IGM-1484POE-2.5G - NAS AIRLIVE - Free user manual and instructions

USER MANUAL IGM-1484POE-2.5G AIRLIVE

IGM-642POE/BT series

IGM-1082POE/BT series

IGM-1484POE series

IGM-14104BT series

6/10/14 Port Managed Industrial

Gigabit PoE Switch

Web Manual

Ver. 1.1

Ver. 1.1

0 Foreword....6

0.1 Target Audience....6
0.2 Manual Convention....6

1 Management Software Specification ....7

2 Web Page Login 9

2.1 Log in the Network Management Client....9

3 Network Admin....10

3.1 IP Config....10
3.2 IP Status .... 11
3.3 NTP 12
3.4 Syslog....13
3.5 SNMP....14

4 Port Configure ....19

4.1 Ports....19
4.2 Aggregation....20

4.2.1 Static....21
4.2.2 LACP....22

4.3 Mirroring....25
4.4 Green Ethernet 27
4.5 DDM 27

5 PoE....29

5.1 PoE Setting 29
5.2 PoE Status .... 30

6 Advanced Configure 31

6.1 MAC Table....31
6.2 VLANS 32
6.3 GVRP 37
6.4 Port Isolation .... 39
6.5 Loop Protection 41

6.6 Spanning Tree 42

6.6.1 Bridge Configuration 43
6.6.2 MSTI Mapping....44
6.6.3 MSTI Priorities ...... 45
6.6.4 CIST Ports 45
6.6.5 MSTI Ports 47

6.7 IPMC Profile 48

6.8 IGMP Snooping....48

6.8.1 Basic Configuration 49
6.8.2 VLAN Configuration 50
6.8.3 Port Filtering Profile 51

6.9 IPv6 MLD Snooping 52

6.9.1 Basic Configuration 52
6.9.2 VLAN Configuration 53

6.9.3 Port Filtering Profile 54

6.10 ERPS....55

6.11 LLDP 57

7 Security Configure ....58

7.1 Users 58

7.2 Privilege Levels ....58

7.3 SSH 59

7.4 Port Security Limit....59

7.5 Access Management....60

7.6 802.1X....60

7.7 ACL 61

7.7.1 ACL Ports 62

7.7.2 Rate Limiter 63

7.7.3 Access Control List....64

7.8 DHCP Snooping 65

7.8.1 DHCP Snooping 68

7.8.2 DHCP Snooping Table....69

7.9 IP & MAC Source Guard 69

7.9.1 Configuration 70

7.9.2 Static Table 71

7.9.3 Dynamic Table 72

7.10 ARP Inspection 73

7.10.1 Port Configuration....73

7.10.2 VLAN Configuration....75

7.10.3 Static Table 76

7.10.4 Dynamic Table....77

7.11 AAA 78

7.11.1 RADIUS 78

7.11.1TACACS+....78

8 QoS....79

8.1 Port Classification....81

8.2 Port Policing 82

8.3 Queue Policing 83

8.4 Port Scheduler 83

8.5 Port Shaping 84

8.6 Port Tag Remarking 85

8.7 Port DSCP 86

8.8 DSCP-Based QoS....87

8.9 DSCP Translation 88

8.10 DSCP Classification ..... 88

8.11 QoS Control List....89

8.12 Storm Policing 90

9 Diagnostics....91

9.1 Ping....91
9.2 Cable Diagnostics 92
9.3 CPU Load....92

10 Maintenance 93

10.1 Restart Device 93
10.2 Factory Defaults ...... 93
10.3 Firmware Upgrade 94
10.4 Firmware Select 94
10.5 Configuration 95

Revision history

0 Foreword

0.1 Target Audience

This manual is prepared for the installers and system administrators who are responsible for network installation, configuration and maintenance. It assumes that you've understood all network communication and management protocols, as well as the technical terms, theoretical principles, practical skills, and expertise of devices, protocols and interfaces related to networking. Work experience in Graphical User Interface (GUI), Command-line Interface, Simple Network Management Protocol (SNMP) and Web Explorer is also required.

This manual is made for use with the IGM-642POE, IGM-642BT, IGM-1082POE and IGM-1082BT series of Industrial switches. This manual was made using the webui images of the IGM-642 model. The IGM-1082 has the same interface but will only display more ports.

0.2 Manual Convention

The following approaches should prevail.

GUI Convention	Description
Interpretation	Describe operations and add necessary information.
Caution	Remind you of cautions as improper operations will result in data loss or equipment damage.

1 Management Software Specification

2 Web Page Login

2.1 Log in the Network Management Client

Type in the default switch address: http://192.168.2.1 in the browser and click the "Enter".

Description:

Keep the IP network segment of PC consistent with that of switch but differentiate the IP address as you log in. Set PC's IP address of 192.168.2.x and the subnet mask of 255.255.255.0 for the first login (1 < x ≤ 254).

A login window appears as follows. Type in the default username of "admin" and the password of "admin". Click the "Log in" to see the switch system.

After login, you will see:

3 Network Admin

3.1 IP Config

Click the "Network Admin-IP Config" as follows.

Description about IP Config:

Click "Add" to create new Management VLAN and IP addresses and "Save" and finish.

Description:

Note: The switch creates VLAN1 only by default. Users who need to use other management switches should add the VLAN and related ports in the VLAN module first to realize the Layer 3 communication between VLANs.

3.2 IP Status

Click the "Network Admin-IP Status" as follows.

Description about IP Status:

3.3 NTP

Applied for the clock synchronization between distributed time servers and clients, NTP (Network Time Protocol) is at the application layer of TCP/IP protocol family, which is realized based on IP and UDP. NTP message is transmitted through UDP with No. 123 port. Clock synchronization in all network devices will play a decisive role in the context of increasingly complex network topology. So NTP emerges since administrators' manual modification of system clock will lead to huge workload and inaccurate time. Instructions

1. Click the "Network Admin-NTP" in the navigation bar as follows.

NTP Configuration

1. Click the "Network Admin-Timezone" in the navigation bar as follows.

System Information Configuration

3.4 Syslog

Users can upload the switch logs to the TFTP Server.

Instructions

1. Click the "Network Admin-SysLog" as follows:

System Log Configuration

3.5 SNMP

SNMP (Simple Network Management Protocol) is widely used in TCP/IP network. It manages devices by the central computer which operates network management software (i.e. network management workstation). SNMP is:

Simple: The polling-driving SNMP has the fundamental functionality set that is applicable to small-scale environment with fast speed and low cost. Besides, UDP-driven SNMP is compatible with most devices. Powerful: SNMP aims to ensure the management info transmission between two nodes so that administrators can retrieve, modify and troubleshoot the info easily. There are 3 common versions, namely SNMPv1, v2c and v3. Its system contains NMS (Network Management System), Agent, Management object and MIB (Management Information Base).

