LE2711C - Switch Black Box - Free user manual and instructions

USER MANUAL LE2711C Black Box

LE2700 Series Industrial Managed Ethernet Switches

User Manual

This Layer 2 modular rackmount managed Gigabit Ethernet switch has four module slots that accommodate 8-port 10/100/1000BASE-T RJ-45 and SFP modules, and 4-port 10GE SFP+ and 100-Mbps fiber ST and fiber SC modules.

Trademarks Used in this Manual

Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc.

Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners.

Disclaimer:

Black Box Network Services shall not be liable for damages of any kind, including, but not limited to, punitive, consequential or cost of cover damages, resulting from any errors in the product information or specifications set forth in this document and Black Box Network Services may revise this document at any time without notice.

We're here to help! If you have any questions about your application or our products, contact Black Box Tech Support at 724-746-5500 or go to blackbox.com and click on "Talk to Black Box."

You'll be live with one of our technical experts in less than 60 seconds.

Federal Communications Commission and Industry Canada Radio Frequency Interference Statements

This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer's instructions, may cause interference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment. Operation of this equipment in a residential area is likely to cause interference, in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference.

Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This digital apparatus does not exceed the Class A limits for radio noise emission from digital apparatus set out in the Radio Interference Regulation of Industry Canada.

2.1 Introduction....10
2.2 Features....10
2.3 What's Included 11
2.4 Hardware Description....12

1. Hardware Installation....16

3.1 Rackmount Installation 16
3.2 Module Installation....16

3.2.1 RJ-45 Module (LE2720C) 16
3.2.2 SFP Module (LE2721C) 17
3.2.3 100/1000 Mbps SFP Module (LE2722C) or 10G SFP+ Module (LE2731C)....17
3.2.4 Power Module 18

3.3 Wiring 19

3.3.1 Grounding 19
3.3.2 Fault Relay 19
3.3.3 Redundant Power Inputs....19

3.4 Connection....20

3.4.1 Cables....20
3.4.2 SFP 22
3.4.3 B-Ring/B-Chain 22

1. Redundancy....25

4.1 B-Ring 25

4.1.1 Introduction 25
4.1.2 Configurations 25

4.2 B-Chain 26

4.2.1 Introduction....26
4.2.2 Configurations....26

4.3 MRP....26

4.3.1 Introduction....26
4.3.2 Configurations....26

4.4 STP/RSTP/MSTP 27

4.4.1 STP/RSTP 27
4.4.2 MSTP....30
4.4.3 CIST 33

4.5 Fast Recovery 34

1. Management....35

5.1 Basic Settings....36

5.1.1 System Information 36
5.1.2 Admin and Password....37
5.1.3 Authentication 37
5.1.4 IP Settings....38
5.1.5 IPv6 Settings 39
5.1.6 HTTPS....39
5.1.7 SSH 40
5.1.8 LLDP 40

5.1.9 Modbus TCP 43
5.1.10 Backup/Restore Configurations 43
5.1.11 Firmware Update....44

5.2 DHCP Server 44

5.2.1 Basic Settings....44
5.2.2 Dynamic Client List....44
5.2.3 Client List 44
5.2.4 Relay Agent....45

5.3 Port Setting 47

5.3.1 Port Control 47
5.3.2 Port Trunk 48
5.3.3 LACP 49
5.3.4 Loop Ground....52

5.4 VLAN....53

5.4.1 VLAN Membership....53
5.4.2 Port Configurations....54
5.4.3 Private VLAN 60

5.5 SNMP 62

5.5.1 SNMP System Configurations....64
5.5.2 SNMP Community Configurations 66
5.5.3 SNMP User Configurations....64
5.5.4 SNMP Group Configurations....66
5.5.5 SNMP View Configurations....66
5.5.6 SNMP Access Configurations....67

5.6 Traffic Prioritization....68

5.6.1 Storm Control....68
5.6.2 Port Classification....69
5.6.3 Port Tag Remaking....70
5.6.4 Port DSCP....71
5.6.5 Port Policing 72
5.6.6 Queue Policing 73
5.6.7 QoS Egress Port Scheduler and Shapers....74
5.6.8 Port Scheduled....76
5.6.9 Port Shaping....76
5.6.10 DSCP Based QoS....77
5.6.11 DSCP Translation....78
5.6.12 DSCP Classification 78
5.6.13 QoS Control List....79
5.6.14 QoS Counters 81
5.6.15 QCL Status....81

5.7 Multicast....82

5.7.1 IGMP Snooping....82
5.7.2 VLAN Configurations of IGMP Snooping....83
5.7.3 IGMP Snooping Status....84
5.7.4 Groups IGMP Snooping Information 85

5.8 Security....85

5.8.1 Remote Control Security Configurations....85
5.8.2 Device Binding 86
5.8.3 ACL Ports 90
5.8.4 AAA....99
5.8.5 RADIUS 100

5.8.6 NAS (802.1x) 105

5.9 Alerts....113

5.9.1 Fault Alarm 113

5.9.2 System Warning 113

5.10 Monitor and Diag 116

5.10.1 MAC Table 116

5.10.2 Port Statistics 119

5.10.3 Port Mirroring.... 121

5.10.4 System Log Information....122

5.10.5 Cable Diagnostics 123

5.10.6 SFP Monitor 124

5.10.7 Ping....124

5.11 Synchronization 126

5.12 Troubleshooting....129

5.12.1 Factory Defaults 129

5.12.2 System Reboot.... 129

5.13 Command Line Interface Management....129

1. Specifications

2. Overview

2.1 Introduction

The LE2700 Series Industrial Managed Ethernet Switches are ideal for industrial Ethernet applications. Use them to control and monitor equipment at oil/gas wells transmission facilities, water/wastewater, IP security/surveillance cameras and alarms, utilities, or building HVAC systems.

The LE2700 Series Industrial Managed Ethernet Switches are scalable, flexible, cost-effective, and reliable. The 4-Slot Chassis is a Layer 2 modular rackmount managed Gigabit Ethernet switch with four module slots. 8-port 10/100/1000BASE-T RJ-45 and SFP modules, and 4-port 10GE SFP+ and 100-Mbps fiber ST and fiber SC modules are also available.

Figure 2-1. Available models.

2.2 Features

• Modular design with dual power supplies enables flexible network planning by allowing users to add capacity as demand increases. Choose the right quantity, speed, and range of interfaces for the application. Purchase the capacity you need when you need it.
• Environmentally hardened case withstands operating temperatures of -40 to +185° F (-40 to +85° C).
• Managed switch enables you to configure and monitor installations remotely.
  • Supports Web, SNMP, and console user interfaces.
• Choose from copper, fiber, 10/100/1000-Mbps, and 10GE interfaces.
• Complies with IEEE 802.3az energy efficient standards.
• Manages traffic with 802.1p/q tagged frames.
• Handles jumbo frames.
  • Supports IEEE 1588v2 synchronization.
• Accommodates high availability protocols, including xSTP, link aggregation, and redundant ring protocols.
  • Supports IP multicast snooping with IGMPv2/3.
• Authenticates ACLs, TACACS+, and 802.1x users.

2.3 What's Included

Your package should include the following items. If anything is missing or damaged, contact Black Box Technical Support at 724-746-5500 or info@blackbox.com.

LE2700A:

• LE2700 Series Industrial Managed Ethernet Switch with power supply
• U.S. power cord

LE2700AE:

• LE2700 Series Industrial Managed Ethernet Switch with power supply
- EU. power cord

LE2700UK:

• LE2700 Series Industrial Managed Ethernet Switch with power supply
- UK power cord

LE2700LV:

• LE2700 Series Industrial Managed Ethernet Switch with low-voltage power supply
• U.S. power cord

LE2700LV-PS:

• LE2700 Series Industrial Managed Ethernet Switch Power Supply - Low-Voltage

LE2710C:

4-port 100FX multimode 2 km SC module, works in switch slot 1, 2, or 3

LE2711C

4-port 100FX multimode 2 km ST module, works in switch slot 1, 2, or 3

LE2720C:

8-port 10/100/1000BASE-T RJ-45 module, works in switch slot 1, 2, or 3

LE2721C:

8-port 100/1000 Mbps SFP module, works in switch slot 1, 2, or 3

LE2722C:

4-port 100/1000 Mbps SFP module, works in switch slot 4 only

LE2731C:

4-port 10 GE SFP+ module, works in switch slot 4 only

You can download this user manual from the Black Box Web site.

To download from the Web site:

1. Go to www.blackbox.com
2. Enter the part number (LE2700A) in the search box:

1. Click on the "Resources" tab on the product page, and select the document you wish to download.

2.4 Hardware Description

graph LR
    A["Device Icon"] --> B["Slot 1"]
    B --> C["Slot 2"]
    C --> D["Slot 3"]
    D --> E["Slot 4"]

LE2710C, LE2711C, LE2720C, or LE2721C

installs in slot 1, 2, or 3

10-Gigabit module (LE2731C) or

100/1000-Mbps Ethernet module

(LE2722C) installs in slot 4 only

Figure 2-1. Front panel.

graph TD
    A["Power 1"] --> B["Power module slot 1"]
    C["Power 2"] --> D["Power module slot 2"]
    E["Power module installed in slot 1"] --> F["Power module installed in slot 2"]
    G["Power module installed in slot 2"] --> H["Power module installed in slot 1"]

Figure 2-2. Back panel.

On the rear panel of the switch are two panel module slots and one terminal block. The terminal blocks include two power pairs for redundant power supply.

B-Ring provides two 10 Gigabit modules and four Gigabit Ethernet modules to meet your demand for high speed. For applications requiring long-distance data transmission, B-Ring also provides several fiber modules to meet your needs. Please refer to the following table for available modules.

