manage switch
operation, verify that the switch is properly installed on your network and that
the PC on this network can access the switch via the web browser.
1. Verify that your network interface card (NIC) is operational, and that your
operating system supports TCP/IP protocol.
2. Wire DC power to the switch and connect your switch to your computer.
3. Make sure that the switch default IP address is 192.168.2.200.
4. Change your computer IP address to 192.168.2.2 or other IP address which
is located in the 192.168.2.x (Network Mask: 255.255.255.0) subnet.
5. Switch to DOS command mode and ping 192.168.2.200 to verify a normal
response time.
Launch the web browser and Login.
6. Launch the web browser (Internet Explorer or Mozilla Firefox) on the PC.
7. Type http://192.168.2.200 (or the IP address of the switch). And then
press Enter.
8. The login screen will appear next.
9. Type in the user name and the password. Default user name is admin and
password westermo.
10. Select Language type: English and Simplified Chinese.
16
Click on Enter or OK. The Welcome page of the web-based management
interface will then appear.
Once you enter the web-based management interface, you can freely change
the IP address to fit your network environment.
Note 1: Internet Explorer 5.0 or later versions do not allow Java applets to
open sockets by default. Users have to directly modify the browser settings to
selectively enable Java applets to use network ports.
Note 2: The Web UI connection session will be logged out automatically if you
don’t give any input after 30 seconds. After logged out, you should re-login and
type in the correct user name and password again.
17
3.2.2 Secured Web Interface
Web management page also provides secured management HTTPS login. All
the configuration commands will be secured.
Launch the web browser and log in.
1. Launch the web browser (Internet Explorer or Mozilla Firefox) on the PC.
2. Type https://192.168.2.200 (or the IP address of the switch). And then
press Enter.
3. The popup screen will appear and request you to trust the secured HTTPS
connection. Press Yes to trust it.
4. The login screen will appear next.
5. Key in the user name and the password. The default user name is admin
and password is westermo.
6. Press Enter or click on OK. The welcome page of the web-based
management interface will then appear.
7. Once you enter the web-based management interface, all the commands
you see are the same as what you see by HTTP login.
3.3 Preparation for Telnet Console
3.3.1 Telnet
The switch supports Telnet console. You can connect to the switch by Telnet
and the command lines are the same as what you see by RS-232 console port.
Below are the steps to open a Telnet connection to the switch.
1. Go to Start -> Run -> cmd. And then press Enter
2. Type Telnet 192.168.2.200 (or the IP address of the switch). And then press
Enter
18
3.3.2 SSH (Secure Shell)
The switch also support SSH console. You can remotely connect to the switch
by command line interface. The SSH connection can secure all the configuration
commands you send to the switch.
When you wish to establish a SSH connection with the switch, you should
download the SSH client tool first.
SSH Client: There are many free, sharewares, trials or charged SSH clients you
can find on the internet. Fox example, PuTTY is a free and popular Telnet/SSH
client. We’ll use this tool to demonstrate how to login by SSH.
1. Open SSH Client/PuTTY
In the Session configuration, enter the Host Name (IP Address of the switch)
and Port number(default = 22). Choose the “SSH” protocol. Then click on
“Open” to start the SSH session console.
19
2. After click on Open, then you can see the cipher information in the popup
screen. Press Yes to accept the Security Alert.
3. After few seconds, the SSH connection is opened.
4. Type the Login Name and its Password. The default Login Name and
Password are admin / westermo.
5. All the commands you see in SSH are the same as the CLI commands you
see via RS-232 console. The next chapter will introduce in detail how to use
command line to configure the switch.
20
4 Feature Configuration
This chapter explains how to configure the software features. There are four
ways to access the switch: Serial console, Telnet/SSH, Web browser and SNMP.
Following topics are covered in this chapter:
4.1 Command Line Interface (CLI) Introduction
4.2 Basic Setting
4.3 Port Configuration
4.4 Network Redundancy
4.5 VLAN
4.6 Traffic Prioritization
4.7 Multicast Filtering
4.8 SNMP
4.9 Security
4.10 Warning
4.11 Monitor and Diagnose
4.12 Device Front Panel
4.13 Save
4.14 Logout
21
4.1 Command Line Interface Introduction
Switch>
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
list Print command list
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
telnet Open a telnet connection
traceroute Trace route to destination
Switch#
archive manage archive files
clear Reset functions
clock Configure time-of-day clock
configure Configuration from vty interface
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
disable Turn off privileged mode command
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
list Print command list
more Display the contents of a file
no Negate a command or set its defaults
ping Send echo messages
quit Exit current mode and down to previous mode
reboot Reboot system
reload copy a default-config file to replace the current one
show Show running system information
The Command Line Interface (CLI) is one of the user interfaces to the switch’s
embedded software system. You can view the system information, show the
status, configure the switch and receive a response back from the system by
typing in a command.
There are different command modes and each command mode has its own
access ability, available command lines and uses different command lines to enter
and exit. These modes are User EXEC, Privileged EXEC, Global Configuration and
(Port/VLAN) Interface Configuration modes.
User EXEC mode: As long as you log into the switch by CLI you are in the User
EXEC mode. You can ping, telnet remote device, and show some basic
information.
Type enable to enter the next mode, exit to logout. ? to see the command list
Privileged EXEC mode: Type enable in the User EXEC mode, then you can enter
the Privileged EXEC mode. In this mode, the system allows you to view current
configuration, reset default, reload switch, show system information, save
configuration and enter the global configuration mode.
Type configure terminal to enter next mode, exit to leave. ? to see the command
list
22
Switch# configure terminal
Switch(config)#
access-list Add an access list entry
administrator Administrator account setting
arp Set a static ARP entry
clock Configure time-of-day clock
default Set a command to its defaults
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
gvrp GARP VLAN Registration Protocol
hostname Set system's network name
interface Select an interface to configure
ip IP information
lacp Link Aggregation Control Protocol
list Print command list
log Logging control
mac Global MAC configuration subcommands
mac-address-table mac address table
mirror Port mirroring
no Negate a command or set its defaults
ntp Configure NTP
password Assign the terminal connection password
qos Quality of Service (QoS)
relay relay output type information
smtp-server SMTP server configuration
snmp-server SNMP server
spanning-tree spanning tree algorithm
super-ring super-ring protocol
trunk Trunk group configuration
vlan Virtual LAN
warning-event Warning event selection
write-config Specify config files to write to
Global Configuration Mode: Type configure terminal in privileged EXEC mode
you will then enter global configuration mode. In global configuration mode, you
can configure all the features that the system provides you.
Type interface IFNAME/VLAN to enter interface configuration mode, exit to
leave. ? to see the command list.
Available command lists of global configuration mode.
(Port) Interface Configuration: Type interface IFNAME in global configuration
mode and you will then enter interface configuration mode, where you can
configure port settings.
The port interface name for Fast Ethernet port 1 is fa1,… Fast Ethernet 7 is fa7,
Gigabit Ethernet port 8 is gi8. Gigabit Ethernet port 10 is gi10. Type interface
name accordingly when you want to enter certain interface configuration mode.
Type exit to leave.
Type ? to see the command list
23
Switch(config)# interface vlan 1
Switch(config-if)#
description Interface specific description
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
ip Interface Internet Protocol config commands
list Print command list
no Negate a command or set its defaults
quit Exit current mode and down to previous mode
shutdown Shutdown the selected interface
Switch(config)# interface fa1
Switch(config-if)#
acceptable Configure 802.1Q acceptable frame types of a port.
auto-negotiation Enable auto-negotiation state of a given port
description Interface specific description
duplex Specify duplex mode of operation for a port
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
flowcontrol Set flow-control value for an interface
garp General Attribute Registration Protocol
ingress 802.1Q ingress filtering features
lacp Link Aggregation Control Protocol
list Print command list
loopback Specify loopback mode of operation for a port
mac MAC interface commands
mdix Enable mdix state of a given port
no Negate a command or set its defaults
qos Quality of Service (QoS)
quit Exit current mode and down to previous mode
rate-limit Rate limit configuration
shutdown Shutdown the selected interface
spanning-tree spanning-tree protocol
speed Specify the speed of a Fast Ethernet port or a
Gigabit Ethernet port.
switchport Set switching mode characteristics
Available command lists of the global configuration mode.
(VLAN) Interface Configuration: Type interface VLAN VLAN-ID in global
configuration mode and you will then enter VLAN interface configuration mod,
where you can configure the settings for the specific VLAN.