NMS, as the management center, will manage all devices. Each device under management includes the resident Agent, MIB and management objects. NMS interacts with the Agent running on the management object which will operate the MIB to execute NMS orders.

SNMP management model

graph TD
    A["NMS"] <--> B["Agent"]
    B <--> C["MIB"]
    C <--> D["Management object"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333

NMS

- As the network administrator, NMS manages/monitors network devices by SNMP on its server. It can require the Agent to inquire or modify configuration item value(s). NMS can receive the Trap actively sent by the Agent to be updated with the statuses of the managed devices.

Agent

- As a agent process of the managed devices, it maintains device data and responds to the NMS requests by reporting management data. Agent will fulfill relevant orders through MIB Table and send the results back to NMS after receiving its request. Devices will take the initiative to send info related to the current statues of devices to NMS through Agent once a failure or other event occurs.

Management object

- It refers to the object under management. Each device may have more than one objects, including a piece of hardware (e.g. an interface board), partial hardware and software (e.g. routing protocol), as well as other configuration item sets.

MIB

- MIB is a database specifying the variables maintained by the management object (i.e. the info that can be inquired and set by the Agent). MIB defines the attributes of the management object, including the name, status, access right and data type. The following functions can be realized through MIB: Agent will master the instant device info by inquiring MIB, and set the status configuration items by changing MIB.

Instructions

1. Click the "Network Admin -SNMP" in the navigation tree to the "SNMP System Configuration" as follows.

SNMP System Configuration

1. Users can enable and disable the SNMP Trap and SNMP authentication trap functions of the switch. Click the "Network Admin-SNMP-Trap" as follows:

1. Users can rename the community. Click the "Network Admin-SNMP-Communities" as follows:

SNMPv3 Community Configuration

1. Create a SNMP v3 User and select the way of privacy. Click the "Network Admin-SNMP-Users" as follows:

SNMPv3 User Configuration

"Save" and finish.

1. Users can create a new view of SNMPv3. Click the "Network Admin-SNMP-Views" as follows:

SNMPv3 View Configuration

1. Users can call the created Views through a new Access. Click the "Network Admin-SNMP-Access" as follows:

SNMPv3 Access Configuration

1. Users can call the created Users and Access through a new Group. Click the "Network Admin-SNMP-Groups" as follows:

SNMPv3 Group Configuration

4 Port Configure

4.1 Ports

Interfaces should be identified so that users can inquire and configure Ethernet interfaces as required.

Note: Only switch models with 2.5G in their model number will shows 2.5Gbps in the webui.

Instructions

1. Click the "Port Configure-Ports" in the navigation bar.
2. Select the data for configuration and the port description of configuration items, "Autonegotiation", "Flow Control", and "Maximum Frame Size" as follows.

Save Reset

Port Configuration

Save Reset

Configuration items are as follows.

4.2 Aggregation

Link Aggregation increases bandwidth and reliability by bundling a group of physical interfaces into a single logical interface.

Link Aggregation Group (LAG) is a logical link bundled by multiple Ethernet links (Eth-Trunk).

Ceaselessly expanding network size increases users' demands of link bandwidth and reliability. Traditionally, high-speed interface board or the compatible equipment is usually replaced to optimize bandwidth, which is expensive and inflexible.

Link Aggregation Technology bundles multiple physical interfaces into a single logical interface without upgrading hardware. Its backup mechanism not only improves reliability, but also shares the flow load on different physical links.

As shown below, Switch A is linked with Switch B through three Ethernet links which are bundled into an Eth-Trunk logical link. Its bandwidth equals to that of the three links in total, thus broadening the bandwidth. Meanwhile, these three links back up mutually to be more reliable.

Link Aggregation diagram

graph LR
    A["SwitchA"] <--> B["ETH-Trunk"]
    C["SwitchB"] <--> B

Link Aggregation can meet the following demands:

Insufficient bandwidth of two switches connected with one link.

Insufficient reliability of two switches connected with one link.

Link Aggregation can be divided into Manual Mode and LACP Mode in accordance with Link Aggregation Control Protocol (LACP) status.

In the first mode, Eth-Trunk establishment, member interface access should be added manually without LACP. It is also called the Load-sharing Mode because all links are involved in data forwarding and load sharing. In case any active link fails, LAG will average load with the remaining ones. This mode is preferred under the circumstance that two directly-connected devices require a larger link bandwidth but has no access to LACP.

4.2.1 Static

Instructions of adding a Static Link Aggregation (i.e. manual mode):

1. Click the "Port Configure-Aggregation-Static" to "Add a static link aggregation"; select a Group ID (1-16), a load-sharing method (Src Mac, Dst Mac, IP Address, TCP/UDP Port Number) and a port for aggregation; and click the "Add" option as follows.

Aggregation Mode Configuration

Aggregation Group Configuration

Interface data are as follows

Illustrations

Ethernet Switch A aggregates 3 ports from GE1 to GE3 to Switch B, so as to share the load of each member port.

The following configurations are exampled by means of static aggregation.

graph LR
    A["SwitchA"] <--> B["ETH-Trunk"]
    B --> C["SwitchB"]

Instructions

1. Similar to the step of Switch B configuration, Switch A creates an Eth-Trunk interface and accesses member interfaces, in order to broaden link bandwidth. Click the "Port Configure-Aggregation-Static" to "Add a static link aggregation" to select the Group ID "1", a load-sharing mode (Src Mac, Dst Mac, IP Address), and a port to be aggregated (GE1-1, GE1-2, and GE1-3) as follows.

2.

Aggregation Mode Configuration

Aggregation Group Configuration

Dynamic Link Aggregation

LACP (Link Aggregation Control Protocol), based on IEEE 802.3ad Standard, dynamically aggregates and disaggregates links. LACP exchanges info with the opposite network device through LACPDU (Link Aggregation Control Protocol Data Unit).

After a port uses LACP, it will inform the opposite network device of system priority, system MAC, port priority and No., and operation Key by sending a LACPDU. The opposite device will compare such info with that saved by other ports after receiving it, thus reaching an agreement on port participation in or quitting from a dynamic aggregation.

Dynamic LACP aggregation is automatically created or deleted by system, that is, internal ports can be added or removed by themselves. Only the ports connected to a same device with the same rate, duplex, and basic configuration can be aggregated. Instructions for adding a dynamic link aggregation:

1. Click the "Port Configure-Aggregation-LACP" in the navigation bar to select a port, a type (LACP), a mode (Active or Passive), and a port priority (from 0-65,535, with 32,768 by default) as follows.

