Professional Documents
Culture Documents
Network Management
User's Guide
Version 0.9
.
Trademarks
CTS is a registered trademark of Connection Technology Systems Inc. Contents subject to revise without prior notice. All other trademarks remain the property of their respective owners.
Copyright Statement
Copyright 2007 Connection Technology Systems Inc. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc.
FCC Warning
This equipment has been tested and found to comply with the limits for a Class-A digital device, pursuant to Part 15 of the FCC Rules. These limitations are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if no installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into a different outlet from that the receiver is connected. Consult your local distributors or an experienced radio/TV technician for help. Shielded interface cables must be used in order to comply with emission limits.
Changes or modifications to the equipment, which are not approved by the party responsible for compliance, could affect the users authority to operate the equipment. Copyright 2007 All Rights Reserved. Company has an on-going policy of upgrading its products and it may be possible that information in this document is not up-to-date. Please check with your local distributors for the latest information. No part of this document can be copied or reproduced in any form without written consent from the company. Trademarks: All trade names and trademarks are the properties of their respective companies
Table of Contents
1. INTRODUCTION ............................................................................................................... 6 1.1 Management Options ................................................................................................... 6 1.2 Management Software & Interfaces ............................................................................. 8 1.3 Management Preparations ........................................................................................... 9 2. CONSOLE PROGRAM ................................................................................................... 11 2.1 Local Console Management....................................................................................... 11 2.2 Remote Console Management - Telnet ...................................................................... 12 2.3 Console Program Overview ....................................................................................... 13 2.4 Navigating the Console Program Screens ................................................................. 15 2.5 System Information .................................................................................................... 18 2.6 User Authentication .................................................................................................... 19 2.7 Network Management ................................................................................................ 22 2.7.1 Network Configuration ......................................................................................... 23 2.7.2 System Service Management .............................................................................. 25 2.7.3 RS232/Telnet/Console Configuration................................................................... 26 2.7.4 Time Server Configuration ................................................................................... 27 2.7.5 Device Community............................................................................................... 28 2.7.6 Trap Destination................................................................................................... 30 2.7.7 Trap Configuration ............................................................................................... 31 2.8 Switch Management................................................................................................... 32 2.8.1 Switch Configuration............................................................................................ 33 2.8.2 Priority and Rate limit Configuration .................................................................... 34 2.8.3 Port Configuration................................................................................................ 36 2.8.4 VLAN Configuration ............................................................................................. 37 2.8.4.1 Port-Based VLAN Configuration.................................................................... 38 2.8.4.2 802.1Q VLAN Concept.................................................................................. 40 2.8.4.3 802.1Q VLAN configuration........................................................................... 43 2.8.4.4 Configuration Default Port VLAN ID .............................................................. 45 2.8.5 Spanning Tree Protocol ....................................................................................... 47 2.8.5.1 STP Switch Settings...................................................................................... 48 2.8.5.2 STP Port Settings.......................................................................................... 50 2.8.6 MAC Address Management ................................................................................. 51 3
2.8.7 L2 Protocol Converting ........................................................................................ 53 2.9 Switch Monitor............................................................................................................ 56 2.9.1 Switch Port State ................................................................................................. 57 2.9.2 Port Traffic Statistics ............................................................................................ 59 2.9.3 Port Packet Error Statistics .................................................................................. 60 2.9.4 Port Packet Analysis Statistics ............................................................................. 61 2.9.5 MAC Address Table ............................................................................................. 62 2.9.6 IGMP Snooping ................................................................................................... 63 2.10 System Utility ........................................................................................................... 64 2.10.1 Ping ................................................................................................................... 65 2.10.2 Event Log .......................................................................................................... 66 2.10.3 Update Firmware ............................................................................................... 67 2.10.4 Load Factory Setting.......................................................................................... 68 2.10.5 Load Factory Setting Except Network Configuration ......................................... 69 2.10.6 Backup Configuration ........................................................................................ 70 2.11 Save Configuration ................................................................................................... 71 2.12 Reset System ........................................................................................................... 72 2.13 Logout ...................................................................................................................... 73 3. SNMP NETWORK MANAGEMENT ................................................................................ 74 4. WEB MANAGEMENT ..................................................................................................... 75 4.1 System Information .................................................................................................... 77 4.2 User Authentication .................................................................................................... 79 4.3 Network Management ................................................................................................ 82 4.3.1 Network Configuration ......................................................................................... 83 4.3.2 System Service Configuration.............................................................................. 85 4.3.3 RS232/Telnet/Console Configuration................................................................... 86 4.3.4 Time Server Configuration ................................................................................... 87 4.3.5 Device Community............................................................................................... 88 4.3.6 Trap Destination................................................................................................... 90 4.3.7 Trap Configuration ............................................................................................... 91 4.4 Switch Management................................................................................................... 92 4.4.1 Switch Configuration............................................................................................ 93 4.4.2 Priority and Rate limit Configuration .................................................................... 94 4.4.3 Port Configuration................................................................................................ 96 4
4.4.4 VLAN Configuration ............................................................................................. 97 4.4.4.1 Port-Based VLAN Configuration.................................................................... 98 4.4.4.2 802.1Q VLAN configuration......................................................................... 100 4.4.4.3 Configuration Default Port VLAN ID ............................................................ 102 4.4.5 Spanning Tree Protocol ..................................................................................... 104 4.4.5.1 STP Switch Settings.................................................................................... 105 4.4.5.2 STP Port Settings........................................................................................ 107 4.4.6 MAC Address Management ............................................................................... 108 4.4.7 L2 Protocol Converting .......................................................................................110 4.5 Switch Monitor...........................................................................................................113 4.5.1 Switch Port State ................................................................................................114 4.5.2 Port Traffic Statistics (Rates/Events)...................................................................116 4.5.3 Port Packet Error Statistics .................................................................................118 4.5.4 Port Packet Analysis Statistics ........................................................................... 120 4.5.5 MAC Address Table ........................................................................................... 122 4.5.6 IGMP Snooping ................................................................................................. 123 4.6 System Utility ........................................................................................................... 124 4.6.1 Event Log .......................................................................................................... 125 4.6.2 Load Factory Setting.......................................................................................... 126 4.6.3 Load Factory Setting Except Network Configuration ......................................... 127 4.6.4 Backup Configuration ........................................................................................ 128 4.7 Save Configuration................................................................................................... 129 4.8 Reset System ........................................................................................................... 130 APPENDIX A ................................................................................................................ 131 APPENDIX B ................................................................................................................ 132
1. INTRODUCTION
Thank you for purchasing the 8x10/100TX managed Converter Switch. The built-in management module allows you to configure and monitor this managed Converter Switch and its operation status locally or remotely thru network.