The modules are not hot-swappable. Be sure to turn off power before changing modules; otherwise, the system will not detect newly inserted modules.

Table 2-3. Switch Modules.

Available power supplies include:

• Spare Power Supply for the LE2700 Series Industrial Managed Ethernet Switch Chassis (LE2700-PS)
• Spare Power Supply for the LE2700 Series Industrial Managed Ethernet Switch Chassis (LE2700LV-PS)

3. Hardware Installation

3.1 Rackmount Installation

The switch comes with two rackmount kits to allow you to fasten the switch to a rack in any environment.

Follow the steps below to install the switch to a rack.

Step 1: Install left and right front mounting brackets to the switch using 4 M3 screws on each side provided with switch.

Step 2: With front brackets orientated in front of the rack, nest front and rear brackets together. Fasten together using remaining M4 screws into counter sunk holes.

Step 3: Fasten the front mounting bracket to the front of the rack.

Figure 3-1. Installing the module.

3.2 Module Installation

3.2.1 RJ-45 Module (LE2720C)

Each LE2700 Series Industrial Managed Ethernet Switches switch supports a maximum of three RJ-45 modules, giving you a total of 24 RJ-45 ports. Follow the steps bellow for installation.

Step 1: Switch off the power of the switch.

Step 2: Insert the modules in Slot 1, 2, and 3 respectively.

Step 3: Switch on the power of the switch.

graph TD
    A["Slot 1"] --> B["Slot 2"]
    B --> C["Slot 3"]
    C --> D["Slot 4"]
    D --> E["Slot 4"]
    E --> F["1 2 3 4 5 6 7"]
    F --> G["1 2 3 4 5 6 7"]
    G --> H["1 2 3 4 5 6 7"]
    H --> I["1 2 3 4 5 6 7"]

Figure 3-3. RJ-45 module.

3.2.2 SFP Module (LE2710C, LE2711C, LE2721C)

Each LE2700 Series Industrial Managed Ethernet Switches switch supports a maximum of three SFP modules, giving you a total of 24 SFP ports. Follow the steps bellow for installation.

Step 1: Switch off the power of the switch.

Step 2: Insert the modules in Slot 1, 2, and 3 respectively.

Step 3: Switch on the power of the switch.

graph TD
    A["Slot 1"] --> B["Slot 2"]
    B --> C["Slot 3"]
    C --> D["Slot 4"]
    E["Slot 4"] --> F["Slot 1"]
    E --> G["Slot 2"]
    E --> H["Slot 3"]
    E --> I["Slot 4"]
    J["Slot 1"] --> K["1"]
    J --> L["2"]
    J --> M["3"]
    J --> N["4"]
    J --> O["5"]
    J --> P["6"]
    J --> Q["7"]
    R["Slot 2"] --> S["1"]
    R --> T["2"]
    R --> U["3"]
    R --> V["4"]
    R --> W["5"]
    R --> X["6"]
    R --> Y["7"]
    Z["Slot 3"] --> AA["1"]
    Z --> AB["2"]
    Z --> AC["3"]
    Z --> AD["4"]
    Z --> AE["5"]
    Z --> AF["6"]
    Z --> AG["7"]
    AH["Slot 4"] --> AI["1"]
    AH --> AJ["2"]
    AH --> AK["3"]
    AH --> AL["4"]

Figure 3-4. SFP module.

3.2.3 100/1000 Mbps SFP Module (LE2722C) or 10G SFP+ Module (LE2731C)

Each LE2700 Series Industrial Managed Ethernet Switches switch supports one 4-port GE SFP or 10G SFP+ module, giving you a total of four GE or 10G ports. Follow the steps bellow for installation. The module can be plugged into the 10-Gigabit Ethernet port of the switch and links the switch with a fiberoptic network.

Follow the steps bellow for installation.

Step 1: Switch off the power of the switch.

Step 2: Insert the module in Slot 4.

Step 3: Switch on the power of the switch.

graph TD
    A["Slot 1"] --> B["Slot 2"]
    B --> C["Slot 3"]
    C --> D["Slot 4"]
    D --> E["Final Layout"]
    style A fill:#f9f,stroke:#333
    style B fill:#f9f,stroke:#333
    style C fill:#f9f,stroke:#333
    style D fill:#f9f,stroke:#333
    style E fill:#ccf,stroke:#333

Figure 3-5. 10G SFP+ module.

CAUTION:

1. The 10G slot can accommodate a Gigabit or 10G module (LE2722C or LE2731C); therefore, do not insert the LE2722C or LE2731C module in other slots.
2. Removing and installing an Ethernet module can shorten its useful life. Do not remove and insert the modules more often than is absolutely necessary.

3.2.4 Power Module

Each LE2700 Series Industrial Managed Ethernet Switches switch supports a maximum of two power modules. Follow the steps bellow for installation.

Step 1: Switch off the power of the switch.

Step 2: Insert the modules in Power 1 and 2 slots respectively.

Step 3: Switch on the power of the switch.

graph TD
    A["Power 1"] --> C["Output: 50Watts, 12V = 4.2A"]
    B["Power 2"] --> C
    C --> D["Output: 88-384VAC/100-370VDC - 1.3A Output: 50Watts, 12V = 4.2A"]

Figure 3-6. Power module.

3.3 Wiring

WARNING:

Do not disconnect modules or wires unless power has been switched off or the area is known to be non-hazardous. The devices may only be connected to the supply voltage shown on the type plate.

ATTENTION:

1. Be sure to disconnect the power cord before installing and/or wiring your switches.
2. Calculate the maximum possible current in each power wire and common wire. Observe all electrical codes dictating the maximum current allowable for each wire size.
3. If the current goes above the maximum ratings, the wiring could overheat, causing serious damage to your equipment.
4. Use separate paths to route wiring for power and devices. If power wiring and device wiring paths must cross, make sure the wires are perpendicular at the intersection point.
5. Do not run signal or communications wiring and power wiring through the same wire conduit. To avoid interference, wires with different signal characteristics should be routed separately.

6. You can use the type of signal transmitted through a wire to determine which wires should be kept separate. The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together.

7. Separate input wiring from output wiring.

8. Label the wiring to all devices in the system.

3.3.1 Grounding

Grounding and wire routing help limit the effects of noise due to electromagnetic interference (EMI). Run the ground connection from the ground screws to the grounding surface prior to connecting devices.

3.3.2 Fault Relay

The relay contact of the 2-pin terminal block connector is used to detect user-configured events. The two wires attached to the fault contacts form an open circuit when a user-configured event is triggered. If a user-configured event does not occur, the fault circuit remains closed.

3.3.3 Redundant Power Inputs

The LE2700 Series Industrial Managed Ethernet Switches switches support dual redundant power supplies, Power Supply 1 (PWR1) and Power Supply 2 (PWR2). The connections for PWR1, PWR2 and the RELAY are located on the terminal block.

Step 1: Insert the negative/positive DC wires into the V-/V+ terminals, respectively.

Step 2: To keep the DC wires from pulling loose, use a small flat-blade screwdriver to tighten the wire-clamp screws on the front of the terminal block connector.

Step 3: Insert the plastic terminal block connector prongs into the terminal block receptor.

Figure 3-7. Redundant power inputs.

3.4 Connection

3.4.1 Cables

1000/100BASE-TX/10BASE-T Pin Assignments

The LE2700 Series Industrial Managed Ethernet Switches switches come with standard Ethernet ports. According to the link type, the switch uses CAT 3, 4, 5,5e UTP cables to connect to any other network devices (PCs, servers, switches, routers, or hubs). Refer to the following table for cable specifications.

With 1000/100BASE-TX/10BASE-T cables, pins 1 and 2 are used for transmitting data, and pins 3 and 6 are used for receiving data.

The LE2700 series switches support auto MDI/MDI-X operation. You can use a cable to connect the switch to a PC. Table 3-4 shows the 10BASE-T/100BASE-TX MDI and MDI-X port pinouts.

NOTE: "+" and "-" signs represent the polarity of the wires that make up each wire pair.

RS-232 port wiring

You can manage the LE2700 Series Switch via console ports using a RS-232 cable (included). Connect the port to a PC via the RS-232 cable with a DB9 female connector. The DB9 female connector of the RS-232 cable should be connected to the PC while the other end of the cable (RJ-45 connector) should be connected to the console port of the switch.

Figure 3-8. RS-232 port wiring diagram.

3.4.2 SFP

The switch comes with fiber optical ports that can connect to other devices using SFP modules. The fiber optical ports are in multimode (0 to 550 m, 850 nm with 50/125- m, 62.5/125- m fiber) and single-mode with LC connectors. Remember to connect the TX port of Switch A should be connected to the RX port of Switch B.

Figure 3-9. Fiber optic ports.

3.4.3 B-Ring/B-Chain

B-Ring

You can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps.

1. Connect each switch to form a daisychain using an Ethernet cable.
2. Set one of the connected switches to be the master and make sure the port setting of each connected switch on the management page corresponds to the physical ports connected. For information about the port setting, please refer to Section 4.1.2, Configuration.
3. Connect the last switch to the first switch to form a ring topology.

Figure 3-10. B-Ring.

Coupling Ring

If you already have two B-Ring topologies and would like to connect the rings, you can form them into a coupling ring. All you need to do is select two switches from each ring to be connected, for example, switch A and B from Ring 1 and switch C and D from ring 2. Decide which port on each switch to be used as the coupling port and then link them together, for example, port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D. Then, enable Coupling Ring option by checking the checkbox on the management page and select the coupling ring in correspondence to the connected port. For more information on port setting, refer to Section 4.1.2, Configuration. Once the setting is completed, one of the connections will act as the main path while the other will act as the backup path.

graph TD
    A["Switch A"] -->|B-Ring| B["Main Path"]
    B -->|B-Ring| C["Switch C"]
    C -->|B-Ring| D["Switch D"]
    D -->|B-Ring| E["Switch B"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#cff,stroke:#333

Figure 3-11. Coupling ring.