LACP Port Configuration

Interface data are as follows

Description:

Please make sure that there is no member interface access to Eth-Trunk before changing its work pattern, otherwise it won't be changed.

Work patterns of the local and opposite network devices should be the same.

Illustrations

Ethernet Switch A aggregates 3 ports from GE1 to GE3 to Switch B, so as to share the load of each member port.

The following configurations are exampled by means of dynamic aggregation.

graph LR
    A["SwitchA"] <--> B["ETH-Trunk"]
    C["SwitchB"] <--> B

Instructions

Description:

The followings are configuration of Switch A only, which should stay the same with those of Switch B

to aggregate ports.

Instructions

1. Set the system priority to Level 100 on Switch A to serve as the LACP active port. Click the "Port Configure-Aggregation-LACP" in the navigation bar to set the priority to "100" as follows.

LACP Port Configuration

Save Reset

4.3 Mirroring

Port Mirroring copies the message of a specified switch port to a destination port. The copied port is the Source Port, and the copying port is the Destination Port. Destination Port will make use of data inspection devices for users to analyze the received messages to monitor and troubleshoot the network as follows:

graph TD
    A["Server"] -->|Dst Port| B["Server"]
    C["Client Server"] -->|Dst Port| B
    style A fill:#4CAF50,stroke:#388E3C
    style B fill:#4CAF50,stroke:#388E3C
    style C fill:#4CAF50,stroke:#388E3C

Configuration example

PC1 accesses Switch A through interface GE1-1, and PC2 is directly connected to interface GE1-2.

Users intend to monitor the messages sent from PC2 to PC1 by relevant devices.

graph LR
    PC1["PC1"] -->|g1/1| SwitchA["SwitchA"]
    SwitchA -->|g1/2| PC2["PC2"]

Instructions

1. Click the "Port Configure-Mirroring" in the navigation bar to select a session ID.
2. Check the source port GE1-2, select the destination port GE1-1 and the "Enabled" mode, and add them as follows.

Mirror Configuration

Mirror Port Configuration

Interface data are as follows

4.4 Green Ethernet

Port power will be turned down in case of zero or less flow. Click the "Port Configure-Green Ethernet" as follows:

Port Power Savings Configuration

Port Configuration

Interface data are as follows

4.5 DDM

DDM can view the info of the optical module.

1. Click the "Port Configure-DDM-DDMI Configuration" as follows:

DDMI Configuration

Save Reset

Interface data are as follows

1. Click the "Port Configure-DDM-DDMI Overview" as follows:

DDMI Overview

Interface data are as follows

1. Click the "Port Configure-DDM-DDM Detailed" as follows:

Transceiver Information

DDMI Information

Interface data are as follows

5 PoE

PoE (Power over Ethernet) transmits data signal for the terminals based on IP (e.g. IP phone, WAP, and IP camera) and supplies the devices with direct current, without changing the existing Cat-5 network cabling status. It ensures safe structured cabling and normal network operation to minimize the cost.

5.1 PoE Setting

1. Click the "PoE- PoE Setting" in the navigation bar as follows.

Interface data are as follows

5.2 PoE Status

1. Click the "PoE-PoE Status" as follows.

Interface data are as follows

6 Advanced Configure

6.1 MAC Table

Users can adjust the configurations related to MAC address in the switch. Click the "Advanced Configure-MAC Table" as follows:

MAC Address Table Configuration

Aging Configuration

MAC Table Learning

Static MAC Table Configuration

Interface data are as follows

6.2 VLANS

VLAN is formulated without the restrictions of physical locations, which means the hosts in a same VLAN can be placed separately. As shown below, each VLAN, as a broadcast domain, divides a physical LAN into several logical LANs. Hosts can exchange messages in a traditional communication way. For those in different VLANs, devices such as routers or Layer 3 switches are necessary.

VLAN is superior to the traditional Ethernet in terms of:

Broadcast domain coverage: the broadcast message in a LAN is limited in a VLAN to save the bandwidth and handle the network-related issues more efficiently.

LAN security: VLAN hosts fail to communicate with each other since the messages are separated by the broadcast domain in the data link layer. They need a router or a Layer 3 switch for Layer 3 forwarding.

Flexibility of creating a virtual working team: VLAN can create a virtual working team beyond the control of physical network. Users have access to the network without changing the configuration if their physical locations are moving within the scope.

This management switch supports VLAN types based on IEEE 802.1Q, protocols, MAC, and ports. For default configuration, 802.1Q VLAN mode should be adopted.

Port-based VLAN is divided subject to a switch's interface No. Network administrator give each switch interface a different PVID, namely a port default VLAN. If a data frame without a VLAN tag flows into a switch interface with a PVID, it will be marked with the same PVID, or it will get rid of an additional tag even though the interface has a PVID.

The solution to a VLAN frame depends on the interface type, which eases member definition but re-configures VLAN in case of member mobility.

1. Click the "Advanced Configure-VLANs" as follows.

Global VLAN Configuration

Port VLAN Configuration

Save Reset

Interface data are as follows.

Configuration illustration

Connection interfaces and 2 VLANs should be added to support the user communication in VLAN 2 and 3 of the links between Switch A and Switch B. That is, VALN 2 and 3 should be added and the GE1-3 Ethernet Interfaces of Switch A and Switch B should be configured.

graph TD
    SwitchA["SwitchA"] -->|g1/3| SwitchB["SwitchB"]
    SwitchA -->|g1/2| SwitchA
    SwitchA -->|g1/1| PC1["PC1"]
    SwitchA -->|g1/2| PC2["PC2"]
    SwitchA -->|g1/3| PC3["PC3"]
    SwitchB["SwitchB"] -->|g1/2| SwitchB
    SwitchB -->|g1/2| PC4["PC4"]
    SwitchA -->|g1/1| PC1
    SwitchA -->|g1/2| PC2
    SwitchB -->|g1/1| PC3
    SwitchB -->|g1/2| PC4

Instructions:

1. Create VLAN 2 and 3 in Switch A, add VLANs to the user interfaces, and set the GE1-3 in the trunk mode. With similar steps of Switch B, please click the "Advanced Configure-VLANs" in the navigation tree, fill in relevant items, and save the configuration as follows.

Global VLAN Configuration

Port VLAN Configuration

Save Reset

1. Configure the type of Switch A's interface connected to Switch B, as well as the passed VLAN. With similar steps of Switch B, please click the "Advanced Configure-VLANs" in the navigation tree, fill in relevant items, and save the configuration as follows. The following shows how to add a VLAN 2, which is similar to the steps of adding VLAN 3.

2. Verify the configuration result

Configure User 1 and 2 in a same segment like 192.168.100.0/24; and configure User 3 and 4 in a same segment like 192.168.200.0/24.

User 1 and 2 can ping each other, but they cannot ping User 3 or 4, vice versa.

