VigorSwitch P1085 - Network switch Draytek - Free user manual and instructions

USER MANUAL VigorSwitch P1085 Draytek

Your reliable networking solutions partner

User's Guide

VigorSwitch P1085

PoE Web Smart Gigabit Switch

User's Guide

Version: 1.0

Firmware Version: V2.5.1

(For future update, please visit DrayTek web site)

Date: December 25, 2019

Copyrights

© All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

Trademarks

The following trademarks are used in this document:

● Microsoft is a registered trademark of Microsoft Corp.
● Windows, Windows 95, 98, Me, NT, 2000, XP, Vista, 7, 8, 10 and Explorer are trademarks of Microsoft Corp.
● Apple and Mac OS are registered trademarks of Apple Inc.
● Other products may be trademarks or registered trademarks of their respective manufacturers.

Caution

Circuit devices are sensitive to static electricity, which can damage their delicate electronics. Dry weather conditions or walking across a carpeted floor may cause you to acquire a static electrical charge.

To protect your device, always:

• Touch the metal chassis of your computer to ground the static electrical charge before you pick up the circuit device.
• Pick up the device by holding it on the left and right edges only.

Warranty

We warrant to the original end user (purchaser) that the device will be free from any defects in workmanship or materials for a period of one (1) year from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary tore-store the product to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed software of other vendors. Defects which do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes.

Be a Registered Owner

Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com.

Firmware & Tools Updates

Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

More update, please visit www.draytek.com.

Table of Contents

Part I Introduction....1

I-1 Introduction ...... 2

I-1-1 Key Features 2
I-1-2 Specifications 3
I-1-3 Packing List 4
I-1-4 LED Indicators and Connectors .... 4

I-2 Installation....6

I-2-1 Typical Applications....6
I-2-2 Installing Network Cables 8
I-2-3 Configuring the Management Agent of Switch....8
I-2-4 Managing VigorSwitch P1085 through Ethernet Port 8
I-2-5 IP Address Assignment 9

I-3 Accessing Web Page of VigorSwitch 13
I-4 Dashboard.... 14
I-5 Status 15

I-5-1 Port Bandwidth Utilization 15
I-5-2 LLDP Statistics 15

Part II Switch LAN....17

II-1 General Setup.... 18

II-1-1 Management IP/VLAN.... 18

II-2 Port Setting 20

II-2-1 General Setting.... 20
II-2-2 Protected Ports.... 22

II-3 Mirror 23

II-4 Link Aggregation 24

II-4-1 LAG Setting 24
II-4-2 LAG Management 25
II-4-3 LAG Port Setting.... 26
II-4-4 LACP Setting 27
II-4-5 LACP Port Setting 28

II-5 VLAN Management....29

II-5-1 Create VLAN 29
II-5-2 Interface Settings.... 30
II-5-3 Voice VLAN 32

II-5-3-1 Properties 32
II-5-3-2 Telephony OUI Setting 33
II-5-3-3 Port Setting.... 34

II-5-4 MAC VLAN 35

II-5-4-1 MAC Group 35

I-5-4-3 Group Binding 36

II-5-5 Surveillance VLAN.... 37

II-5-5-1 Property 37

II-5-6-1 Surveillance OUI....39

II-6 EEE 40

II-7 Multicast 41

II-7-1 Properties 41

II-7-2 IGMP Snooping 42

II-7-2-1 IGMP Setting 42

II-7-2-2 IGMP Querier Setting....44

II-7-2-3 IGMP Static Group 45

II-7-2-4 IGMP Group Table....46

II-7-2-5 IGMP Router Table....47

II-8 Jumbo Frame 48

II-9 STP 49

II-9-1 Properties 49

II-9-2 Port Setting....50

II-9-3 Bridge Setting 52

II-9-4 Port Advanced Setting....53

II-9-5 Statistics 54

II-10 MAC Address Table....55

II-10-1 Static MAC Setting 55

II-10-2 Dynamic Address Setting 56

II-10-3 Dynamic Learned 56

II-11 Blocked Port Recover....58

Part III ONVIF Surveillance....59

III-1 Topology....60

III-1-1 Status 60

III-2-2 Throughput Threshold 65

III-2 Video 67

III-3 Device Maintenance 68

III-3-1 General....68

III-3-2 Network 70

III-3-3 Security....72

Part IV Security 73

IV-1 Storm Control....74

IV-1-1 Properties....74

IV-1-2 Port Setting 75

IV-2 DoS 76

IV-2-1 Properties....76

IV-2-2 DoS Port Setting 78

IV-3 IP Source Guard 79

IV-3-1 Port Settings....79

IV-3-2 IMPV Binding 80

IV-4 IP Conflict Prevention 81

IV-5 Loop Protection....85

Part V ACL Configuration....87

V-1 Create ACL 88

V-1-1 MAC 88

V-1-2 IPv4 88

V-1-3 IPv6 89

V-2 Create ACE 91

V-2-1 MAC 91

V-2-2 IPv4 92

V-2-3 IPv6 94

V-3 ACL Binding 96

Part VI QoS Configuration....97

VI-1 General 98

VI-1-1 Properties 98

VI-1-1-1 QoS General Setting 98

VI-1-1-2 Trust Ports 99

VI-1-2 Port Settings.... 100

VI-1-3 Queue Settings 101

VI-1-4 CoS Mapping 102

VI-2-2 Egress Shaping Rate 106

VI-2-3 Egress Shaping Per Queue 107

Part VII PoE Configuration....109

VII-1 Properties 110

VII-2 Status....111

VII-3 Schedule....112

VII-3-1 Schedule Profile.... 112

VII-3-2 Port Scheduling.... 113

Part VIII System Maintenance....115

VIII-1 TR-069....116

VIII-2 OpenVPN....118

VIII-3 Webhook....119

VIII-4 LLDP 120

VIII-4-1 Properties.... 120

VIII-4-2 LLDP Port Setting 121

VIII-4-3 LLDP Local Device....123

VIII-4-4 LLDP Remote Device 124

VIII-4-7 LLDP Overloading.... 125

VIII-5 SNMP 126

VIII-5-1 View 127

VIII-5-2 Group 128

VIII-5-3 Community 129

VIII-5-4 User....130

VIII-5-5 Engine ID 132

VIII-5-5-1 Local Engine ID.... 132

VIII-5-5-2 Remote Engine ID 133

VIII-5-6 Trap Event.... 134

VIII-5-7 Notification 135

VIII-6 Access Manager 137

VIII-7 Time and Date 138

VIII-7-1 System Time Zone 138

VIII-7-2 Time 139

VIII-8 Backup Manager.... 140

VIII-9 Upgrade Manager....141

VIII-10 Account Manager.... 142

VIII-11 Factory Default.... 144

VIII-12 Reboot Switch.... 145

Part IX Diagnostics....147

IX-1 Device Check.... 148

IX-2 Cable Diagnostics.... 149

IX-3 Ping Test....150

IX-4 SysLog....151

IX-4-1 SysLog Explorer.... 151

IX-4-2 SysLog Settings 152

IX-4-2-1 SysLog Service 152

IX-4-2-2 Local SysLog.... 153

IX-4-2-3 Remote SysLog 154

IX-4-2-4 SysLog Mail 155

Part X Mail Alert 157

X-1 Alert Setting 158

Part XI Telnet Commands....161

XI-1 Accessing Telnet of VigorSwitch.... 162

XI-2 Available Commands.... 164

XI-2-1 Clear Configuration 164

XI-2-2 Clock Configuration.... 170

XI-2-3 Configure Configuration 171

XI-2-4 Copy Configuration 241

XI-2-5 Delete Configuration 242

XI-2-6 Disable Configuration.... 242

XI-2-7 End Configuration 243

XI-2-8 Exit Configuration.... 243

XI-2-9 Hardware-Monitor Configuration.... 244

XI-2-10 Ping Configuration.... 244

XI-2-11 Reboot Configuration 245

XI-2-12 Restore-defaults Configuration 245

XI-2-13 Save Configuration.... 245

XI-2-14 Show Configuration.... 246

XI-2-15 SSL Configuration.... 247

XI-2-16 Terminal Configuration.... 247

XI-2-17 Traceroute Configuration 248

Appendix: Reference....249

A-1 What's the Ethernet 249

A-2 Media Access Control (MAC) 252

A-3 Flow Control.... 256

Index 259

Part I Introduction

I-1 Introduction

VigorSwitch P1085, PoE Web Smart Gigabit, is a standard switch that meets all IEEE 802.3/ u/ x/ z Gigabit, Fast Ethernet specifications. The switch has 8 10/ 100/ 1000Mbps TP ports. It supports telnet, http, https, SSH and SNMP interface for switch management.

The network administrator can login the switch to monitor, configure and control each port's activity. In addition, the switch implements the QoS (Quality of Service), VLAN, and Trunking. It is suitable for office application.

VigorSwitch supports IEEE 802.3az, Energy-Efficient Ethernet, and provides power saving feature. It can efficiently save the switch power with auto detect the client idle and cable length to provide different power.

graph LR
    A["Internet"] --> B["Vigor Router"]
    B --> C["Voic VLAN"]
    C --> D["PoE IP Cameras"]
    C --> E["PoE IP Phones"]
    C --> F["LAN"]
    C --> G["NAS"]
    C --> H["PoE AP"]

I-1-1 Key Features

Below shows key features of this device:

QoS

The switch offers powerful QoS function. This function supports 802.1p VLAN tag priority and DSCP on Layer 3 of network framework.

VLAN

Support Port-based VLAN and IEEE802.1Q Tag VLAN. Support 24 active VLANs and VLAN ID 1\~4094.

Port Trunking

Allows one or more links to be aggregated together to form a Link Aggregation Group by the static setting.

Power Saving

The Power saving using the IEEE 802.3az, Energy-Efficient Ethernet to detect the client idle and cable length automatically and provides the different power. It could efficient to save the switch power and reduce the power consumption.

I-1-2 Specifications

The VigorSwitch P1085, a standalone off-the-shelf switch, provides the comprehensive features listed below for users to perform system network administration and efficiently and securely serve your network.

Hardware

8 10/100/1000Mbps Auto-negotiation Gigabit Ethernet TP ports with PoE+
❖ Jumbo frame support 9KB
◆ Programmable classifier for QoS (Layer 2/ Layer 3)
✿ 8K MAC address and support VLAN ID(1\~4094)
- Per-port shaping, policing, and Broadcast Storm Control
Power Saving with IEEE 802.3az, Energy-Efficient Ethernet
Full-duplex flow control (IEEE802.3x) and half-duplex backpressure
◆ Extensive front-panel diagnostic LEDs; Power, System, PoE fail and PoE/link activity
Hardware reset button for resetting configuration to factory default by pressing over 5 seconds

Management

◆ Supports per port traffic monitoring counters
◆ Supports a snapshot of the system Information when you login
◆ Supports port mirror function
◆ Supports the static trunk function
◆ Supports 802.1Q VLAN
◆ Supports user management and limits three users to login
Maximal packet length can be up to 9600 bytes for jumbo frame application
◆ Supports Broadcasting Suppression to avoid network suspended or crashed
◆ Supports to send the trap event while monitored events happened
✿ Supports default configuration which can be restored to overwrite the current configuration which is working on via Web UI and Reset button of the switch
◆ Supports on-line plug/ unplug SFP modules
✿ Supports Quality of Service (QoS) for real time applications based on the information taken from Layer 2 to Layer 3
Built-in web-based management and CLI management, providing a more convenient UI for the user

I-1-3 Packing List

Before you start installing the switch, verify that the package contains the following:

VigorSwitch P1085
AC Power Cord
◆ Quick Start Guide
Rubber feet
Rack mount kit

Please notify your sales representative immediately if any of the aforementioned items is missing or damaged.

I-1-4 LED Indicators and Connectors

Before you use the Vigor device, please get acquainted with the LED indicators and connectors first. There are 8 Ethernet ports and SFP ports on the front panel of the switch. LED display area, locating on the front panel, contains an ACT, Power LED and ports working status of the switch.

LED Explanation

PoE 1\~8

	Off No PoE power is supplied on the port.
Interface		Description
RST		Factory reset button.Press it to reboot the system. (<5 seconds) The PoE/ Alert and SYS LEDs will blink too.Press it to reset the system with factory default settings. (5~20 seconds)The PoE/ Alert and SYS LEDs will be off if RST button is pressed between 5 seconds and 10 seconds.
Port 1 ~ 44 (RJ45) Port 1 to Port 44 can be used for Ethernet connection and PoE connection, depending on the device connected.
RJ 45 LNK/ ACT Port 1 ~ 8		Port 1 to Port 8 can be used for Ethernet connection and PoE connection, depending on the device connected.
PoE for Port 1 ~ 8
		Power inlet for AC input (100~240V/ AC, 50/ 60Hz).

Note:

Power Output -

• IEEE 802.3af Max. 15.4W Output Supported
• IEEE 802.3at Max. 30W Output Supported

PoE Power Budget--

● 140 Watts (Max)

I-2 Installation

I-2-1 Typical Applications

The VigorSwitch implements 8 Gigabit Ethernet TP ports with auto MDIX and four slots for the removable module supporting comprehensive fiber types of connection, including LC and BiDi-LC SFP modules. The switch is suitable for the following applications:

Case 1: All switch ports are in the same local area network.

Every port can access each other. (*The switch image is sample only.)

graph TD
    A["Switch 1"] --> B["Computer Port"]
    C["Switch 2"] --> D["Computer Port"]
    B --> E["Ethernet Port"]
    D --> F["Ethernet Port"]
    style A fill:#000,stroke:#fff,color:#fff
    style C fill:#000,stroke:#fff,color:#fff
    style B fill:#000,stroke:#fff,color:#fff
    style D fill:#000,stroke:#fff,color:#fff
    style E fill:#000,stroke:#fff,color:#fff
    style F fill:#000,stroke:#fff,color:#fff

If VLAN is enabled and configured, each node in the network that can communicate each other directly is bounded in the same VLAN area.

Case 2: The same VLAN members can be at different switches with the same VID

graph TD
    A["Switch 1"] --> B["Computer"]
    C["Switch 2"] --> D["Computer"]
    E["Switch 3"] --> F["Computer"]
    B --> G["VLAN1"]
    D --> H["VLAN2"]
    F --> I["VLAN3"]

Case 3: Desktop Installation

1. Install the switch on a level surface that can support the weight of the unit and the relevant components.
2. Plug the switch with the female end of the provided power cord and plug the male end to the power outlet.

Case 4: Rack-mount Installation

The switch may be standalone, or mounted in a rack. Rack mounting facilitate to an orderly installation when you are going to install series of networking devices.

Procedures to Rack-mount the switch:

1. Disconnect all the cables from the switch before continuing.
2. Place the unit the right way up on a hard, flat surface with the front facing you.
3. Locate a mounting bracket over the mounting holes on one side of the unit.
4. Insert the screws and fully tighten with a suitable screwdriver.
5. Repeat the two previous steps for the other side of the unit.
6. Insert the unit into the rack and secure with suitable screws.
7. Reconnect all the cables.

I-2-2 Installing Network Cables

Crossover or straight-through cable: All the ports on the switch support Auto-MDI/ MDI-X functionality. Both straight-through or crossover cables can be used as the media to connect the switch with PCs as well as other devices like switches, hubs or router.