Dual Homing

If you want to connect your ring topology to a RSTP network environment, you can use dual homing. Choose two switches (Switch A & B) from the ring for connecting to the switches in the RSTP network (Ciscos switches). The connection of one of the switches (Switch A or B) will act as the primary path, while the other will act as the backup path that is activated when the primary path connection fails.

graph TD
    A["Switch A"] -->|Main Path| B["Switch B"]
    B -->|Backup Path| C["Control Center RSTP"]
    C -->|Main Path| B
    B -->|B-Ring| D["Output Interface"]
    style A fill:#f9f,stroke:#333
    style C fill:#ccf,stroke:#333
    style B fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333

Figure 3-12. Dual homing.

B-Chain

When connecting multiple B-Rings to meet your expansion demand, you can create an B-Chain topology through the following steps.

1. Select two switches from the chain (Switch A & B) that you want to connect to the B-Ring and connect them to the switches in the ring (Switch C & D).

2. In correspondence to the port connected to the ring, configure an edge port for both of the connected switches in the chain by checking the box in the management page (see Section 4.1.2, Configuration).

3. Once the setting is completed, one of the connections will act as the main path, and the other as the backup path.

graph TD
    SwitchA["Switch A"] --> EdgePort1["Edge port"]
    SwitchB["Switch B"] --> EdgePort2["Edge port"]
    SwitchC["Switch C"] --> EdgePort3["Edge port"]
    SwitchD["Switch D"] --> EdgePort4["Edge port"]
    BRing["B-Ring"] --> EdgePort1
    BRing --> EdgePort2
    BRing --> EdgePort3
    BRing --> EdgePort4

Figure 3-13. B-Chain.

4. Redundancy

Redundancy for minimized system downtime is one of the most important concerns for industrial networking devices. Hence, B-Ring has developed proprietary redundancy technologies including B-Ring, O-RSTP, and Open-Ring featuring faster recovery time than existing redundancy technologies widely used in commercial applications, such as STP, RSTP, and MSTP. B-Ring's proprietary redundancy technologies not only support different networking topologies, but also assure the reliability of the network.

4.1 B-Ring

4.1.1 Introduction

B-Ring is a proprietary redundant ring technology, with recovery time of less than 10 milliseconds and up to 250 nodes. The ring protocols identify one switch as the master of the network, and then automatically block packets from traveling through any of the network's redundant loops. If one branch of the ring gets disconnected from the rest of the network, the protocol automatically readjusts the ring so that the part of the network that was disconnected can reestablish contact with the rest of the network. The B-Ring redundant ring technology can protect mission-critical applications from network interruptions or temporary malfunction with its fast recover technology.

4.1.2 Configurations

B-Ring supports three ring topologies: Ring Master, Coupling Ring, and Dual Homing. You can configure the settings in the interface below.

NOTE: Do not set one switch as ring master and coupling ring at the same time, because this could cause heavy loading.

4.2 B-Chain

4.2.1 Introduction

B-Chain is Black Box's revolutionary network redundancy technology which enhances network redundancy for any backbone networks, providing ease-of-use and maximum fault-recovery swiftness, flexibility, compatibility, and cost-effectiveness in a set of network redundancy topologies. The self-healing Ethernet technology designed for distributed and complex industrial networks enables the network to recover in less than 10 ms for up to 250 switches if at any time a segment of the chain fails.

B-Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the most robust network topologies. It can create multiple redundant networks beyond the limitations of current redundant ring technologies.

4.2.2 Configurations

B-Chain is very easy to configure and manage. Only one edge port of the edge switch needs to be defined. Other switches beside them just need to have B-Chain enabled.

4.3 MRP

4.3.1 Introduction

MRP (Media Redundancy Protocol) is an industry standard for high-availability Ethernet networks. MRP allowing Ethernet switches in ring configuration to recover from failure rapidly to ensure seamless data transmission. A MRP ring (IEC 62439) can support up to 50 devices and will enable a back-up link in 80ms (adjustable to max. 200ms/500ms).

4.3.2 Configurations

Figure 4-1. MRP screen.

4.4 STP/RSTP/MSTP

4.4.1 STP/RSTP

STP (Spanning Tree Protocol), and its advanced versions RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple Spanning Tree Protocol), are designed to prevent network loops and provide network redundancy. Network loops occur frequently in large networks as when two or more paths run to the same destination, broadcast packets may get in to an infinite loop and hence causing congestion in the network. STP can identify the best path to the destination, and block all other paths. The blocked links will stay connected but inactive. When the best path fails, the blocked links will be activated. Compared to STP which recovers a link in 30 to 50 seconds, RSTP can shorten the time to 5 to 6 seconds.

STP Bridge Status

This page shows the status for all STP bridge instances.

Figure 4-2. STP bridge screen.

STP Port Status

This page displays the STP port status for the currently selected switch.

Figure 4-3. STP Port Status screen.

STP Statistics

This page displays the STP port statistics for the currently selected switch.

Figure 4-4. STP statistics screen.

STP Bridge Configurations

Figure 4-5. STP Bridge Configuration screen.

4.4.2 MSTP

Since the recovery time of STP and RSTP takes seconds, which are unacceptable in some industrial applications, MSTP was developed. The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning-tree instances, known as MSTIs, to form individual MST regions. Each switch is assigned to an MST region. Hence, each MST region consists of one or more MSTP switches with the same VLANs, at least one MST instance, and the same MST region name. Therefore, switches can use different paths in the network to effectively balance loads.

Port Settings

This page allows you to examine and change the configurations of current MSTI ports. A MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured and applicable for the port. The MSTI instance must be selected before MSTI port configuration options are displayed.

This page contains MSTI port settings for physical and aggregated ports. The aggregation settings are stack global.

Figure 4-6. MSTI Port Configuration screens.

Mapping

This page allows you to examine and change the configurations of current STP MSTI bridge instance.

Figure 4-7. MSTI Configuration screen.

Priority

This page allows you to examine and change the configurations of current STP MSTI bridge instance priority.

Figure 4-8. MSTI configuration screen.

4.4.3 CIST

With the ability to cross regional boundaries, CIST is used by MSTP to communicate with other MSTP regions and with any RSTP and STP single-instance spanning trees in the network. Any boundary port, that is, if it is connected to another region, will automatically belongs solely to CIST, even if it is assigned to an MSTI. All VLANs that are not members of particular MSTIs are members of the CIST.

Port Settings

Figure 4-9. Port settings screen.

4.5 Fast Recovery

Fast recovery mode can be set to connect multiple ports to one or more switches. IGPS-9084GP with fast recovery mode will provide redundant links. Fast recovery mode supports 12 priorities. Only the first priority will be the active port, and the other ports with different priorities will be backup ports.

Fast Recovery Mode

Figure 4-10. Fast Recovery screen.

5. Management

The switch can be controlled via a built-in Web server that supports Internet Explorer (Internet Explorer 5.0 or above versions) and other Web browsers such as Chrome. Therefore, you can manage and configure the switch easily and remotely. You can also upgrade firmware via a Web browser. The Web management function not only reduces network bandwidth consumption, but also enhances access speed and provides a user-friendly viewing screen.

NOTE: By default, IE5.0 or later version do not allow Java applets to open sockets. You need to modify the browser setting separately in order to enable Java applets for network ports.

Preparing for Web Management

You can access the management page of the switch via the following default values:

IP Address: 192.168.10.1

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.10.254

User Name: admin

Password: admin

System Login

1. Launch Internet Explorer.

2. Type http:// and the IP address of the switch. Press Enter.

Figure 5-1. System login.

1. A login screen appears.

2. Type in the username and password. The default username and password is admin.

3. Click Enter or OK button, the management Web page appears.

Figure 5-2. Login screen.

After logging in, you can see the information of the switch as shown in the next screen.

Figure 5-3. System information.

On the right-hand side of the management interface shows links to various settings. You can click on the links to access the configuration pages of different functions.

5.1 Basic Settings

Basic Settings allow you to configure the basic functions of the switch.

5.1.1 System Information

This page shows the general information of the switch.

Figure 5-4. System information configuration.

5.1.2 Admin & Password

This page allows you to configure the system password required to access the web pages or log in from CLI.

Figure 5-5. System Password screen.

5.1.3 Authentication

This page allows you to configure how a user is authenticated when he/she logs into the switch via one of the management interfaces.

Authentication Method Configuration

Figure 5-6. Authentication Method Configuration screen.

5.1.4 IP Settings

You can configure IP information of the switch in this page.

Figure 5-7. IP Configuration screen.

5.1.5 IPv6 Settings

You can configure IPv6 information of the switch on the following page.

Figure 5-8. IPv6 Configuration screen.

5.1.6 HTTPS

You can configure the HTTPS mode in the following page.

Figure 5-9. HTTPS Configuration screen.

5.1.7 SSH

You can configure the SSH mode in the following page.

Figure 5-10. SSH Configuration screen.

5.1.8 LLDP

LLDP Configurations

This page allows you to examine and configure current LLDP port settings.

Figure 5-11. LLDP Configurations.

LLDP Neighbor Information

This page provides a status overview for all LLDP neighbors. The following table contains information for each port on which an LLDP neighbor is detected. The columns include the following information:

Figure 5-12. LLDP Neighbor Information screen.

Port Statistics

This page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters will apply settings to the whole switch stack, while local counters will apply settings to specified switches.

LLDP Statistics

Figure 5-13. Port Statistics screen.

Global Counters

5.1.9 Modbus TCP

This page shows Modbus TCP support of the switch. (For more information regarding Modbus, please visit http://www.modbus.org/)

Figure 5-14. Modbus configuration screen.