The VLAN interface name of VLAN 1 is VLAN 1, VLAN 2 is VLAN 2…
Type exit to leave the mode. Type ? to see the available command list.
The command lists of the VLAN interface configuration mode.
24
Summary of the 5 command modes.
Command
Mode
Main Function
Enter and Exit Method
Prompt
User EXEC
This is the first level of access.
User can ping, telnet remote
device, and show some basic
information
Enter: Login successfully
Exit: exit to logout.
Next mode: Type enable to
enter privileged EXEC mode.
Switch>
Privileged
EXEC
In this mode, the system allows
you to view current
configuration, reset default,
reload switch, show system
information, save
configuration…and enter global
configuration mode.
Enter: Type enable in User
EXEC mode.
Exec: Type disable to exit to
user EXEC mode.
Type exit to logout
Next Mode: Type configure
terminal to enter global
configuration command.
Switch#
Global
configuration
In global configuration mode,
you can configure all the
features that the system
provides you
Enter: Type configure
terminal in privileged EXEC
mode
Exit: Type exit or end or press
Ctrl-Z to exit.
Next mode: Type interface
IFNAME/ VLAN VID to enter
interface configuration mode
Switch(config)#
Port
Interface
configuration
In this mode, you can configure
port related settings.
Enter: Type interface IFNAME
in global configuration mode.
Exit: Type exit or Ctrl+Z to
global configuration mode.
Type end to privileged EXEC
mode.
Switch(config-if)#
VLAN Interface
Configuration
In this mode, you can configure
settings for specific VLAN.
Enter: Type interface VLAN
VID in global configuration
mode.
Exit: Type exit or Ctrl+Z to
global configuration mode.
Type end to privileged EXEC
mode.
Switch(config-vlan)#
25
Here are some useful commands to see available commands. It can save time
Switch(config)# a?
access-list Add an access list entry
administrator Administrator account setting
arp Set a static ARP entry
Switch# co (tab) (tab)
Switch# configure terminal
Switch(config)# ac (tab)
Switch(config)# access-list
Switch(config)# interface (?)
IFNAME Interface's name
vlan Select a vlan to configure
when typing and avoid errors.
? To see all the available commands in this mode. It helps you to see the next
command you can/should type as well.
(Character)? To see all the available commands starts from this character.
Tab This tab key helps you to input the command quicker. If there is only one
available command in the next, clicking on tab key can help to finish typing soon.
Ctrl+C To stop executing the unfinished command.
Ctrl+S To lock the screen of the terminal. You can’t input any command.
Ctrl+Q To unlock the screen which is locked by Ctrl+S.
Ctrl+Z To exit configuration mode.
Alert message when multiple users want to configure the switch. If the
administrator is in configuration mode, then the Web users can’t change the
settings. The switch allows only one administrator to configure the switch at a
time.
26
4.2 Basic Setting
The Basic Setting group provides you to configure switch information, IP address
and user name/password of the system. It also allows you to do firmware
upgrade, backup and restore configuration, reload factory default, and reboot the
system.
Following commands are included in this section:
4.2.1 Switch Setting
4.2.2 Admin Password
4.2.3 IP Configuration
4.2.4 Time Setting
4.2.5 Jumbo Frame
4.2.6 DHCP Server
4.2.7 Backup and Restore
4.2.8 Firmware Upgrade
4.2.9 Factory Default
4.2.10 System Reboot
4.2.11 CLI Commands for Basic Setting
4.2.1 Switch Setting
You can assign System name, Location, Contact and view system information.
Figure 4.2.1.1 – Web UI of the Switch Setting
System Name: You can assign a name to the switch. The number of characters
you can input is 64. After you configure the name, CLI system will select the first
12 characters as the name in CLI system.
System Location: You can specify the switch’s physical location here. The number
of characters you can input are 64.
27
System Contact: You can specify contact people here. You can type the name,
mail address or other information of the administrator. The available characters
you can input are 64.
System OID: The SNMP object ID of the switch. You can follow the path to find its
private MIB in MIB browser.
Note: When you attempt to view private MIB, you should compile private MIB
files into your MIB browser first.
System Description: The name of this switch.
Firmware Version: Display the firmware version installed in this device.
MAC Address: Display unique hardware address (MAC address) assigned by the
manufacturer.
Once you finish the configuration, click on Apply to apply your settings.
Note: Always remember to select Save to save your settings. Otherwise, the
settings you made will be lost when the switch is powered off.
4.2.2 Admin Password
You can change the user name and the password here to enhance security
Figure 4.2.2.1 Web UI of the Admin Password
User name: You can type in a new user name here. The default setting is admin.
Password: You can type in a new password here. The default setting is
westermo.
Confirm Password: You need to type the new password again to confirm it.
Once you finish configuring the settings, click on Apply to apply your
configuration.
28
Figure 4.2.2.2 Popup alert window for Incorrect username.
4.2.3 IP Configuration
This function allows users to configure the switch’s IP address settings.
DHCP Client: You can select to Enable or Disable DHCP Client function. When
DHCP Client function is enabled, an IP address will be assigned to the switch from
the network’s DHCP server. In this mode, the default IP address will therefore be
replaced by the one assigned by DHCP server. If DHCP Client is disabled, then the
IP address that you specified will be used instead.
IP Address: You can assign the IP address reserved by your network for your
switch. If DHCP Client function is enabled, you don’t need to assign an IP address
to the switch, as it will be overwritten by DHCP server and shown here. The
default IP is 192.168.2.200.
Subnet Mask: You can assign the subnet mask for the IP address here. If DHCP
Client function is enabled, you don’t need to assign the subnet mask. The default
Subnet Mask is 255.255.255.0.
Note: In the CLI, we use the enabled bit of the subnet mask to represent the
number displayed in web UI. For example, 8 stands for 255.0.0.0; 16 stands for
255.255.0.0; 24 stands for 255.255.255.0.
Default Gateway: You can assign the gateway for the switch here. Note: In CLI,
we use 0.0.0.0/0 to represent for the default gateway.
Once you finish configuring the settings, click on Apply to apply your
configuration.
29
IPv6 Configuration –An IPv6 address is represented as eight groups of four
hexadecimal digits, each group representing 16 bits (two octets). The groups are
separated by colons (:), and the length of IPv6 address is 128bits.
An example of an IPv6 address is: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
The default IP address of the Managed Switch is fe80:0:0:0:212:77ff:fe60:ce8c,
and the Leading zeroes in a group may be omitted. Thus, the example address
may be written as: fe80:212:77ff:fe60:ce8c.
IPv6 Address field: typing new IPv6 address in this field.
Prefix: the size of subnet or network, and it equivalent to the subnet mask, but
written in different. The default subnet mask length is 64bits, and written in
decimal value - 64.
Add: after add new IPv6 address and prefix, don’t forget click icon -“Add” to
apply new address to system.
Remove: select existed IPv6 address and click icon -“Remove” to delete IP
address.
Reload: refresh and reload IPv6 address listing.
IPv6 Neighbor Table: shows the IPv6 address of neighbor, connected interface,
MAC address of remote IPv6 device, and current state of neighbor device.
The system will update IPv6 Neighbor Table automatically, and user also can click
the icon “Reload” to refresh the table.
30
4.2.4 T ime Setting
Time Setting source allow user to set the time manually or via a NTP server.
Network Time Protocol (NTP) is used to synchronize computer clocks in the
network. You can configure NTP settings here to synchronize the clocks of several
switches on the network.
It also provides Daylight Saving Time function.
Manual Setting: User can select “Manual setting” to change time as user wants.
User can click the button “Get Time from PC” to get PC’s time setting for switch.
NTP client: Time Setting Source to NTP client to enable the NTP client service.
NTP client will be automatically enabled if you change Time source to NTP Client.
The system will send requests to acquire current time from the configured NTP
server.
IEEE 1588: Precision Time Protocol IEEE 1588 is a high-precision time protocol for
synchronization used in control system on a network.
To enable IEEE 1588, select Enable in PTP Status and choose Auto, Master or
Slave Mode. After time synchronized, the system time will display the correct
time of the PTP server.
Time-zone: Select the time zone where the switch is located. Following table lists
the time zones for different locations for your reference. The default time zone is
GMT Greenwich Mean Time.