Category 3, 4, 5 or 5e, 6 UTP/STP cable: To make a valid connection and obtain the optimal performance, an appropriate cable that corresponds to different transmitting/receiving speed is required. To choose a suitable cable, please refer to the following table.

I-2-3 Configuring the Management Agent of Switch

Users can monitor and configure the switch through the following procedures.

Configuring the Management Agent of VigorSwitch P1085 through the Ethernet Port.

There are several ways to configure and monitor the switch through Ethernet port, includes Web-UI and SNMP.

VigorSwitch, for example:

IP Address: 192.168.1.224

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.1.254

I-2-4 Managing VigorSwitch P1085 through Ethernet Port

Before start using the switch, the IP address setting of the switch should be done, then perform the following steps:

1. Set up a physical path between the configured the switch and a PC by a qualified UTP Cat. 5e cable with RJ-45 connector.

Note: If PC directly connects to the switch, you have to setup the same subnet mask between them. But, subnet mask may be different for the PC in the remote site. Please refer to the above figure about the Web Smart Switch default IP address information.

1. After configuring correct IP address on your PC, open your web browser and access switch's IP address.

Default system account is "admin", with password "admin" in default. Switch IP address is "192.168.1.224" by default with DHCP client enabled.

I-2-5 IP Address Assignment

For IP address configuration, there are three parameters needed to be filled in. They are IP address, Subnet Mask, Default Gateway and DNS.

IP address:

The address of the network device in the network is used for internetworking communication. Its address structure looks is shown below. It is “classful” because it is split into predefined address classes or categories.

Each class has its own network range between the network identifier and host identifier in the 32 bits address. Each IP address comprises two parts: network identifier (address) and host identifier (address). The former indicates the network where the addressed host resides, and the latter indicates the individual host in the network which the address of host refers to. And the host identifier must be unique in the same LAN. Here the term of IP address we used is version 4, known as IPv4.

With the classful addressing, it divides IP address into three classes, class A, class B and class C. The rest of IP addresses are for multicast and broadcast. The bit length of the network prefix is the same as that of the subnet mask and is denoted as IP address/ X, for example, 192.168.1.0/ 24. Each class has its address range described below.

Class A:

Address is less than 126.255.255.255. There are a total of 126 networks can be defined because the address 0.0.0.0 is reserved for default route and 127.0.0.0/8 is reserved for loopback function.

Class B:

IP address range between 128.0.0.0 and 191.255.255.255. Each class B network has a 16-bit network prefix followed 16-bit host address. There are 16,384 (2^14)/ 16 networks able to be defined with a maximum of 65534 (2^16 -2) hosts per network.

Class C:

IP address range between 192.0.0.0 and 223.255.255.255. Each class C network has a 24-bit network prefix followed 8-bit host address. There are 2,097,152 (2^21)/24 networks able to be defined with a maximum of 254 (2^8 -2) hosts per network.

Class D and E:

Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and is used for IP Multicast. See also RFC 1112. Class E is a class with first 4 MSB set to 1-1-1-1 and is used for IP broadcast.

According to IANA (Internet Assigned Numbers Authority), there are three specific IP address blocks reserved and able to be used for extending internal network. We call it Private IP address and list below:

Please refer to RFC 1597 and RFC 1466 for more information.

Subnet mask:

It means the sub-division of a class-based network or a CIDR block. The subnet is used to determine how to split an IP address to the network prefix and the host address in bitwise basis. It is designed to utilize IP address more efficiently and ease to manage IP network.

For a class B network, 128.1.2.3, it may have a subnet mask 255.255.0.0 in default, in which the first two bytes is with all 1s. This means more than 60 thousands of nodes in flat IP address will be at the same network. It's too large to manage practically. Now if we divide it into smaller network by extending network prefix from 16 bits to, say 24 bits, that's using its third byte to subnet this class B network. Now it has a subnet mask 255.255.255.0, in which each bit of the first three bytes is 1. It's now clear that the first two bytes is used to identify the class B network, the third byte is used to identify the subnet within this class B network and, of course, the last byte is the host number.

Not all IP address is available in the sub-netted network. Two special addresses are reserved. They are the addresses with all zero's and all one's host number. For example, an IP address 128.1.2.128, what IP address reserved will be looked like? All 0s mean the network itself, and all 1s mean IP broadcast.

128.1.2.128/25

In this diagram, you can see the subnet mask with 25-bit long, 255.255.255.128, contains 126 members in the sub-netted network. Another is that the length of network prefix equals the number of the bit with 1s in that subnet mask. With this, you can easily count the number of IP addresses matched. The following table shows the result.

Prefix Length No. of IP matched No. of Addressable IP

According to the scheme above, a subnet mask 255.255.255.0 will partition a network with the class C. It means there will have a maximum of 254 effective nodes existed in this sub-netted network and is considered a physical network in an autonomous network. So it owns a network IP address which may looks like 168.1.2.0.

With the subnet mask, a bigger network can be cut into small pieces of network. If we want to have more than two independent networks in a worknet, a partition to the network must be performed. In this case, subnet mask must be applied.

For different network applications, the subnet mask may look like 255.255.255.240. This means it is a small network accommodating a maximum of 15 nodes in the network.

For assigning an IP address to the switch, you just have to check what the IP address of the network will be connected with the switch. Use the same network address and append your host address to it.

First, IP Address: as shown above, enter "192.168.1.224", for instance. For sure, an IP address such as 192.168.1.x must be set on your PC.
Second, Subnet Mask: as shown above, enter "255.255.255.0". Choose a subnet mask suitable for your network.

Note: The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to the switch, check before accessing your switch is essential.

I-3 Accessing Web Page of VigorSwitch

1. Open any browser (e.g., Firefox) and type "192.168.1.224" as URL.
2. Please type "admin/admin" as the Username/Password and click Login.

1. Now, the Main Screen will appear.

Info

The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to VigorSwitch, checking before accessing VigorSwitch is essential.

1-4 Dashboard

Click Dashboard from the main menu on the left side of the main page.

A web page with default selections will be displayed on the screen. Refer to the following figure:

I-5 Status

I-5-1 Port Bandwidth Utilization

This page offers the traffic statistics including data information and data of interframe gap for each port (GE1 to GE8). In which, data of interframe gap can be displayed or hidden by choose Enable / Disable for IFG.

I-5-2 LLDP Statistics

This page offers the statistics of LLDP packets (in, out and error) of each port (GE1 to GE8).

This page is left blank.

Part II Switch LAN

II-1 General Setup

General setup is used to configure settings for the switch network interface and offers how the switch connects to a remote server to get services.

II-1-1 Management IP/VLAN

The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.224. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0.

Use the IP Address (IPv4/ IPv6) screen to configure the switch IP address and the default gateway device. The gateway field specifies the IP address of the gateway (next hop) for outgoing traffic. In addition, this page allows the network administrator to change the VLAN ID of management access. Management access protocols such as http, https, SNMP and etc., are only accessible from the VLAN specified as management VLAN.

Info

If VigorSwitch has connected to Vigor router, it will use the IP address obtained from the DHCP server on Vigor router. Thus, the user must type the assigned IP as URL for accessing into the web user interface of VigorSwitch. If not, 192.168.1.224 shall be the default IP.

Available settings are explained as follows:

II-2 Port Setting

II-2-1 General Setting

Port Setting is used to configure settings for the switch ports, trunk, Layer 2 protocols and other switch features.

Available settings are explained as follows:

Item	Description
Ports Use the drop down I	st to select one or more LAN port(s).
Enable State Enable -Click	it to enable the port.Disable - Click it to disable the port.
Speed Port speed capabilities	Auto: Auto speed with all capabilities.Auto-10M: Auto speed with 10M ability only.Auto-100M: Auto speed with 100M ability only.Auto-1000M: Auto speed with 1000M ability only.Auto-10/100M: Auto speed with 10/ 100M ability.10M: Force speed with 10M ability.100M: Force speed with 100M ability.1000M: Force speed with 1000M ability.Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the switch's auto-negotiation is turned off, a port uses the pre-configuredspeed and duplex mode when making a connection, thus requiring you to make sure that the settings of the peer port are the same in order to connect.For SFP fiber module, you might need to manually configure the speed to match fiber module speed.
Duplex Port duplex capabilities:Auto: Auto duplex with all capabilities.Half: Auto speed with 10/100M ability only.Full: Auto speed with 10/100/1000M ability only.
Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill. Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later.Enable - Click it to enable such function.Disable - Click it to disable such function.
Apply Apply the settings to the switch.
Modify It is used to manually enter the description, state, speed, duplex, flow control for the port.

II-2-2 Protected Ports

This page allows the network administrator to configure protected port setting to prevent the selected ports from communication with each other. Protected port is only allowed to communicate with unprotected port.

For example, GE1 and GE3 are selected in Port List and Enable is clicked as Protected, then users behind GE1 and GE3 are separated and can not communicate with each other.

Available settings are explained as follows:

II-3 Mirror

This section provides ability to mirror packets coming in or going out on any port to a destination port. Through the packet duplication in the destination port, this feature is convenient for system administrator to monitor / understand the traffic operation.

Session ID 1 to 4 can be enabled simultaneously and operate independently.

Available settings are explained as follows:

II-4 Link Aggregation

LAG means Link Aggregation Group which groups some physical ports together to make a single high-bandwidth data path. Thus it can implement traffic load sharing among the member ports in a group to enhance the connection reliability.

II-4-1 LAG Setting

This page allows to configure Load Balance Algorithm for Link Aggregation.

Available settings are explained as follows:

II-4-2 LAG Management

There are eight LAG profiles allowed to group different physical ports (GE1 to GE8). The system will assign certain port(s) as Active Member and Standby Member according to the GE selections.

Available settings are explained as follows:

Item	Description
Description Display the port description.
Port Type Display the type of the LAG.
Link Status Display LAG port link status.
Active Member	Display active member ports of the LAG.
Standby Member	Display inactive or candidate member ports of the LAG.
Modify It is used to edit the name, type and port number for each link aggregation profile.
	Name- Enter a string as LAG name.Type - Use the drop down menu to specify the type for LAG.● Static- The static aggregated port sends packets over active member without detecting or negotiating with remote aggregated port.● LACP- The LACP aggregated ports place member into active only after negotiated with remote aggregated port

II-4-3 LAG Port Setting

This page defines port setting for each LAG profile (LAG1 to LAG8), including data speed and enabling/disabling the flow control.

Available settings are explained as follows:

II-4-4 LACP Setting

This page allows the network administrator to enable or disable the LACP function.

Available settings are explained as follows:

II-4-5 LACP Port Setting

This section provides few detailed configuration regarding to Ports under LACP protocol.

Available settings are explained as follows:

II-5 VLAN Management

A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections.

II-5-1 Create VLAN

This page allows a user to add, edit or delete VLAN settings.

Available settings are explained as follows:

Modify

- Modify the name of the selected VLAN ID.

● New Name - Type a name for such VLAN profile.
● OK - Apply the settings to the switch.
- Cancel - Close the page and return to previous page.

- Delete the selected VALN ID.

II-5-2 Interface Settings

This page allows a user to configure interface setting related to VLAN.

Available settings are explained as follows:

II-5-3 Voice VLAN

With such feature, a VLAN will be created temporarily and when the specified OUI device delivers protocol packets related to "VoIP", VigorSwitch will guide these packets into the specified Voice LAN with specified priority tag to speed up the packet transmission. Such voice VLAN is only active inside VigorSwitch for packet transmission. After these packets leave VigorSwitch, the Voice VLAN tag will be removed immediately.

II-5-3-1 Properties

This page allows a user to configure global and per interface setting of voice VLAN.

Available settings are explained as follows:

II-5-3-2 Telephony OUI Setting

This page allows a user to add, edit or delete OUI MAC addresses. Default has 8 pre-defined OUI MAC.

Available settings are explained as follows:

Item	Description
OUI Address Type OUI address.
Description Enter a description of the specified MAC address to the voice VLAN OUI table.
Add Click it to create a new voice OUI based on the settings configured above.
Edit
	- Click it to remove the selected OUI entry.

II-5-3-3 Port Setting

This page allows a user to specify LAN port(s) as Voice LAN port.

Available settings are explained as follows:

II-5-4 MAC VLAN

II-5-4-1 MAC Group

The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you to configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to define groups with specific MAC addresses for later binding with VLAN and Port.

Available settings are explained as follows:

I-5-4-3 Group Binding

The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you to configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to bind the group of specified MAC addresses with VLAN and Port.

Available settings are explained as follows:

II-5-5 Surveillance VLAN

Surveillance VLAN can be configured for VigorSwitch to identify the packets coming from an IP camera automatically and assign those traffics to a specific VLAN ID and CoS/ 802.1p value, this helps you to prioritize those traffics and improve video quality.

II-5-5-1 Property

This page is for setting up the VLAN to which the video traffic should be assigned and to enable/disable Surveillance VLAN on each port.

Available settings are explained as follows:

• State -Set it to enable surveillance VLAN function of interface.
  ● Mode -Select port surveillance VLAN mode.
  Auto: Surveillance VLAN auto detect packets that match OUI table and add received port into surveillance VLAN ID tagged member.
  ◆ Manual: User need add interface to VLAN ID tagged member manually.
  ● QoS Policy - Select port QoS Policy mode.
  ◆ Video Packet: QoS attributes are applied to packets with OUI in the source MAC address.
  ◆ All: QoS attributes are applied to packets that are classified to the Surveillance VLAN.
• OK - Apply the settings to the switch.
• Cancel - Abandon the changes and return to previous page.

II-5-6-1 Surveillance OUI

Filtering Surveillance traffic is based on the OUI of the IP cameras. Users can add, edit, and delete OUI on this page.

Available settings are explained as follows:

This page allows a user to enable or disable port EEE (Energy Efficient Ethernet) function.

Available settings are explained as follows:

II-7 Multicast

IP multicast is a technique for one-to-many communication over an IP infrastructure in a network.

To avoid the incoming data broadcasting to all GE ports, multicast is useful to transfer the data/ message to specified GE ports for IGMP snooping. When VigorSwitch receives a message "subscribed" by the client, it must decide to transfer the data to specified GE ports according to the location of the client (subscribed member).

II-7-1 Properties

For the multicast packets, This page allows the network administrator to choose actions for processing the unknown multicast packets and for handling known packets with MAC address, IP address and VLAN ID.

Available settings are explained as follows:

II-7-2 IGMP Snooping

IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.

graph TD
    A["Source"] --> B["Vigor router"]
    B --> C["VigorSwitch"]
    C --> D["Host A"]
    C --> E["Host B"]
    C --> F["Host C"]
    G["PIM (IPv4)"] --> B
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#fcc,stroke:#333
    style F fill:#fcc,stroke:#333

graph TD
    A["Source"] --> B["Vigor router"]
    B --> C["IGMP Snooping"]
    C --> D["Host A"]
    C --> E["Host B"]
    C --> F["Host C"]
    B --> G["VigorSwitch"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#fcc,stroke:#333
    style F fill:#fcc,stroke:#333

II-7-2-1 IGMP Setting

This page allows the network administrator to enable/disable IGMP function, select snooping version, and enable/disable snooping report suppression.