5.1.10 Backup/Restore Configurations

You can save/view or load switch configurations. The configuration file is in XML format.

Figure 5-15.

5.1.11 Firmware Update

This page allows you to update the firmware of the switch.

Figure 5-16. Firmware Update screen.

5.2 DHCP Server

The switch provides DHCP server functions. By enabling DHCP, the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients.

5.2.1 Basic Settings

This page allows you to set up DHCP settings for the switch. You can check the Enabled checkbox to activate the function. Once the box is checked, you will be able to input information in each column.

Figure 5-17. DHCP Server Configuration screen.

5.2.2 Dynamic Client List

When DHCP server functions are activated, the switch will collect DHCP client information and display in the following table.

Figure 5-18. DHCP Dynamic Client List.

5.2.3 Client List

You can assign a specific IP address within the dynamic IP range to a specific port. When a device is connected to the port and requests for dynamic IP assigning, the switch will assign the IP address that has previously been assigned to the connected device.

Figure 5-19. DHCP Client Lists screen.

5.2.4 Relay Agent

DHCP relay is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. You can configure the function in this page.

Figure 5-20. DHCP Relay Configuration screen.

The relay statistics show the information of relayed packets of the switch.

Figure 5-21. DHCP Relay Statistics.

Figure 5-22. Client Statistics screen.

5.3 Port Setting

Port Setting allows you to manage individual ports of the switch, including traffic, power, and trunks.

5.3.1 Port Control

This page shows current port configurations. Ports can also be configured here.

Figure 5-23. Port Configuration screen.

5.3.2 Port Trunk

This page allows you to configure the aggregation hash mode and the aggregation group.

Aggregation Mode Configuration

Figure 5-24. Aggregation Mode Configuration screen.

Aggregation Group Configuration

Figure 5-25. Aggregation Group Configuration screen.

5.3.3 LACP

This page allows you to enable LACP functions to group ports together to form single virtual links, thereby increasing the bandwidth between the switch and other LACP-compatible devices. LACP trunks are similar to static port trunks, but they are more flexible because LACP is compliant with the IEEE 802.3ad standard. Hence, it is interoperable with equipment from other vendors that also comply with the standard. You can change LACP port settings in this page.

LACP Port Configuration

Figure 5-26. LACP Port Configuration screen.

LACP System Status

This page provides a status overview for all LACP instances.

Figure 5-27. LACP System Status screen.

LACP Status

This page provides an overview of the LACP status for all ports.

Figure 5-28. LACP Status screen.

LACP Statistics

This page provides an overview of the LACP statistics for all ports.

Figure 5-29. LACP Statistics screen.

5.3.4 Loop Gourd

This feature prevents loop attack. When receiving loop packets, the port will be disabled automatically, preventing the loop attack from affecting other network devices.

Figure 5-30. Loop Gourd screen.

Figure 5-31. Port Configuration screen.

5.4 VLAN

5.4.1 VLAN Membership

You can view and change VLAN membership configurations for a selected switch stack in this page. Up to 64 VLANs are supported. This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN.

Figure 5-32. VLAN Membership Configuration screen.

5.4.2 Port Configurations

This page allows you to set up VLAN ports individually.

Figure 5-33. VLAN Port Configuration screen.

Introduction of Port Types

Below is a detailed description of each port type, including Unaware, C-port, S-port, and S-custom-port.

Examples of VLAN Settings

Switch A,

Port 7 is VLAN Access mode = Untagged 20

Port 8 is VLAN Access mode = Untagged 10

Below are the switch settings.

Figure 5-34.

Figure 5-35.

VLAN 1Q Trunk Mode:

Switch B,

Port 1 = VLAN 1Qtrunk mode = tagged 10, 20

Port 2 = VLAN 1Qtrunk mode = tagged 10, 20

Below are the switch settings.

Figure 5-36.

Figure 5-37.

VLAN Hybrid Mode:

Port 1 VLAN Hybrid mode = untagged 10

Tagged 10, 20

Below are the switch settings.

Figure 5-38.

Figure 5-39.

VLAN QinQ Mode:

VLAN QinQ mode is usually adopted when there are unknown VLANs, as shown in the figure below.

VLAN "X" = Unknown VLAN

graph LR
    A["VLAN "X""] --> B["P1"]
    B --> C["P2"]
    C --> D["VLAN TRUNK 200"]
    D --> E[" "]
    E --> F["VLAN TRUNK 200"]
    F --> G["P1"]
    G --> H["VLAN "X""]
    I["tagged X + tagged"] --> B
    J["tagged 200"] --> C
    K["tagged X Packet"] --> B
    L["Setting VLAN QinQ 200"] --> G

Figure 5-40. VLAN QinQ mode.

Port 1 VLAN Settings:

Figure 5-41. VLAN Settings screen.

Figure 5-42. VLAN settings screen.

VLAN ID Settings

When setting the management VLAN, only the same VLAN ID port can be used to control the switch.

VLAN Settings:

Figure 5-43.

5.4.3 Private VLAN

The private VLAN membership configuration for the switch can be monitored and modified here. Private VLANs can be added or deleted here. Port members of each private VLAN can be added or removed here. Private VLANs are based on the source port mask, and there are no connections to VLANs. This means that VLAN IDs and private VLAN IDs can be identical.

A port must be a member of both a VLAN and a private VLAN to be able to forward packets. By default, all ports are VLAN unaware and members of VLAN 1 and private VLAN 1.

A VLAN-unaware port can only be a member of one VLAN, but it can be a member of multiple private VLANs.

Figure 5-44. Private VLAN Membership Configuration screen.

Figure 5-45. Port Isolation Configuration screen.

5.5 SNMP

5.5.1 SNMP System Configurations

Figure 5-46. SNMP system configuration screen.

SNMP Trap Configuration

Figure 5-47. SNMP Trap Configuration screen.

5.5.2 SNMP Community Configurations

This page allows you to configure SNMPv3 community table. The entry index key is Community.

Figure 5-48. SNMPv3 Communities Configuration screen.

5.5.3 SNMP User Configurations

This page allows you to configure SNMPv3 user table. The entry index keys are Engine ID and User Name.

Figure 5-49. SNMP Users Configuration screen.

5.5.4 SNMP Groups Configuration

This page allows you to configure SNMPv3 group table. The entry index keys are Security Model and Security Name.

SNMPv3 Groups Configuration

Figure 5-50. SNMPv3 Groups Configuration screen.

5.5.5 SNMP View Configurations

This page allows you to configure SNMPv3 view table. The entry index keys are View Name and OID Subtree.

Figure 5-51. SNMPv3 Views Configuration screen.

5.5.6 SNMP Access Configurations

This page allows you to configure SNMPv3 access table. The entry index keys are Group Name, Security Model, and Security Level.

SNMPv3 Accesses Configuration

Figure 5-52. SNMPv3 Access Configuration screen.

5.6 Traffic Prioritization

5.6.1 Storm Control

There is a unicast storm rate control, multicast storm rate control, and a broadcast storm rate control. These only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present on the MAC Address table.

The rate is 2^n, where n is equal to or less than 15, or "No Limit". The unit of the rate can be either pps (packets per second) or kpps (kilopackets per second). The configuration indicates the permitted packet rate for unicast, multicast, or broadcast traffic across the switch.

NOTE: Frames sent to the CPU of the switch are always limited to approximately 4 kpps. For example, broadcasts in the management VLAN are limited to this rate. The management VLAN is configured on the IP setup page.

Figure 5-53. Storm Control Configuration screen.

5.6.2 Port Classification

QoS is an acronym for Quality of Service. It is a method to achieve efficient bandwidth utilization between individual applications or protocols.

Figure 5-54. QoS Ingres Port Classification screen.

5.6.3 Port Tag Remaking

This page provides an overview of QoS Egress Port Tag Remarking for all switch ports.

Figure 5-55. QoS Egress Port Tag Remarking.

5.6.4 Port DSCP

This page allows you to configure basic QoS Port DSCP settings for all switch ports.

QoS Port DSCP Configuration

Figure 5-56. QoS Egress Port DSCP Configuration screen.

5.6.5 Port Policing

This page allows you to configure Policer settings for all switch ports.

QoS Ingress Port Policers

Figure 5-57. QoS Ingress Port Policers screen.

5.6.6 Queue Policing

This page allows you to configure Queue Policer settings for all switch ports.

Figure 5-58. QoS Ingress Queue Policers screen.

5.6.7 QoS Egress Port Scheduler and Shapers

This page allows you to configure Scheduler and Shapers for a specific port.

Strict Priority

graph TD
    A["Queue Shaper"] --> B["Enable Rate Unit Excess"]
    C["Port Shaper"] --> D["Enable Rate Unit"]
    B --> E["500 kbps"]
    D --> F["500 kbps"]
    E --> G["STRICT"]
    F --> G
    G --> H["500 kbps"]

Figure 5-59. Strict Priority screen.

Weighted

graph TD
    A["Scheduler Mode Weighted"] --> B["Queue Shaper"]
    B --> C["Enable Rate Unit Excess"]
    B --> D["Queue Scheduler Weight Percent"]
    D --> E["DWRR"]
    E --> F["STRICT"]
    F --> G["S 500 kbps"]
    style A fill:#f9f,stroke:#333
    style G fill:#bbf,stroke:#333

Figure 5-60. QoS Egress Port Scheduler and Shapers Port 1.

5.6.8 Port Scheduled

This page provides an overview of QoS Egress Port Schedulers for all switch ports.

QoS Egress Port Schedulers

Figure 5-61. QoS Egress Port Schedulers screen.

5.6.9 Port Shaping

This page provides an overview of QoS Egress Port Shapers for all switch ports.

QoS Egress Port Shapers

Figure 5-62. QoS Egress Port Shapers screen.