LED RS-232
Fig. 2 Back Panel Switch management options are available and listed as below: Local Console Management Telnet Management SNMP Management Web Management Local Console Management Local Console Management is done through the RS-232 DB-9 console port located in the back of the Converter Switch. Direct RS-232 cable connection between the PC and the Converter Switch is required for this type of management. Telnet Management Telnet is done through the network. Once the Converter Switch is on the network with proper configuration, you can use Telnet to login and monitor its status remotely. SNMP Management SNMP is also done over the network. Besides standard MIB (Management Information Bases), an additional private MIB is also provided for SNMP-based network management system to compile and control. Web Management
Web Management is done thru the network of course. Once the Converter Switch is available on the network, you can login and monitor its status locally or remotely thru a web browser. Local console-type Web management, especially for the first time use of the Converter Switch to set up the needed IP, can also be done through the RS-232 DB-9 console port or any of the 10/100Base-TX 8-pin RJ-45 ports located at the front panel of the Converter Switch. Direct RS-232 cable or RJ45 LAN cable connection between a PC and the Converter Switch is required for this.
Console Program
The Converter Switch has a built-in, menu-driven interface called the Console Program which you can use to: Configure the system Monitor the status Reset the system
You can use this Console Program as your only management system. However, other network management option SNMP-based management system is also available to use. You can access the text-mode Console Program locally by connecting a VT100 terminal - or a workstation running VT100 emulation software - to the Converter Switchs RS-232 DB-9 console port directly. Or, you can use Telnet to login and access the Console Program through network connection remotely.
Remember that no two devices on a network can have the same address. If you connect to the outside, you must change all the arbitrary IP addresses to comply with those you have been allocated by the allocation organization. If you do not do this, your outside communications will not operate.
A subnet mask is a filtering system for IP addresses. It allows you to further subdivide your network. You must use the proper subnet mask for proper operation of a network with subnets defined. MIB for Network Management Systems Private MIB (Management Information Bases) is provided for managing the Converter Switch through the SNMP-based network management system. You must install the private MIB into your SNMP-based network management system first. The MIB file is shipped together with the Converter Switch. The extension of filename is ".mib", which SNMP-based compiler can read and compile to run.
10
2. CONSOLE PROGRAM
This chapter describes how to use your Converter Switch Console Program, specifically in: Local Console Management (out-of-band) Telnet Management (in-band) Configuring the system Resetting the system
The interface and options are the same with Local Console and Telnet Management. The difference is the type of connection and the port that is used to manage the Converter Switch.
11
2. Run Telnet. 3. Log into the Converter Switch to reach the Main menu. Limitation When using Telnet, please keep the following in mind: Only two active Telnet sessions can access the Converter Switch at one time.
12
Enter the user name and password then press ENTER to login to the Console Program main menu, (*The default is Username: admin, and with no password.)
13
Press Tab or
or
1. System Information: Name the Converter Switch, specify the location and check the current version information. 2. User Authentication: View the registered users list. Add a new user or remove an existing user. 3. Network Management: Set up or view the IP address and related information of the Converter Switch required for network management application.
14
Field Types
A typical console program screen containing several types of fields is shown as below. 1-
5432-
Timer is view-only, shows how long the switch has been up since it was turned on or reset. 2. Pull-Down Menu: [ XXXX |] Pull-down menu is used if there are more than two selections, for example: SNMP Level Press Spacebar will display the pull-down menu as below.