6.3 GVRP

GVRP VLAN registration protocol is an application of general attribute registration protocol, which provides 802.1Q compatible VLAN pruning function and dynamic VLAN establishment on 802.1Q trunk port trunk port.

GVRP switches can exchange VLAN configuration information with each other, cut unnecessary broadcast and unknown unicast traffic, and create and manage VLAN dynamically on switches connected through 802.1Q trunk.

GID and GIP are used in GVRP, which provide the general state mechanism description and information dissemination mechanism for GARP based applications respectively. GVRP only runs on 802.1Q trunk links. GVRP cuts off the trunk link so that only the active VLAN is transmitted on the trunk connection. Before GVRP adds a VLAN to the trunk line, it first receives the join information from the switch. GVRP update information and timer can be changed. The GVRP ports have a variety of operating modes to control how they tailor VLANs. GVRP can dynamically add and manage VLAN for VLAN database

GVRP supports the propagation of VLAN information between devices. In GVRP, the VLAN information of a switch can be configured manually, and all other switches in the network can dynamically understand the VLANs. The terminal node can access any switch and connect to the required VLAN. In order to use GVRP, a GVRP compatible network interface card (NIC) should be installed. GVRP compatible NIC can be configured to join the required VLAN, and then access to a GVRP enabled switch. The communication connection between NIC and switch is established, and VLAN connectivity is realized between NIC and switch.

Global config

1. Click the "Advanced Configure-GVRP-Global config", enable function and set parameter, and save it as follows.

GVRP Configuration

Save

Port config

1. Click the "Advanced Configure-GVRP-Port config", enable port function, and save it as follows.

GVRP Port Configuration

Save Reset

6.4 Port Isolation

Port Group

One port can be subordinate to multiple port groups at the same time. Any two ports can forward data flow if they are in a same group.

1. Click the "Advanced Configure-Port Isolation", check the port to build an isolation group, and save it as follows.

Port Group Membership Configuration

Port Isolation

The interfaces in a same group will be isolated from each other, which will not occur to those in different groups.

Instructions

1. Click the "Advanced Configure-Port Isolation", check the port to build an isolation group, and save it as follows.

Port Isolation Configuration

The following example shows that PC1, 2 and 3 are subordinate to VLAN 1. Users aim to block the access between PC1 and 2 in VLAN 1, but allow access between PC1 and 3, as well as PC2 and 3.

Networking diagram of port isolation configuration example

graph TD
    SwitchA["SwitchA"] -->|g1/1| PC1["PC1"]
    SwitchA -->|g1/2| PC2["PC2"]
    SwitchA -->|g1/3| PC3["PC3"]
    SwitchA -->|VLAN2| PC1

Instructions

1. For GE1-1 and GE1-2 port isolation configuration, click the "Port Configure-Port Isolation-Port Isolation", check the port GE1-1 and GE1-2 to build an isolation group, and save it as follows.

Port Isolation Configuration

1. Verify the configuration results

# Neither PC1 nor PC2 can ping each other.

# PC1 and PC3 can ping each other.

# PC2 and PC3 can ping each other.

6.5 Loop Protection

Loop Protection is configured as follows: it enables the global ring network and disables the configuration of switch ports so that users can modify the inspection intervals and the port shutdown time. It configures the loops of one or more ports and determines whether to adopt auto inspection mode or not under the circumstance of enabling the global ring network. There are 3 ways to handle when a ring network is detected by ports: disabling the ports, disabling the ports while keeping logs, and keeping logs only; Click the “Advanced Configure-Loop Protection” as follows.

Loop Protection Configuration

Interface data are as follows.

6.6 Spanning Tree

In order to backup the links and enhance network reliability, switching Ethernet usually makes use of redundant links. However, such links will generate loops on the switching network, leading to broadcast storm, unstable MAC address list and other failures, thus worsening users' communication quality, or even interrupting the communication. As a result, STP (Spanning Tree Protocol) emerges.

Same with how other protocols are developed, from the original STP defined in IEEE 802.1D, to the RSTP (Rapid Spanning Tree Protocol) defined in IEEE 802.1W, and to the MSTP (Multiple Spanning Tree Protocol) defined in the recent IEEE 802.1S, STP keeps upgrading.

MSTP is compatible with RSTP and STP while RSTP is compatible with STP. The contrasts among these 3 protocols are as follows.

The contrasts among 3 protocols:

After STP is deployed, it will calculate the network loops with topology, thus achieving:

• Loop elimination: eliminate the possible communication loops in the network by blocking redundant links.
• Link backups: activate the redundant links to restore network connectivity if the active paths fail.

6.6.1 Bridge Configuration

Users can configure the global items of STP Bridge in this page.

Click the "Advanced Configure-Spanning Tree-Bridge Settings" as follows:

Interface data are as follows.

6.6.2 MSTI Mapping

Click the "Advanced Configure-Spanning Tree-MSTI Mapping" as follows:

Interface data are as follows.

Description:

An instance is a group of VLANs that reduces communication cost and resource utilization rate. Each instance, independently calculated with topology, can balance the load. VLANs with the same topology can be mapped to a same instance, and they are forwarded according to the port status in corresponding MSTP instances. In simple terms, one or more VLANs are mapped to a spanning tree in the MSTP instances at a time.

6.6.3 MSTI Priorities

Click the "Advanced Configure-Spanning Tree-MSTI Priorities" as follows:

MSTI Configuration

Interface data are as follows.

Description:

Note: The configured instance priorities must be a multiple of 4,094 ranging from 0 to 61,440.

6.6.4 CIST Ports

Click the "Advanced Configure-Spanning Tree-CIST Ports" as follows:

STP CIST Port Configuration

Interface data are as follows.

6.6.5 MSTI Ports

Users can configure the priority and path cost of an instance port.

Click the "Advanced Configure-Spanning Tree-MSTI Ports" as follows:

MST1 MSTI Port Configuration

Interface data are as follows.

6.7 IPMC Profile

Users can configure a filter multicast list

Click the "Advanced Configure-IPMC Profile-Address Entry" as follows:

IPMC Profile Configurations

Global Profile Mode Disabled ▼

IPMC Profile Table Setting

Delete | Profile Name | Profile Description | Rule

Add New IPMC Profile

Save Reset

Interface data are as follows.

6.8 IGMP Snooping

IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast management and control mechanism that works on a Layer 2 Ethernet switch.

The switch maps its interfaces with multicast group addresses and forwards the multicast data streams accordingly by snooping the IGMP message received by each interface when IGMP Snooping is enabled.

6.8.1 Basic Configuration

Click the "Advanced Configure-IGMP Snooping-Basic Configuration" to check the configuration info of IGMP Snooping as follows:

IGMP Snooping Configuration

Port Related Configuration

Save Reset

Interface data are as follows.