5.6.10 DSCP Based QoS

This page allows you to configure basic QoS DSCP-based QoS Ingress Classification settings for all switches.

Figure 5-63. DSCP-Based QoS Ingress Classification screen.

5.6.11 DSCP Translation

This page allows you to configure basic QoS DSCP translation settings for all switches. DSCP translation can be done in Ingress or Egress.

Figure 5-64. DSCP Translation screen.

5.6.12 DSCP Classification

This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value.

Figure 5-65. DSCP Classification screen.

5.6.13 QoS Control List

This page allows you to edit or insert a single QoS control entry at a time. A QCE consists of several parameters. These parameters vary with the frame type you select.

Figure 5-66. QCE Configuration screen.

5.6.14 QoS Counters

This page provides the statistics of individual queues for all switch ports.

Figure 5-67. Queuing Counters screen.

5.6.15 QCL Status

This page shows the QCL status by different QCL users. Each row describes the QCE that is defined. It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations. The maximum number of QCEs is 256 on each switch.

Figure 5-68. QoS Control List Status screen.

5.7 Multicast

5.7.1 IGMP Snooping

This page provides IGMP Snooping related configurations.

Figure 5-69. IGMP Snooping Configuration screen.

5.7.2 VLAN Configurations of IGMP Snooping

Each page shows up to 99 entries from the VLAN table, with a default value of 20, selected by the Entries Per Page input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.

The VLAN input field allows the user to select the starting point in the VLAN Table. Clicking the Refresh button will update the displayed table starting from that or the next closest VLAN Table match.

The >> will use the last entry of the currently displayed entry as a basis for the next lookup. When the end is reached, the text No more entries is shown in the displayed table. Use the |<< button to start over.

Figure 5-70. IGMP Snooping VLAN Configuration screen.

5.7.3 IGMP Snooping Status

This page provides IGMP snooping status.

Figure 5-71. IGMP Snooping Status screen.

5.7.4 Groups Information of IGMP Snooping

Entries in the IGMP Group Table are shown on this page. The IGMP Group Table is sorted first by VLAN ID, and then by group.

Figure 5-72. IGMP Snooping Group Information screen.

5.8 Security

5.8.1 Remote Control Security Configurations

Remote Control Security allows you to limit the remote access to the management interface. When enabled, requests of the client which is not in the allow list will be rejected.

Figure 5-73. Remote Control Security Configuration screen.

5.8.2 Device Binding

This page provides device binding configurations. Device binding is a powerful way to monitor devices and network security.

Figure 5-74. Device Binding screen.

Advanced Configurations

Alias IP Address

This page provides Alias IP Address configuration. Some devices might have more than one IP addresses. You could specify the other IP address here.

Alias IP Address

Figure 5-75. Alias IP Address screen.

Alive Check

You can use ping commands to check port link status. If port link fails, you can set actions from the drop-down list.

Figure 5-76. Alive Check screen.

DDoS Prevention

This page provides DDOS Prevention configurations. The switch can monitor ingress packets, and perform actions when DDOS attack occurred on this port. You can configure the setting to achieve maximum protection.

DDOS Prevention

Figure 5-77. DDOS Prevention screen.

Device Description

This page allows you to configure device description settings.

Figure 5-78. Device Description screen.

Stream Check

This page allows you to configure stream check settings.

Figure 5-79. Stream Check screen.

5.8.3 ACL Ports

This page allows you to configure the ACL parameters (ACE) of each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE.

Figure 5-80. ACL Ports Configuration screen.

Rate Limiters

This page allows you to configure the rate limiter for the ACL of the switch.

Figure 5-81. ACL Rate Limiter Configuration screen.

ACL Control List

This page allows you to configure ACE (Access Control Entry).

An ACE consists of several parameters. These parameters vary with the frame type you have selected. First select the ingress port for the ACE, and then the frame type. Different parameter options are displayed according to the frame type you have selected.

A frame matching the ACE can be configured here.

Figure 5-82. ACE Configuration screen.

MAC Parameters

Figure 5-83. MAC Parameters screen.

VLAN Parameters

Figure 5-84. VLAN Parameters screen.

IP Parameters

Figure 5-85. IP Parameters screen.

Chapter 5: Management

ARP Parameters

Figure 5-86. ARP Parameters screen.

ICMP Parameters

Figure 5-87. ICMP Parameters screen.

TCP Parameters

UDP Parameters

Figure 5-88. TCP Parameters and UDP Parameters screens.

5.8.4 AAA

Common Server Configurations

This page allows you to configure authentication servers.

Authentication Server Configuration

Common Server Configuration

Figure 5-89. Authentication Server Configuration screen.

5.8.5 RADIUS

Authentication and Accounting Server Configurations

The table has one row for each RADIUS authentication server and a number of columns, which are:

RADIUS Authentication Server Configuration

Figure 5-90. RADIUS Authentication and Accounting Server Configurations screen.

RADIUS Accounting Server Configuration

Figure 5-91. RADIUS Accounting Server Configuration screen.

Authentication and Accounting Server Status Overview

This page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page.

RADIUS Authentication Server Status Overview

Figure 5-92. RADIUS Authentication Server Status Overview screen.

RADIUS Accounting Server Status Overview

Figure 5-93. RADIUS Accounting Server Status Overview screen.

Authentication and Accounting Server Statistics

The statistics map closely to those specified in RFC4668 - RADIUS Authentication Client MIB.

Use the server drop-down list to switch between the backend servers to show related details.

RADIUS Authentication Statistics for Server #1

Figure 5-94. RADIUS Authentication Statistics for Server #1 screen.

Table 5-78 (continued). RADIUS Authentication Statistics for Server #1 screen options.
Label Description
Other Info This section contains information about the state of the server and the latest round-trip time.

RADIUS Accounting Statistics for Server #1

Figure 5-95. RADIUS Accounting Statistics for Server #1 screen.

Table 5-79 (continued). RADIUS Accounting Statistics for Server #1 screen options.

5.8.6 NAS (802.1x)

This page allows you to configure the IEEE 802.1X and MAC-based authentication system and port settings.

The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. One or more central servers (the backend servers) determine whether the user is allowed access to the network. These backend (RADIUS) servers are configured on the authentication configuration page.

MAC-based authentication allows for authentication of more than one user on the same port, and does not require the users to have special 802.1X software installed on their system. The switch uses the users' MAC addresses to authenticate against the backend server. As intruders can create counterfeit MAC addresses, MAC-based authentication is less secure than 802.1X authentication.

Overview of 802.1X (Port-Based) Authentication

In an 802.1X network environment, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the authentication server. The switch acts as the man-in-the-middle, forwarding requests and responses between the supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over LANs) frames which encapsulate EAP PDUs (RFC3748). Frames sent between the switch and the RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch's IP address, name, and the supplicant's port number on the switch. EAP is very flexible as it allows for different authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is that the authenticator (the switch) does not need to know which authentication method the supplicant and the authentication server are using, or how many information exchange frames are needed for a particular method. The switch simply encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication. Besides forwarding the result to the supplicant, the switch uses it to open up or block traffic on the switch port connected to the supplicant.

NOTE: In an environment where two backend servers are enabled, the server timeout is configured to X seconds (using the authentication configuration page), and the first server in the list is currently down (but not considered dead), if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds, it will never be authenticated because the switch will cancel on-going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant. Since the server has not failed (because the X seconds have not expired), the same server will be contacted when the next backend authentication server requests from the switch. This scenario will loop forever. Therefore, the server timeout should be smaller than the supplicant's EAPOL Start frame retransmission rate.

Overview of MAC-Based Authentication

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-practices method adopted by the industry. In MAC-based authentication, users are called clients, and the switch acts as the supplicant on behalf of clients. The initial frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses the client's MAC address as both username and password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is converted to a string in the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between the lower-cased hexadecimal digits. The switch only supports the MD5-Challenge authentication method, so the RADIUS server must be configured accordingly.

When authentication is complete, the RADIUS server sends a success or failure indication, which in turn causes the switch to open up or block traffic for that particular client, using static entries into the MAC Table. Only then will frames from the client be forwarded on the switch. There are no EAPOL frames involved in this authentication, and therefore, MAC-based authentication has nothing to do with the 802.1X standard.

The advantage of MAC-based authentication over 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients do not need special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users, equipment whose MAC address is a valid RADIUS user can be used by anyone, and only the MD5-Challenge method is supported.

802.1X and MAC-Based authentication configurations consist of two sections: system- and port-wide.

Figure 5-96. Network Access Server Configuration screen.

NAS Status

This page provides an overview of the current NAS port states.

Figure 5-97. Network Access Server Switch Status screen.

This page provides detailed IEEE 802.1X statistics for a specific switch port using port-based authentication. For MAC-based ports, only selected backend server (RADIUS Authentication Server) statistics is showed. Use the port drop-down list to select which port details to be displayed.

Figure 5-98. NAS Statistics Port 2 screen.

Table 5-82. NAS Statistics Port 2 screen options.
Label Description
Admin State	The port's current administrative state. Refer to NAS Admin State for more details regarding each value.
Port State	The current state of the port. Refer to NAS Port State for more details regarding each value.
EAPOL Counters	These supplicant frame counters are available for the following administrative states:Force AuthorizedForce Unauthorized802.1X
Table 5-82 (continued). NAS Statistics Port 2 screen options.
Label Description
Backend Server Counters	These backend (RADIUS) frame counters are available for the following administrative states:802.1XMAC-based Auth.
Last Supplicant/Client Info	Information about the last supplicant/client that attempts to authenticate. This information is available for the following administrative states:802.1XMAC-based Auth.

5.9 Alerts

5.9.1 Fault Alarm

When any selected fault event happens, the Fault LED on the switch panel will light up and the electric relay will signal at the same time.