Use
or
3. Toggle Option: < XXXX > A Toggle option contains two options, for example: Account State Press Spacebar to select between < Enable > & < Disabled > 4. Editing Field: [ XXXX ] Options may be edited directly, for example: Community Use Backspace to clean up default setting and enter new content directly. 5. View-Only Field: XXXX No options available and is view-only, For example: Current number of each registered user. 6. OK Press OK to accept change and quit the current menu. 7. Cancel Press Cancel to skip the change and quit the current menu. 8. Help Press Help to view On-Line help as below, 16
The following pop-up message alerts user that the configuration change will take effect after reset. However, before performing System Reset, user must save the configuration change first.
17
Company Name: Enter a company name for this Converter Switch, up to 55 alphanumeric characters. System Object ID: View-only field, the predefined System OID. System Contact: Enter contact information for this Converter Switch, up to 55 alphanumeric characters. System Name: Enter a unique name for this Converter Switch, up to 55 alphanumeric characters. Use a descriptive name to identify the Converter Switch in relation to your network, for example Backbone 1. This name is mainly used for reference purpose only. System Location: Enter a brief description of the Converter Switch location, up to 55 alphanumeric characters. Like the name, the location is for reference only, for example 13th Floor. Model Name: View-only field shows the products model name. Firmware Version: View-only field shows the products firmware version. TP Port: View-only field shows the total numbers of TP ports. M/B Version View-only field shows the Main board version. Serial Number: View-only field shows the serial number of this product. 18
Up to 10 Users maybe set. Use Delete to remove a registered user. Press Edit to view and edit a registered users current settings. Press New to add a new user, the following screen page shows up,
19
Current/Total/Max Users: View-only field. Specify: Current: Current number of registered users login in. Total: Total number of registered users. Max Users: Maximum number of available for registered users, default 10. Account State: Press Spacebar to Enable or Disable this User Account. User Name: Specified the authorized user login name, up to 20 alphanumeric characters. Password: Enter desired user password, up to 20 alphanumeric characters. Retype Password: Enter password again for reconfirming and double-checking. Description: Enter a unique description for the User, up to 35 alphanumeric characters. This is mainly for reference purpose only. IP Security: Press Spacebar to Enable or Disable the IP security function. If Enabled, user may access the Converter Switch only through the management station which has the exact IP address specified in below IP address field. If Disabled, user may access the Converter Switch through any station. IP Address: Specify the IP address used for IP Security function. Console Level: Use or to select desired privilege for the console operation
20
Administrator
Full access right including maintain user account & system information, load factory setting, etc. Full access right but cannot modify user account & system information, cannot load factory setting Allow to view only. Completely forbidden to access.
NOTE: To prevent incautious operation, a user cannot Delete, Modify User Name nor Enable/Disable account states. Press RADIUS Configuration in User Authentication, the following screen page shows up.
When RADIUS Authentication is Enabled, User login will be according to those settings on the RADIUS server(s) with Server Addresses specified in this RADIUS Configuration. *Note: For advanced RADIUS Server set up, please refer to Appendix A or the free RADIUS readme.txt file on the disc shipped with this product. Secret Key: The word to encrypt data of being sent to RADIUS server. Radius Port: The RADIUS service port on RADIUS server. Retry Time: The number of times trying to reconnect if the RADISU server is not reachable.
21
1. Network Configuration: Set up the required IP configuration of the Converter Switch. 2. System Service Management: Enable or Disable the specific network services. 3. RS232/Telnet/Console Configuration: View the RS-232 serial port setting, specific Telnet & Console services. 4. Time Server Configuration: Set up the time servers configuration 5. Device Community: View the registered SNMP community name list. community name or remove an existing community name. 6. Trap Destination: View the registered SNMP trap destination list. destination or remove an existing trap destination. Add a new
7. Trap Configuration: View the Converter Switch trap configuration. Enable or disable a specific trap.
22
MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Converter Switch. You cannot change the Converter Switchs MAC address. Configuration Type: Press Spacebar to select using "DHCP" or "Manual". If select "DHCP" and a DHCP server also available on the network, the Converter Switch will automatically get the IP address from the DHCP server. If select the "Manual" mode, user need to specify the IP address, Subnet Mask & Gateway. *Note: For advanced DHCP Server set up (for firmware and configurations auto-upgrade), please refer to Appendix B or the DHCP readme.txt file on the disc shipped with this product. IP Address: Enter the unique IP address of this Converter Switch. You can use the default IP address or specify a new one if there is address duplication or the address does not match your network. Subnet Mask: Specify the subnet mask to use with the Converter Switch IP address. The default subnet mask values for the three Internet address classes are as follows: Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0
23
Gateway: Specify the IP address of a gateway or a router, which is responsible for the delivery of the IP packets sent by the Converter Switch. This address is required if the Converter Switch and the network management station are on different networks or subnets. The default value of this parameter is 0.0.0.0, which means no gateway exists and the network management station and Converter Switch are on the same network. Current State: This view-only field shows currently assigned (by DHCP or manual) IP address, Subnet Mask & Gateway of the Converter Switch.
24
Telnet Service: Press Spacebar to Enable or Disable the Telnet service. SNMP Service: Press Spacebar to Enable or Disable the SNMP service. Web Service: Press Spacebar to Enable or Disable the Web service.