31
Switch(config)# clock timezone
01 (GMT-12:00) Eniwetok, Kwajalein
02 (GMT-11:00) Midway Island, Samoa
03 (GMT-10:00) Hawaii
04 (GMT-09:00) Alaska
05 (GMT-08:00) Pacific Time (US & Canada) , Tijuana
06 (GMT-07:00) Arizona
07 (GMT-07:00) Mountain Time (US & Canada)
08 (GMT-06:00) Central America
09 (GMT-06:00) Central Time (US & Canada)
10 (GMT-06:00) Mexico City
11 (GMT-06:00) Saskatchewan
12 (GMT-05:00) Bogota, Lima, Quito
13 (GMT-05:00) Eastern Time (US & Canada)
14 (GMT-05:00) Indiana (East)
15 (GMT-04:00) Atlantic Time (Canada)
16 (GMT-04:00) Caracas, La Paz
17 (GMT-04:00) Santiago
18 (GMT-03:00) NewFoundland
19 (GMT-03:00) Brasilia
20 (GMT-03:00) Buenos Aires, Georgetown
21 (GMT-03:00) Greenland
22 (GMT-02:00) Mid-Atlantic
23 (GMT-01:00) Azores
24 (GMT-01:00) Cape Verde Is.
25 (GMT) Casablanca, Monrovia
26 (GMT) Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London
27 (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
28 (GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
29 (GMT+01:00) Brussels, Copenhagen, Madrid, Paris
30 (GMT+01:00) Sarajevo, Skopje, Sofija, Vilnius, Warsaw, Zagreb
31 (GMT+01:00) West Central Africa
32 (GMT+02:00) Athens, Istanbul, Minsk
33 (GMT+02:00) Bucharest
34 (GMT+02:00) Cairo
35 (GMT+02:00) Harare, Pretoria
36 (GMT+02:00) Helsinki, Riga, Tallinn
37 (GMT+02:00) Jerusalem
32
38 (GMT+03:00) Baghdad
39 (GMT+03:00) Kuwait, Riyadh
40 (GMT+03:00) Moscow, St. Petersburg, Volgograd
41 (GMT+03:00) Nairobi
42 (GMT+03:30) Tehran
43 (GMT+04:00) Abu Dhabi, Muscat
44 (GMT+04:00) Baku, Tbilisi, Yerevan
45 (GMT+04:30) Kabul
46 (GMT+05:00) Ekaterinburg
47 (GMT+05:00) Islamabad, Karachi, Tashkent
48 (GMT+05:30) Calcutta, Chennai, Mumbai, New Delhi
49 (GMT+05:45) Kathmandu
50 (GMT+06:00) Almaty, Novosibirsk
51 (GMT+06:00) Astana, Dhaka
52 (GMT+06:00) Sri Jayawardenepura
53 (GMT+06:30) Rangoon
54 (GMT+07:00) Bangkok, Hanoi, Jakarta
55 (GMT+07:00) Krasnoyarsk
56 (GMT+08:00) Beijing, Chongqing, Hong Kong, Urumqi
57 (GMT+08:00) Irkutsk, Ulaan Bataar
58 (GMT+08:00) Kuala Lumpur, Singapore
59 (GMT+08:00) Perth
60 (GMT+08:00) Taipei
61 (GMT+09:00) Osaka, Sapporo, Tokyo
62 (GMT+09:00) Seoul
63 (GMT+09:00) Yakutsk
64 (GMT+09:30) Adelaide
65 (GMT+09:30) Darwin
66 (GMT+10:00) Brisbane
67 (GMT+10:00) Canberra, Melbourne, Sydney
68 (GMT+10:00) Guam, Port Moresby
69 (GMT+10:00) Hobart
70 (GMT+10:00) Vladivostok
71 (GMT+11:00) Magadan, Solomon Is., New Caledonia
72 (GMT+12:00) Aukland, Wellington
73 (GMT+12:00) Fiji, Kamchatka, Marshall Is.
74 (GMT+13:00) Nuku'alofa
33
Daylight Saving Time: Set when Enable Daylight Saving Time start and end,
during the Daylight Saving Time, the device’s time is one hour earlier than the
actual time.
Daylight Saving Start and Daylight Saving End: the functions allows user to
selects and apply the daylight saving start and end week by monthly basis.
Once you finish your configuration, click on Apply to apply your configuration.
4.2.5 Jumbo Frame
What is Jumbo Frame?
A typical Ethernet frame is range
from 64 to 1518 bytes. This is
sufficient for general usages. However,
when users want to transmit large
files, the files may be divided into
many small size packets. While the
transmitting speed becomes slow,
long size Jumbo frame can solve the
issue.
The switch allows you configure the
size of the MTU, Maximum Transmission Unit. The default value is 1,518bytes.
The maximum Jumbo Frame size is 9,216 bytes.
Once you finish your configuration, click on Apply to apply your configuration.
34
4.2.6 DHCP Server
You can select to Enable or Disable DHCP Server function. It will assign a new IP
address to link partners, and also supports DHCP server option 82 with
forwarding policy, and provides port-based DHCP server with IP address binding
feature.
DHCP Server configuration
After selecting to enable DHCP Server function, type in the Network IP address
for the DHCP server IP pool, Subnet Mask, Default Gateway address and Lease
Time for client.
Once you have finished the configuration, click Apply to apply your configuration
Excluded Address:
You can type a specific address into the IP Address field for the DHCP server
reserved IP address.
The IP address that is listed in the Excluded Address List Table will not be
assigned to the network device. Add or remove an IP address from the Excluded
Address List by clicking Add or Remove.
Manual Binding: the switch provides a MAC address and IP address binding and
35
removing function. You can type in the specified IP and MAC address, then click
Add to add a new MAC&IP address binding rule for a specified link partner, like
PLC or any device without DHCP client function. To remove from the binding list,
just select the rule to remove and click Remove.
Option 82 IP Address Configuration: the DHCP server with option 82 function
presented in latest firmware. This feature support fully DHCP relay function, and
allows user to configured relay circuit ID, Remote ID to compliant fully DHCP
option 82 function.
Port and IP Address (Port Based DHCP Server configuration): the Switch also
supports port-based DHCP server function. It allows user assign specified IP
address to specified port that DHCP client presented; and the DHCP server only
offer the predefined IP address to the DHCP client.
36
DHCP Leased Entries: the switch provides an assigned IP address list for user
check. It will show the MAC and IP address that was assigned by the switch. Click
the Reload button to refresh the listing.
DHCP Relay Agent
You can select to Enable or Disable DHCP relay agent function, and then select
the modification type of option 82 field, circuit ID, remote ID.
37
Relay policy drop: Drops the option 82 field and do not add any option 82 field.
Relay policy keep: Keeps the original option 82 field and forwards to server.
Relay policy replace: Replaces the existing option 82 field and adds new option
82 field. (This is the default setting)
Helper Address: there are 4 fields for the DHCP server’s IP address. You can filll
the field with prefered IP address of DHCP Server, and then click “Apply” to
activate the DHCP relay agent function. All the DHCP packets from client will be
modified by the policy and forwarded to DHCP server through the gateway port.
4.2.7 Backup and Restore
With Backup command, you can save current configuration file saved in the
switch’s flash to admin PC or TFTP server. This will allow you to go to Restore
command later to restore the configuration file back to the switch. Before you
restore the configuration file, you must place the backup configuration file in the
PC or TFTP server. The switch will then download this file back to the flash.
There are 2 modes for users to backup/restore the configuration file, Local File
mode and TFTP Server mode.
Local File mode: In this mode, the switch acts as the file server. Users can browse
the target folder and then type the file name to backup the configuration. Users
can also browse the target folder and select existed configuration file to restore
38
the configuration back to the switch. This mode is only provided by Web UI while
Technical Tip:
Default Configuration File: The switch provides the default configuration file in the system.
You can use Reset button, Reload command to reset the system.
Running Configuration File: The CLI can show you the latest settings that are running on the
system. The information shown here are the settings you set up but haven’t saved to flash. The
settings not yet saved to flash will not work after power recycle. You can use show
running-config to view it in CLI.
CLI is not supported.
TFTP Server mode: In this mode, the switch acts as TFTP client. Before you do so,
make sure that your TFTP server is ready. Then please type the IP address of TFTP
Server and Backup configuration file name. This mode can be used in both CLI
and Web UI.
TFTP Server IP Address: You need to key in the IP address of your TFTP Server
here.