Figure 5-99. Port Link Down/Broken and Fault Alarm screens.

5.9.2 System Warning

SYSLOG Setting

The SYSLOG is a protocol that transmits event notifications across networks. For more details, please refer to RFC 3164 - The BSD SYSLOG Protocol.

Figure 5-100. System Log Configuration screen.

SMTP Setting

SMTP (Simple Mail Transfer Protocol) is a protocol for transmitting e-mails across the Internet. For more information, refer to RFC 821—Simple Mail Transfer Protocol.

Figure 5-101. SMTP Setting screen.

Event Selection

SYSLOG and SMTP are two warning methods supported by the system. Check the corresponding box to enable the system event warning method you want. Please note that the checkbox cannot be checked when SYSLOG or SMTP is disabled.

System Warning - Event Selection

Figure 5-102. System Warning—Event Selection screen.

5.10 Monitor and Diag

5.10.1 MAC Table

The MAC address table can be configured on this page. You can set timeouts for entries in the dynamic MAC table and configure the static MAC table here.

Figure 5-103. MAC Address Table Configuration and Static Mac Table Configuration screens.

Aging Configuration

By default, dynamic entries are removed from the MAC after 300 seconds. This removal is called aging. You can configure aging time by entering a value in the box of Age Time. The allowed range is 10 to 1000000 seconds. You can also disable the automatic aging of dynamic entries by checking Disable Automatic Aging.

MAC Table Learning

If the learning mode for a given port is grayed out, it means another module is in control of the mode, and thus the user cannot change the configurations. An example of such a module is MAC-Based authentication under 802.1X.

You can configure the port to dynamically learn the MAC address based upon the following settings:

Figure 5-104. MAC Table Learning screen.

Static MAC Table Configurations

The static entries in the MAC table are shown in this table. The static MAC table can contain up to 64 entries. The entries are for the whole stack, not for individual switches. The MAC table is sorted first by VLAN ID and then by MAC address.

Figure 5-105. Static MAC Table Configuration screen.

MAC Table

Each page shows up to 999 entries from the MAC table, with a default value of 20, selected by the Entries Per Page input field. When first visited, the web page will show the first 20 entries from the beginning of the MAC Table. The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table.

Each page shows up to 999 entries from the MAC table, with a default value of 20, selected by the Entries Per Page input field. When first visited, the web page will show the first 20 entries from the beginning of the MAC Table. The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table.

The Start from MAC address and VLAN fields allow the user to select the starting point in the MAC table. Clicking the Refresh button will update the displayed table starting from that or the closest next MAC table match. In addition, the two input fields will—upon clicking Refresh—assume the value of the first displayed entry, allows for continuous refresh with the same start address.

The >> will use the last entry of the currently displayed VLAN/MAC address pairs as a basis for the next lookup. When it reaches the end, the text "no more entries" is shown in the displayed table. Use the |<< button to start over.

Figure 5-106. MAC Address Table screen.

5.10.2 Port Statistics

Traffic Overview

This page provides an overview of general traffic statistics for all switch ports.

Figure 5-107. Port Statistics Overview screen.

Detailed Statistics

This page provides detailed traffic statistics for a specific switch port. Use the port drop-down list to decide the details of which switch port to be displayed.

The displayed counters include the total number for receive and transmit, the size for receive and transmit, and the errors for receive and transmit.

Detailed Statistics—Total Receive & Transmit

Figure 5-108. Detailed Port Statistics Port 1 screen.

1. Short frames are frames smaller than 64 bytes.

2. Long frames are frames longer than the maximum frame length configured for this port.

5.10.3 Port Mirroring

You can configure port mirroring on this page.

To solve network problems, selected traffic can be copied, or mirrored, to a mirror port where a frame analyzer can be attached to analyze the frame flow.

The traffic to be copied to the mirror port is selected as follows:

All frames received on a given port (also known as ingress or source mirroring).

All frames transmitted on a given port (also known as egress or destination mirroring).

Port to mirror is also known as the mirror port. Frames from ports that have either source (rx) or destination (tx) mirroring enabled are mirrored to this port. Disabled option disables mirroring.

Figure 5-109. Mlrror Configuration screen.

5.10.4 System Log Information

This page provides switch system log information.

Figure 5-110. System Log Information screen.

5.10.5 Cable Diagnostics

This page allows you to perform VeriPHY cable diagnostics.

Figure 5-111. VeriPHY Cable Diagnostics screen.
Press Start to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table. Note that VeriPHY diagnostics is only accurate for cables 7–140 meters long.

10 and 100 Mbps ports will be disconnected while running VeriPHY diagnostics. Therefore, running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete.

5.10.6 SFP Monitor

SFP modules with DDM (Digital Diagnostic Monitoring) function can measure the temperature of the apparatus, helping you monitor the status of connection and detect errors immediately. You can manage and set up event alarms through DDM Web interface.

Figure 5-112. SFP Monitor screen.

5.10.7 Ping

This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues.

Figure 5-113. ICMP Ping screen.

After you press Start, five ICMP packets will be transmitted, and the sequence number and roundtrip time will be displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs.

PING6 ser ver ::10.10.132.20

64 bytes from ::10.10.132.20: icmp_seq=0, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=1, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=2, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=3, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=4, time=0ms

Sent 5 packets, received 5 OK, 0 bad

You can configure the following properties of the issued ICMP packets:

IPv6 Ping

Figure 5-114. IPv6 Ping screen.

PING6 ser ver ::192.168.10.1

sendto

sendto

sendto

sendto

sendto

Sent 5 packets, received 0 OK, 0 bad

5.11 Synchronization

MAC-based Authentication

This page allows you to configure and examine current PTP clock settings.

PTP External Clock Mode

PTP External Clock Mode

Figure 5-115. PTP External Clock Mode screen.

PTP Clock Configurations

PTP Clock Configuration

Figure 5-116. PTP Clock Configuration screen.

5.12 Troubleshooting

5.12.1 Factory Defaults

You can reset the configuration of the stack switch on this page. Only the IP configuration is retained.

Factory Defaults

Are you sure you want to reset the configuration to Factory Defaults?

Figure 5-117. Factory default prompt screen.

5.12.2 System Reboot

You can reset the stack switch on this page. After reset, the system will boot normally as if you have powered on the devices.

Warm Reset

Are you sure you want to perform a Warm Restart?

Figure 5-118. Warm Reset screen.

5.13 Command Line Interface Management

Besides Web-based management, the switch also supports CLI management. You can use console or telnet to manage the switch by CLI.

CLI Management by RS-232 Serial Console (115200, 8, none, 1, none)

Before configuring RS-232 serial console, connect the RS-232 port of the switch to your PC Com port using a RJ45 to DB9-F cable.

Follow the steps below to access the console via RS-232 serial cable.

Step 1: On Windows desktop, click on Start -> Programs -> Accessories -> Communications -> HyperTerminal.

Figure 5-119. HyperTerminal screen.

Step 2: Input a name for the new connection.

Figure 5-120. Connection Description screen.

Step 3: Select a COM port in the drop-down list.

Figure 5-121. COM port screen.

Step 4: A pop-up window that indicates COM port properties appears, including bits per second, data bits, parity, stop bits, and flow control.

Figure 5-122. COM Properties screen.

Step 5: The console login screen will appear. Use the keyboard to enter the Username and Password (same as the password for Web browsers), then press Enter.

Figure 5-123. CLI screen.

CLI Management by Telnet

You can can use TELNETto configure the switch. The default values are:

IP Address: 192.168.10.1

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.10.254

User Name: admin

Password: admin

Follow the steps below to access the console via Telnet.

Step 1: Telnet to the IP address of the switch from the Run window by inputting commands (or from the MS-DOS prompt) as below.

Figure 5-124. Run screen.

Step 2: The Login screen will appear. Use the keyboard to enter the Username and Password (same as the password for Web browser), and then press Enter.

Figure 5-125. Telnet screen.

Commander Groups

Command Groups:
System : System settings and reset options
IP : IP configuration and Ping
Port : Port management
MAC : MAC address table
ULAN : Virtual LAN
PULAN : Private VLAN
Security : Security management
STP : Spanning Tree Protocol
Aggr : Link Aggregation
LACP : Link Aggregation Control Protocol
LLDP : Link Layer Discovery Protocol
PoE : Power Over Ethernet
QoS : Quality of Service
Mirror : Port mirroring
Config : Load/Save of configuration via TFTP
Firmware : Download of firmware via TFTP
PTP : IEEE1588 Precision Time Protocol
Loop Protect : Loop Protection
IPMC : MLD/IGMP Snooping
Fault : Fault Alarm Configuration
Event : Event Selection
DHCPServer : DHCP Server Configuration
Ring : Ring Configuration
Chain : Chain Configuration
RCS : Remote Control Security
Fastrecovery : Fast-Recovery Configuration
SFP : SFP Monitor Configuration
DeviceBinding : Device Binding Configuration
MRP : MRP Configuration
Modbus : Modebus TCP Configuration 

Figure 5-126. Command Groups screen.