Available settings are explained as follows:

Edit VLAN ID 1

IGMP Snooping State

Router Ports Auto Learn

Query Robustness (Operational: 2)

Query Interval (Operational: 125)

Query Response Interval (Operational: 10)

Last Member Query Counter (Operational: 2)

Last Member Query Interval (Operational: 1)

Immediate Leave:

• IGMP Snooping State -Choose Enable to enable IGMP snooping function.
• Router Ports Auto Learn - Set the enabling status of IGMP router port learning. Choose Enable to learn router port by IGMP query.
• Query Robustness - Set a number which allows tuning for the expected packet loss on a subnet.
• Query Interval - Set the interval of querier send general

II-7-2-2 IGMP Querier Setting

This page allows a user to configure querier settings on specific VLAN of IGMP Snooping.

Available settings are explained as follows:

II-7-2-3 IGMP Static Group

The IGMP static group is allowed to assign a VLAN/ port as a specific IPv4 multicast member. Every IPv4 multicast stream that belongs to the specified group IP address will be forwarded to the specified port/ VLAN member.

Available settings are explained as follows:

II-7-2-4 IGMP Group Table

This page shows currently known and dynamically learned by IGMP snooping or shows the assigned IPv4 multicast address group in operation.

Available settings are explained as follows:

II-7-2-5 IGMP Router Table

This page shows the IGMP querier router known to this switch.

Available settings are explained as follows:

II-8 Jumbo Frame

This page allows a user to configure switch port jumbo frame settings.

Available settings are explained as follows:

II-9 STP

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network.

Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning Tree Protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC (01:80:C2:00:00:00, or 01:00:0C:CC:CC:CD for Per VLAN Spanning Tree).

For STP algorithms to function, the switches need to share information about themselves and their connections. What they share are bridge protocol data units (BPDUs).

BPDUs are sent out as multicast frames to which only other layer 2 switches or bridges are listening. If any loops (multiple possible paths between switches) are found in the network topology, the switches will co-operate to disable a port or ports to ensure that there are no loops; that is, from one device to any other device in the layer 2 network, only one path can be taken.

II-9-1 Properties

This page allows a user to configure and display Spanning Tree Protocol (STP) property configuration.

Available settings are explained as follows:

II-9-2 Port Setting

This page allows the user to configure and display Spanning Tree Protocol (STP) port settings.

Available settings are explained as follows:

II-9-3 Bridge Setting

This page allows the network administrator to configure required information to negotiate with other VigorSwitch for determining the bridge switch.

Available settings are explained as follows:

II-9-4 Port Advanced Setting

This page allows user to edit general setting of STP CIST port and browser CIST port status.

Available settings are explained as follows:

II-9-5 Statistics

This page displays STP statistics.

Available settings are explained as follows:

II-10 MAC Address Table

This section allows user to view the dynamic MAC address entries in the MAC table, change related setting, and assign MAC address into MAC table.

II-10-1 Static MAC Setting

This section allows user to manually assign MAC address into MAC table. The configuration result will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

II-10-2 Dynamic Address Setting

This page allows a user to configure aging time for dynamic MAC address.

Available settings are explained as follows:

II-10-3 Dynamic Learned

This page displays the MAC address and port number automatically learned by VigorSwitch.

Available settings are explained as follows:

II-11 Blocked Port Recover

This page is used for configuring settings to recover the port which is being blocked by the following functions after a defined period of time.

Available settings are explained as follows:

Part III ONVIF Surveillance

III-1 Topology

ONVIF (Open Network Video Interface Forum), an International standard for current surveillance system industry, focuses on security products based on network IP address.

With this feature, VigorSwitch can:

• Integrate the ONVIF device and surveillance network
  ● Centralize management of IP video products
• View video images directly on VigorSwitch WUI
• Offer remote IP video products maintenance

ONVIF devices can be centralized and managed remotely via VigorSwitch. With a hierarchy view, the administrator can manage several ONVIF devices and check abnormal traffic detected by Vigor system.

III-1-1 Status

The status (including port enabled, traffic, downlink, etc.) of the IP cameras and NVRs (Network Video Recorders) can be seen on this page.

Available settings are explained as follows:

Item	Description
Discovery	Enable - If enabled, VigorSwitch will automatically detect ONVIF devices, recognize third party IP cameras and NVR and integrate ONVIF device(s) to form surveillance network.Disable - Disable the function of Discovery.
Default Username / Default Password	Enter a name / password as the default value.In the entire ONVIF Surveillance menu, VigorSwitch will input this value in advanced and retrieve data. System administrator can access the IP device in which the username and password are as same as the default values.However, you can also input another username/ passwordmanually if the IP device username/ password is different from the one you enter in Default Username/ Default Password.
Group Specify a group for	displaying group information and device information under the selected group.Or, choose the default setting, All, to display information for all groups.
PoE / PoE Error	PoE - Display the number of LAN PoE device(s) connected to VigorSwitch.PoE Error - Display the number of LAN PoE device(s) disconnected.
NVR Display the number of	NVR device(s) connected toVigorSwitch. The panel sketch on the screen will display which LAN port that the NVR device connected.
CAM	Display the number of IP camera(s) connected to VigorSwitch.The panel sketch on the screen will display which LAN port that the IP camera connected.
Group Information
Total Group Display the total number of groups.
+Add New Group A group	can contain one (IP camera or NVR, as group leader) to several devices (IP cameras as group devices).Click the button to create a new group for managing multiple devices.Step (1) - The first page allows you to configure general settings for a new group.

● Group Name - Enter the name of a group.
- Group by - The system will detect the NVR or IP cameras, and list them on the field of NVR or Group Leader.
- NVR/Group Leader - Select an IP device. For the vedio from IP camera will be recorded on an NVR device, it is suggested to assign an NVR as the group leader.
- Group Device - This field lists all devices (IP cameras) not included by other group. Select one IP device to multiple devices or select all the devices for managed by this group.
- ONVIF Device Admin Username/Password - When the group members share the same username and password, enter the username and password in these two field for administration.
● Next - Click it to access into next page.

Step (2) - The second page allows you to configure throughput threshold for the group port. It is helpful for the system administrator to make the corresponding process if encountered abnormal situation.

• Apply to All Member Ports - Check the box to apply the throughput threshold setting to all member ports.
• GE# Ingress Threshold Mailalert - Click Enable to set the ingress limit value. When the incoming traffic (packet) of the GE port reaches the limit, the Vigor System will send an alert email to the system administrator.
  ■ GE# Ingress Rate - If enabling the ingress threshold alert, enter the ingress rate as a threshold to send mail alert.
• GE# Egress Threshold Mailalert - Click Enable to set the egress limit value. When the outgoing traffic (packet) of the GE port reaches the limit, the Vigor System will send an alert email to the system administrator.
  ■ GE# Egress Rate - If enabling the egress threshold alert, enter the egress rate as a threshold to send mail alert.
• OK - Save the configuration and exit the box.
• Cancel - Exit the box without saving the configuration.

Device Information

III-2-2 Throughput Threshold

This page is used for set throughput threshold for multiple ONVIF devices managed by VigorSwitch.

Available settings are explained as follows:

III-2 Video

On this page, users may directly view images captured from the specified IP camera.

Available settings are explained as follows:

III-3 Device Maintenance

The system administrator can remotely configure time setting and reboot the devices (IP cameras or NVRs) managed by VigorSwitch.

III-3-1 General

This page displays the information (e.g., device online, device name, etc.), time and date and the device action for a selected IP device (e.g., IP camera). Meanwhile, this page allows configuring settings for ping check of IP camera or NVR.

Available settings are explained as follows:

Item	Description
Device List Search - Enter	a string to search the IP device you want.Usage / Password - The default username/ password will be input if it is configured on the Topology page. However, if the default input is not the correct username/ password, enter the correct one of the IP device instead.Login - Click it to authenticate the username and password.Later, current network settings related to this device will be shown on the screen.
Device Information Display	the information related to the selected device.- Click it to modify the device name.
Time and Date Display the	time and date information related to the selected device. - Click it to modify the time setting for the device.
Device Action Display the	action performed by IP-based device. Factory Default - Click the Apply button to rest the factory default to the IP device. Reboot - Click the Apply button to reboot the IP device immediately.
Device Ping Check -- Configure settings for ping check of IP camera or NVR.
Port Display the port number of the IP device
Enable	Enable - Click it to enable the device ping check function. Disable - Click it to disable the function.
Ping IP Address Add Device	- Click it to add an IP address of the device to be pinged by VigorSwitch. Up to 16 IP address(es) can be added and displayed in this field one by one (with the format of x.x.x.x, x.x.x.x, x.x.x.x...) Del Device - Click it to remove the selected IP address.
Interval Time (sec) Set a time interval (15, 30, 60, 120) for pinging action.
Retry Time Choose 1, 3, or 5 for Vigor system to retry the pinging action.
Failure Action	Configure the power behavior for each LAN port. Power Cycle - Once the device is offline, VigorSwitch will power off the device and then power on the device again. Power Off - When the device is offline, power off the device immediately. Nothing - When the device is offline, no action will be Power Cycle Power Cycle Power Off Nothing Note: When a PoE hub connecting to LAN port of VigorSwitch, the power behavior (on/off) to the PoE hub also will apply to all the devices connecting to the PoE hub.
Mail Alert Enable - When the device is offline, Vigor system will send an alert mail to notify the receptant. Mail with Snapshot - If enabled, the switch will try to get snapshot from the device per half hour. Before using this
	feature, set the group authentication information when adding group or configure Default Username/ Password in the Topology page first.Disable- When the device is offline, no action will be performed.
Apply Save the settings or	changes to the switch.

III-3-2 Network

This page displays the network settings of the specified device (IP CAM or NVR).

Available settings are explained as follows:

III-3-3 Security

This page displays the security settings of the specified IP device (IP CAM or NVR).

Available settings are explained as follows:

Part IV Security

IV-1 Storm Control

Storm Control helps to suppress possible broadcast, unknown multicast or unknown unicast storm by applying a rate limit on those packets.

N-1-1 Properties

This page allows a user to configure general settings for Storm Control.

Available settings are explained as follows:

IV-1-2 Port Setting

This page allows the network administrator to configure port settings for Storm Control. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

IV-2 DoS

A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users. DoS attacks saturate the device with external communication requests, so that it cannot respond to legitimate traffic. These attacks usually lead to a device CPU overload.

The DoS protection feature is a set of predefined rules that protect the network from malicious attacks. The DoS Security Suite Setting enables activating the security suite.

IV-2-1 Properties

This page allows a user to configure DoS setting to enable/disable DoS function for global setting.

Available settings are explained as follows:

IV-2-2 DoS Port Setting

This page allows a user to configure and display the state of DoS protection for interfaces. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

IV-3 IP Source Guard

By using the source IP address filtering function, IP source guard can prevent a malicious host from feigning a legal host with its IP address and performing malicious attack.

N-3-1 Port Settings

IP source guard is a port-based feature. Therefore, it is necessary to configure detailed settings for each GE/LAG port interface separately.

Available settings are explained as follows:

IV-3-2 IMPV Binding

This page allows the network administrator to set the filtering conditions (binding type, MAC address, IPv4 address) for packets through the specified LAN port.

Available settings are explained as follows:

click it to remove the selected entry.

IV-4 IP Conflict Prevention

A user can configure IP addresses for network devices manually. However, it might result in conflict between different devices due to using the same IP address, and cause the devices not working correctly.

This page allows you to prevent IP conflict by binding the port with the specified IP address.

Available settings are explained as follows:

IP Conflict Prevention Setup Wizard

Quick Start Wizard - The system will guide to bind server port with an IP address step by step.

Step 1

Step 2

Step 3

Step 4

After clicking OK, the IP address specified for the GE port will be unavailable for other network devices.

Port Type - There are four selections - DHCP Client, Static Binding, Multiple Hosts and DHCP Server. Each type will bring out different IP address(es) settings.

OK - Click it to save the settings.

- Click it to remove the selected entry.

IV-5 Loop Protection

Loop event might be caused due to wrong hardware connection. VigorSwitch will periodically send packets out to check if they loopback or not. This page allows you to set conditions and perform an action when VigorSwitch detects the looped packet.

Available settings are explained as follows:

This page is left blank.

Part V ACL Configuration

V-1 Create ACL

An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.

V-1-1 MAC

The function is used to show the Access Control List (ACL) based on Layer 2 filtering, the MAC layer. The ACL is composed by many Access Control Element (ACE) rules. You can create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

Item	Description
ACL Profile Name Enter a	name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action	- click it to remove the selected entry.

V-1-2 IPv4

The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv4. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

Item	Description
ACL Profile Name Enter a	name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action	- click it to remove the selected entry.

V-1-3 IPv6

The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv6. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

V-2 Create ACE

Since ACL based on MAC, IPv4 and/or IPv4 has been created on the section of IV-1, now you can add multiple ACE rules for each ACL.

V-2-1 MAC

This page shows ACE based on MAC address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port.

You may provide filtering/matching criteria for one or more of packet characteristic (such as Source/Destination MAC, Ethertype, VLAN, 802.1p) for this ACE to identify the packet.

Available settings are explained as follows:

V-2-2 IPv4

This page shows ACE based on IPv4 address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port.

You may provide filtering/ matching criteria for one or more of following packet characteristic (such as Protocol over the IP layer, Source/ Destination IPv4 address, Type of Service, Source/ Destination port number, TCP flags, ICMP Type, if chosen protocol contains ICMP), for this ACE to identify the packet.

Available settings are explained as follows:

V-2-3 IPv6

This page allows the network administrator to create ACE based on IPv6 address.

Available settings are explained as follows:

Item	Description
ACL Profile Name Use the	drop down list to selected one of the user defined ACL profiles.
Sequence	Assign a sequence number to this ACE. The sequence is used to identify which one of ACEs in an ACL is firstly used to match ingress packets. The switch port bound with an ACL use the contained ACE rules, start with the one with lower sequence number to match the packet first.
Action Select the action applied to the packet matched this ACE. Permit or deny the packets into switch core, or shutdown the port for stopping further transmission.● Permit● Deny● Shutdown
Protocol Specify the protocol for filtering.● Any - All packets will be filtered.● Select - Choose one of the protocol (e.g., ICMP, TCP, EGP...) from the drop down list. Packets passing through the selected protocol will be filtered.● Define - Specify a type number (0 - 255) for ICMP code. For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.
Source IP / Destination IP	Specify the source and the destination IPv6 address for filtering.Any - All packets will be filtered.Or, enter the IPv6 address to filter the packets coming from that address.
Service	Any - All packets will be filtered.DSCP - All IP traffic is mapped to queues based on the DSCP field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue.IP Precedence - All IP traffic is mapped to queues based on the IP Precedence field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue.
Source Port / Destination Port	Specify the source and destination port number for filtering the packets.Any - All packets will be filtered.Single - Only the packets passing through the number defined here will be filtered.Range - Only the packets passing through the port range defined here will be filtered.
ICMP Type	Any - All packets will be filtered.Select - Choose one of the type (e.g., Destination Unreachable Echo Reply, MLD Query....) from the drop down list.Define - Specify a type number (0 - 255) for ICMP code. For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.
ICMP code Each ICMP type	can be defined with different codes. For example, if you define ICMP Type as “3”, then the available codes for Type 3 will be 0-15.Any - All packets will be filtered.Or, enter 0 to 255 based on the ICMP type specified.
Add Click it to create a new binding profile.
Modify	- Click it to modify the settings for the selected profile. - Click it to remove the selected entry.