Backup/Restore File Name: Please type the correct file name of the
configuration file.
Configuration File: The configuration file of the switch is a pure text file. You can
open it by word/txt read file. You can also modify the file, add/remove the
configuration settings, and then restore back to the switch.
Startup Configuration File: After you saved the running-config to flash, the new
settings will be kept and work after power cycle. You can use show startup-config
to view it in CLI. The Backup command can only backup such configuration file to
your PC or TFTP server.
Once you finish selecting and configuring the settings, click on Backup or Restore
to run
39
Click on Folder icon to select the target file you want to backup/restore.
Note that the folders of the path to the target file do not allow you to input space
key.
Type the IP address of TFTP Server IP. Then click on Backup/Restore.
Note: point to the wrong file will cause the entire configuration missed.
4.2.8 Firmware Upgrade
In this section, you can update the latest firmware for your switch. Westermo
provides the latest firmware in the web site. The new firmware may include new
features, bug fixes or other software changes. We’ll also provide the release
notes for the update as well. For technical viewpoint, we suggest you use the
latest firmware before installing the switch to the customer site.
Note that the system will be automatically rebooted after you finished
upgrading new firmware. Please remind the attached users before you do this.
40
There are 2 modes for users to backup/restore the configuration file, Local File
mode and TFTP Server mode.
Local File mode: In this mode, the switch acts as the file server. Users can browse
the target folder and then type the file name to backup the configuration. Users
also can browse the target folder and select the existed configuration file to
restore the configuration back to the switch. This mode is only provided by Web
UI while CLI is not supported.
TFTP Server mode: In this mode, the switch acts as the TFTP client. Before you do
so, make sure that your TFTP server is ready. And then please type the IP address
of TFTP Server IP address. This mode can be used in both CLI and Web UI.
TFTP Server IP Address: You need to key in the IP address of your TFTP Server
here.
Firmware File Name: The file name of the new firmware.
The UI also shows you the current firmware version and built date of current
firmware. Please check the version number after the switch is rebooted.
Click on Upgrade to start the process.
After finishing transmitting the firmware, the system will copy the firmware file
and replace the firmware in the flash. The CLI show “……” until the process is
finished.
4.2.9 Factory Default
In this section, you can reset all the configurations of the switch to default setting.
Click on Reset the system will then reset all configurations to default setting. The
system will show you popup message window after finishing this command.
Default setting will work after rebooting the switch.
Popup alert screen to confirm the command. Click on Yes to start it.
41
Popup message screen to show you that have done the command. Click on OK to
close the screen. Then please go to Reboot page to reboot the switch.
Click on OK. The system will then auto reboot the device.
Note: If you already configured the IP of your device to other IP address, when
you use this command by CLI and Web UI, our software will not reset the IP
address to default IP. The system will remain the IP address so that you can still
connect the switch via the network.
4.2.10 System Reboot
System Reboot allows you to reboot the device. Some of the feature changes
require you to reboot the system. Click on Reboot to reboot your device.
Note: Remember to click on Save button to save your settings. Otherwise, the
settings you made will be gone when the switch is powered off.
Pop-up alert screen to request confirmation. Click on Yes. Then the switch will be
rebooted immediately.
Pop-up message screen appears when rebooting the switch..
The switch firmware supports standard RSTP, MSTP, Multiple Super Ring, Rapid
Dual Homing.
Multiple Spanning Tree Protocol(MSTP) is a direct extension of RSTP. It can
provide an independent spanning tree for different VLANs. It simplifies network
management, provides for even faster convergence than RSTP by limiting the size
of each region, and prevents VLAN members from being segmented from the rest
of the group (as sometimes occurs with IEEE 802.1D STP).
Multiple Super Ring (MSR) technology supports 0 milliseconds for restoration and
less than 300milliseconds for failover.
Advanced Rapid Dual Homing (RDH) technology also facilitates the switch to
connect with a core managed switch easily and conveniently. With RDH
technology, you can also group several Rapid Super Rings or RSTP cloud together,
which is also known as Auto Ring Coupling.
Besides ring technology, the switch also supports 802.1D-2004 version Rapid
Spanning Tree Protocol (RSTP). New version of RSTP standard includes
802.1D-1998 STP, 802.1w RSTP.
Following commands are included in this section:
4.4.1 STP Configuration
4.4.2 STP Port Configuration
4.4.3 STP Information
4.4.4 MSTP Configuration
4.4.5 MSTP Port Configuration
4.4.6 MSTP information
4.4.7 Multiple Super Ring
4.4.8 Multiple Super Ring Information
4.4.9 Command Lines for Network Redundancy
4.4.1 STP Configuration
This page allows select the STP mode and configuring the global STP/RSTP Bridge
Configuration.
The STP mode includes the STP, RSTP, MSTP and Disable. Please select the STP
mode for your system first. The default mode is RSTP enabled. After select the STP
or RSTP mode, continue to configure the global Bridge parameters for STP and RSTP.
After select the MSTP mode, please go to MSTP Configuration page.
Figure below shows the web page which allows you to select the STP mode,
configure the global STP/RSTP/MSTP settings.
60
RSTP
RSTP is the abbreviation of Rapid Spanning Tree Protocol. If a switch has more than
one path to a destination, it will lead to message loops that can generate broadcast
storms and quickly bog down a network. The spanning tree was created to combat
the negative effects of message loops in switched networks. A spanning tree uses a
spanning tree algorithm (STA) to automatically sense whether a switch has more
than one way to communicate with a node. It will then select the best path
(primary), and block the other path(s). It will also keep track of the blocked path(s)
in case the primary path fails. Spanning Tree Protocol (STP) introduced a standard
method to accomplish this. It is specified in IEEE 802.1D-1998. Later, Rapid
Spanning Tree Protocol (RSTP) was adopted and represents the evolution of STP,
providing much faster spanning tree convergence after a topology change. This is
specified in IEEE 802.1w. In 2004, 802.1w is included into 802.1D-2004 version. This
switch supports both RSTP and STP (all switches that support RSTP are also
backward compatible with switches that support only STP).
Bridge Configuration
Priority (0-61440): RSTP uses bridge ID to determine the root bridge, the bridge
with the highest bridge ID becomes the root bridge. The bridge ID is composed of
bridge priority and bridge MAC address. So that the bridge with the highest
priority becomes the highest bridge ID. If all the bridge ID has the same priority,
the bridge with the lowest MAC address will then become the root bridge.
Note: The bridge priority value must be in multiples of 4096. A device with a lower
number has a higher bridge priority. Ex: 4096 is higher than 32768.
61
Note: The Web GUI allows user select the priority number directly. This is the
convenience of the GUI design. When you configure the value through the CLI or
SNMP, you may need to type the value directly. Please follow the n x 4096 rules
for the Bridge Priority.
Max Age (6-40): Enter a value from 6 to 40 seconds here. This value represents the
time that a bridge will wait without receiving Spanning Tree Protocol configuration
messages before attempting to reconfigure.
If the managed Switch is not the root bridge, and if it has not received a hello
message from the root bridge in an amount of time equal to Max Age, then the
Managed Switch will reconfigure itself as a root bridge. Once two or more devices
on the network are recognized as a root bridge, the devices will renegotiate to set
up a new spanning tree topology.
The MAX Age value affects the maximum volume of the RSTP loop. In the RSTP
BPDU packet, there is one field, message age which start from 0, add 1 after
passed one hop in the RSTP loop. When the message age is larger than MAX Age,
the BPDU would be ignored and the lower switches are separated to different
RSTP domain. The switches in other RSTP domain can’t be managed through upper
switch.
Since different RSTP aware switches may have their own mechanism to calculate
the message age. So that this is most possibly occurred when interoperate
different vendors’ RSTP aware switches together. The maximum volume of the
RSTP domain is 23, configure the MAX Age lower than 23 is recommended.
Hello Time (1-10): Enter a value from 1 to 10 seconds here. This is a periodic timer
that drives the switch to send out BPDU (Bridge Protocol Data Unit) packet to
check current STP status.
The root bridge of the spanning tree topology periodically sends out a “hello”
message to other devices on the network to check if the topology is “healthy”. The
“hello time” is the amount of time the root has waited during sending hello
messages.
Forward Delay Time (4-30): Enter a value between 4 and 30 seconds. This value is
the time that a port waits before changing from Spanning Tree Protocol learning
and listening states to forwarding state.