25
Baud Rate: 9600 bps, RS-232 setting, view-only field. Stop Bits: 1, RS-232 setting, view-only field. Parity Check: None, RS-232 setting, view-only field. Word Length: 8, RS-232 setting, view-only field. Flow Control: None, RS-232 setting, view-only field. Telnet Port: Specify the desired TCP port number for the Telnet console. Default TCP port number of the Telnet is 23. System Time Out: Specify the desired waiting time that the Converter Switch will wait before cutting off an inactive console/telnet connection. Specifying "0" means never to cut off an inactive connection.
26
Time Synchronization: Press Spacebar to Enable or Disable time synchronization. Time Server Address: NTP timer server address, press test button to test whether it is available. 2nd Time Server Address: When the default Time Server is down, CHASSIS will automatically contact the 2nd time server. Synchronization Interval: The time interval to synchronize from NTP time server. Time Zone: Select from the time zones of cities. Press Spacebar and use Up/Down arrow key to select the appropriate time zone appears. Daylight Saving Time: Press Spacebar to Enable or Disable the daylight saving time function. Its a way of getting more daytime hour(s) by setting the time to be hour(s) ahead in the morning. Daylight Saving Time Offset: Press Spacebar and use Up/Down arrow key to select the time offset of daylight saving time. NOTE: We use SNTP to get the time from those NTP servers. It is recommended that the time server is in the same LAN or at least not too far away, then the time will be more accurate.
27
Up to 10 Device Communities can be set. Use Delete to remove a registered community. Press New to add a new community. Press Edit to view the current community setting, the following screen page appears,
28
Current/Total/Max Agents: View-only field. Specify: Current: Current number of registered community users. Total: Total number of registered community users. Max Users: Maximum number of available registered communities, default 10. Account State: Press Spacebar to Enable or Disable this Community Account. Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name, up to 35 alphanumeric characters. This is mainly for reference purpose only. IP Security: Press Spacebar to Enable or Disable the IP security function. If Enabled, Community may access the Converter Switch only through the management station, which has exact IP address specified in below IP address field. If Disabled, Community may access the Converter Switch through any management station. IP Address: Specify the IP address used for IP Security function. SNMP Level: Use NOTE: If the community browses the Converter Switch without proper access right, the Converter Switch will respond nothing. For example, if a community has only Read & Write privilege then it cannot browse Converter Switch User Table. or to select desired privilege for the SNMP operation
29
State: Enable or Disable to send Trap to the specified destination. Destination: Enter the specific IP address of the network management system that will receive the trap. Community: Enter the community name of the network management system.
30
Cold Start Trap: Enable or Disable the Converter Switchs sending a Cold Start trap after power on. Warm Start Trap: Enable or Disable the Converter Switchs sending a Warm Start trap after system reset. Authentication Failure Trap: Enable or Disable the Converter Switchs sending Authentication Failure trap after any unauthorized login attempt. Port Link Up/Down Trap: Enable or Disable the Converter Switchs sending a port linkup/link-down trap. Broadcast Storm Trap: Enable or Disable the broadcast storm trap sending from Converter Switch when broadcast packets reach the upper limit. Upper Limit: Maximum broadcast packets number per second. Send the broadcast storm trap if over System Power Down Trap: To send trap notice to the destination while the Converter Switch has a power down.
31
1. Switch Configuration: Set up acceptable frame size and address learning, etc. 2. Priority and Rate Limit Configuration: Enable/Disable Port priority and set up Port Rate limit, etc. 3. Port Configuration: Enable/Disable port speed, flow control, etc. 4. VLAN Configuration: Set up VLAN mode and VLAN configuration 5. Spanning Tree Protocol: Set up (Enable/Disable) Spanning Tree Protocol (STP) to provide network path redundancy that prevents undesirable loops in the network. 6. MAC Address Management: Set up MAC address, enable/disable MAC security, etc. 7. L2 Protocol Converting: Turn On/Off ports Layer-2(L2) control protocol tunnel and set up the specific L2 control protocols of passing though. However, L2 Protocol Converting is supported (available) only at the 802.1q Tag VLAN Mode of Secure.
32
Maximum Frame Size: Press Spacebar to toggle between 1522 and 1536 two ranges. Address Learning: Enable is the default to learn MAC addresses in RAM, otherwise the disable option would stop learning MAC address. MAC Address Aging Time: Between 0-4080 seconds. Fiber Port Redundancy: Disabled only since no Fiber port is available Port 8 Media Type: Copper only, unchangeable IGMP Snooping: If enabled, user can then monitor those computers being connected to the switch and joining certain multicast groups, through the option IGMP Snooping of Switch Monitor menu. The default is disabled. 0180C2000000-0F: Set/toggle the Filter or Not Filter option for these range of addresses 0180C2000020-2F: Set/toggle the Filter or Not Filter option for these range of addresses 0180C2000010: Set/toggle the Filter or Not Filter option for the address
33
Priority Mode: Use spacebar to select among Default, IP, TAG, IP+Tag, Tag+IP modes. Default mode: default value which Schedule mode is Weight (8:4:2:1) and port priority set Q1, where Weight (8:4:2:1) mean Q4:Q3:Q2:Q1 4 kinds of frames type quantity occupied bandwidth ratio is 8:4:2:1 when frames passing over switch based on IP TOS Priority MAP and Tag Priority Map. IP defined as below. TAG use 802.1Q tag value as frame passing in switch priority. IP+TAG mean IP TOS priority has higher precedence while work with TAG Priority. TAG+IP are vice versa. Schedule Mode: Use spacebar select Weight (8:4:2:1) and strict modes. Strict mode means send most high priority packets first. Ex: Q4 is highest precedence. Port Priority: Use spacebar select Q1, Q2, Q3, Q4. The four queues priorities depend upon priority and schedule mode combination. IP TOS Priority Map: Use spacebar to select TOS (0)TOS (12) modes. The Type of Service (TOS) field is an 8-bit field. It is located in the IP packet and used by a device to indicate the precedence or priority of a given frame. The second field is up to first field use which TOS with what kind of queue.