6.8.2 VLAN Configuration

Click the "Advanced Configure-IGMP Snooping-VLAN Configuration" to check the configuration info of IGMP Snooping as follows:

Interface data are as follows.

6.8.3 Port Filtering Profile

Click the "Advanced Configure-IGMP Snooping-Port Filtering Profile" to call the multicast list configured by IPMC Profile.

IGMP Snooping Port Filtering Profile Configuration

Interface data are as follows.

6.9 IPv6 MLD Snooping

IPv6 MLD Snooping is a multicast management and control mechanism that works on a Layer 2 Ethernet switch.

The switch maps its interfaces with multicast group addresses and forwards the multicast data streams accordingly by snooping the IPv6 MLD message received by each interface when IPv6 MLD Snooping is enabled.

6.9.1 Basic Configuration

Click the "Advanced Configure-IPv6 MLD Snooping-Basic Configuration" to check the configuration info as follows:

MLD Snooping Configuration

Port Related Configuration

Save Reset

Interface data are as follows.

6.9.2 VLAN Configuration

Click the "Advanced Configure-IPV6 MLD Snooping-VLAN Configuration" to check the configuration info of MLD Snooping as follows:

Interface data are as follows.

6.9.3 Port Filtering Profile

Click the "Advanced Configure-IPv6 MLD Snooping-VLAN Configuration" to check the configuration info as follows:

MLD Snooping Port Filtering Profile Configuration

Interface data are as follows.

6.10 ERPS

ERPS (Ethernet Ring Protection Switching):

As the latest mature standard of ERPS, ITU-TG.8032 ERPS supports multi-ring and multi-domain structures, absorbs the advantages of EAPS, RPR, SDH, STP, etc., and optimizes the inspection mechanism in terms of two-way faults. In addition, it supports main device backups, load sharing and other work methods in 50ms switching. Note: Disable STP before enabling ERPS.

Click the "Advanced Configure > ERPS" as follows:

Interface data are as follows.

Click the "Add New Ring Group";

Click the link in the "Ring ID" list to configure the ERPS Ring as follows:

"Save" and finish.

Click the "VLAN Protection" to edit the protected VLAN configuration.

Rapid Ring VLAN Configuration 1

Note: Users can modify or add other VLANs (ID 1 by default) for protection in this page.

6.11 LLDP

Link Layer Discovery Protocol (LLDP) is a vendor-independent Layer 2 protocol that allows network devices to notify local subnets of the identifications and performance. Currently, diversified network devices with complex configuration need a standard info exchange platform for manufacturers to discover others and exchange their unique systems and configuration info.

That's how LLDP comes out. It is a standard link layer discovery method which integrates the info such as main capabilities, management addresses, device and interface identifications of terminal devices into the TLV (Type/Length/Value), encapsulates it in LLDPDU (Link Layer Discovery Protocol Data Unit) and sends it to the directly connected neighbors. After receiving the info, they will save it in the form of standard MIB (Management Information Base) for NMS inquiry and link communication judgment.

Click the "Advanced Configure-LLDP" as follows:

7 Security Configure

7.1 Users

Users can reset the passwords on the switch.

Click the "Security Configure-Users" as follows:

Users Configuration

Add New User

"Save" and finish.

7.2 Privilege Levels

Users can change the login level on the switch.

Click the "Security Configure-Privilege Levels" as follows:

Privilege Level Configuration

Save Reset

7.3 SSH

SSH (Secure Shell) is a security protocol based on the application layer and formulated by the Network Working Group of IETF. SSH provides safe network services in a reliable manner, especially the Rlogin Session service. It can prevent info disclosure during remote management.

The switch manages SSH.

Click the "Security Configure-SSH" as follows:

SSH Configuration

7.4 Port Security Limit

Port Security:

The number of restricted MAC addresses on a port.

The switch supports Port Security.

Click the "Security Configure-Port Security Limit" as follows:

Port Security Limit Control Configuration

System Configuration

Port Configuration

7.5 Access Management

Access Management Web service can help you safely access the switch resources.

The switch supports Access Management.

Click the "Security Configure-Access Management" as follows:

7.6 802.1X

802.1X is a Client/Server-based protocol for access control and authentication, which prevents the unauthorized users/devices from accessing a LAN/WLAN through an access port. 802.1X authenticates the users/devices connected to the port before acquiring the services provided by the switch or LAN. Prior to authentication, only EAPoL (Extensible Authentication Protocol over Lan) data can flow through the switch port. Normal data are also allowed to flow through the Ethernet port smoothly after authentication.

Click the "Security Configure-802.1X" as follows:

Interface data are as follows

"Save" and finish.

7.7 ACL

Access Control List (ACL) is the instruction list of switch interfaces, which is used to control packet ingress and egress. It applies to all routed protocols, such as IP, IPX and AppleTalk.

Communication between information points and internal & external networks are essential business requirements of enterprise networks. For secure Intranet, access rights can be controlled by formulating security policies ensuring that unauthorized users can only use certain network resources. In short, ACL filtering flow is a network technology for access control.

ACL is configured to restrict network flow and authorized devices, forward specified port packets, etc. For example, external public network is beyond the reach of the devices in the LAN, or only FTP service is available. ACL can be configured either on routers or on the business software with ACL functions.

ACL, based on device hardware layer security, is an important technology to ensure system security in IoT. By controlling the access to communication between software devices and specifying the access rules programmatically, ACL separates illegal devices from damaging system security and obtaining data.

7.7.1 ACL Ports

Click the "Security Configure-ACL-Ports" as follows.

Interface data are as follows

"Save" and finish.

7.7.2 Rate Limiter

Click the "Security Configure-ACL-Rate Limiters" as follows.

ACL Rate Limiter Configuration

"Save" and finish.

7.7.3 Access Control List

Click the "Security Configure-ACL-Access Control List" as follows:

Click the "+" to edit the Access Control List.