This is the amount of time of the Managed Switch will wait before checking to see
if it should be changed to a different state.
Once you have completed your configuration, click on Apply to apply your
settings.
Note: You must observe the following rule to configure Hello Time, Forwarding
Delay, and Max Age parameter
× (Forward Delay Time – 1 sec) ≥ Max Age Time ≥ 2 × (Hello Time value + 1 sec)
4.4.2 STP Port Configuration
This page allows you to configure the port parameter after enabled STP or RSTP.
62
Port Configuration
Select the port you want to configure and you will be able to view current settings
and status of the port.
Path Cost: Enter a number between 1 and 200,000,000. This value represents the
“cost” of the path to the other bridge from the transmitting bridge at the specified
port.
Priority: Enter a value between 0 and 240, using multiples of 16. This is the value
that decides which port should be blocked by priority in a LAN.
Link Type: There are 3 link types for your selection-Auto, P2P and Share.
Some of the rapid state transitions that are possible within RSTP depend upon
whether the port of concern can only be connected to another bridge (i.e. it is
served by a point-to-point LAN segment), or if it can be connected to two or more
bridges (i.e. it is served by a shared-medium LAN segment). This function allows
link status of the link to be manipulated administratively. “Auto” means to auto
select P2P or Share mode. “P2P” means P2P is enabled; the 2 ends work in full
duplex mode. While “Share” is enabled, it means P2P is disabled; the 2 ends may
connect through a share media and work in half duplex mode.
Edge Port: A port directly connected to the end stations cannot create a bridging
loop in the network. To configure this port as an edge port, set the port to the
Enable state. When the non-bridge device connects an admin edge port, this port
will be in blocking state and turn to forwarding state in 4 seconds.
Once you finish your configuration, click on Apply to save your settings.
63
4.4.3 STP Information
This page allows you to see the information of the root switch and port status.
Root Information: You can see root Bridge ID, Root Priority, Root Port, Root Path
Cost and the Max Age, Hello Time and Forward Delay of BPDU sent from the root
switch.
Port Information: You can see port Role, Port State, Path Cost, Port Priority, Oper
P2P mode, Oper edge port mode and Aggregated (ID/Type).
4.4.4 MSTP (Multiple Spanning Tree Protocol) Configuration
MSTP is the abbreviation of Multiple Spanning Tree Protocol. This protocol is a
direct extension of RSTP. It can provide an independent spanning tree for
different VLANs. It simplifies network management, provides for even faster
convergence than RSTP by limiting the size of each region, and prevents VLAN
members from being segmented from the rest of the group (as sometimes occurs
64
with IEEE 802.1D STP).
While using MSTP, there are some new concepts of network architecture. A
switch may belong to different groups, act as root or designate switch, generate
BPDU for the network to maintain the forwarding table of the spanning tree.
With MSTP can also provide multiple forwarding paths and enable load balancing.
Understand the architecture allows you to maintain the correct spanning tree and
operate effectively.
One VLAN can be mapped to a Multiple Spanning Tree Instance (MSTI). For
example, the maximum Instance of the Managed Switch supports is usually 16,
range from 0-15. The MSTP builds a separate Multiple Spanning Tree (MST) for
each instance to maintain connectivity among each of the assigned VLAN groups.
An Internal Spanning Tree (IST) is used to connect all the MSTP switches within an
MST region. An MST Region may contain multiple MSTP Instances.
The figure shows there are 2 VLANs/MSTP Instances and each instance has its
Root and forwarding paths.
A Common Spanning Tree (CST) interconnects all adjuacent MST regions and acts
as a virtual bridge node for communications with STP or RSTP nodes in the global
network. MSTP connects all bridges and LAN segments with a single Common
and Internal Spanning Tree (CIST). The CIST is formed as a result of the running
spanning tree algorithm between switches that support the STP, RSTP, MSTP
protocols.
The figure shows the CST large network. In this network, a Region may has
different instances and its own forwarding path and table, however, it acts as a
single Bridge of CST.
65
To configure the MSTP setting, the STP Mode of the STP Configuration page
should be changed to MSTP mode first.
After enabled MSTP mode, then you can go to the MSTP Configuration pages.
MSTP Region Configuration
This page allows configure the Region Name and its Revision, mapping the VLAN
to Instance and check current MST Instance configuration. The network can be
divided virtually to different Regions. The switches within the Region should have
the same Region and Revision level.
Region Name: The name for the Region. Maximum length: 32 characters.
Revision: The revision for the Region. Range: 0-65535; Default: 0)
66
Once you finish your configuration, click on Apply to apply your settings.
New MST Instance
This page allows mapping the VLAN to Instance and assign priority to the instance.
Before mapping VLAN to Instance, you should create VLAN and assign the
member ports first. Please refer to the VLAN setting page.
Instance ID: Select the Instance ID, the available number is 1-15.
VLAN Group: Type the VLAN ID you want mapping to the instance.
Instance Priority: Assign the priority to the instance.
After finish your configuration, click on Add to apply your settings.
Current MST Instance Configuration
This page allows you to see the current MST Instance Configuration you added.
Click on “Apply” to apply the setting. You can “Remove” the instance or
“Reload“ the configuration display in this page.
67
4.4.5 MSTP Port Configuration
This page allows configure the Port settings. Choose the Instance ID you want to
configure. The MSTP enabled and linked up ports within the instance will be
listed in this table.
Note that the ports not belonged to the Instance, or the ports not MSTP
activated will not display. The meaning of the Path Cost, Priority, Link Type and
Edge Port is the same as the definition of RSTP.
Path Cost: Enter a number between 1 and 200,000,000. This value represents the
“cost” of the path to the other bridge from the transmitting bridge at the
specified port.
Priority: Enter a value between 0 and 240, using multiples of 16. This is the value
that decides which port should be blocked by priority in a LAN.
Link Type: There are 3 types for you select. Auto, P2P and Share.
Some of the rapid state transitions that are possible within RSTP depend upon
whether the port of concern can only be connected to another bridge (i.e. it is
served by a point-to-point LAN segment), or if it can be connected to two or
more bridges (i.e. it is served by a shared-medium LAN segment). This function
allows link status of the link to be manipulated administratively. “Auto” means to
auto select P2P or Share mode. “P2P” means P2P is enabled, the 2 ends work in
Full duplex mode. While “Share” is enabled, it means P2P is disabled, the 2 ends
may connect through a share media and work in Half duplex mode.
Edge: A port directly connected to the end stations cannot create a bridging loop
in the network. To configure this port as an edge port, set the port to the Enable
state. When the non-bridge device connects an admin edge port, this port will be
68
in blocking state and turn to forwarding state in 4 seconds.
Once you finish your configuration, click on Apply to save your settings.
4.4.6 MSTP Information
This page allows you to see the current MSTP information.
Choose the Instance ID first. If the instance is not added, the information remains
blank.
The Root Information shows the setting of the Root switch.
The Port Information shows the port setting and status of the ports within the
instance.
Click on “Reload“ to reload the MSTP information display.
4.4.7 Multiple Super Ring (MSR)
The most common industrial network redundancy is to form a ring or loop.
Typically, the managed switches are connected in series and the last switch is
connected back to the first one.
The Multiple Super Ring has enhanced Ring Master selection and faster recovery
time. It is also enhanced for more complex ring application.
Advanced Rapid Dual Homing (RDH) technology also facilitates Managed Switch
69
to connect with a core managed switch easily and conveniently. With RDH
technology, you can also couple several Rapid Super Rings or RSTP cloud together,
which is also known as Auto Ring Coupling.
TrunkRing technology allows integrate MSR with LACP/Port Trunking. The
LACP/Trunk aggregated ports is a virtual interface and it can work as the Ring port
of the MSR.
MultiRing can be aggregated within one switch by using different Ring ID. The
maximum Ring number one switch can support is half of total port volume. The
feature saves much effort when constructing complex network architecture.
This page allows you to enable the settings for Multiple Super Ring and Rapid
Dual Homing.
New Ring: To create a Rapid Super Ring, just fill in the Ring ID which has range
from 0 to 31. If the name field is left blank, the name of this ring will be
automatically named with Ring ID.
Ring Configuration
ID: Once a Ring is created, this appears and cannot be changed.
Name: This field will show the name of the Ring. If it is not filled in when creating,
it will be automatically named by the rule “RingID”.
Version: The version of Ring can be changed here. There are three modes to
choose: Rapid Super Ring as default.