V-3 ACL Binding

This section allows you to bind Access Control Lists created in previous section to an interface (physical port or aggregation).

A physical port can only be bound with one of the IPv4 and IPv6 ACL, not both.

Available settings are explained as follows:

Part VI QoS Configuration

VI-1 General

QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.

VI-1-1 Properties

VI-1-1-1 QoS General Setting

This page allows the network administrator to specify Ingress Trust Mode for basic QoS mode.

Available settings are explained as follows:

Apply Apply the settings to the switch.

VI-1-1-2 Trust Ports

This page allows the network administrator to enable the trust mode of basic QoS on each port. Port that is trust disabled will be sent with lowest priority queue. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VI-1-2 Port Settings

This page allows the network administrator to configure port settings for QoS. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VI-1-3 Queue Settings

VigorSwitch supports multiple queues for each interface. The higher numbered queue represents the higher priority. The following lists the types of supported priority queue:

• Strict Priority (SP) - Egress traffic from the higher priority queue will be transmitted first, lower priority queue shall wait until all traffic in SP queue is transmitted.
  ● Weighted Round Robin (WRR) - The number of packets sent from the queue is proportional to the weight of the queue.

Available settings are explained as follows:

VI-1-4 CoS Mapping

This section allows user to configure how ingress frames with CoS/802.1p tag map to QoS queues, and QoS queues to CoS/802.1p on egress frames.

Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only.

Available settings are explained as follows:

VI-1-5 DSCP Mapping

This section allows user to configure how ingress packets with DSCP tag map to QoS queues, and QoS queues to DSCP on egress packets.

Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only.

Available settings are explained as follows:

This section allows user to configure how ingress packets with IP Precedence tag map to QoS queues, and QoS queues to IP Precedence on egress packets.

Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only.

Available settings are explained as follows:

VI-2 Bandwidth

Use the bandwidth setting pages to define values that determine how much traffic the switch can receive and send on specific port or queue.

VI-2-1 Ingress Rate Limit

This page allows a user to configure ingress port rate limit. The ingress rate limit is the number of bits per second that can be received from the ingress interface. Excess bandwidth above this limit is discarded. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VI-2-2 Egress Shaping Rate

This page allows a user to configure egress port rate limit. The egress rate limit is the number of bits per second that can be received from the egress interface. Excess bandwidth above this limit is discarded.

Available settings are explained as follows:

VI-2-3 Egress Shaping Per Queue

This page allows user to configure the maximum egress bandwidth not only by port but also by specific QoS queues. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

This page is left blank.

Part VII PoE Configuration

VII-1 Properties

This page allows a user to configure general settings for PoE and configure priority of each port for supplying PoE power. While maximum power budget is reached, power will be served starting with critical priority.

If the priority setting for all GE ports is configured as the same value (e.g., High); then, GE1 will have the highest priority to obtain PoE power in actual operation.

Available settings are explained as follows:

VII-2 Status

This page displays the current PoE status (configured in Properties, Device Check and Schedule) for each PoE port.

Available settings are explained as follows:

VII-3 Schedule

VII-3-1 Schedule Profile

This page allows the network administrator to configure maximum 15 PoE schedule rules.

Available settings are explained as follows:

VII-3-2 Port Scheduling

This page allows the network administrator to specify the PoE port for applying the schedule. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Note that the schedule profile is only available in PoE Manual mode.

Available settings are explained as follows:

This page is left blank.

Part VIII System Maintenance

This page allows a user to configure TR-069 settings for connecting to VigorACS 2.

Available settings are explained as follows:

VIII-2 OpenVPN

Devices connecting to VigorSwitch can transmit data to remote end via OpenVPN to ensure the information security.

Available settings are explained as follows:

VIII-3 Webhook

Without getting any request, VigorSwitch will send the data (if available) that a user concerned to the specified URL (provided by remote client) automatically.

Available settings are explained as follows:

VIII-4 LLDP

LLDP is a one-way protocol; there are no request/response sequences. Information is advertised by stations implementing the transmit function, and is received and processed by stations implementing the receive function.

VII-4-1 Properties

This page allows a user to set general settings for LLDP.

Available settings are explained as follows:

VIII-4-2 LLDP Port Setting

This page allows a user to select specified port or all ports to configure LLDP state.

Available settings are explained as follows:

VIII-4-3 LLDP Local Device

This page displays information for LLDP Local Device.

Available settings are explained as follows:

VIII-4-4 LLDP Remote Device

This page allows the network administrator to view the information sent from neighboring devices by LLDP protocol.

Available settings are explained as follows:

VIII-4-7 LLDP Overloading

This page allows user to review current size, overall size of LLDP packet and whether it is to exceed maximum allowed size of single LLDP packet.

Available settings are explained as follows:

VIII-5 SNMP

Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.

SNMP is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.

SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.

An SNMP-managed network consists of three key components:

• Managed device
  ● Agent - software which runs on managed devices
  ● Network management station (NMS) - software which runs on the manager

A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information. Managed devices exchange node-specific information with the NMSs. Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers.

An agent is a network-management software module that resides on a managed device. An agent has local knowledge of management information and translates that information to or from an SNMP-specific form.

A network management station (NMS) executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.

VIII-5-1 View

This page allows the network administrator to create MIB views (Management information base) and then include or exclude OID (Object Identifier) in a view.

Available settings are explained as follows:

VIII-5-2 Group

This page allows the network administrator to group SNMP users and assign different authorization and access privileges.

Available settings are explained as follows:

VIII-5-3 Community

This page allows a user to add/remove multiple communities of SNMP.

Available settings are explained as follows:

VIII-5-4 User

This page allows a user to configure SNMPv3 user profile.

Available settings are explained as follows:

However, if there is no SNMPv3 group ready for use, the following pages will appear instead. Refer to VIII-5-2 Group to create a SNMPv3 group first.

VIII-5-5 Engine ID

VIII-5-5-1 Local Engine ID

This page allows a user to configure and display SNMP local engine ID.

Available settings are explained as follows:

VIII-5-5-2 Remote Engine ID

This page allows a user to configure and display SNMP remote engine ID.

Available settings are explained as follows:

Item	Description
Address Type	Specify the address type for entering hostname or IPv4/IPv6 address.
Server Address Enter the	IP address or the host name of the SNMP server.
Engine ID Specify the engine ID for remote SNMP server.The engine ID is range10 to 64 hexadecimal characters, and the hexadecimal number must be divided by 2.
Add Click it to create a new profile.
Edit

VIII-5-6 Trap Event

This page allows a user to add or delete SNMP trap receiver IP address and community name.

Available settings are explained as follows:

VIII-5-7 Notification

This page allows a user to configure a host to receive SNMPv1/ v2/ v3 notification.

Available settings are explained as follows:

Item	Description
Address Type Choose IPv4	IPv6/ Hostname to specify IP address or the hostname of the SNMP trap recipients.
Server Address Enter the	IP address of SNMP server based on the address type selected above.
Version Specify SNMP notification version (SNMPv1/ v2/ v3).
Type Specify Notification	TypeTrap -Send SNMP traps to the host.Inform - Send SNMP informs to the host. If it is used, Timeout and Retry also shall be defined.
Community/user Use the drop down list to choose one of the community profiles.
Security Level	Specify SNMP security level for SNMP notification packet. It is available when SNMPv3 is selected.No Security - No authentication.Authentication - Authentication without encryption will be performed for packets.Authentication and Privacy - Authentication with encryption will be performed for packets.
Server Port Specify the UDP port number for the recipient's server.Use Default - If it is checked, the default number (162) will be used automatically.
Timeout	Specify the SNMP informs timeout. It is available whenInformis selected as Type.Use Default - If it is checked, the default number (15) will be used automatically.
Retry Specify the SNMP informs retry count. It is available whenInformis selected as Type.Use Default- If it is checked, the default number (3) will be used automatically.
Add Click it to create a new notification profile.
Edit

VIII-6 Access Manager

This page allows the network administrator to control availability of management services such as HTTP, HTTPS, Telent and SSH.

Available settings are explained as follows:

VIII-7 Time and Date

VIII-7-1 System Time Zone

This page allows a user to specify where the time of VigorSwitch should be inquired from.

Available settings are explained as follows:

VIII-7-2 Time

This page allows a user to specify time and activate SNTP server manually.

Available settings are explained as follows:

VIII-8 Backup Manager

Backup Manager allows a user to backup the firmware image or configuration file on the switch to remote TFTP server or host file system through HTTP protocol.

Available settings are explained as follows:

VIII-9 Upgrade Manager

Backup Manager allows a user to upgrade the firmware image or configuration file on the switch to remote TFTP server or host file system through HTTP protocol.

Available settings are explained as follows:

VIII-10 Account Manager

This page allows a user to add or delete local user on switch database for authentication. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VIII-11 Factory Default

Click Apply to return to factory default settings for VigorSwitch.

If Keep my current IPv4 address settings is checked, after clicking Apply, the original configuration for IP address will be kept.

VIII-12 Reboot Switch

Click Apply to reboot VigorSwitch with current settings.

This page is left blank.

Part IX Diagnostics

IX-1 Device Check

After finished copper test, the results will be shown on the lower side of this web page.

This page is used to configure device check of PoE PD devices. It can be applied to PoE PD devices connected directly, check ping echo status, and forcibly reboot the device when meeting the preset health condition.

The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

IX-2 Cable Diagnostics

After finished copper test, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-3 Ping Test

After finished the ping test, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-4-1 SysLog Explorer

After clicking View, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-4-2 SysLog Settings

IX-4-2-1 SysLog Service

This page allows user to enable system logging into local syslog and specific remote syslog server for storage.

Available settings are explained as follows:

IX-4-2-2 Local SysLog

This page allows user to enable logging into volatile memory or non-volatile memory.

Available settings are explained as follows:

IX-4-2-3 Remote SysLog

This page allows user to enable system logging into specific remote syslog server for storage.

After clicking Apply, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-4-2-4 SysLog Mail

This page allows user to enable system logging into specific remote syslog server for storage.

After clicking Apply, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

Item	Description
State	Enable - Enable the function of Syslog Mail.Disable - Disable the function of Syslog Mail.
Category Vigor sytem will	send the e-mail related to the selected feature(s) to the recipient.
SMTP Server Enter IP address or URL of the SMTP server.
SMTP Port Enter the port number for the SMTP server.
Authentication	Enable - Click it to enable authentication mechanism.●Username - Enter a user name for authentication.●Password - Enter a password for authentication.
Encryption After enabling	Authentication, choose one of the encryption servers for data encryption.●StartTLS - The mail will be encrypted with StartTLS.SSL/TLS - The mail will be encrypted with SSL/ TLS.Disable - The mail sent out will not be encrypted.
Sender Enter the email address which will send the syslog mail out.
Email Address Enter the email address which will receive the syslog mail.
Apply Apply the settings to the switch.
Send test mail	After clicking this button, VigorSwitch system will send a test mail to the recipient.

Part X Mail Alert

X-1 Alert Setting

This page allows a user to configure settings for VigorSwitch to send alert mail when encountering certain situation.

Available settings are explained as follows:

This page is left blank.

Part XI Telnet Commands

XI-1 Accessing Telnet of VigorSwitch

This chapter also gives you a general description for accessing telnet and describes the firmware versions for the routers explained in this manual.

Info

For Windows 7 user, please make sure the Windows Features of Telnet Client has been turned on under Control Panel>>Programs.

Type cmd and press Enter. The Telnet terminal will be open later.

In the following window, type Telnet 192.168.1.224 as below and press Enter. Note that the IP address in the example is the default address of the router. If you have changed the default, enter the current IP address of the router.

Next, enter admin/ admin for Account/ Password.

For users using previous Windows system (e.g., XP), simply click Start >> Run and type Telnet 192.168.1.224 in the Open box.

Next, enter admin/admin for Account/Password.

XI-2 Available Commands

Enter ? to get a list of available commands.

The available commands contain - clear, clock, configure, copy, delete, disable, end, exit, hardware-monitor, ping, reboot, restore-defaults, save, show, ssl, terminal, and traceroute. Each command will be explained as follows.

Note: You can also enter ? to check if there are subcommands under current command.

XI-2-1 Clear Configuration

This command allows resetting the functions of ARP, interface, IP, IPv6, LACP, Line, LLDP, Logging, MAC, and Spanning Tree.

Te Inet Command: clear arp

Use this command to clear entries in the ARP cache.

Syntax Items

clear arp

Description

Example

P1085# clear arp 192.168.1.224

P1085#

Telnet Command: clear interfaces

Use this command to clear statistics counters for all interfaces or a specific interface (LAN or LAG).

Syntax Items

clear interfaces GigabitEthernet

clear interfaces LAG

Description

Example

P1085# clear interfaces gigabitethernet 3 counters P1085# clear interfaces P1085# clear interfaces lag 2 counters P1085#

Telnet Command: clear ip

Use this command to clear IGMP snooping groups (dynamic or static) information for all interfaces or a specific interface (LAN or LAG) with IP address.

Syntax Items

clear ip igmp

Description

Example

P1085# clear ip igmp snooping groups dynamic
P1085# 

Telnet Command: clear ipv6

Use this command to clear MLD snooping configuration for dynamic / static group(s) with IPv6 address.

Syntax Items

clear ipv6 mld

Description

Example

P1085# clear ipv6
P1085# clear ipv6 mld snooping groups dynamic
P1085# clear ipv6 mld snooping groups dynamic?
<cr>
P1085# clear ipv6 mld snooping groups static 

Telnet Command: clear lacp

Use this command to clear LACP configuration for specified LAG interface or all LAG interfaces.

Syntax Items

clear lacp <1-8> counters

clear lacp counters

Description

Example

P1085# clear lacp 1 counters
No interfaces configured in the channel group
P1085# 

Telnet Command: clear line

Use this command to clear line settings including SSH (Secure Shell) configuration and telnet daemon configuration.

Syntax Items

clear line ssh

clear line telnet

Description

Example

P1085# clear line ssh
P1085# clear line telnet 

Telnet Command: clear Ildp

Use this command to clear LLDP statistics or reset LLDP information.

Syntax Items

clear lldp global

clear lldp interfaces

Description

Example

P1085# clear lldp global statistics
P1085#
P1085# clear lldp interfaces LAG 1 statistics
P1085# clear lldp interfaces gigabitethernet 1 statistics
P1085# 

Telnet Command: clear logging

Use this command to clear log messages from the internal logging buffer and flash.

Syntax Items

clear logging buffered

clear logging file

Description

Example

P1085# clear logging buffered
P1085# clear logging file
P1085# 

Telnet Command: clear mac

Use this command to clear MAC configuration related to VLAN, LAG, and LAN port.

Syntax Items

clear mac address-table

Description

Example

P1085# clear mac address-table dynamic vlan 2038
P1085# clear mac address-table dynamic interfaces gigabitethernet 3
P1085# 

Telnet Command: clear spanning-tree

Use this command to clear running system information.

Syntax Items

clear spanning-tree

Description

Example

P1085# clear spanning-tree interfaces GigabitEthernet
<1-8> GigabitEthernet device number
P1085# clear spanning-tree interfaces gigabitethernet 3 statistics
P1085# clear spanning-tree interfaces LAG 1 statistics
P1085# 

XI-2-2 Clock Configuration

This command allows managing the system clock.

Telnet Command: clock set

Use this command to configure the system clock manually.