System
System>
Configuration [all] [<port_list>]
Reboot
Restore Default [keep_ip]
Contact [<contact>]
Name [<name>]
Location [<location>]
Description [<description>]
Password <password>
Username [<username>]
Timezone [<offset>]
Log [<log_id>] [all|info|warning|error] [clear] 

IP

IP> Configuration
DHCP [enable|disable]
Setup [<ip_addr>] [<ip_mask>] [<ip_router>] [<vid>]
Ping <ip_addr_string> [<ping_length>]
SNTP [<ip_addr_string>] 

Port

port> Configuration [<port_list>] [up|down]
Mode [<port_list>] [auto|10hdx|10fdx|100hdx|100fdx|1000fdx|sfp_auto_ams]
Flow Control [<port_list>] [enable|disable]
State [<port_list>] [enable|disable]
MaxFrame [<port_list>] [<max_frame>]
Power [<port_list>] [enable|disable|actiphy|dynamic]
Excessive [<port_list>] [discard|restart]
Statistics [<port_list>] [<command>] [up|down]
VeriPHY [<port_list>]
SFP [<port_list>] 

MAC

MAC> Configuration [<port_list>]
Add <mac_addr> <port_list> [<vid>]
Delete <mac_addr> [<vid>]
Lookup <mac_addr> [<vid>]
Agetime [<age_time>]
Learning [<port_list>] [auto|disable|secure]
Dump [<mac_max>] [<mac_addr>] [<vid>]
Statistics [<port_list>]
Flush 

VLAN

VLAN> Configuration [<port_list>]
PVID [<port_list>] [<vid>|none]
FrameType [<port_list>] [all|tagged|untagged]
IngressFilter [<port_list>] [enable|disable]
tx_tag [<port_list>] [untag_pvid|untag_all|tag_all]
PortType [<port_list>] [unaware|c-port|s-port|s-custom-port]
EtypeCustomSport [<etype>] 

Add <vid>|<name> [<ports_list>]
Forbidden Add <vid>|<name> [<port_list>]
Delete <vid>|<name>
Forbidden Delete <vid>|<name>
Forbidden Lookup [<vid>] [(name <name>)]
Lookup [<vid>] [(name <name>)] [combined|static|nas|all]
Name Add <name> <vid>
Name Delete <name>
Name Lookup [<name>]
Status [<port_list>] [combined|static|nas|mstp|all|conflicts] 

Private VLAN

PVLAN> Configuration [<port_list>]
Add <pvlan_id> [<port_list>]
Delete <pvlan_id>
Lookup [<pvlan_id>]
Isolate [<port_list>] [enable|disable] 

Security

Security > Switch    Switch security setting
Network    Network security setting
AAA    Authentication, Authorization and Accounting setting 

Security Switch

Security/switch> Password <password>
Auth Authentication
SSH Secure Shell
HTTPS Hypertext Transfer Protocol over RMON Remote Network Monitoring 

Security Switch Authentication

Security/switch/auth> Configuration
Method [console|telnet|ssh|web] [none|local|radius] [enable|disable] 

Security Switch SSH

Security/switch/ssh> Configuration
Mode [enable|disable] 

Security Switch HTTPS

Security/switch/ssh> Configuration
Mode [enable|disable] 

Security Switch RMON

Security/switch/rmon> Statistics Add <stats_id> <data_source>

Statistics Delete <stats_id>

Statistics Lookup [<stats_id>]

History Add <history_id> <data_source> [<interval>] [<buckets>]

History Delete <history_id>

History Lookup [<history_id>]

Alarm Add <alarm_id> <interval> <alarm_variable> [absolute|delta]<rising_threshold> <rising_event_index> <falling_threshold> <falling_event_index> [rising|falling|both]

Alarm Delete <alarm_id>

Alarm Lookup [<alarm_id>] 

Security Network

Security/Network> Psec Port Security Status
NAS Network Access Server (IEEE 802.1X)
ACL Access Control List
DHCP Dynamic Host Configuration Protocol 

Security Network Psec

Security/Network/Psec> Switch [<port_list>]
Port [<port_list>] 

Security Network NAS

Security/Network/NAS> Configuration [<port_list>]
Mode [enable|disable]
State [<port_list>] [auto|authorized|unauthorized|macbased]
Reauthentication [enable|disable]
ReauthPeriod [<reauth_period>]
EapolTimeout [<eapol_timeout>]
Agetime [<age_time>]
Holdtime [<hold_time>] 

Authenticate [] [now]

Statistics

[]

[clear|eapol|radius]

Security Network ACL

Security/Network/ACL> Configuration [<port_list>]

Action [<port_list>] [permit|deny] [<rate_limiter>][<port_redirect>] [<mirror>] [<logging>] [<shutdown>]

Policy [<port_list>] [<policy>]

Rate [<rate_limiter_list>] [<rate_unit>] [<rate>]

Add [<ace_id>] [<ace_id_next>][(port <port_list>)] [(policy <policy> <policy_bitmask>)] [<tagged>]
[<vid>] [<tag_prio>] [<dmac_type>][(etype <etype>] [<smac>] [<dmac>]) | (arp [<sip>] [<dip>] [<smac>] [<arp_opcode>] [<arp_flags>]) | (ip [<sip>] [<dip>] [<protocol>] [<ip_flags>]) | (icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>] [<ip_flags>]) | (udp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) | (tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>] [<tcp_flags>]) | [permit|deny] [<rate_limiter>] [<port_redirect>] [<mirror>] [<logging>]
[<shutdown>]

Delete <ace_id>

Lookup [<ace_id>]

Clear

Status [combined|static|loop_protect|dhcp|ptp|ipmc|conflicts]

Port State [<port_list>] [enable|disable] 

Security Network DHCP

Security/Network/DHCP> Configuration
Mode [enable|disable]
Server [<ip_addr>]
Information Mode [enable|disable]
Information Policy [replace|keep|drop]
Statistics [clear] 

Security Network AAA

Security/Network/AAA> Configuration
Timeout [<timeout>]
Deadtime [<dead_time>]
    RADIUS [<server_index>] [enable|disable] [<ip_addr_string>] [<secret>] [<server_port>]
    ACCT_RADIUS [<server_index>] [enable|disable] [<ip_addr_string>] [<secret>] [<server_port>]
Statistics [<server_index>] 

STP

STP> Configuration
Version [<stp_version>]
Non-certified release, v
Txhold [<holdcount>]lt 15:15:15, Dec 6 2007
MaxAge [<max_age>]
FwdDelay [<delay>]
bpduFilter [enable|disable]
bpduGuard [enable|disable]
recovery [<timeout>]
CName [<config-name>] [<integer>]
Status [<msti>] [<port_list>]
Msti Priority [<msti>] [<priority>]
Msti Map [<msti>] [clear]
Msti Add <msti> <vid>
Port Configuration [<port_list>]
Port Mode [<port_list>] [enable|disable]
Port Edge [<port_list>] [enable|disable]
Port AutoEdge [<port_list>] [enable|disable]
Port P2P [<port_list>] [enable|disable|auto]
Port RestrictedRole [<port_list>] [enable|disable]
Port RestrictedTcn [<port_list>] [enable|disable]
Port bpduGuard [<port_list>] [enable|disable]
Port Statistics [<port_list>]
Port Mcheck [<port_list>]
Msti Port Configuration [<msti>] [<port_list>]
Msti Port Cost [<msti>] [<port_list>] [<path_cost>]
Msti Port Priority [<msti>] [<port_list>] [<priority>] 

Aggr

Aggr> Configuration
Add <port_list> [<aggr_id>]
Delete <aggr_id>
Lookup [<aggr_id>]
Mode [smac|dmac|ip|port] [enable|disable] 

LACP

LACP> Configuration [<port_list>]
Mode [<port_list>] [enable|disable]
Key [<port_list>] [<key>]
Role [<port_list>] [active|passive]
Status [<port_list>]
Statistics [<port_list>] [clear] 

LLDP

LLDP> Configuration [<port_list>]
Mode [<port_list>] [enable|disable]
Statistics [<port_list>] [clear]
Info [<port_list>] 

PoE

PoE> Configuration [<port_list>]

Mode [<port_list>] [disabled|poe|poe+]

Priority [<port_list>] [low|high|critical]

Mgmt_mode [class_con|class_res|al_con|al_res|lldp_res|lldp_con]

Maximum_Power [<port_list>] [<port_power>]

Status

Primary_Supply [<supply_power>] 

QoS

QoS> DSCP Map [<dscp_list>] [<class>] [<dpl>]

DSCP Translation [<dscp_list>] [<trans_dscp>]

DSCP Trust [<dscp_list>] [enable|disable]

DSCP Classification Mode [<dscp_list>] [enable|disable]

DSCP Classification Map [<class_list>] [<dpl_list>] [<dscp>]

DSCP EgressRemap [<dscp_list>] [<dpl_list>] [<dscp>]

Storm Unicast [enable|disable] [<packet_rate>]

Storm Multicast [enable|disable] [<packet_rate>]

Storm Broadcast [enable|disable] [<packet_rate>]

QCL Add [<qce_id>] [<qce_id_next>]

    [<port_list>]

    [<tag>] [<vid>] [<pcp>] [<dei>] [<smac>]

    [<dmac_type>]

    [(etype    [<etype>]) | (LLC [<DSAP>] [<SSAP>] [<control>]) | (SNAP    [<PID>]) | (ipv4 [<protocol>] [<sip>] [<dscp>] [<fragment>] [<sport>] [<dport>]) | (ipv6 [<protocol>] [<sip_v6>] [<dscp>] [<sport>]
    [<dport>])]

    [<class>]    [<dp>]    [<classified_dscp>]

QCL Delete <qce_id>

QCL Lookup [<qce_id>]

QCL Status [combined|static|conflicts]

QCL Refresh

Mirror

Mirror> Configuration [<port_list>]

Port [<port>|disable]

Mode [<port_list>] [enable|disable|rx|tx] 

Dot1x

Dot1x> Configuration [<port_list>]

Mode [enable|disable]

State [<port_list>] [macbased|auto|authorized|unauthorized]

Authenticate [<port_list>] [now]

Reauthentication [enable|disable]

Period [<reauth_period>]

Timeout [<eapol_timeout>]

Statistics [<port_list>] [clear|eapol|radius]

Clients [<port_list>] [all|<client_cnt>]

Agetime [<age_time>]

Holdtime [<hold_time>] 