34
Tag Priority Map: Use spacebar to select 0,1,2,3 tag values as priority level. The second field is up to the first field use which TAG with what kind of queue. Ingress Rate: Use spacebar to select ON / OFF. ON: Enable Ingress Rate Limiting OFF: Disable Ingress Rate Limiting Bandwidth (Mbps): Use spacebar to select Ingress bandwidth (1~99Mbps). Egress Rate: Use spacebar to select ON / OFF. ON: Enable Egress Rate Limiting OFF: Disable Egress Rate Limiting Bandwidth (Mbps): Use Spacebar to select Egress bandwidth (1~99Mbps). TCP/UDP Priority Map: 1st, use Spacebar to select the rate limit type Disabled/DA/SA/DA or SA; 2nd, use Spacebar to select the port (1~8); 3rd, specify which TCP/UDP port is to be limited; 4th, use Spacebar to select the quality level (Q1~Q4).
35
Port Number: Using spacebar to select among options of All, port 1, port 2, and port 3. Port State: Enable or disable current port state. Port Type: Press Spacebar to choose option among Auto-Negotiation, Manual, 10M bps and Half duplex Flow Control: Press Spacebar to select between Enabled and Disabled.
36
VLAN Mode: Use spacebar to select either Port-Based VLAN or IEEE 802.1Q Tag VLAN mode to approach. Configure VLAN: Set up VLAN name, ports, etc. 37
Use New to add a new VLAN entity. Use Delete to remove a VLAN entity. Use Edit to view and edit the current VLAN setting, the following screen page shows up.
38
VLAN Name: Use default name or specify a VLAN name. VLAN Members: Move cursor to VLAN member marked with V to denote which port belongs to VLAN.
39
Preamble Start Frame Delimiter Destination Address Source Address Tag Control Info Priority Canonical Indicator
VID VLAN Identifier T/L Type/Length Field Payload FCS Frame Check Sequence
62 bits Used to synchronize traffic 2 bits Marks the beginning of the header 6 bytes The MAC address of the destination 6 bytes The MAC address of the source 2 bytes set to 8100 for 802.1p and Q tags 3 bits Indicates 802.1p priority level 0-7 1 bit Indicates if the MAC addresses are in Canonical format - Ethernet set to "0" 12 bits Indicates the VLAN (0-4095) 2 bytes Ethernet II "type" or 802.3 "length" < or = 1500 bytes User data
Important VLAN Concepts for Configuration There are two key components to understanding: - The Default Port VLAN ID (PVID), which specifies the VLAN to which the switch will assign unlabeled traffic from that port; - The VLAN ID (VID), which specify the set of VLAN from which a given port is allowed to receive, and to which allowed to send labeled packets. Both variables can be assigned to a switch port, but there are important differences between them. An administrator can only assign one PVID to each switch port (since the 802.1Q protocol assigns any single packet to just one VLAN). The PVID defines the default VLAN ID tag that a switch will add to un-tagged frames it receives on that port (ingress traffic). On the other hand, a port can be defined as a member of multiple VLAN (multiple VID). These VID constitute an access list for the port. The access list can be used to filter tagged ingress traffic (the switch will drop a packet tagged as belonging in one VLAN if the port on which it was received is not a member of that VLAN). The switch also consults the access list to filter packets it sends to that port (egress traffic). Packets will not be forwarded out the port if they unless they belong to one of the VLAN in which the port is a member. The differences between Ingress and Egress configurations can provide network segmentation while still allowing resources to be shared across more than one VLAN.
40
Important VLAN Definitions Ingress The point at which a frame is received on a switch and the switching decisions must be made. The switch examines the VID (if present) in the received frames header and decides whether and where to forward the frame. If the received frame is untagged, the switch will tag the frame with the PVID for the port on which it was received. It will then use traditional Ethernet bridging algorithms to determine the port to which the packet should be forwarded. Next it checks to see if each destination port is on the same VLAN as the PVID and can thus transmit the frame. If the destination port is a member of the VLAN used by the ingress port, the frame will be forwarded. If the received frame is tagged with VLAN information, the switch checks its address table to see whether the destination port is a member of the same VLAN. Assuming both ports are members of the tagged VLAN, the frame will be forwarded. Ingress Filtering The process of checking an incoming frame and comparing its VID to the ingress port VLAN memberships is known as Ingress Filtering. On the switch, it can be either Enable or disabled on a port-by-port basis. 1. An untagged frame is received, the ingress port PVID is applied to the frame. 2. If a tagged frame is received, the VID in the frame tag is used. If Ingress Filtering is Enable and, the switch will first determine, 1. If the ingress port itself is a member of the frame VLAN and can thus receive the frame. 2. If the ingress port is not a member of the frame VLAN, the frame is dropped. 3. If it is a member of that VLAN, the switch then checks its address table to see whether the destination port is a member of the same VLAN. Assuming both ports are members of that VLAN, the frame will be forwarded. Administrators should take care to make sure that each port PVID is set up, or incoming frames may be dropped if Ingress Filtering is enabled. If Ingress Filtering is disabled, it will not compare the incoming frame VID against the ingress port VLAN membership; it will only check its address table to see whether the destination VLAN exists. 1. If the VLAN is unknown, it will be dropped. 2. If the VLAN and the destination MAC address are known, the frame will be forwarded. 3. If the VLAN is known and the destination MAC address is unknown, the frame will be flooded to all ports in the VLAN.