Device Priority: The switch with highest priority (highest value) will be
automatically selected as Ring Master. Then one of the ring ports in this switch
will become a forwarding port and the other one will become a blocking port. If
70
all of the switches have the same priority, the switch with the highest MAC
address will be selected as Ring Master.
Ring Port1: In Rapid Super Ring environment, you should have two Ring Ports. No
matter if the switch is Ring Master or not, when configuring RSR, two ports
should be selected as Ring Ports. For Ring Master,one of the ring ports will
become the forwarding port and the other one will become the blocking port.
Path Cost: Change the Path Cost of Ring Port1. If this switch is the Ring Master of
a Ring, then it determines the blocking port. The Port with higher Path Cost in the
two ring Port will become the blocking port, If the Path Cost is the same, the port
with larger port number will become the blocking port.
Ring Port2: Assign another port for ring connection
Path Cost: Change the Path Cost of Ring Port2
Rapid Dual Homing: Rapid Dual Homing is a feature of MSR. When you want to
connect multiple RSR or form a redundant topology with other vendors, RDH
could allow you to have maximum seven multiple links for redundancy without
any problem.
In Rapid Dual Homing, you don’t need to configure specific port to connect to
other protocol. The Rapid Dual Homing will smartly choose the fastest link for
primary link and block all the other links to avoid loop. If the primary link failed,
Rapid Dual Homing will automatically forward the secondary link for network
redundancy. If there are more connections, they will be standby links and recover
one of them if both primary and secondary links are down.
Ring status: To enable/disable the Ring. Please remember to enable the ring after
you add it.
4.4.8 Multiple Super Ring Information
This page shows the RSR information.
71
ID: Ring ID.
Feature
Command Line
RSTP
Enable
Switch(config)# spanning-tree enable
Disable
Switch (config)# spanning-tree disable
RSTP mode
Switch(config)# spanning-tree mode rapid-stp
SpanningTree Mode change to be RSTP(802.1w) .
STP mode
Switch(config)# spanning-tree mode stp
SpanningTree Mode change to be STP(802.1d) .
Priority
Switch(config)# spanning-tree priority
<0-61440> valid range is 0 to 61440 in multiple of
4096
Switch(config)# spanning-tree priority 4096
Max Age
Switch(config)# spanning-tree max-age
<6-40> Valid range is 6~40 seconds
Switch(config)# spanning-tree max-age 10
Hello Time
Switch(config)# spanning-tree hello-time
<1-10> Valid range is 1~10 seconds
Switch(config)# spanning-tree hello-time 2
Forward Delay
Switch(config)# spanning-tree forward-time
<4-30> Valid range is 4~30 seconds
Switch(config)# spanning-tree forward-time 15
Port Path Cost
Switch(config-if)# spanning-tree cost
<1-200000000> 16-bit based value range from
Version: which version of this ring, this field could be Rapid Super Ring, Super
Ring.
Role: This Switch is RM or nonRM
Status: If this field is Normal which means the redundancy is activated. If any one
of the links in the Ring is down, then the status will be Abnormal.
RM MAC: The MAC address of Ring Master of this Ring. It helps to find the
redundant path.
Blocking Port: This field shows which is blocked port of RM.
Role Transition Count: This means how many times this switch has changed its
Role from nonRM to RM or from RM to nonRM.
Role state Transition Count: This number shows how many times the Ring status
has been transformed between Normal and Abnormal state.
RSTP Port Admin Link-Type is Auto, Oper Link-Type is
Point-to-Point
RSTP Port Admin Edge-Port is Enabled, Oper Edge-Port
is Edge
Designated root has priority 32768, address
0007.7c00.0112
Designated bridge has priority 32768, address
0007.7c60.1aec
Designated Port ID is 128.6, Root Path Cost is 600000
Timers : message-age 0 sec, forward-delay 0 sec
Link Aggregation Group: N/A, Type: N/A, Aggregated
with: N/A
BPDU: sent 43759 , received 4854
TCN : sent 0 , received 0
Forwarding-State Transmit count 12
Message-Age Expired count
Multiple Super Ring
Create or configure a
Ring
Switch(config)# multiple-super-ring 1
Ring 1 created
Switch(config-multiple-super-ring)#
Note: 1 is the target Ring ID which is going to be created
or configured.
Super Ring Version
Switch(config-multiple-super-ring)# version
74
default set default to rapid super ring
rapid-super-ring rapid super ring
super-ring super ring
Switch(config-multiple-super-ring)# version
rapid-super-ring
Priority
Switch(config-multiple-super-ring)# priority
<0-255> valid range is 0 to 255
default set default
Switch(config)# super-ring priority 100
Ring Port
Switch(config-multiple-super-ring)# port
IFLIST Interface list, ex: fa1,fa3-5,gi8-10
cost path cost
Switch(config-multiple-super-ring)# port fa1,fa2
Ring Port Cost
Switch(config-multiple-super-ring)# port cost
<0-255> valid range is 0 or 255
default set default (128)valid range is 0 or 255
Switch(config-multiple-super-ring)# port cost 100
<0-255> valid range is 0 or 255
default set default (128)valid range is 0 or 255
Switch(config-super-ring-plus)# port cost 100 200
Set path cost success.
Rapid Dual Homing
Switch(config-multiple-super-ring)#
rapid-dual-homing enable
Switch(config-multiple-super-ring)#
rapid-dual-homing disable
Switch(config-multiple-super-ring)#
rapid-dual-homing port
IFLIST Interface name, ex: fastethernet1 or gi8
auto-detect up link auto detection
IFNAME Interface name, ex: fastethernet1 or gi8
Switch(config-multiple-super-ring)#
rapid-dual-homing port fa3,fa5-6
set Rapid Dual Homing port success.
Note: auto-detect is recommended for dual Homing..
Ring Info
75
Ring Info
Switch# show multiple-super-ring [Ring ID]
[Ring1] Ring1
Current Status : Disabled
Role : Disabled
Ring Status : Abnormal
Ring Manager : 0000.0000.0000
Blocking Port : N/A
Giga Copper : N/A
Configuration :
Version : Rapid Super Ring
Priority : 128
Ring Port : fa1, fa2
Path Cost : 100, 200
Dual-Homing II : Disabled
Statistics :
Watchdog sent 0, received 0, missed 0
Link Up sent 0, received 0
Link Down sent 0, received 0
Role Transition count 0
Ring State Transition count 1
Ring ID is optional. If the ring ID is typed, this
command will only display the information of the
target Ring.
76
4.5 VLAN
A Virtual LAN (VLAN) is a “logical” grouping of nodes for the purpose of limiting a
broadcast domain to specific members of a group without physically grouping the
members together. That means, VLAN allows you to isolate network traffic so
that only members of VLAN could receive traffic from the same VLAN members.
Basically, creating a VLAN from a switch is the logical equivalent of physically
reconnecting a group of network devices to another Layer 2 switch, without
actually disconnecting these devices from their original switches.
The switch supports 802.1Q VLAN. 802.1Q VLAN is also known as Tag-Based
VLAN. This Tag-Based VLAN allows VLAN to be created across different switches
(see Figure 1). IEEE 802.1Q tag-based VLAN makes use of VLAN control
information stored in a VLAN header attached to IEEE 802.3 packet frames. This
tag contains a VLAN Identifier (VID) that indicates which VLAN a frame belongs to.
Since each switch only has to check a frame’s tag, without the need to dissect the
contents of the frame, which also saves a lot of computing resources within the
switch.
QinQ
The QinQ is originally designed to expand the number of VLANs by adding a tag
to the 802.1Q packets. The original VLAN is usually identified as Customer VLAN
(C-VLAN) and the new added t–g - as Service VLAN(S-VLAN). By adding the
additional tag, QinQ increases the possible number of VLANs. After QinQ
enabled, the Managed Switch can reach up to 256x256 VLANs. With different
standard tags, it also improves the network security.
VLAN Configuration group enables you to Add/Remove VLAN, configure port
Ingress/Egress parameters and view VLAN table.
Following commands are included in this section:
4.5.1 VLAN Port Configuration
4.5.2 VLAN Configuration
77
4.5.3 GVRP Configuration
4.5.4 VLAN Table
4.5.5 CLI Commands of the VLAN
4.5.1 VLAN Port Configuration
VLAN Port Configuration allows you to set up VLAN port parameters to specific
port. These parameters include PVID, Accept Frame Type and Ingress Filtering.