IGMP

IGMP> Configuration [<port_list>]
Mode [enable|disable]
State [<vid>] [enable|disable]
Querier [<vid>] [enable|disable]
Fastleave [<port_list>] [enable|disable]
Router [<port_list>] [enable|disable]
Flooding [enable|disable]
Groups [<vid>]
Status [<vid>] 

ACL

ACL> Configuration [<port_list>]

Action [<port_list>] [permit[deny] [<rate_limiter>] [<port_copy>]

    [<logging>]    [<shutdown>]

Policy [<port_list>] [<policy>]

Rate [<rate_limiter_list>] [<packet_rate>]

Add [<ace_id>] [<ace_id_next>] [switch | (port <port>) | (policy <policy>)]
    [<vid>] [<tag_prio>] [<dmac_type>]

    [(etype [<etype>] [<smac>] [<dmac>]) | (arp [<sip>] [<dip>] [<smac>] [<arp_opcode>] [<arp_flags>]) | (ip [<sip>] [<dip>] [<protocol>] [<ip_flags>]) | (icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>] [<ip_flags>]) | (udp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) | (tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>] [<tcp_flags>]) | [permit[deny] [<rate_limiter>] [<port_copy>] [<logging>] [<shutdown>]

Delete <ace_id>

Lookup [<ace_id>]

Clear 

Mirror

Mirror> Configuration [<port_list>]
Port [<port>|disable]
Mode [<port_list>] [enable|disable|rx|tx] 

Config

Config> Save <ip_server> <file_name>
Load <ip_server> <file_name> [check] 

Firmware

Firmware> Load <ip_addr_string> <file_name>

SNMP

SNMP> Trap Inform Retry Times [<retries>]

Trap Probe Security Engine ID [enable|disable]

Trap Security Engine ID [<engineid>]

Trap Security Name [<security_name>]

Engine ID [<engineid>]

Community Add <community> [<ip_addr>] [<ip_mask>]

Community Delete <index>

Community Lookup [<index>]

User Add <engineid> <user_name> [MD5|SHA] [<auth_password>] [DES] [<priv_password>]

User Delete <index>

User Changekey <engineid> <user_name> <auth_password> [<priv_password>]

User Lookup [<index>]

Group Add <security_model> <security_name> <group_name>

Group Delete <index>

Group Lookup [<index>]

View Add <view_name> [included|excluded] <oid_subtree>

View Delete <index>

View Lookup [<index>]

Access Add <group_name> <security_model> <security_level> [<read_view_name>] [<write_view_name>]

Access Delete <index>

Access Lookup [<index>] 

Firmware

Firmware> Load <ip_addr_string> <file_name>

PTP

PTP> Configuration [<clockinst]

PortState <clockinst> [<port_list>] [enable|disable|internal]
ClockCreate <clockinst> [<devtype>] [<twostep>] [<protocol>] [<oneway>] [<clockid>] [<tag_enable>] [<vid>] [<prio>]
ClockDelete <clockinst> [<devtype>]
DefaultDS <clockinst> [<priority1>] [<priority2>] [<domain>]
CurrentDS <clockinst>
ParentDS <clockinst>
Timingproperties <clockinst> [<utcoffset>] [<valid>] [<leap59>] [<leap61>] [<teaptrac>] [<freqtrac>] [<ptptimescale>]
[<timesource>]
PTP PortDataSet <clockinst> [<port_list>] [<announceintv>] [<announceto>] [<syncintv>] [<delaymech>] [<minpd layreqintv>] [<delayasymmetry>] [<ingressLatency>]
LocalClock <clockinst> [update|show|ratio] [<clockratio>]
Filter <clockinst> [<def_delay_filt>] [<period>] [<dist>]
Servo <clockinst> [<displaystates>] [<ap_enable>] [<ai_enable>] [<ad_enable>] [<ap>] [<ai>] [<ad>]
SlaveTableUnicast <clockinst>
UniConfig <clockinst> [<index>] [<duration>] [<ip_addr>]
ForeignMasters <clockinst> [<port_list>]
EgressLatency [show|clear]
MasterTableUnicast <clockinst>
ExtClockMode [<one_pps_mode>] [<ext_enable>] [<clockfreq>] [<vcxo_enable>]
OnePpsAction [<one_pps_clear>]
DebugMode <clockinst> [<debug_mode>]
Wireless mode <clockinst> [<port_list>] [enable|disable]
Wireless pre notification <clockinst> <port_list>
Wireless delay <clockinst> [<port_list>] [<base_delay>] [<incr_delay>] 

Loop Protect

Loop Protect> Configuration
Mode [enable|disable]
Transmit [<transmit-time>]
Shutdown [<shutdown-time>]
Port Configuration [<port_list>]
Port Mode [<port_list>] [enable|disable]
Port Action [<port_list>] [shutdown|\shut_log|log]
Port Transmit [<port_list>] [enable|disable]
Status [<port_list>] 

IPMC

IPMC> Configuration [igmp]
Mode [igmp] [enable|disable]
Flooding [igmp] [enable|disable]
VLAN Add [igmp] <vid>
VLAN Delete [igmp] <vid>
State [igmp] [<vid>] [enable|disable]
Querier [igmp] [<vid>] [enable|disable]
Fastleave [igmp] [<port_list>] [enable|disable]
Router [igmp] [<port_list>] [enable|disable]
Status [igmp] [<vid>]
Groups [igmp] [<vid>]
Version [igmp] [<vid>] 

Fault

Fault> Alarm PortLinkDown [<port_list>] [enable|disable]
Alarm PowerFailure [pwr1|pwr2|pwr3] [enable|disable] 

Event

Event> Configuration
Syslog SystemStart [enable|disable]
Syslog PowerStatus [enable|disable]
Syslog SnmpAuthenticationFailure [enable|disable]
Syslog RingTopologyChange [enable|disable]
Syslog Port [<port_list>] [disable|linkup|linkdown|both]
SMTP SystemStart [enable|disable]
SMTP PowerStatus [enable|disable]
SMTP SnmpAuthenticationFailure [enable|disable]
SMTP RingTopologyChange [enable|disable]
SMTP Port [<port_list>] [disable|linkup|linkdown|both] 

DHCPServer

DHCPServer> Mode [enable|disable]
Setup [<ip_start>] [<ip_end>] [<ip_mask>] [<ip_router>] [<ip_dns>] [<ip_tftp>] [<lease>] [<bootfile>] 

Ring

Ring> Mode [enable|disable]
Master [enable|disable]
1stRingPort [<port>]
2ndRingPort [<port>]
Couple Mode [enable|disable]
Couple Port [<port>]
Dualhoming Mode [enable|disable]
Dualhoming Port [<port>] 

Chain

Chain> Configuration
Mode [enable|disable]
1stUplinkPort [<port>]
2ndUplinkPort [<port>]
EdgePort [1st|2nd|none] 

RCS

RCS> Mode [enable|disable]
Add [<ip_addr>] [<port_list>] [web_on|web_off] [telnet_on|telnet_off] [snmp_on|snmp_off]
Del <index>
Configuration 

FastRecovery

FastRecovery> Mode [enable|disable]
Port [<port_list>] [<fr_priority>] 

SFP

SFP> syslog [enable|disable]
temp [<temperature>]
Info 

DeviceBinding

Devicebinding> Mode [enable|disable]
Port Mode [<port_list>] [disable|scan|binding|shutdown]
Port DDOS Mode [<port_list>] [enable|disable]
Port DDOS Sensibility [<port_list>] [low|normal|medium|high]
Port DDOS Packet [<port_list>] [rx_total|rx_unicast|rx_multicast|rx_broadcast|tcp|udp]
Port DDOS Low [<port_list>] [<socket_number>]
Port DDOS High [<port_list>] [<socket_number>] 

Port DDOS Filter [<port_list>] [source|destination]
    Port DDOS Action [<port_list>] [do_nothing|block_1_min|block_10_mins|block|shutdown|only_log|reboot_device]
Port DDOS Status [<port_list>]
Port Alive Mode [<port_list>] [enable|disable]
    Port Alive Action [<port_list>] [do_nothing|link_change|shutdown|only_log|reboot_device]
Port Alive Status [<port_list>]
Port Stream Mode [<port_list>] [enable|disable]
Port Stream Action [<port_list>] [do_nothing|only_log]
Port Stream Status [<port_list>]
Port Addr [<port_list>] [<ip_addr>] [<mac_addr>]
Port Alias [<port_list>] [<ip_addr>]
Port DeviceType [<port_list>] [unknown|ip_cam|ip_phone|ap|pc|plc|nvr]
Port Location [<port_list>] [<device_location>]
Port Description [<port_list>] [<device_description>] 

MRP

MRP> Configuration
Mode [enable|disable]
Manager [enable|disable]
React [enable|disable]
1stRingPort [<mrp_port>]
2ndRingPort [<mrp_port>]
Parameter MRP_TOPchgT [<value>]
Parameter MRP_TOPNRmax [<value>]
Parameter MRP_TSTshortT [<value>]
Parameter MRP_TSTdefaultT [<value>]
Parameter MRP_TSTNRmax [<value>]
Parameter MRP_LNKdownT [<value>]
Parameter MRP_LNKupT [<value>]
Parameter MRP_LNKNRmax [<value>] 

Modbus

Modbus> Status
Mode [enable|disable] 

Black Box Tech Support: FREE! Live. 24/7.

Tech support the way it should be.

Great tech support is just 60 seconds away at 724-746-5500 or blackbox.com.

BLACK BOX®

About Black Box

Black Box provides an extensive range of networking and infrastructure products. You'll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 60 seconds or less.

© Copyright 2016. Black Box Corporation. All rights reserved. Black Box ^® and the Double Diamond logo are registered trademarks of BB Technologies, Inc. Any third-party trademarks appearing in this manual are acknowledged to be the property of their respective owners.

LE2700A user manual, version 5