Egress The point at which frames are being transmitted out of a switch and tagging decisions must be made. When an administrator configures each port VLAN membership (allows egress for a specific VLAN), another configuration option is whether to transmit tagged or untagged frames on that port.
41
1. If an egress port is connected to an 802.1Q-compliant switch or end system, tagging should be enabled so the other device can utilize the VLAN and priority tags. 2. If an egress port is connected to a non-compliant switch or end-station, the tags should be stripped off and the frame transmitted untagged so that the receiving device can read the normal Ethernet frame. Tagging Every port on an 802.1Q compliant switch can be configured as tagging or un-tagging. Ports with tagging Enable will put the VID number, priority and other VLAN information into the header of all packets that flow into and out of it. If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN information intact. The VLAN information in the tag can then be used by other 802.1Q compliant devices on the network to make packet forwarding decisions. Un-tagging Ports with un-tagging Enable will strip the 802.1Q tag from all packets that flow into and out of those ports. If the packet doesnt have an 802.1Q VLAN tag, the port will not alter the packet. Thus, all packets received by and forwarded by an un-tagging port will have no 802.1Q VLAN information. (Remember that the PVID is only used internally within the switch). Un-tagging is used to send packets from an 802.1Q-compliant network device to a non-compliant network device.
42
Use New to add a new VLAN entity. Use Delete to remove a VLAN entity. Use Edit to view and edit the current IEEE 802.1Q Tag VLAN setting, the following screen page shows up.
43
VLAN ID: From 1 to 4094, specify a VLAN ID VLAN Name: Use default name or specify a VLAN name. VLAN Members: Move cursor to a VLAN member marked with V to denote which port belongs to VLAN.
44
There are 4 different modes to choose from as the IEEE 802.1q Tag VLAN mode: Disabled: It ignores all setting below and Tagged packet. This setting depends on Portbased VLAN. If receive a packet without Tag, the packet follows up the setting of Tagging. If receive a Tagged packet, the packet follows up the previous setting of VLAN table. When VLAN table exists, the packet will follow up the VLAN table. If not, the packet broadcasts and follows up Port-Based VLAN. If receive a packet without Tag, the packet follows up the setting of Tagging. If receive a Tagged packet, the packet follows up the previous setting of VLAN table. When VLAN table exists, the packet will follow up the VLAN table. If not, the packet drops. The function is the same with Check. Additionally, if the packet from Ingress port does not belong to one of VLAN table, the packet drops.
Fallback:
Check:
Secure:
Note: L2 Protocol Converting is supported (available) only at the 802.1q Tag VLAN Mode of Secure.
45
Per Port Settings: Every port can be set to be different VLAN mode as the following screen.
Default Port VLAN ID (PVID): The setting range is 1 to 4094. Default Egress Mode: F: When VLAN table dose not exist or VLAN mode is disabled, the Egress packet will be unmodified and forwarded. U: When VLAN table dose not exist or VLAN mode is disabled, the Egress packet will be untagged. T: When VLAN table dose not exist or VLAN mode is disabled, the Egress packet will be tagged with Ingress PVID. D: Force to add one tag with Ingress PVID on Egress packet. Default Ingress mode: F: The packet from Ingress will be unmodified and forwarded. U: The packet will be untagged. If the packet is Double-Tagged, the packet will be untagged one of the tags. D: Force to add one tag with Ingress PVID on Ingress packet.
46
The Spanning Tree Protocol follows the ANSI/IEEE 802.1D standard. For details, please refer to the standard documents The configuration algorithm and protocol described in this clause reduce the Bridged LAN topology to a single Spanning Tree. There is a bridge to be assigned as the root. The following abbreviations are used in this standard: BPDU: Bridge Protocol Data Unit MAC: Media Access Control STP Switch Setting: The switch-based global STP parameters setting. STP Port Setting: The port-based STP parameters setting.