Figure 4.5.2 Web UI of VLAN configuration.
PVID: The abbreviation of the Port VLAN ID. Enter the port VLAN ID. PVID allows
the switches to identify which port belongs to which VLAN. To keep things simple,
it is recommended that PVID is equivalent to VLAN IDs.
The values of PVIDs are from 0 to 4095. But, 0 and 4095 are reserved. You can’t
input these two PVIDs. Value 1 is the default value and 2 to 4094 are valid and
available.
Tunnel Mode: This is the new command for QinQ. The command includes None,
802.1Q Tunnel and 802.1Q Tunnel Uplink. The figure shows the relationship
between 802.1Q Tunnel and 802.1Q Tunnel Uplink.
78
Following is the modes you can select.
None: Remian VLAN setting, no QinQ.
802.1Q Tunnel: The QinQ command applied to the ports which connect to the
C-VLAN. The port receives tagged frame from the C-VLAN. Add a new tag (Port
VID) as S-VLAN VID. When the packets are forwarded to C-VLAN, the S-VLAN
tag is removed.
After 802.1Q Tunnel mode is assigned to a port, the egress setting of the port
should be “Untag”, it indicates the egress packet is always untagged. This is
configured in Static VLAN Configuration table. Please refer to the VLAN
Configuration chapter in below.
802.1Q Tunnel Uplink: The QinQ command applied to the ports which connect
to the S-VLAN. The port receives tagged frame from the S-VLAN. When the
packets are forwarded to S-VLAN, the S-VLAN tag is kept.
After 802.1Q Tunnel Uplink mode is assigned to a port, the egress setting of the
port should be “Tag”, it indicates the egress packet is always tagged. This is
configured in Static VLAN Configuration table. Please refer to the VLAN
Configuration chapter in below.
For example, the VID of S-VLAN/Tunnel Uplink is 10, the VID of C-VLAN/Tunnel is
5. The 802.1Q Tunnel port receives tag 5 from C-VLAN, add tag 10 to the packet.
When the packets are forwarded to S-VLAN, tag 10 is kept.
EtherType: This column allows you to define the EtherType manually. This is
advanced QinQ parameter which allows to define the transmission packet type.
Accept Frame Type: This column defines the accepted frame type of the port.
There are 2 modes you can select, Admit All and Tag Only. Admit All mode means
that the port can accept both tagged and untagged packets. Tag Only mode
means that the port can only accept tagged packets.
Ingress Filtering: Ingress filtering helps VLAN engine to filter out undesired traffic
on a port. When Ingress Filtering is enabled, the port checks whether the
79
incoming frames belong to the VLAN they claimed or not. Then the port
determines if the frames can be processed or not. For example, if a tagged frame
from Engineer VLAN is received, and Ingress Filtering is enabled, the switch will
determine if the port is on the Engineer VLAN’s Egress list. If it is, the frame can
be processed. If it’s not, the frame would be dropped.
80
4.5.2 VLAN Configuration
In this page, you can assign Management VLAN, create the static VLAN, and
assign the Egress rule for the member ports of the VLAN.
Figure 4.5.2.1 Web UI of the VLAN Configuration.
Management VLAN ID: The switch supports management VLAN. The
management VLAN ID is the VLAN ID of the CPU interface so that only member
ports of the management VLAN can access the switch. The default management
VLAN ID is 1.
Static VLAN: You can assign a VLAN ID and VLAN Name for new VLAN here.
VLAN ID is used by the switch to identify different VLANs. Valid VLAN ID is
between 1 and 4094 and VLAN 1 is the default VLAN.
VLAN Name is a reference for network administrator to identify different VLANs.
The available character is 12 for you to input. If you don’t input VLAN name, the
system will automatically assign VLAN name for the VLAN. The rule is VLAN
(VLAN ID).
The steps to create a new VLAN: Type VLAN ID and NAME, and press Add to
create a new VLAN. Then you can see the new VLAN in the Static VLAN
Configuration table.
81
After created the VLAN, the status of the VLAN will remain in Unused until you
add ports to the VLAN.
Note: Before you change the management VLAN ID by Web and Telnet,
remember that the port attached by the administrator should be the member
port of the management VLAN; otherwise the administrator can’t access the
switch via the network.
Note: Currently the switch only support max 255 group VLAN.
Static VLAN Configuration
You can see the created VLANs and specify the egress (outgoing) port rule to be
Untagged or Tagged here.
Static VLAN Configuration table. You can see that new VLAN 3 is created. VLAN
name is test. Egress rules of the ports are not configured now.
-- : Not available
U: Untag: Indicates that egress/outgoing frames are not VLAN tagged.
T : Tag: Indicates that egress/outgoing frames are to be VLAN tagged.
Steps to configure Egress rules: Select the VLAN ID. Entry of the selected VLAN
turns to light blue. Assign Egress rule of the ports to U or T. Press Apply to apply
the setting. If you want to remove one VLAN, select the VLAN entry. Then press
Remove button.
82
4.5.3 GVRP configuration
GVRP allows users to set-up VLANs automatically rather than manual
configuration on every port of every switch in the network.
GVRP Protocol: Allow user to enable/disable GVRP globally.
State: After enable GVRP globally, here still can enable/disable GVRP by port.
Join Timer: Controls the interval of sending the GVRP Join BPDU and an instance
of this timer is required on a per-Port, per-GARP Participant basis
Leave Timer: Control the time to release the GVRP reservation after received the
GVRP Leave BPDU and an instance of the timer is required for each state machine
that is in the LV state
Leave All Timer: Controls the period to initiate the garbage collection of
registered VLAN. The timer is required on a per-Port, per-GARP Participant basis
83
4.5.4 VLAN Table
This table shows you current settings of your VLAN table, including VLAN ID,
Name, Status, and Egress rule of the ports.
VLAN ID: ID of the VLAN.
Name: Name of the VLAN.
Status: Static shows this is a manually configured static VLAN. Unused means this
VLAN is created by UI/CLI and has no member ports. This VLAN is not workable
yet. Dynamic means this VLAN is learnt by GVRP.
After created the VLAN, the status of this VLAN will remain in Unused status until
you add ports to the VLAN.
84
4.5.5 CLI Commands of the VLAN
Feature
Command Line
VLAN Port Configuration
VLAN Port PVID
Switch(config-if)# switchport trunk native vlan 2
Set port default vlan id to 2 success
Port Accept Frame
Type
Switch(config)# inter fa1
Switch(config-if)# acceptable frame type all
any kind of frame type is accepted!
Switch(config-if)# acceptable frame type
vlantaggedonly
only vlan-tag frame is accepted!
Ingress Filtering
(for fast Ethernet
port 1)
Switch(config)# interface fa1
Switch(config-if)# ingress filtering enable
ingress filtering enable
Switch(config-if)# ingress filtering disable
ingress filtering disable
Egress rule –
Untagged (for VLAN 2)
Switch(config-if)# switchport access vlan 2
switchport access vlan - success
Egress rule – Tagged
(for VLAN 2)
Switch(config-if)# switchport trunk allowed vlan
add 2
Display – Port
Ingress Rule (PVID,
Ingress Filtering,
Acceptable Frame
Type)
Switch# show interface fa1
Interface fastethernet1
Administrative Status : Enable
Operating Status : Not Connected
Duplex : Auto
Speed : Auto
Flow Control :off
Default Port VLAN ID: 2
Ingress Filtering : Disabled
Acceptable Frame Type : All
Port Security : Disabled
Auto Negotiation : Enable
Loopback Mode : None
STP Status: disabled
Default CoS Value for untagged packets is 0.
Command Lines of the VLAN port configuration, VLAN configuration and VLAN
table display
85
Mdix mode is Auto.
Medium mode is Copper.
Display – Port Egress
Rule (Egress rule, IP
address, status)
Switch# show running-config
……
!
interface fastethernet1
switchport access vlan 1
switchport access vlan 3
switchport trunk native vlan 2
…….
interface vlan1
ip address 192.168.2.200/24
no shutdown
VLAN Configuration
Create VLAN (2)
Switch(config)# vlan 2
vlan 2 success
Switch(config)# interface vlan 2
Switch(config-if)#
Note: In CLI configuration, you should create a VLAN
interface first. Then you can start to add/remove
ports. Default status of the created VLAN is unused
until you add member ports to it.