Syntax Items

clock set

Description

Example

XI-2-3 Configure Configuration

This command allows configuring the settings related to VigorSwitch.

Available sub-commands under Configure include:

clock, custom, dos, do, dray_surveillance, enable, end, errdisable, exit, hostname, interface, ip, ipv6, jumbo-frame, lacp, lag, line, lldp, logging, logmail, loop-protection, mac, mailalert, management-vlan, mirror, no, openvpn, poe, qos, schedule, snmp, sntp, spanning-tree, start-up, storm-control, surveillance-vlan, system, tr069, username, vlan, voice-vlan, webhook

Before configuration, you have to enter "configure" to access into next phase.

To return to previous phase, enter "exit"

Example

P1085# configure
P1085(config)#
P1085(config)# exit
P1085# 

Telnet Command: clock

Use this command to configure time zone, summer-time and external time source for the system clock.

Syntax Items

clock auto timezone clock source local clock source sntp clock summer-time clock timezone

Description

Example

P1085# configure
P1085(config)# clock source sntp
P1085(config)# exit

P1085# show clock detail
2019-01-05 06:51:23 UTC+8
Time source is sntp
Time zone:
Acronym is
Offset is UTC+8
P1085# configure
P1085(config)# clock summer-time tw date jan 30 2019 23:30 feb 1 2019 20:50
P1085(config)# exit
P1085# show clock detail
2019-01-05 07:13:49 UTC+8
Time source is sntp

Time zone:
Acronym is ACRONYM
Offset is UTC-10:08

Summertime:
Acronym is tw
Starting and ending on a specific date.
Begins at 1 30 19 23:30
Ends at 2 1 19 20:50
Offset is 60 minutes.
P1085# configure
P1085(config)# clock summer-time ACRONYM recurring eu 1200
P1085(config)# clock summer-time ACRONYM recurring first mon jan 10:10 first sun feb 10:10 1000
P1085(config)# exit
P1085# show clock detail
2019-01-05 11:37:18 UTC+8
Time source is sntp
Time zone:
Acronym is
Offset is UTC+8
Summertime:
Acronym is ACRONYM
Recurring every year.
Begins at 1 1 1 10:10
Ends at 1 0 2 10:10
Offset is 1000 minutes. 

Telnet Command: custom

Use this command to enable the module settings.

Syntax Items

custom enable

Description

Example

P1085# configure
P1085(config)# custom enable
P1085(config)# 

Telnet Command: dos

Use this command to enable specific Denial of Service (DoS) protection.

Syntax Items

dos daeqsa-deny dos icmp-frag-pkts-deny dos icmp-ping-max-length dos icmpv4-ping-max-check dos icmpv6-ping-max-check dos ipv6-min-frag-size-check dos ipv6-min-frag-size-length dos land-deny dos nullscan-deny dos pod-deny dos smurf-deny dos smurf-netmask dos syn-sportl1024-deny dos synfin-deny dos synrst-deny dos tcp-frag-off-min-check dos tcpblat-deny dos tcphdr-min-check dos tcphdr-min-length dos udpblat-deny dos xma-deny

Description

Example

P1085# configure
P1085(config)#
P1085(config)# dos icmp-ping-max-length 25252
P1085(config)# dos icmpv4-ping-max-check
P1085(config)# 

Telnet Command: dray\_surveillance

Use this command to enable / disable the ONVIF.

Syntax Items

dray_surveillance add

dray_surveillance direct-add

dray_surveillance set

Description

Example

P1085# configure
P1085(config)#
P1085(config)# dray_surveillance
P1085(config)#
P1085(config)# dray_surveillance add device uuid 53d7762a-c52b-4bb9-8000-305501e0f35f 

P1085(config)#

Telnet Command: do

Use this command to execute a command immediately.

Syntax Items

do SEQUENCE

Description

Example

Telnet Command: enable

Use this command to configure local password with encrypted string or not.

Syntax Items

enable password

enable secret

Description

• # enable secret PASSWORD
• # enable secret encrypted PASSWORD

Example

P1085# configure
P1085(config)# enable secret encrypted testtest
P1085(config)# exit
P1085# show running-config
DRAYTEK SYSTEM CONFIG FILE ::= BEGIN
! System Description: Draytek P1085 VigorSwitch
! System Version: v2.5.1_RC5
! System Name: P1085
!
!
!
sntp host pool.ntp.org port 123
clock timezone "acronym" -12 minutes 45
username "admin" secret encrypted 1Uic1I3aH$AIhmK3YtmYkYv9xAUya.R1
enable secret "testtest"
vlan 20
    name "test20"
voice-vlan oui-table 00:E0:BB "3COM"
voice-vlan oui-table 00:03:6B "Cisco"
voice-vlan oui-table 00:E0:75 "Veritel"
voice-vlan oui-table 00:D0:1E "Pingtel"
voice-vlan oui-table 00:01:E3 "Siemens"
voice-vlan oui-table 00:60:B9 "NEC/Philips"
voice-vlan oui-table 00:0F:E2 "H3C"
voice-vlan oui-table 00:09:6E "Avaya"
vlan mac-vlan group 1 14:49:BC:00:04:C9 mask 9
!
...... 

Telnet Command: end

Use this command to end current mode.

Syntax Items

end

Example

P1085# configure
P1085(config)#end
P1085#

Telnet Command: errdisable

Use this command to enable the auto recovery timer for port error.

Syntax Items

errdisable recovery cause errdisable recovery interval

Description

Example

P1085# configure
P1085(config)#
P1085(config)# errdisable recovery interval 600
P1085(config)# 

Telnet Command: exit

Use this command to exit current mode and return to previous mode/ phase.

Syntax Items

exit

Example

P1085# configure
P1085(config)#
P1085(config)# exit
P1085# 

Telnet Command: hostname

Use this command to modify the network name of VigorSwitch.

Syntax Items

hostname

Description

Example

P1085# configure 

P1085(config)# hostname Switch_3F
Switch_3F(config)# 

Telnet Command: interface

Use this command to configure interface settings.

Before configuring, you have to access into next phase. See the following example:

P1085# configure
P1085(config)#
P1085(config)# interface GigabitEthernet 3
P1085(config-if)# 

Or

P1085# configure
P1085(config)#
P1085(config)# interface range LAG 3
P1085(config-if-range)# 

Syntax Items

interface GigabitEthernet

interface LAG

interface range

Description

Example

P1085# configure
P1085(config)# interface LAG 1
P1085(config-if)#

Under (config-if)#, available sub-commands for LAN or LAG will be different. Below shows the items under Ethernet LAN:

<config-if># back-pressure
<config-if># custom
<config-if># description
<config-if># device-check
<config-if># dos
<config-if># do
<config-if># dray_surveillance 

<config-if># duplex
<config-if># eee
<config-if># end
<config-if># exit
<config-if># flowcontrol
<config-if># ip
<config-if># ipv6
<config-if># lacp
<config-if># lag
<config-if># lldp
<config-if># mac
<config-if># no
<config-if># poe
<config-if># power
<config-if># protected
<config-if># qos
<config-if># rate-limit
<config-if># shutdown
<config-if># spanning-tree
<config-if># speed
<config-if># storm-control
<config-if># surveillance-vlan
<config-if># switchport
<config-if># vlan
<config-if># voice-vlan 

Description

Example

P1085# configure
P1085(config)# interface LAG 1
P1085(config-if)# speed 100
P1085(config-if)# backpressure
P1085(config-if)# vlan mac-vlan group 35 vlan 1000
P1085(config-if)# 

Telnet Command: ip

Use this command to create an IPv4 access list (ACL) which performs classification on layer 3 fields and enters ip-access configuration mode.

Syntax Items

ip acl

ip address

ip conflict

ip default-gateway

ip dhcp

ip dns

ip forcedhttps

ip http

ip https

ip igmp

ip source

ip ssh

ip telent

Description

• #deny <0-255> any / dscp <0-63> shutdown
• #deny <0-255> any / precedence <0-7>
• #deny <0-255> any / precedence <0-7> shutdown
• #deny <0-255> any any dscp <0-7>
• #deny <0-255> any any dscp <0-7> shutdown
• #deny <0-255> any any precedence <0-7>
• #deny <0-255> any any precedence <0-7> shutdown

Use the "do" command to run execution command in current mode. -

Related Syntax:

- #do

Use the "end" command to finish current mode. Any changes in current mode will be saved.

Related Syntax:

- #end

Use the "exit" command to close the current CLI session or return to the previous mode without saving the settings.

Related Syntax:

- #exit

Use the "no sequence" command to delete any entry in management ACL.

<1-2147483647>- Specify an index number of the ACL.

Related Syntax:

- #no sequence <1-2147483647>

Use the "permit" command to create permit rules which bypass the packets meet the rule.

<0-255/ egp/ hmp/ icmp/ igp/ ipinip/ ipv6 / ipv6:frag / ipv6:icmp / ipv6:rout / ip / 12tp / ospf / pim / rdp / rsvp / tcp / udp > - Specify the IP protocol number or enter the name of the protocol.

// - Specify the source and destination IPv4 addresses and subnet masks.

dscp <0-63> - Set the DSCP filtering by specifying a value for DSCP. precedence <0-7> - Set the cos value and the cos mask for a packet. Shutdown - Disable the Ethernet interface.

any - Any IP address (as source or destination).

Related Syntax:

#permit <0-255> / / dscp <0-63>

#permit <0-255> / / dscp <0-63> shutdown

#permit <0-255> / / precedence <0-7>

#permit <0-255> / / precedence <0-7> shutdown

- #permit <0-255> any / dscp <0-63>

- #permit <0-255> any / dscp <0-63> shutdown

- #permit <0-255> any / precedence <0-7>

- #permit <0-255> any /

Example

P1085# configure
P1085(config)# ip acl market_1
P1085(config-ip-acl)#
P1085(config-ip-acl)# deny 20 192.168.2.55/255.255.255.0 192.168.2.85/255
P1085(config)# 

#sequence

#show

Use the "deny" command to create deny rules for the IPv4 access list.

<0-255/ icmp/ ipv6/ tcp / udp > - Specify the IP protocol number or enter the name of the protocol.

<0-255/ any> - Specify ICMPv6 number.

/<0-128>/<0-128> - Specify the source/destination IPv6 addresses and subnet masks.

dscp <0-63> - Set the DSCP filtering by specifying a value for DSCP. precedence <0-7> - Set the cos value and the cos mask for a packet. shutdown - Disable the Ethernet interface.

any - Any IP address (as source or destination).

<0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>- Set TCP port.

match-all - Set TCP flags. List of TCP flags that should occur. If a flag should be set, it is p refixed by "+".If a flag should be unset, it is prefixed by "-". Avai lable options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin. To define more than 1 flag - enter additional flags one after another without a space (example +syn-ack).

<0-65535/ PORT_RANGE / any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> /<0-128> <0-65535/ PORT_RANGE / any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> - Set UDP port.

Related Syntax:

• #deny <0-255> /<0-128> /<0-128>
  #deny <0-255> /<0-128> /<0-128> dscp <0-63>
  #deny <0-255> /<0-128> /<0-128> dscp <0-63> shutdown
• #deny <0-255> /<0-128> /<0-128> precedence <0-7>
• #deny <0-255> /<0-128> /<0-128> precedence <0-7> shutdown
• #deny <0-255> /<0-128> /<0-128> shutdown
• #deny <0-255> /<0-128> any dscp <0-63>
• #deny <0-255> /<0-128> any dscp <0-63> shutdown
• #deny <0-255> /<0-128> any precedence <0-7>
• #deny <0-255> /<0-128> any precedence <0-7>shutdown
• #deny <0-255> /<0-128> any shutdown
• deny icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded><0-255/ any> dscp <0-63>
• #deny icmp /<0-128>

precedence <0-7>
- #deny ipv6 /<0-128> any precedence <0-7>shutdown
- #deny ipv6 /<0-128> any shutdown
- #deny ipv6 any /<0-128>
- #deny ipv6 any /<0-128> dscp <0-63>
- #deny ipv6 any /<0-128> dscp <0-63> shutdown
- #deny ipv6 any /<0-128> precedence <0-7>
- #deny ipv6 any /<0-128> precedence <0-7> shutdown
- #deny ipv6 any /<0-128> shutdown
- #deny ipv6 any any
- #deny ipv6 any any dscp <0-63>
- #deny ipv6 any any dscp <0-63> shutdown
- #deny ipv6 any any precedence <0-7>
- #deny ipv6 any any precedence <0-7> shutdown
- #deny ipv6 any any shutdown
#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>
#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> dscp <0-63>
#deny tcp /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> dscp <0-63> shutdown
#deny tcp /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all dscp <0-63>
#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all dscp <0-63> shutdown
- #deny tcp /<0-128><0-65535/

PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all precedence <0-7>

#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all precedence <0-7> shutdown

#deny tcp /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all shutdown

#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> precedence <0-7>

#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> precedence <0-7> shutdown

#deny tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> shutdown

#deny udp /<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>/<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>

#deny udp / <0-128> <0-65535/ PORT_RANGE / any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> / <0-128> <0-65535/ PORT_RANGE / any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> dscp <0-63>

#deny udp /<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo

match-all - Set TCP flags. List of TCP flags that should occur. If a flag should be set, it is p refixed by "+".If a flag should be unset, it is prefixed by "-".Avai lable options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin.To define more than 1 flag - enter additional flags one after another without a space (example +syn-ack).

<0-65535/ PORT_RANGE / any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> /<0-128> <0-65535/ PORT_RANGE / any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> - Set UDP port.