47
Spanning Tree Protocol: Enable or disable spanning tree protocol (STP) function for all ports of switch. STP is supported only at port-based VLAN mode, but not supported at 802.1Q Tag VLAN mode. Its because this Converter Switch cant enable multiple STP domains for multiple 802.1Q Tag VLANs. Designated Root: Shows the unique Bridge Identifier which is being used as the Root. If (Self) is shown, the root is itself. Root Path Cost: The cost of the path to the Root from this Bridge. This parameter has the value of zero when the Bridge is the Root. Otherwise, it is equal to the sum of the values of the Designated Cost and Path Cost parameters held for the Root Port. This parameter is used to test the value of the Root Path Cost parameter conveyed in the received Configuration Message information, and as the value of the Root Path Cost parameter in the transmitted Configuration Message information. Root Port: The Port Identifier of the Port that offers the lowest cost path to the Root, i.e., that Port for which the sum of the values of the Designated Cost and Path Cost parameters held for the Port is the lowest. Root Max Age: Set up the maximum aging time on the switch root to expire. The maximum aging time is the number of seconds that a switch will wait without receiving spanning-tree configuration messages before attempting a reconfiguration. For seconds, the range is 6 to 40; the default is 20.
48
Root Hello Time: Set up the hello time of a root switch. The hello time here is the time between each bridge protocol data unit (BPDU) containing configuration message that is sent by a bridge that is attempting to become or has been a Root also meaning alive. For seconds, the range is 1 to 10; the default is 2. Root Forward Delay: Forward Delay of root. Root Bridge Priority: Bridge Priority of root. Max Age: The maximum age of protocol information received before it is discarded. Hello Time: The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port of switch. For seconds, the range is 1 to 10; the default is 2. Forward Delay: Set up the forward delay time of a switch. The forward delay is the number of seconds that a port interface waits before changing from its spanning-tree listening or learning state to the learning or forwarding state respectively. For seconds, the range is 4 to 30; the default is 15. It is also the value used for the aging time of dynamic entries in the Filtering Database, while Configuration Messages received indicates a topology change. Bridge Priority: Set up the priority of a switch, the range is 0 to 65535; the default is 32768. The unique bridge Identifier of the Bridge is used as the value of a) The bridge Identifier parameter in all configuration BPDUs transmitted by the bridge. b) The Bridges Designated Root when the bridge is a Root, or is attempting to become the Root, following expiry of all information concerning the current Root, or following management action.
49
STP Port State: STP on this port is either On or Off. STP Port Cost (0-65535): The contribution of the path through this Port. When the Port is the Root Port, the port cost is the total cost of the path to the Root for this Bridge. STP Port Priority (0-255): The unique Port identifier among the Ports of this Bridge. This parameter is used as the value of the Port Identifier parameter of all Configuration Messages transmitted through the Port.
50
*Note: The switch only supports switch-based MAC security and does not support portbased MAC security. The switch can support up to 128 entries of MAC security list. MAC Security: Enable or disable MAC security. When it is enabled, only the MAC address in the table and its specified forwarding port where packets can be forwarded to, for others packets are dropped. Use Delete to remove a MAC address entity. Use Edit to view and edit the selected MAC address entity. Use New to add a new MAC address entity, the following screen page shows up.
51
Destination MAC Address: Destination MAC address in the packet. Forwarding Port: If the incoming packet has the same destination MAC address as that specified above, it is forwarded to the selected port directly.
52
Our Converter Switch supports Layer-2 protocol converting for the following protocols: CDP (Cisco Discovery Protocol), STP (Spanning Tree Protocol), and VTP (VLAN Trunk Protocol). For emulated point-to-point network topologies, it also supports others Layer-2 control protocols. But, user must know first which MAC address and its LLC code should be used for the L2 control protocol. Then, user can fill in the MAC and LLC code information to the specific converting table provided for the L2 conversion of the control protocol. The LLC code is very important since some of L2 control protocols could share the same MAC address but with different LLC codes for enabling different control functions. For example: If in case the VTP and CDP both use same MAC address of 01-00-0C-CC-CCCC, it still could be with a LLC code of VTP as AAAA0300000C2003.but with a different LLC code of CDP as AAAA0300000C2000.
53
Those MAC /LLC code information can be got by using the software and/or hardware of any protocol analyzer. More information about them is also available and can be studied from the IEEE standard books. The format of L2 control protocol frame is shown as below, PRE SFD DA SA L LLC Payload and other information 62 bits Used to synchronize traffic 2 bits Marks the beginning of the header 6 bytes The MAC address of the destination 6 bytes The MAC address of the source 2 bytes 8 bytes < or = 1500 bytes User data FCS
PRE Preamble SFD Start Frame Delimiter DA Destination Address SA Source Address L Frame Length LLC Logical-Link Control Payload FCS Frame Check Sequence
Select the option L2 Protocol Converting from the Switch Management menu, the following screen page shows up.
Converting State: Set On/Off on port to Encapsulated / Decapsulated the control protocols. Converting Protocols: Up to 16 entries of protocols in the table can be set up. Suggestion: set up Enabled/Disable for all or some of CDP, VTP and STP at same time and let them to
54
be the first four entries of Converting Protocols table. Otherwise, sure all total 16 entries can be used up for other use. If to convert other L2 control protocols, the following four parameters need to be set up: Invalid/Valid: Use Spacebar to switch between options to enable the L2 protocol converting on the entry. Decapsulated DA: Specify the MAC address of the specific L2 control protocol. Logical-Link Control: Specify the specific LLC code for the specific MAC address. Encapsulated DA: Specify a multicast MAC address for encapsulate the MAC address of L2 control protocol. There is no any specific MAC address except the MAC address defined by standard. (Note: If the first byte of MAC address is an odd number, the MAC address is called a multicast MAC address.) Note: L2 Protocol Converting is supported (available) only at the 802.1q Tag VLAN Mode of Secure.