ACE Configuration

Save Reset Cancel

VLAN Parameters

7.8 DHCP Snooping

DHCP principle

DHCP takes UDP as the transmission protocol. The host sends a request to Port 68 of DHCP Server which replies to the Port 67 of the host. The interactive process is detailed as follows.

graph TD
    A["DHCP Server-A"] -->|DHCP Discover报文（广播）| B["DHCP Client"]
    B -->|DHCP Offer报文| A
    A -->|DHCP Request报文（广播）| B
    B -->|DHCP Request报文（广播）| A
    A -->|DHCP Client获取正确的IP地址信息| B
    B -->|DHCP Release报文| A
    B -->|DHCP Offer报文| A
    B -->|DHCP ACK报文| A
    B -->|租约到期释放申请的IP地址| B

1. DHCP Client broadcasts a DHCP Discover message.
2. After receiving the message, all DHCP Severs will reply to DHCP Client a DHCP Offer message. DHCP Server will send "Your (Client) IP Address" field as the IP Address in the message to DHCP Client, and put its own IP Address in the "Option" field for distinguishing. DHCP Server will record the assigned IP address after sending the message.
3. Generally speaking, DHCP Client can only process the first DHCP Offer message it receives. It will broadcast a DHCP Request message and add the selected DHCP Server's and the required IP address in the option field.
4. After receiving DHCP Request message, DHCP Server will compare the IP addresses with its own address. DHCP Server will only clear the corresponding records of IP address allocation if different; or it will respond to DHCP Client with a DHCP ACK message and add the lease term for the IP address in the option field.
5. DHCP Client will check the availability of the IP address assigned by DHCP Server in the DHCP ACK message. DHCP Client will own the IP address and renew the lease automatically if the address is valid, or it will send a DHCP Decline message to inform DHCP Server of disabling this IP address and applying for a new one.
6. DHCP Client can release the obtained IP address by sending a DHCP Release message at any time, and DHCP Server will recover and redistribute the corresponding IP address. After half of the lease term, DHCP Client will send a DHCP Request message in unicast form to renew the IP address.

Upon receiving the DHCP ACK message, DHCP Client should extend the term as required, otherwise, DHCP Client should continue to use this IP address. After 87.5% of the lease term, DHCP Client will broadcast a DHCP Request message to renew the IP address. If DHCP Client receives a DHCP ACK message, the term will be extended as required; or DHCP Client has to continue to use the address until it expires. Then it should send a DHCP Release message to DHCP Server to release this IP address and apply for a new one.

What needs illustration is that DHCP Client may generally receive the first DHCP Offer packet from multiple DHCP Servers. In addition, the address [1] specified in the DHCP Offer sent by DHCP Server may not be the final address to be distributed, and it will be kept by DHCP Server till the Client makes a request.

DHCP Client sends a DHCP Request via broadcast packet to formally request DHCP Server for address distribution, so that other DHCP Servers sending Offer packets can also receive the Request packet, thereby releasing the IP addresses that have been offered (pre-allocated) to DHCP Client.

DHCP client will send a DHCP Decline info packet to DHCP Server to refuse the address that has been used by others.

DHCP Server will send a DHCP NAK message to DHCP Client for an address re-application during the negotiation due to incorrect address info (e.g. moving into a new subnet, or date expiration).

Steps are as follows.

DHCP Client broadcasts a DHCP Discover message to DHCP Server. It will re-send the message if DHCP Server fails to respond to it.

Upon receiving the message, DHCP Server will distribute resources (e.g. IP address) according to strategies and send a DHCP Offer message to DHCP Client.

DHCP Client will send a DHCP Request to apply for the server lease, and inform other servers of accepting this distributed address.

DHCP Server will send a DHCP ACK message for distributable resources, or a DHCP NAK message for non-distributable resources. DHCP Client can use the resources once it receives the DHCP ACK message, or it will re-send a DHCP Discover message if a DHCP NAK message is received.

DHCP Snooping principle

By snooping on the DHCP interactive messages between Client and Server, DHCP Snooping function will monitor users behaviors and filter DHCP messages and illegal servers by reasonable configuration. The followings interpret the terms and functions of DHCP Snooping:

1) DHCP Snooping Trust Port: Given that DHCP obtains IP interactive messages by broadcast, there are illegal servers that influence users to obtain normal IP, and some of them even cheat users and steal information. As a result, DHCP Snooping classifies the ports as the Trust port and the Untrust port. Devices only forward the DHCP Reply messages received from the Trust ports and abandon those from Untrust ports, in order to set the legal ports linked with DHCP Servers as Trust ports and others as Untrust ports, thus blocking the illegal servers.

1. DHCP Snooping binding database: Setting IP address privately is commonly seen in DHCP network, which not only increases the network maintenance difficulty, but also results in legal users failing to access the network due to conflicts. By snooping on the interactive messages between Client and Server, the IP, MAC, VID, PORT, lease and other information obtained by users are compiled into a user record entry to form the DHCP Snooping database. With the use of ARP inspection or check function, users' accesses to Internet will be controlled.

DHCP Snooping inspects the validity of messages flowing through the devices, abandons illegal ones, records user information, and creates a binding database for other functional queries. Here are some types of illegal messages:

1) The DHCP Reply messages received by Untrust port, including DHCP ACK, DHCP NACK, DHCP OFFER, etc.

2) The DHCP Reply messages received by Untrust port with network management info [giaddr].

3) During MAC verification, the DHCP Client field values of the Source MAC and DHCP messages respectively represent different packets.

4) With user information saved in the DHCP Snooping binding database, DHCP Release message has inconsistent port info with that saved in the database by devices.

Security-Related Functions of DHCP Snooping

In DHCP network environment, administrators often find that users modify and use static IP addresses rather than dynamic IP addresses without permission. Therefore, some users using dynamic IP addresses fail to access network normally, which complicates network application environment and increases the management difficulty of administrators. DHCP dynamic binding is a secure process in which a device obtains information by recording the IP of a legal user during DHCP Snooping. There are three control types. The first is to bind the address of a legal user with IP Source Guard. The second is to use the software's DAI (Dynamic ARP Inspection) to check the

validity of a user by controlling the ARP. The last is to bind the legal user's ARP message by ARP Check. Note: when using the IP Source Guard to bind the address, the number of DHCP users that a switch can support is limited by hardware entries. Legal users may fail to add hardware entries and use network properly due to too many users. All ARPs are forwarded and processed by CPU when using the DAI function, which will seriously affect the switch performance.

The address binding relation between DHCP Snooping and IP Source Guard IP Source Guard maintains the IP Source address database by setting the user information [IP, MAC] in the database to the hardware filtering entries and restricting the users' network accesses. Please refer to the IP&MAC Source Guard Configuration Section for more info.

DHCP Snooping prevents users from setting up private IP addresses by snooping on DHCP process, maintaining the user IP database, and submitting the data to IP Source Guard for filtration to ensure that only users who obtain IP through DHCP have access to the network.

In addition, DHCP binding users' validity will be checked for higher security and problem prevention like ARP spoofing since DHCP binding filters IP messages only. Please refer to the ARP Inspection Configuration Section for more information.

7.8.1 DHCP Snooping

Click the "Security Configure-DHCP-Snooping Setting" as follows to check the switch configuration:

DHCP Snooping Configuration

Snooping Mode Disabled ▼

Port Mode Configuration

Save Reset

Interface data are as follows

Click the "Save" to save all changes.