Related Syntax:

#permit <0-255> /<0-128> /<0-128>
- # permit <0-255> /<0-128> /<0-128> dscp <0-63>
# permit <0-255> / <0-128> / <0-128> dscp <0-63> shutdown
- # permit <0-255> /<0-128> /<0-128> precedence <0-7>
- # permit <0-255> / <0-128> / <0-128> precedence <0-7> shutdown
- # permit <0-255> /<0-128> /<0-128> shutdown
- # permit <0-255> /<0-128> any dscp <0-63>
- # permit <0-255> /<0-128> any dscp <0-63> shutdown
- # permit <0-255> /<0-128> any precedence <0-7>
- # permit <0-255> /<0-128> any precedence <0-7>shutdown
- # permit <0-255> /<0-128> any shutdown
- permit icmp /<0-128> /<0-128> <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> dscp <0-63>
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> dscp <0-63> shutdown
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> precedence <0-7>
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> precedence <0-7> shutdown
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> shutdown
- # permit icmp /<0-128> any

<0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> dscp <0-63>
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> dscp <0-63> shutdown
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> precedence <0-7>
- # permit icmp / <0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> precedence <0-7> shutdown
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> shutdown
- # permit ipv6 /<0-128> /<0-128>
- # permit ipv6 /<0-128> < X:X::X:X>/<0-128> dscp <0-63>
- # permit ipv6 /<0-128> /<0-128> dscp <0-63> shutdown
# permit ipv6 /<0-128> /<0-128> precedence <0-7>
- # permit ipv6 /<0-128> /<0-128> precedence <0-7> shutdown
- # permit ipv6 /<0-128> /<0-128> shutdown
- # permit ipv6 /<0-128> any dscp <0-63>
- # permit ipv6 /<0-128> any dscp <0-63> shutdown
- # permit ipv6 /<0-128> any precedence <0-7>
- # permit ipv6 /<0-128> any precedence <0-7>shutdown
- # permit ipv6 /<0-128> any shutdown
- # permit ipv6 any /<0-128>
- # permit ipv6 any /<0-128> dscp <0-63>
- # permit ipv6 any /<0-128> dscp <0-63> shutdown
- # permit ipv6 any /<0-128> precedence <0-7>
- # permit ipv6 any /<0-128> precedence <0-7> shutdown
- # permit ipv6 any /<0-128> shutdown
- # permit ipv6 any any
- # permit ipv6 any any dscp <0-63>
- # permit ipv6 any any dscp <0-63> shutdown

• # permit ipv6 any any precedence <0-7>
• # permit ipv6 any any precedence <0-7> shutdown
• # permit ipv6 any any shutdown
  # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>
  # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> dscp <0-63>
  # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> dscp <0-63> shutdown
  #deny tcp / <0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all dscp <0-63>
  # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all dscp <0-63> shutdown
  # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all precedence <0-7>
• # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all precedence <0-7> shutdown
• # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo

/ ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> match-all shutdown
# permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> precedence <0-7>
# permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> precedence <0-7> shutdown
- # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / talk / telnet / time / whois / www> shutdown
# permit udp /<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>/<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>
# permit udp /<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>/<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>dscp<0-63>
- # permit udp /<0-128> <0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>/<0-128> <0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>dscp<0-63> shutdown
# permit udp / <0-128> <0-65535/PORT_RANGE/ any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> / <0-128> <0-65535/ PORT_RANGE/ any / bootpc / bootps / discard / domain / echo / nameserver / netbios-ns / ntp / rip / snmp / snmptrap / sunrpc / syslog / talk / tftp / time / who> dscp <0-63> precedence <0-7>
- # permit udp /<0-128> <0-65535/PORT_RANGE/any/bootpc/bootps/discard/domain/echo/nameserver/netbios-ns/ntp/rip/snmp/snmptrap/sunrpc/syslog/talk/tftp/time/who>/<0-128><0-65535/PORT_RANGE/any/bootpc/bootps/discard/

value. Default is 10.

robustness-variable <1-7> - Specify a robustness-variable value.

Default is 2.

router learn pim-dvmrp - Use it to enable learning router port by routing protocol packets (DVMRP).

static-group interfaces gigabitethernet <1-8> - Use it to add a static group. Specify a physical port.

static-group interfaces LAG <1-8> - Use it to add a static group. Specify a LAG port.

static-port gigabitethernet <1-8>- Use it to add static forwarding port. Specify a physical port.

static-port LAG <1-8>- Use it to add static forwarding port. Specify a LAG port.

static-router-port GigabitEthernet <1-8> - Use it to add static router port. All query packets wil forward to the specified port. Specify a physical port.

static-router-port LAG <1-8> - Use it to add static router port. All query packets will forward to the specified port. Specify a LAG port.

Related Syntax:

<config>#ipv6 mld profile <1-128>
    <config-mld-profile># do
    <config-mld-profile># end
    <config-mld-profile># exit
    <config-mld-profile># profile range ipv6 <X:X::X:X> action <deny/ permit>
    <config-mld-profile># profile range ipv6 <X:X::X:X> <X:X::X:X>
    <config-mld-profile># profile range ipv6 <X:X::X:X> <X:X::X:X> action <deny/ permit>
    <config-mld-profile># show 

• #ipv6 mld snooping
  #ipv6 mld snooping forward-method
• #ipv6 mld snooping report-suppression
  #ipv6 mld snooping unknown-multicast action
• #ipv6 mld snooping version <1/2>
• #ipv6 mld snooping vlan <1-4094>
  #ipv6 mld snooping vlan <1-4094> forbidden-port GigabitEthernet <1-8>
  #ipv6 mld snooping vlan <1-4094> forbidden-port LAG <1-8>
• #ipv6 mld snooping vlan <1-4094> forbidden-router-port GigabitEthernet <1-8>
• #ipv6 mld snooping vlan <1-4094> forbidden-router-port LAG <1-8>
  #ipv6 mld snooping vlan <1-4094> immediate-leave
• #ipv6 mld snooping vlan <1-4094> last-member-query-count <1-7>
• #ipv6 mld snooping vlan <1-4094> last-member-query-interval <1-25>
  #ipv6 mld snooping vlan <1-4094> query-interval <30-18000>
  #ipv6 mld snooping vlan <1-4094> response-time <5-20>
  #ipv6 mld snooping vlan <1-4094> robustness-variable <1-7>
  #ipv6 mld snooping vlan <1-4094> router learn

Example

P1085# configure
P1085(config)#
P1085(config)# ipv6 mld snooping vlan 33
P1085(config)# ipv6 acl CA_v6
P1085(config-ipv6-acl)# deny 3 00:50::32:ff/24 00:50::78:aa/32

Telnet Command: jumbo-frame

Use this command to modify the maximum frame size of jumbo frame.

Syntax Items

jumbo-frame

Description

Example

P1085# configure
P1085(config)#
P1085(config)# jumbo-frame 8000
P1085(config)# 

Telnet Command: lacp

Use this command to set the system priority of the switch.

Syntax Items

Iacp

Iacp system-priority

Description

Example

Telnet Command: lag

LAG port can transmit packets to all ports for balancing the traffic loading. Use this command to change the load balance algorithm to src-dst-mac or src-dst-mac-ip as the Load Balance policy.

Syntax Items

lag load-balance

Description

Example

Telnet Command: line

Use this command to select line configuration mode.

Syntax Items

line console

line ssh

line telent

Description

Example

P1085# configure
P1085(config)#
P1085(config)# line telnet
P2280x(config-line)# 

Telnet Command: Ildp

Use this command to set LLDP function.

Syntax Items

lldp

Ildp holdtime-multiplier

Ildp Ildpdu

Ildp reinit-delay

Ildp tx-delay

Ildp tx-interval

Description

Example

P1085# configure
P1085(config)#
P1085(config)# lldp tx-interval 500
P1085(config)# 

Telnet Command: logging

Use this command to set logging service on VigorSwitch.

Syntax Items

logging

logging buffered

logging console

logging file

logging host

Description

Example

P1085# configure
P1085(config)#
P1085(config)# logging host aa:00::1a:FF facility local1 

Telnet Command: logmail

Use this command to configure log mail.

Syntax Items

logmail active logmail auth logmail category logmail encry logmail password logmail port logmail receiver logmail sender logmail server logmail username

Description

Example

P1085# configure
P1085(config)#
P1085(config)# logmail receiver carrie_ni@draytek.com
P1085(config)# 

Telnet Command: loop-protection

Use this command to set loop-protection.

Syntax Items

loop-protection action

loop-protection periodicTime

loop-protection state

Description

Example

P1085# configure
P1085(config)#
P1085(config)# loop-protection state enable
P1085(config)# 

Telnet Command: mac

Use this command to create a MAC access list.

Syntax Items

mac acl

mac address-table

Description

Shutdown - Disable the Ethernet interface.

vlan <1-4094> - Specify the VLAN ID of the packet. any - Any MAC address.

Related Syntax:

#permit /cos <0-7><0-7>
#permit /cos <0-7><0-7>ethtype <0x0600-0xFFFF>
#permit /
ethtype <0x0600-0xFFFF>
#permit / vlan <1-4094>
#permit / vlan <1-4094>cos <0-7><0-7>
#permit / vlan <1-4094>cos <0-7><0-7> ethtype <0x0600-0xFFFF>
#permit / vlan <1-4094>ethtype <0x0600-0xFFFF>
#permit any /cos <0-7><0-7>
#permit any /cos <0-7><0-7>ethtype <0x0600-0xFFFF>
- #permit any /
ethtype <0x0600-0xFFFF>
- #permit any /vlan <1-4094>
#permit any /vlan <1-4094> cos <0-7><0-7>
- #permit any / vlan <1-4094> cos <0-7><0-7>ethtype <0x0600-0xFFFF>
#permit any /vlan <1-4094> ethtype <0x0600-0xFFFF>

Use the "sequence" command to deny or permit the ACL.

<1-2147483647> - Enter the sequence index ACE. The sequence represents the priority of the ACE in the ACL.

/ Specify the source and destination MAC addresses and subnet masks.

cos <0-7><0-7> - Set the cos value and the cos mask for a packet. <0x0600-0xFFFF> - Set the EtherType of the packet.

shutdown - Disable the Ethernet interface.

vlan <1-4094> - Specify the VLAN ID of the packet.

any - Any MAC address.

Related Syntax:

#sequence <1-2147483647>deny // cos <0-7><0-7>
#sequence <1-2147483647>deny // cos <0-7><0-7> ethtype <0x0600-0xFFFF>
- #sequence <1-2147483647>deny < A:B:C:D:E:F>/// cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown
#sequence <1-2147483647>deny /// cos <0-7><0-7> shutdown
- #sequence <1-2147483647>deny < A:B:C:D:E:F>// ethtype <0x0600-0xFFFF>
#sequence <1-2147483647>deny //

ethtype <0x0600-0xFFFF> shutdown

#sequence <1-2147483647>deny // shutdown

#sequence <1-2147483647>deny any /// cos <0-7><0-7>

#sequence <1-2147483647>deny any // cos <0-7><0-7> ethtype <0x0600-0xFFFF>

- #sequence <1-2147483647>deny any < A:B:C:D:E:F>/< A:B:C:D:E:F>// cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown

#sequence <1-2147483647>deny any /// cos <0-7><0-7> shutdown

- #sequence <1-2147483647>deny any any cos <0-7><0-7>

#sequence <1-2147483647>deny any any cos <0-7><0-7>ethtype <0x0600-0xFFFF>

#sequence <1-2147483647>deny any any cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown

- #sequence <1-2147483647>deny any any cos <0-7><0-7> shutdown

#sequence <1-2147483647>deny any any ethtype <0x0600-0xFFFF>

#sequence <1-2147483647>deny any any ethtype <0x0600-0xFFFF> shutdown

- #sequence <1-2147483647>deny any any shutdown

#sequence <1-2147483647>deny any any vlan <1-4094>

#sequence <1-2147483647>deny any any vlan <1-4094> cos <0-7><0-7>

#sequence <1-2147483647>deny any any vlan <1-4094> cos <0-7><0-7> ethtype <0x0600-0xFFFF>

#sequence <1-2147483647>deny any any vlan <1-4094> cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown

#sequence <1-2147483647>deny any any vlan <1-4094> ethtype <0x0600-0xFFFF>

#sequence <1-2147483647>deny any any vlan <1-4094> ethtype <0x0600-0xFFFF> shutdown

#sequence <1-2147483647>deny any any vlan <1-4094> shutdown

#sequence <1-2147483647>permit // cos <0-7><0-7>

#sequence <1-2147483647>permit // cos <0-7><0-7> ethtype <0x0600-0xFFFF>

#sequence <1-2147483647>permit // ethtype <0x0600-0xFFFF>

- #sequence <1-2147483647>permit < A:B:C:D:E:F> / < A:B:C:D:E:F> < A:B:C:D:E:F> / < A:B:C:D:E:F> vlan <1-4094>

#sequence <1-2147483647>permit // vlan <1-4094> cos <0-7><0-7>

#sequence <1-2147483647>permit // vlan <1-4094> cos <0-7><0-7> ethtype <0x0600-0xFFFF>

Example

P1085# configure
P1085(config)# mac acl test_CA
P1085(config-mac-acl)# deny 00:50:00:7f:12:11/00:00:00:00:10:20
00:50:00:aa:bb:cc/00:00:00:00:12:00 cos 3 2 ethtype 0x0600
P1085(config-mac-acl)# deny any 00:50:00:7f:12:11/00:00:00:00:10:20 cos 5 6
ethtype 0x0600
P1085(config-mac-acl)# deny any
P1085(config)# mac address-table static 00:50:07:12:ff:aa vlan 300 drop 

Telnet Command: mail alert

Use this command to configure mail alert for various conditions.

Syntax Items

mailalert active

mailalert auth

mailalert devicecheck

mailalert encry

mailalert hwmon

mailalert interval

mailalert ipconflict

mailalert password

mailalert poestatus

mailalert port

mailalert portlink

mailalert portspeed

mailalert receiver

mailalert sender

mailalert server

mailalert sysrestart

mailalert throughputcheck

mailalert username

Description

Example

P1085# configure
P1085(config)#
P1085(config)# mailalert receiver carrie_ni@draytek.com 

Telnet Command: management-vlan

Use this command to set VLAN ID for management VLAN.

Syntax Items

management-vlan vlan

Description

Example

Telnet Command: mirror

Use this command to set the source / destination interface of a port mirror session.

Syntax Items

mirror session

Description

Example

Telnet Command: no

Use this command to disable specific command.

Syntax Items

no

Example

P1085# configure
P1085(config)#
P1085(config)# no clock timezone
P1085(config)# 

Telnet Command: openvpn

Use this command to enable/ disable the OpenVPN tunnel.

Syntax Items

openvpn enable

openvpn disable

openvpn filename

Description

Example

P1085# configure
P1085(config)#
P1085(config)# 

Tel net Command: poe

Use this command configure settings for PoE device.

Syntax Items

poe mode

poe schedule

Description

Example

P1085# configure
P1085(config)#
P1085(config)# poe mode auto 

Telnet Command: qos

Use this command to configure QoS settings.

Syntax Items

qos qos map qos queue qos trust

Description

Example

P1085# configure
P1085(config)#
P1085(config)# qos map cos-queue SEQUENCE to 3
P1085(config)# 

Telnet Command: schedule

Use this command to set schedule.

Syntax Items

schedule index

Description

Example

P1085# configure
P1085(config)#
P1085(config)# schedule index 1 how-often cycle-days 3 start-date jan 1 2019
start-time 08:01 duraton 17:30 action on
P1085(config)# schedule index 2 how-often weekdays sun start-date may 11 2019
start-time 02:10 duration 12:10 action on
P1085(config)# 

Use this command to define SNMP community.