Remove VLAN
Switch(config)# no vlan 2
no vlan success
Note: You can only remove the VLAN when the VLAN is
in unused mode.
VLAN Name
Switch(config)# vlan 2
vlan 2 has exists
Switch(config-vlan)# name v2
Switch(config-vlan)# no name
Note: Use no name to change the name to default name,
VLAN VID.
VLAN description
Switch(config)# interface vlan 2
86
Switch(config-if)#
Switch(config-if)# description this is the VLAN 2
Switch(config-if)# no description ->Delete the
description.
IP address of the
VLAN
Switch(config)# interface vlan 2
Switch(config-if)#
Switch(config-if)# ip address 192.168.1.200/24
Switch(config-if)# no ip address 192.168.1.200/24
->Delete the IP address
Create multiple
VLANs (VLAN 5-10)
Switch(config)# interface vlan 5-10
Shut down VLAN
Switch(config)# interface vlan 2
Switch(config-if)# shutdown
Switch(config-if)# no shutdown ->Turn on the VLAN
Display – VLAN table
Switch# sh vlan
VLAN Name Status Trunk Ports Access Ports
---- ------------ -------
--------------------------
1 VLAN1 Static - fa1-7,gi8-10
2 VLAN2 Unused - -
3 test Static fa4-7,gi8-10
fa1-3,fa7,gi8-10
Display – VLAN
interface
information
Switch# show interface vlan1
interface vlan1 is up, line protocol detection is
disabled
index 14 metric 1 mtu 1500
<UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 00:07:7c:ff:01:b0
inet 192.168.2.200/24 broadcast 192.168.2.255
input packets 639, bytes 38248, dropped 0,
multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame
0, fifo 0, missed 0
output packets 959, bytes 829280, dropped 0
87
output errors 0, aborted 0, carrier 0, fifo 0,
heartbeat 0, window 0
collisions 0
GVRP configuration
GVRP enable/disable
Switch(config)# gvrp mode
disable Disable GVRP feature globally on the
switch
enable Enable GVRP feature globally on the switch
Switch(config)# gvrp mode enable
Gvrp is enabled on the switch!
Configure GVRP
timer
Join timer /Leave
timer/ LeaveAll
timer
Switch(config)# inter fa1
Switch(config-if)# garp timer
<10-10000>
Switch(config-if)# garp timer 20 60 1000
Note: The unit of these timer is centisecond
Management VLAN
Management VLAN
Switch(config)# int vlan 1 (Go to management VLAN)
Switch(config-if)# no shutdown
Display
Switch# show running-config
!
interface vlan1
ip address 192.168.2.200/24
ip igmp
no shutdown
!
88
4.6 Private VLAN
The private VLAN helps to resolve the primary VLAN ID shortage, client ports’
isolation and network security issues. The Private VLAN provides primary and
secondary VLAN within a single switch.
Primary VLAN: The uplink port is usually the primary VLAN. A primary VLAN
contains promiscuous ports that can communicate with lower Secondary VLANs.
Secondary VLAN: The client ports are usually defined within secondary VLAN.
The secondary VLAN includes Isolated VLAN and Community VLAN. The client
ports can be isolated VLANs or can be grouped in the same Community VLAN.
The ports within the same community VLAN can communicate with each other.
However, the isolated VLAN ports can Not.
The figure shows the typical Private VLAN network. The SCADA/Public Server or
NMS workstation is usually located in primary VLAN. The clients PCs or Rings are
located within Secondary.
Private VLAN (PVLAN) Configuration group enables you to Configure PVLAN,
PVLAN Port and see the PVLAN Information.
Following commands are included in this group:
4.6.1 PVLAN Configuration
4.6.2 PVLAN Port Configuration
4.6.3 CLI Commands of the PVLAN
4.6.1 PVLAN Configuration
PVLAN Configuration allows you to assign Private VLAN type. After created VLAN
in VLAN Configuraiton page, the available VLAN ID will display here. Choose the
Private VLAN types for each VLAN you want configure.
89
None: The VLAN is Not included in Private VLAN.
Primary: The VLAN is the Primary VLAN. The member ports can communicate
with secondary ports.
Isolated: The VLAN is the Isolated VLAN. The member ports of the VLAN are
isolated.
Community: The VLAN is the Community VLAN. The member ports of the VLAN
can communicate with each other.
4.6.2 PVLAN Port Configuration
PVLAN Port Configuration page allows configure Port Configuration and Private
VLAN Association.
Private VLAN Association
Secondary VLAN: After the Isolated and Community VLAN Type is assigned in
Private VLAN Configuration page, the VLANs are belonged to the Secondary VLAN
and displayed here.
Primary VLAN: After the Primary VLAN Type is assigned in Private VLAN
Configuration page, the secondary VLAN can associate to the Primary VLAN ID.
Select the Primary VLAN ID here.
Note: Before configuring PVLAN port type, the Private VLAN Association should
be done first.
90
Port Configuraion
PVLAN Port T pe :
Normal: The Normal port is None PVLAN ports, it remains its original VLAN
setting.
Host: The Host type ports can be mapped to the Secondary VLAN.
Promiscuous: The promiscuous port can be associated to the Primary VLAN.
VLAN ID: After assigned the port type, the web UI display the available VLAN ID
the port can associate to.
For example:
1. VLAN Create: VLAN 2-5 are created in VLAN Configuration page.
2. Private VLAN Type: VLAN 2-5 has its Private VLAN Type configured in Private
VLAN Configuration page.
VLAN 2 is belonged to Primary VLAN.
VLAN 3-5 are belonged to secondary VLAN (Isolated or Community).
3. Private VLAN Association: Associate VLAN 3-5 to VLAN 2 in Private VLAN
Association first.
4. Private VLAN Port Configuration
VLAN 2 – Primary -> The member port of VLAN 2 is promiscuous port.
VLAN 3 – Isolated -> The Host port can be mapped to VLAN 3.
VLAN 4 – Community -> The Host port can be mapped to VLAN 3.
VLAN 5 – Community -> The Host port can be mapped to VLAN
5. Result
VLAN 2 -> VLAN 3, 4, 5; member ports can communicate with ports in secondary
VLAN.
VLAN 3 -> VLAN 2, member ports are isolated, but it can communicate with
member port of VLAN 2..
VLAN 4 -> VLAN 2, member ports within the community can communicate with
each other and communicate with member port of VLAN 2.
VLAN 5 -> VLAN 2, member ports within the community can communicate with
each other and communicate with member port of VLAN 2.
91
4.6.3 Private VLAN Information
This page allows you to see the Private VLAN information.
4.6.4 CLI Command of the PVLAN
Command Lines of the Private VLAN configuration
92
Feature
Command Line
Private VLAN Configuration
Create VLAN
Switch(config)# vlan 2
vlan 2 success
Switch(config-vlan)#
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
list Print command list
name Assign a name to vlan
no no
private-vlan Configure a private VLAN
Private VLAN Type
Choose the Types
Primary Type
Isolated Type
Community Type
Go to the VLAN you want configure first.
Switch(config)# vlan (VID)
Switch(config-vlan)# private-vlan
community Configure the VLAN as an community private
VLAN
isolated Configure the VLAN as an isolated private
VLAN
primary Configure the VLAN as a primary private
VLAN
Switch(config-vlan)# private-vlan primary
<cr>
Switch(config-vlan)# private-vlan isolated
<cr>
Switch(config-vlan)# private-vlan community
<cr>
Private VLAN Port Configuraiton
Go to the port
configuraiton
Switch(config)# interface (port_number, ex: fa9)
Switch(config-if)# switchport private-vlan
host-association Set the private VLAN host association
mapping map primary VLAN to secondary
VLAN
Private VLAN Port Type
Promiscuous Port Type
Host Port Type
Switch(config-if)# switchport mode
private-vlan Set private-vlan mode
Switch(config-if)# switchport mode private-vlan
host Set the mode to private-vlan host
promiscuous Set the mode to private-vlan promiscuous
Switch(config-if)# switchport mode private-vlan promiscuous
<cr>
<2-4094> Primary range VLAN ID of the private VLAN
port association
Switch(config-if)# switchport private-vlan host-association 2
<2-4094> Secondary range VLAN ID of the private VLAN
port association
Switch(config-if)# switchport private-vlan host-association 2 3
Mapping primary to
secondary VLANs
(This command is only
available for
promiscuous port)