7.8.2 DHCP Snooping Table

Click the "Advanced Configure-DHCP-Snooping Table" to check the DHCP Snooping configuration as follows:

7.9 IP & MAC Source Guard

IP & MAC Source Guard maintains the Source IP & MAC binding database to filter the host messages based on Source IP & MAC on corresponding ports, thus ensuring the sole network access of the hosts of Source IP & MAC binding database.

7.9.1 Configuration

Click the "Security Configure-IP & MAC Source Guard-Configuration" as follows.

IP Source Guard Configuration

Translate dynamic to static

Port Mode Configuration

Save Reset

Interface data are as follows.

"Save" and finish.

7.9.2 Static Table

Users can manually configure the binding entry of IP & MAC Guard to control the ports in this page.

Click the "Security Configure-IP & MAC Source Guard-Static Table" as follows.

Static IP Source Guard Table

Interface data are as follows

Click the "Add a New Entry" subject to the input info.

"Save" and finish.

7.9.3 Dynamic Table

Users can manually configure the binding entry of IP & MAC Guard to control the ports in this page.

Click the "Security Configure-IP & MAC Source Guard-Static Table" as follows.

Interface data are as follows

7.10 ARP Inspection

IP & MAC Source Guard maintains the Source IP & MAC binding database to filter the host messages based on Source IP & MAC on corresponding ports, thus ensuring the sole network access of the hosts of Source IP & MAC binding database.

7.10.1 Port Configuration

Users can edit the Port Configure in this page.

Click the "Security Configure-ARP Inspection-Port Configuration" as follows.

ARP Inspection Configuration

Mode Disabled

Translate dynamic to static

Port Mode Configuration

Save Reset

Interface data are as follows

"Save" and finish.

7.10.2 VLAN Configuration

Click the "Security Configure-ARP Inspection-VLAN Configuration" as follows.

Interface data are as follows

Click the "Add New Entry" to create a new VLAN configuration.

"Save" and finish.

7.10.3 Static Table

Users can manually configure the binding table of ARP Inspection to control the ports in this page.

Click the "Security Configure-ARP Inspection-Static Table" as follows.

Interface data are as follows

Click the "Add New Entry" subject to the input info.

"Save" and finish.

7.10.4 Dynamic Table

Users can manually configure the binding table of IP & MAC Guard to control the ports in this page.

Click the "Security Configure-ARP Inspection-Dynamic Table" as follows.

Interface data are as follows

7.11 AAA

AAA is the abbreviation of Authentication, Authorization and Accounting. It is a security management mechanism for network access control to provide three kinds of security services.

7.11.1 RADIUS

Click the "Security Configure-AAA-RADIUS" as follows:

7.11.1TACACS+

Click the "Security Configure-AAA-TACACS+" as follows:

8 QoS

QoS (Quality of Service) assesses the ability of service providers to meet customer needs and the ability of sending packets over the Internet. Diversified services can be assessed based on different aspects. QoS usually refers to the evaluation of service capabilities that support core requirements such as bandwidth, delay, delay variation, and packet loss rate during delivery. Bandwidth, also known as throughput, refers to the average rate of business flow in a given period of time, with the unit of kbit/s. Delay refers to the average time required for business flowing through the network. For a network device, the followings are general levels of delay requirements. There are two delay levels, that is, the high-priority business can be served as soon as possible by scheduling method of priority queue, while the low-priority business gets services after that. Delay variation refers to the time change of business flowing through the network. Packet loss rate refers to the percentage of lost business flow during transmission. As modern transmission systems are very reliable, information is often lost in network congestion. Packet loss due to queue overflow is the most common situation.

All messages in a traditional IP network are treated equally. Every network device processes messages on a FIFO basis, and makes every effort to send them to destinations without guaranteeing reliability, transfer delay, or other performance.

Network service quality is constantly improved as new applications keep springing up in the rapidly changing IP network. For example, VoIP, video and other delay-sensitive services have set higher standards on message transmission delay. Message transmission in a short period has been the common trend. In order to support voice, video and data services with different requirements, the network needs to identify business types and provide corresponding services.

The ability to distinguish business types is the prerequisite to provide corresponding services, so the traditional best-effort service no longer meets the application needs. So QoS comes into being. It regulates the network flow to avoid and handle network congestion and reduce packet loss rate. Meanwhile, users can enjoy dedicated bandwidths while business can improve service quality, thus perfecting the network service capacity.

QoS priorities vary with message types. For instance, the VLAN message uses 802.1p, also known as the CoS (Class of Service) field, while the IP message uses DSCP. To maintain the priority, these fields need to be mapped at the gateway connected with various networks when messages flow through the network.

802.1p priority in the VLAN frame header

Typically, VLAN frames are interacted between Layer 2 devices. The PRI field (i.e. 802.1p priority), or CoS field, in the VLAN frame header identifies the quality of service requirements according to the definitions in IEEE 802.1Q.

802.1p priority in the VLAN frame

graph TD
    A["Destination address"] --> B["Source address"]
    B --> C["802.1Q Tag"]
    C --> D["Length /Type"]
    D --> E["Data"]
    E --> F["FCS"]
    G["16bits"] --> H["TPID"]
    H --> I["3bits"]
    I --> J["PRI"]
    J --> K["CFI"]
    K --> L["VLAN ID"]
    style G fill:#f9f,stroke:#333
    style H fill:#ccf,stroke:#333
    style I fill:#cfc,stroke:#333
    style J fill:#fcc,stroke:#333
    style K fill:#cff,stroke:#333
    style L fill:#ffc,stroke:#333

The 802.1Q header contains 3-bit PRI fields. PRI field defines 8 CoS of business priority ranging from 7 to 0 from high to low.

IP Precedence/DSCP Field

According to RFC791 definition, ToS (Type of Service) domain in the IP message header is composed of 8 bits. Among them, the 3-bit long Precedence field, as located in the following, identifies the IP message priority.

IP Precedence/DSCP Field

graph TD
    A["Version Length"] --> B["ToS 1 Byte"]
    B --> C["Len"]
    C --> D["ID"]
    D --> E["Flags/offset"]
    E --> F["TTL"]
    F --> G["Proto"]
    G --> H["FCS"]
    H --> I["IP-SA"]
    I --> J["IP-DA"]
    J --> K["Data"]
    L["0 1 2 3 4 5 6 7"] --> M["Precedence"]
    M --> N["D"]
    M --> O["T"]
    M --> P["R"]
    M --> Q["C"]
    R["IP Precedence"] --> S["DSCP"]

0 to 2 bits are Precedence fields representing the 8 priorities of message transmission ranging from 7 to 0 from high to low, with either Level 7 or 6 as the highest priority that is generally reserved for routing or updating network control communication. User-level applications only have access to Level 0 to 5.