Syntax Items

snmp community

snmp engineid

snmp group

snmp host

snmp trap

snmp user

snmp view

Description

udp-port <1-65535>

# snmp host HOSTNAME traps version <1/2c/3> udp-port <1-65535> retries <1-255>
# snmp host HOSTNAME traps version <1/2c/3> udp-port <1-65535> timeout <1-300>
# snmp host HOSTNAME traps version <1/2c/3> udp-port <1-65535> timeout <1-300> retries <1-255>
# snmp host HOSTNAME version <1/2c/3>
# snmp host HOSTNAME version <1/2c/3> retries <1-255>
- # snmp host HOSTNAME version <1/2c/3> timeout <1-300>
# snmp host HOSTNAME version <1/2c/3> timeout <1-300> retries <1-255>
# snmp host HOSTNAME version <1/2c/3> udp-port <1-65535>
# snmp host HOSTNAME version <1/2c/3> udp-port <1-65535> retries <1-255>
# snmp host HOSTNAME version <1/2c/3> udp-port <1-65535> timeout <1-300>
- # snmp host HOSTNAME version <1/2c/3> udp-port <1-65535> timeout <1-300> retries <1-255>

# snmp host
# snmp host retries <1-255>
# snmp host retries <1-255> timeout <1-300>
# snmp host retries <1-255> timeout <1-300> retries <1-255>
# snmp host udp-port <1-65535>
# snmp host udp-port <1-65535> retries <1-255>
<config)# snmp host udp-port <1-65535> timeout <1-300>
# snmp host udp-port <1-65535> timeout <1-300> retries <1-255>
# snmp host informs
# snmp host informs retries <1-255>
# snmp host informs timeout <1-300>
# snmp host informs retries <1-255> timeout <1-300> retries <1-255>
# snmp host informs udp-port <1-65535>
# snmp host informs udp-port <1-65535> retries <1-255>
# snmp host informs udp-port <1-65535> timeout <1-300>
# snmp host informs udp-port <1-65535> timeout <1-300> retries <1-255>
# snmp host traps
# snmp host traps retries <1-255>
# snmp host traps timeout <1-300>
# snmp host traps timeout <1-300> retries <1-255>
# snmp host traps udp-port <1-65535>
# snmp host traps udp-port <1-65535> retries <1-255>
# snmp host traps udp-port

Example

P1085# configure
P1085(config)#
P1085(config)# snmp engineid remote 192.168.2.38 00036D001188 

P1085(config)# snmp engineid remote 00:50::16:88 00036D002288
P1085(config)# snmp host 192.168.2.89 CAR_community udp-port 1500 timeout 200
P1085(config)# snmp host 192.168.2.88 informs version 2c CAR_community
udp-port 3000 timeout 180 retries 35
P1085(config)# snmp host 192.168.2.88 traps version 2c CAR_traps udp-port 6500
timeout 60 retries 2
P1085(config)# snmp host 192.168.2.88 version 2c CAR_version udp-port 3000
timeout 60 retries 2
P1085(config)# snmp host HOSTNAME CAR_host udp-port 3000 timeout 60 retries
P1085(config)# snmp host HOSTNAME informs HA_informs udp-port 3000 timeout 60
retries 2
P1085(config)# snmp host HOSTNAME version 2c HT_version udp-port 3000 timeout
60 retries 2
P1085(config)# snmp user CA_user_1 CA_group_1 auth md5 CA12345678 priv
PR12345678
P1085(config)# snmp view CAR_community subtree 10 oid-mask 9 viewtype included
P1085(config)#

Telnet Command: sntp

Use this command to configure settings for remote SNTP server.

Syntax Items

sntp host

Description

Example

P1085# configure
P1085(config)#
P1085(config)# sntp host KEY1245 port 3000
P1085(config)#

Telnet Command: spanning-tree

Use this command to configure settings for spanning-tree.

Syntax Items

spanning-tree

spanning-tree bpdu

spanning-tree forward-delay

spanning-tree hello-time

spanning-tree maximum-age

spanning-tree mode

spanning-tree pathcost

spanning-tree priority spanning-tree tx-hold-count

Description

Example

P1085# configure P1085(config)# P1085(config)# spanning-tree forward-delay 20

P1085(config)#
P1085(config)# spanning-tree maximum-age 38
P1085(config)#
P1085(config)# spanning-tree tx-hold-count 3
P1085(config)# 

Telnet Command: start-up

Use this command to restart ICP status after rebooting VigorSwitch.

Syntax Items

start-up icp

Description

Example

P1085# configure
P1085(config)#
P1085(config)# start-up icp enable
P1085(config)# 

Telnet Command: storm-control

Use this command to configure settings for Storm Control.

Syntax Items

storm-control ifg exclude storm-control ifg include storm-control unit bps storm-control unit pps

Description

Example

P1085# configure
P1085(config)#
P1085(config)# storm-control ifg exclude
P1085(config)#
P1085(config)# storm-control unit bps
P1085(config)# 

Telnet Command: surveillance-vlan

Use this command to configure settings for surveillance-VLAN.

Syntax Items

surveillance-vlan

surveillance-vlan aging-time

surveillance-vlan cos

Use this command to modify the contact information of VigorSwitch.

Syntax Items

system contact

system location

system name

Description

Example

P1085# configure
P1085(config)#
P1085(config)# system contact callMIS
P1085(config)#
P1085(config)# system location DrayTek
P1085(config)# system name UPDATEFRIM
UPDATEFRIM(config)#

Telnet Command: tr069

Use this command to configure parameter settings of TR-069.

Syntax Items

tr069 acsPwd

tr069 acsUsername

tr069 acsurl

tr069 cpeEnable

tr069 cpePwd

tr069 cpeUsername

tr069 cpeport

tr069 healthlinkstatus

tr069 healthpoewarning
tr069 healthspeedstatus
tr069 periodicInfo
tr069 periodicTime Time
tr069 ssl
tr069 stun
tr069 stunMAXkeepalive
tr069 stunMINkeepalive
tr069 stunaddr
tr069 stunport
tr069 tls

Description

Example

P1085# configure

P1085(config)#
P1085(config)# tr069 stunaddr 192.168.3.99
P1085(config)# 

Telnet Command: username

Use this command to add a new user account or edit an existing user account.

Syntax Items

username

Description

Example

P1085# configure
P1085(config)#
P1085(config)# username carrie_1 privilege admin secret md123456
P1085(config)#
P1085(config)# username carrie_1 secret encrypted ca123456
Old password: *****
P1085(config)#

Telnet Command: vlan

Use this command to configure detailed settings for VLAN profile.

Before configuring, you have to access into next phase. See the following example:

P1085# configure
P1085(config)#
P1085(config)# vlan 3
P2280x(config-vlan)# 

Syntax Items

vlan vlan-list

vlan mac-vlan group

Description

Example

P1085# configure
P1085(config)# vlan 3
P1085(config-vlan)#
P1085(config-vlan)# name vlan_friends
P1085(config-vlan)#
...
P1085(config)# vlan mac-vlan group 33 00:50:17:22:12:ff mask 10
P1085(config)# 

Telnet Command: voice-vlan

Use this command to enable voice VLAN and configure settings for voice VLAN.

Syntax Items

voice-vlan aging-time

voice-vlan cos

voice-vlan oui-table

voice-vlan vlan

Description

Example

Telnet Command: webhook

Use this command to enable or disable the webhook service.

Syntax Items

webhook active

webhook host

webhook interval

webhook keep

Description

Example

P1085# configure
P1085(config)# webhook host service https
P1085(config)# webhook host url www.demo.com
P1085(config)# webhook host path Draytek/demo
P1085(config)# webhook host port 443
P1085(config)# webhook interval 2 

XI-2-4 Copy Configuration

Use this command to upgrade firmware image, configuration file, syslog file, language file and security certificate.

Syntax Items

copy flash://

copy tftp://

copy running-config

copy startup-config

Description

Example

P1085# copy running-config tftp://172.16.3.8/test_carrie.cfg
Uploading file. Please wait...
Save configuration done.
P1085# copy startup-config tftp://172.16.3.8/test_da.cfg 

Uploading file. Please wait...
Save configuration done.
P1085# 

XI-2-5 Delete Configuration

Use this command to delete a configuration file from the FLASH file system.

Syntax Items

delete flash:// startup-config

delete startup-config

Description

Example

P1085# delet flash://startup-config
Delete flash://startup-config [y/n] y
Do you want to reload the system to take effect? [y/n] y 

XI-2-6 Disable Configuration

All commands used will be divided into EXEC mode and Privileged EXEC mode. This command is to turn off privileged mode command.

Default privilege level is 15 if no privilege level is specified on enable command.

Default privilege level is 1 if no privilege level is specified on disable command.

Syntax Items

disable

Description

- # disable <1-14>

Example

P1085# disable ?
<1-14> Privilege level
<cr>
P1085# disable 3
P1085# 

XI-2-7 End Configuration

Use this command to end current mode.

Syntax Items

end

Example

P1085(config)# interface GigabitEthernet 3
P1085(config-if)# end
P1085# 

XI-2-8 Exit Configuration

Use this command to close current CLI session or return to previous mode.

Syntax Items

exit

Example

P1085(config)# interface GigabitEthernet 3
P1085(config-if)# exit
P1085(config)# 

XI-2-9 Hardware-Monitor Configuration

Use this command to execute the hardware fan test.

Syntax Items

hardware-monitor fan-test

Example

P1085# hardware-monitor fan-test
P1085# 

XI-2-10 Ping Configuration

Use this command to send ICMP ECHO_REQUEST to network hosts.

Syntax Items

ping

Description

Example

P1085# ping 192.168.1.11 count 3
PING 192.168.1.11 (192.168.1.11): 56 data bytes
64 bytes from 192.168.1.11: icmp_seq=0 ttl=64 time=0.0 ms
64 bytes from 192.168.1.11: icmp_seq=1 ttl=64 time=0.0 ms
64 bytes from 192.168.1.11: icmp_seq=2 ttl=64 time=0.0 ms

--- 192.168.1.11 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
P1085# 

XI-2-11 Reboot Configuration

Use this command to perform a cold restart of VigorSwitch.

Syntax Items

reboot

Example

P1085# reboot
P1085# 

XI-2-12 Restore-defaults Configuration

Use this command to restore the factory default settings for the system or for the selected port.

Syntax Items

restore-defaults

Description

Example

P1085# restore-defaults interfaces gigabitethernet 3
Interface gi3: restore factory defaults.
P1085#
P1085# restore-default
System: restore factory defaults. Do you want to reboot now? (y/n)y 

XI-2-13 Save Configuration

Use this command to save configuration and activate the settings.

Note that this command has the same effect as "copy running-config startup-config".

Syntax Items

save

Example

P1085# save
Success
P1085# 

XI-2-14 Show Configuration

After finished the command setting, use this command to display the configuration for all commands.

Syntax Items

show

Example

P1085# show acl utilization
Type: sys    usage: 256
Type: IPSG    usage: 128
Type: Auth    usage: 128
P1085#
P1085#
P1085# show arp
Address    HWtype   HWaddress    Flags Mask    Iface
192.168.1.55 ether 00:1D:AA:F0:26:08 C    eth0
192.168.1.10 ether 00:05:5D:E4:D8:EE C    eth0
P1085# show voice-vlan interfaces gigabitethernet 3
Voice VLAN Aging : 1440 minutes
Voice VLAN CoS : 6
Voice VLAN 1p Remark: disabled

OUI table
OUI MAC | Description
----+----
00:E0:BB | 3COM
00:03:6B | Cisco
00:E0:75 | Veritel
00:D0:1E | Pingtel
00:01:E3 | Siemens
00:60:B9 | NEC/Philips
00:0F:E2 | H3C
00:09:6E | Avaya

Port | State | Port Mode | Cos Mode
----+----+----+
gi3 | Disabled | Auto | Src
P1085# 

XI-2-15 SSL Configuration

Use this command to generate security certificate files such as RSA, DSA.

After entering the command of SSL, follow the onscreen questions to give the required information.

Syntax Items

ssl

Example

P1085# ssl
Generating a 1024 bit RSA private key
)+++++++
)++++++
writing new private key to '/mnt/ssh/ssl_key.pem_tmp'
----
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a D There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----
Country Name (2 letter code) [AU]:tw
State or Province Name (full name) [Some-State]:hs
Locality Name (eg, city) []:hschu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:draytek
Organizational Unit Name (eg, section) []:marketing
Common Name (e.g. server FQDN or YOUR name) []:draytek
Email Address []:carrie_ni@draytek.com
P1085# 

XI-2-16 Terminal Configuration

Use this command to set the maximum line number that the terminal is able to print.

Syntax Items

terminal

Syntax Description

Example

P1085# terminal length 15
P1085# show running-config
..... 

XI-2-17 Traceroute Configuration

Use this command to execute network trace route diagnostic.

Syntax Items

traceroute

Syntax Description

Example

Appendix: Reference

This chapter will tell you the basic concept of features to manage this switch and how they work.

A-1 What's the Ethernet

Ethernet originated and was implemented at Xerox in Palo Alto, CA in 1973 and was successfully commercialized by Digital Equipment Corporation (DEC), Intel and Xerox (DIX) in 1980. In 1992, Grand Junction Networks unveiled a new high speed Ethernet with the same characteristic of the original Ethernet but operated at 100Mbps, called Fast Ethernet now. This means Fast Ethernet inherits the same frame format, CSMA/CD, software interface. In 1998, Gigabit Ethernet was rolled out and provided 1000Mbps. Now 10G/s Ethernet is under approving. Although these Ethernet have different speed, they still use the same basic functions. So they are compatible in software and can connect each other almost without limitation. The transmission media may be the only problem.

graph TD
    A["Application"] --> B["Presentation"]
    B --> C["Session"]
    C --> D["Transport"]
    D --> E["Network"]
    E --> F["Data link"]
    F --> G["Physical"]
    H["Upper-layer protocols"] --> I["MAC-client"]
    I --> J["Media Access (MAC)"]
    J --> K["Physical (PHY)"]
    L["IEEE 802-specific"] --> M["IEEE 802.3-specific"]
    M --> N["Media-specific"]

In the above figure, we can see that Ethernet locates at the Data Link layer and Physical layer and comprises three portions, including logical link control (LLC), media access control (MAC), and physical layer. The first two comprises Data link layer, which performs splitting data into frame for transmitting, receiving acknowledge frame, error checking and re-transmitting when not received correctly as well as provides an error-free channel upward to network layer.

graph TD
    A["IEEE 802.2 LLC"] --> B["IEEE802.3 CSMA/CD MAC"]
    B --> C["IEEE 802.3 PLS"]
    B --> D["CS"]
    C --> E["IEEE 802.3 MAU"]
    D --> F["ANSI X3T9.5 PMD"]
    E --> G["Coaxial/STP/UTP"]
    F --> H["Fiber"]
    I["Data Link Layer"] --> A
    J["Physical Layer"] --> C
    K["MII"] --> F

This above diagram shows the Ethernet architecture, LLC sub-layer and MAC sub-layer, which are responded to the Data Link layer, and transceivers, which are responded to the Physical layer in OSI model. In this section, we are mainly describing the MAC sub-layer.

Logical Link Control (LLC)

Data link layer is composed of both the sub-layers of MAC and MAC-client. Here MAC client may be logical link control or bridge relay entity.

Logical link control supports the interface between the Ethernet MAC and upper layers in the protocol stack, usually Network layer, which is nothing to do with the nature of the LAN. So it can operate over other different LAN technology such as Token Ring, FDDI and so on. Likewise, for the interface to the MAC layer, LLC defines the services with the interface independent of the medium access technology and with some of the nature of the medium itself.

The table above is the format of LLC PDU. It comprises four fields, DSAP, SSAP, Control and Information. The DSAP address field identifies the one or more service access points, in which the I/G bit indicates it is individual or group address. If all bit of DSAP is 1s, it's a global address. The SSAP address field identifies the specific services indicated by C/R bit (command or response). The DSAP and SSAP pair with some reserved values indicates some well-known services listed in the table below.

LLC type 1 connectionless service, LLC type 2 connection-oriented service and LLC type 3 acknowledge connectionless service are three types of LLC frame for all classes of service. In Fig 3-2, it shows the format of Service Access Point (SAP). Please refer to IEEE802.2 for more details.

A-2 Media Access Control (MAC)

MAC Addressing

Because LAN is composed of many nodes, for the data exchanged among these nodes, each node must have its own unique address to identify who should send the data or should receive the data. In OSI model, each layer provides its own mean to identify the unique address in some form, for example, IP address in network layer.

The MAC is belonged to Data Link Layer (Layer 2), the address is defined to be a 48-bit long and locally unique address. Since this type of address is applied only to the Ethernet LAN media access control (MAC), they are referred to as MAC addresses.

The first three bytes are Organizational Unique Identifier (OUI) code assigned by IEEE. The last three bytes are the serial number assigned by the vendor of the network device. All these six bytes are stored in a non-volatile memory in the device. Their format is as the following table and normally written in the form as aa-bb-cc-dd-ee-ff, a 12 hexadecimal digits separated by hyphens, in which the aa-bb-cc is the OUI code and the dd-ee-ff is the serial number assigned by manufacturer.

Bit 47 Bit 0

The first bit of the first byte in the Destination address (DA) determines the address to be a Unicast (0) or Multicast frame (1), known as I/G bit indicating individual (0) or group (1). So the 48-bit address space is divided into two portions, Unicast and Multicast. The second bit is for global-unique (0) or locally-unique address. The former is assigned by the device manufacturer, and the later is usually assigned by the administrator. In practice, global-unique addresses are always applied.

A unicast address is identified with a single network interface. With this nature of MAC address, a frame transmitted can exactly be received by the target an interface the destination MAC points to.

A multicast address is identified with a group of network devices or network interfaces. In Ethernet, a many-to-many connectivity in the LANs is provided. It provides a mean to send a frame to many network devices at a time. When all bit of DA is 1s, it is a broadcast, which means all network device except the sender itself can receive the frame and response.

Ethernet Frame Format

There are two major forms of Ethernet frame, type encapsulation and length encapsulation, both of which are categorized as four frame formats 802.3/802.2 SNAP, 802.3/802.2, Ethernet II and Netware 802.3 RAW. We will introduce the basic Ethernet frame format defined by the IEEE 802.3 standard required for all MAC implementations. It contains seven fields explained below.

PRE SFD DA SA Type/Length Data Pad bit if any FCS

7 7 6 6 2 46-1500

4

Preamble (PRE) - The PRE is 7-byte long with alternating pattern of ones and zeros used to tell the receiving node that a frame is coming, and to synchronize the physical receiver with the incoming bit stream. The preamble pattern is:

10101010 10101010 10101010 10101010 10101010 10101010 10101010 10101010

Start-of-frame delimiter (SFD) - The SFD is one-byte long with alternating pattern of ones and zeros, ending with two consecutive 1-bits. It immediately follows the preamble and uses the last two consecutive 1s bit to indicate that the next bit is the start of the data packet and the left-most bit in the left-most byte of the destination address. The SFD pattern is 10101011.

Destination address (DA) - The DA field is used to identify which network device(s) should receive the packet. It is a unique address. Please see the section of MAC addressing.

Source addresses (SA) - The SA field indicates the source node. The SA is always an individual address and the left-most bit in the SA field is always 0.

Length/Type - This field indicates either the number of the data bytes contained in the data field of the frame, or the Ethernet type of data. If the value of first two bytes is less than or equal to 1500 in decimal, the number of bytes in the data field is equal to the Length/ Type value, i.e. this field acts as Length indicator at this moment. When this field acts as Length, the frame has optional fields for 802.3/ 802.2 SNAP encapsulation, 802.3/ 802.2 encapsulation and Netware 802.3 RAW encapsulation. Each of them has different fields following the Length field.

If the Length/ Type value is greater than 1500, it means the Length/ Type acts as Type. Different type value means the frames with different protocols running over Ethernet being sent or received.

For example,

Data - Less than or equal to 1500 bytes and greater or equal to 46 bytes. If data is less than 46 bytes, the MAC will automatically extend the padding bits and have the payload be equal to 46 bytes. The length of data field must equal the value of the Length field when the Length/ Type acts as Length.

Frame check sequence (FCS) - This field contains a 32-bit cyclic redundancy check (CRC) value, and is a check sum computed with DA, SA, through the end of the data field with the following polynomial.

$$ \mathrm{G} (x) = x ^ {3 2} + x ^ {2 6} + x ^ {2 3} + x ^ {2 2} + x ^ {1 6} + x ^ {1 2} + x ^ {1 1} + x ^ {1 0} + x ^ {8} + x ^ {7} + x ^ {5} + x ^ {4} + x ^ {2} + x + 1 $$

It is created by the sending MAC and recalculated by the receiving MAC to check if the packet is damaged or not.

How does a MAC work?

The MAC sub-layer has two primary jobs to do:

1. Receiving and transmitting data. When receiving data, it parses frame to detect error; when transmitting data, it performs frame assembly.
2. Performing Media access control. It prepares the initiation jobs for a frame transmission and makes recovery from transmission failure.

Frame transmission

As Ethernet adopted Carrier Sense Multiple Access with Collision Detect (CSMA/ CD), it detects if there is any carrier signal from another network device running over the physical medium when a frame is ready for transmission. This is referred to as sensing carrier, also "Listen". If

there is signal on the medium, the MAC defers the traffic to avoid a transmission collision and waits for a random period of time, called backoff time, then sends the traffic again.

After the frame is assembled, when transmitting the frame, the preamble (PRE) bytes are inserted and sent first, then the next, Start of frame Delimiter (SFD), DA, SA and through the data field and FCS field in turn. The followings summarize what a MAC does before transmitting a frame.

1. MAC will assemble the frame. First, the preamble and Start-of-Frame delimiter will be put in the fields of PRE and SFD, followed DA, SA, tag ID if tagged VLAN is applied, Ethertype or the value of the data length, and payload data field, and finally put the FCS data in order into the responded fields.
2. Listen if there is any traffic running over the medium. If yes, wait.
3. If the medium is quiet, and no longer senses any carrier, the MAC waits for a period of time, i.e. inter-frame gap time to have the MAC ready with enough time and then start transmitting the frame.
4. During the transmission, MAC keeps monitoring the status of the medium. If no collision happens until the end of the frame, it transmits successfully. If there is a collision happened, the MAC will send the patterned jamming bit to guarantee the collision event propagated to all involved network devices, then wait for a random period of time, i.e. backoff time. When backoff time expires, the MAC goes back to the beginning state and attempts to transmit again. After a collision happens, MAC increases the transmission attempts. If the count of the transmission attempt reaches 16 times, the frame in MAC's queue will be discarded.

Ethernet MAC transmits frames in half-duplex and full-duplex ways. In halfduplex operation mode, the MAC can either transmit or receive frame at a moment, but cannot do both jobs at the same time.

As the transmission of a MAC frame with the half-duplex operation exists only in the same collision domain, the carrier signal needs to spend time to travel to reach the targeted device. For two most-distant devices in the same collision domain, when one sends the frame first, and the second sends the frame, in worstcase, just before the frame from the first device arrives. The collision happens and will be detected by the second device immediately. Because of the medium delay, this corrupted signal needs to spend some time to propagate back to the first device. The maximum time to detect a collision is approximately twice the signal propagation time between the two most-distant devices. This maximum time is traded-off by the collision recovery time and the diameter of the LAN.

In the original 802.3 specification, Ethernet operates in half duplex only. Under this condition, when in 10Mbps LAN, it's 2500 meters, in 100Mbps LAN, it's approximately 200 meters and in 1000Mbps, 200 meters. According to the theory, it should be 20 meters. But it's not practical, so the LAN diameter is kept by using to increase the minimum frame size with a variable-length non-data extension bit field which is removed at the receiving MAC. The following tables are the frame format suitable for 10M, 100M and 1000M Ethernet, and some parameter values that shall be applied to all of these three types of Ethernet.

Actually, the practice Gigabit Ethernet chips do not feature this so far. They all have their chips supported full-duplex mode only, as well as all network vendors' devices. So this criterion should not exist at the present time and in the future. The switch's Gigabit module supports only full-duplex mode.

In full-duplex operation mode, both transmitting and receiving frames are processed simultaneously. This doubles the total bandwidth. Full duplex is much easier than half duplex because it does not involve media contention, collision, retransmission schedule, padding bits for short frame. The rest functions follow the specification of IEEE802.3. For example, it must meet the requirement of minimum inter-frame gap between successive frames and frame format the same as that in the half-duplex operation.

Because no collision will happen in full-duplex operation, for sure, there is no mechanism to tell all the involved devices. What will it be if receiving device is busy and a frame is coming at the same time? Can it use “backpressure” to tell the source device? A function flow control is introduced in the full-duplex operation.

A-3 Flow Control

Flow control is a mechanism to tell the source device stopping sending frame for a specified period of time designated by target device until the PAUSE time expires. This is accomplished by sending a PAUSE frame from target device to source device. When the target is not busy and the PAUSE time is expired, it will send another PAUSE frame with zero time-to-wait to source device. After the source device receives the PAUSE frame, it will again transmit frames immediately. PAUSE frame is identical in the form of the MAC frame with a pause-time value and with a special destination MAC address 01-80-C2-00-00-01. As per the specification, PAUSE operation can not be used to inhibit the transmission of MAC control frame.

Normally, in 10Mbps and 100Mbps Ethernet, only symmetric flow control is supported. However, some switches (e.g. 24-Port GbE Web Smart Switch) support not only symmetric but asymmetric flow controls for the special application. In Gigabit Ethernet, both symmetric flow control and asymmetric flow control are supported. Asymmetric flow control only allows transmitting PAUSE frame in one way from one side, the other side is not but receipt-and-discard the flow control information. Symmetric flow control allows both two ports to transmit PASUE frames each other simultaneously.

Inter-frame Gap time

After the end of a transmission, if a network node is ready to transmit data out and if there is no carrier signal on the medium at that time, the device will wait for a period of time known as an inter-frame gap time to have the medium clear and stabilized as well as to have the jobs ready, such as adjusting buffer counter, updating counter and so on, in the receiver site. Once the inter-frame gap time expires after the de-assertion of carrier sense, the MAC transmits data. In IEEE802.3 specification, this is 96-bit time or more.

Collision

Collision happens only in half-duplex operation. When two or more network nodes transmit frames at approximately the same time, a collision always occurs and interferes with each other. This results the carrier signal distorted and undiscriminated. MAC can afford detecting, through the physical layer, the distortion of the carrier signal. When a collision is detected during a frame transmission, the transmission will not stop immediately but, instead, continues transmitting until the rest bits specified by jamSize are completely transmitted. This guarantees the duration of collision is enough to have all involved devices able to detect the collision. This is referred to as Jamming. After jamming pattern is sent, MAC stops transmitting the rest data queued in the buffer and waits for a random period of time, known as backoff time with the following formula. When backoff time expires, the device goes back to the state of attempting to transmit frame. The backoff time is determined by the formula below. When the times of collision is increased, the backoff time is getting long until the collision times excess 16. If this happens, the frame will be discarded and backoff time will also be reset.

$$ 0 \leq r < 2 ^ {k} $$

where

$$ k = \min (n, 1 0) $$

Frame Reception

In essence, the frame reception is the same in both operations of half duplex and full duplex, except that full-duplex operation uses two buffers to transmit and receive the frame independently. The receiving node always "listens" if there is traffic running over the medium when it is not receiving a frame. When a frame destined for the target device comes,

the receiver of the target device begins receiving the bit stream, and looks for the PRE (Preamble) pattern and Start-of-Frame Delimiter (SFD) that indicates the next bit is the starting point of the MAC frame until all bit of the frame is received.

For a received frame, the MAC will check:

1. If it is less than one slotTime in length, i.e. short packet, and if yes, it will be discarded by MAC because, by definition, the valid frame must be longer than the slotTime. If the length of the frame is less than one slotTime, it means there may be a collision happened somewhere or an interface malfunctioned in the LAN. When detecting the case, the MAC drops the packet and goes back to the ready state.
2. If the DA of the received frame exactly matches the physical address that the receiving MAC owns or the multicast address designated to recognize. If not, discards it and the MAC passes the frame to its client and goes back to the ready state.
3. If the frame is too long. If yes, throws it away and reports frame Too Long.
4. If the FCS of the received frame is valid. If not, for 10M and 100M Ethernet, discards the frame. For Gigabit Ethernet or higher speed Ethernet, MAC has to check one more field, i.e. extra bit field, if FCS is invalid. If there is any extra bits existed, which must meet the specification of IEEE802.3. When both FCS and extra bits are valid, the received frame will be accepted, otherwise discards the received frame and reports frameCheckError if no extra bits appended or alignmentError if extra bits appended.
5. If the length/ type is valid. If not, discards the packet and reports lengthError.
6. If all five procedures above are ok, then the MAC treats the frame as good and de-assembles the frame.

What if a VLAN tagging is applied?

VLAN tagging is a 4-byte long data immediately following the MAC source address. When tagged VLAN is applied, the Ethernet frame structure will have a little change shown as follows.

Only two fields, VLAN ID and Tag control information are different in comparison with the basic Ethernet frame. The rest fields are the same.

The first two bytes is VLAN type ID with the value of 0x8100 indicating the received frame is tagged VLAN and the next two bytes are Tag Control Information (TCI) used to provide user priority and VLAN ID, which are explained respectively in the following table.

Note: RIF is used in Token Ring network to provide source routing and comprises two fields, Routing Control and Route Descriptor.

When MAC parses the received frame and finds a reserved special value 0x8100 at the location of the Length/ Type field of the normal non-VLAN frame, it will interpret the received frame as a tagged VLAN frame. If this happens in a switch, the MAC will forward it, according to its priority and egress rule, to all the ports that is associated with that VID. If it happens in a network interface card, MAC will deprive of the tag header and process it in the same way as a basic normal frame. For a VLAN-enabled LAN, all involved devices must be equipped with VLAN optional function.

At operating speeds above 100 Mbps, the slotTime employed at slower speeds is inadequate to accommodate network topologies of the desired physical extent. Carrier Extension provides a means by which the slotTime can be increased to a sufficient value for the desired topologies, without increasing the minFrameSize parameter, as this would have deleterious effects. Nondata bits, referred to as extension bits, are appended to frames that are less than slotTime bits in length so that the resulting transmission is at least one slotTime in duration. Carrier Extension can be performed only if the underlying physical layer is capable of sending and receiving symbols that are readily distinguished from data symbols, as is the case in most physical layers that use a block encoding/ decoding scheme.

The maximum length of the extension is equal to the quantity (slotTime - minFrameSize). The MAC continues to monitor the medium for collisions while it is transmitting extension bits, and it will treat any collision that occurs after the threshold (slotTime) as a late collision.

Index

A

Account Manager, 142

B

Backup Manager, 140

Bandwidth, 105

C

CoS Mapping, 102

D

Dashboard, 14, 15

Diagnostics, 147, 157

DoS, 76

DoS Port Setting, 78

DoS Protection, 78

E

Egress Shaping Per Queue, 107

Egress Shaping Rate, 106

F

Factory Default, 144

G

General, 88, 91, 96, 98

General Setup, 18

I

Ingress Rate Limit, 105

Installation for VigorAPM, 6

L

License Agreement, 20

License Information, 23, 24, 29, 40, 41, 48, 49, 55

Limiting Rate, 75

P

PoE Configuration, 109

Preamble, 74

Properties, 76

Q

QoS Configuration, 87, 97

S

Security, 59, 73

SNMP, 126

SNMP Community, 129, 130, 132

Storm Control, 75

Storm Control, 60, 74

Storm Control, 79

Stric Priority Queue, 101

System Configuration, 17

System Maintenance, 115

U

Upgrade Manager, 141

W

Weight, 101

WRR Bandwidth, 101