ToS domain, in addition to Precedence fields, also includes D, T and R bits: D-bit represents the Delay requirement (0 for normal delay and 1 for low delay). T-bit represents the throughput (0 for normal throughput and 1 for high throughput). R-bit represents the reliability (0 for normal reliability and 1 for high reliability). ToS domain reserves the 6 and 7 bits.

RFC1349 redefines the ToS domain by adding a C-bit to represent the Monetary Cost. The IETF DiffServ group then redefines the 0 to 5 bits of ToS domain in the IPv4 message header of RFC2474 as DSCP and renames it as DS (Differentiated Service) byte as shown in the figure above.

The first 6 bits (0-5 bits) of DS field distinguish the DSCP (DS Code Point), and the higher 2 bits (6-7 bits) are reserved. The lower 3 bits (0-2 bits) are CSCP (Class Selector Code Point), with the same CSCP value representing the DSCP of the same class. DS nodes select corresponding PHB (Per-Hop Behavior) according to DSCP values.

8.1 Port Classification

The switch configures 802.1p priority by default and distributes the info such as DPL, PCP and DEI to each port. The priority and valid priority are marked as 0 (the lowest) and 7 (the highest).

Click the "QoS Configure-Port Classification" as follows:

QoS Ingress Port Classification

Save Reset

Interface data are as follows.

"Save" and finish.

8.2 Port Policing

Click the "QoS Configure-Port Policing" as follows:

QoS Ingress Port Policers

Interface data are as follows.

"Save" and finish.

8.3 Queue Policing

Click the "QoS Configure-Queue Policing" as follows:

QoS Ingress Queue Policers

Interface data are as follows.

"Save" and finish.

8.4 Port Scheduler

Click the "QoS Configure-Port Scheduler" as follows:

QoS Egress Port Schedulers

Interface data are as follows.

Click the "1"

QoS Egress Port Scheduler and Shapers Port 1

graph LR
    subgraph Queue_Shaper
        A["Enable"] --> B["Rate"] --> C["Unit"] --> D["Excess"]
        E["Q7"] --> F["S"] --> G["500 kbps"] --> H["STRICT"] --> I["S"]
        J["Q6"] --> K["S"] --> L["500 kbps"] --> H
        M["Q5"] --> N["S"] --> O["500 kbps"] --> H
        P["Q4"] --> Q["S"] --> R["500 kbps"] --> H
        S["Q3"] --> T["S"] --> U["500 kbps"] --> H
        V["Q2"] --> W["S"] --> X["500 kbps"] --> H
    end
    subgraph Port_Shaper
        Y["Enable"] --> Z["Rate"] --> AA["Unit"] --> AB["Burst"] --> AC["Unit"]
        AD["Port Shaper"] --> AE["Enable"] --> AF["Rate"] --> AG["Unit"] --> AH["Burst"] --> AI["Unit"]
        AJ["Port Shaper"] --> AK["500 kbps"] --> AL["12288 Byte"]
    end

"Save" and finish.

8.5 Port Shaping

Click the "QoS Configure-Port Shaping" as follows:

QoS Egress Port Shapers

Interface data are as follows.

"Save" and finish.

8.6 Port Tag Remarking

Click the "QoS Configure-Port Tag Remarking" as follows:

QoS Egress Port Tag Remarking

Interface data are as follows.

Click the "1"

QoS Egress Port Tag Remarking Port 1

"Save" and finish.

8.7 Port DSCP

Click the "QoS Configure-Port DSCP" as follows:

QoS Port DSCP Configuration

Interface data are as follows.

"Save" and finish.

8.8 DSCP-Based QoS

Click the "QoS Configure- DSCP-Based QoS" as follows:

DSCP-Based QoS Ingress Classification

Interface data are as follows.

"Save" and finish.

8.9 DSCP Translation

Click the "QoS Configure-DSCP Translation" as follows:

DSCP Translation

Interface data are as follows.

"Save" and finish.

8.10 DSCP Classification

Click the "QoS Configuration-DSCP Classification" as follows:

DSCP Classification

Interface data are as follows.

"Save" and finish.

8.11 QoS Control List

Click the "QoS Configure-QoS Control List" as follows:

Interface data are as follows.

Click the "+"

"Save" and finish.

8.12 Storm Policing

Click the "QoS Configure-Storm Policing" as follows:

Global Storm Policer Configuration

Interface data are as follows.

"Save" and finish.

9 Diagnostics

9.1 Ping

Destination node responds to the ICMP Echo packet sent from Ping to the specified IP address.

Click the "Diagnostics-Ping" as follows:

ICMP Ping

IP Address

Ping Length

Ping Count

Ping Interval

Start

Followings are the fields that can be configured or displayed:

Click the "Start" for a ping test.

9.2 Cable Diagnostics

Use the cable states which can inspect the 10/100/1,000 BASE-T electrical interfaces, such as the state of open circuit, short circuit and length of line pairs.

Click the "Diagnostics-Cable Diagnostics" as follows:

Click the "Start" for a "Cable Diagnostics" test.

9.3 CPU Load

Display the CPU load for users with an integer percentage and calculate the simple average at time intervals.

Click the "Diagnostics-CPU Load" as follows:

10 Maintenance

10.1 Restart Device

Click the "Maintenance-Restart Device" to perform a restart.

Click the "Yes".

10.2 Factory Defaults

Click the "Maintenance-Factory Defaults" to reset the configuration to factory defaults.

Click the "Yes".

10.3 Firmware Upgrade

Click the "Maintenance-Firmware Upgrade" to upgrade.

Click the "Browse" to select the firmware documents for upgrade. Click the "Upload" for firmware upgrade.

10.4 Firmware Select

Click the "Maintenance-Firmware Select" to switch the spare firmware.

Click the "Activate Alternate Image" to switch firmware.

10.5 Configuration

1. Click the "Maintenance-Configuration-Download" to download the configuration-related documents.

Download Configuration

Select configuration file to save.

Please note: running-config may take a while to prepare for download.

Click the "Download Configuration".

1. Click the "Maintenance-Configuration-Upload" to upload the configuration-related documents.

Upload Configuration

File To Upload

Select File No files selected

Destination File

Click the "Upload".

1. Click the "Maintenance-Configuration-Activate" to activate the configuration-related documents.

Activate Configuration

Select configuration file to activate. The previous configuration will be completely replaced, potentially leading to loss of management connectivity.

Please note: The activated configuration file will not be saved to startup-config automatically.

Activate Configuration

Click the "Activate Configuration".

1. Click the "Maintenance - Configuration-Delete" to delete the configuration-related documents.

Delete Configuration File

Select configuration file to delete.

Delete Configuration File

Click the "Delete Configuration File".