55
1. Switch Port State: View current port media type, port state, etc. 2. Port Traffic Statistics: View port Receive/Send Byte Frames, utilization, etc. 3. Port Packet Error Statistics: View the traffic condition of ports, CRC, fragment, Jabber, etc. 4. Port Packet Analysis Statistics: Count ports RX/TX Frames in different length, unicast number, etc. 5. Mac Address Table: List current MAC address learned by the Converter Switch 6. IGMP Snooping: Display the IGMP snooping queries and reports of multicast groups
56
Port Number: The number of the port. Media Type: The media type of the port; only TP (no Fiber). Link State: The current link status of the port, either Up or Down. Speed (Mbps): The current operation speed of the port, either 10 or 100. Duplex: The current operation Duplex mode of the port, either Full or Half. Flow Control: The current state of Flow Control, either On or Off. Port State will change from D -> B/L -> L -> F, if Spanning Tree Protocol is enabled. D: Disabled, A Port in this state does not participate in frame relay or the operation of the Spanning Tree Algorithm and Protocol. B/L: Blocking/Listening. Blocking: A Port in this state does not participate in frame relay, thus preventing frame duplication arising through multiple paths existing in the active topology of the Bridged LAN. Listening: A Port in this state is preparing to participate in frame relay. Frame relay is temporarily disabled in order to prevent temporary loops, which may occur in a Bridged LAN during the lifetime of this state as the active topology of the Bridged LAN changes. Learning 57
is disabled since changes in active topology can lead to the information acquired being incorrect when the active topology becomes stable. L: Learning, A Port in this state is preparing to participate in frame relay. Frame relay is temporarily disabled in order to prevent temporary loops, which may occur in a Bridged LAN during the lifetime of this state as the active topology of the Bridged LAN changes. Learning is enabled to allow information to be acquired prior to frame relay in order to reduce the number of frames unnecessarily relayed. F: Forwarding, A Port in this state is participating in frame relay. Packets can be forwarded only when port state is forwarding.
58
Bytes Received: Total bytes received from the current port. Frames Received: Total frames received from the current port. Utilization: Real port receiving traffic ratio to the current port of total bandwidth. Bytes Sent: Total bytes sent from the current port. Frames Sent: Total frames sent from the current port. Utilization: Real port transmitting traffic ratio to the current port of total bandwidth. Total Bytes: Total bytes received and sent from the current port. Total Utilization: Real traffic of receiving and sending to the current port of total bandwidth.
59
Use the arrow keys <- and -> to select the port to view. Ctrl-A: Press Ctrl-A will clear all port's counter values back to zero.
RX Total Errors:
Total number of errors detected when receiving frames. Total number of transmitting frames collision detected.
TX Total Collisions:
60
RX frames (64): RX Frames (65 - 127): RX frames (128 - 255): RX frames (256 - 512): RX frames (512 - 1023): RX frames (1024 - Max): RX Unicast Frames: RX Multicast frames: RX Broadcast Frames: TX Unicast Frames: TX Multicast frames: TX Broadcast Frames:
Total 64 bytes packets received. Total 65 - 127 bytes frames received. Total 128 - 255 bytes frames received. Total 256 - 512 bytes frames received. Total 512 - 1023 bytes frames received. Total 1024 - Maximum Frame size packets received. Total unicast frames received Total Good Multicast frames received. Total Good Broadcast frames received. Total unicast frames sent. Total Good Multicast packets sent. Total Good Broadcast packets sent.
61
The table above shows the MAC addresses learned from each port of the switch. Press U to Update Table Press C to Clear Table
62
Press P for previous page of IGMP Snooping information Press N for next page of IGMP Snooping information IGMP Snooping: If enabled, user can then monitor those computers being connected to the switch and joining certain multicast groups, through the option IGMP Snooping of Switch Monitor menu
63
1. Ping: Ping allows user to ping a specified network device. 2. Event Log: Log system event like system warm start, cold start, link up/down, user login/logoutetc. Event Log can be kept on CPU version A06 with Boot ROM version A08 or later version. If CPU or Boot ROM version is earlier, all events will lose when system shut down or reboot. 3. Update Firmware: Allow user to update the latest firmware, save current configuration, or restore previous configuration to the Converter Switch. 4. Load Factory Setting: Load Factory Setting will set the configuration of the Converter Switch back to the factory default settings. The IP and Gateway addresses will also return to the factory default. 5. Load Factory Setting Except Network Configuration: Select this will also set the configuration of the Converter Switch back to the factory default settings. However, this will not return the IP and Gateway addresses to the factory default. 6. Backup configuration: Set up the configuration for backup.
64
2.10.1 Ping
Ping refers to ICMP Echo Request, a device receiving the Ping request will respond with an ICMP Echo Reply. The Converter Switchs built-in Ping function allows the network administrator to identify easily the network connection. Select Ping from the System Utility menu, the following screen page shows up,
IP Address: Enter the desired IP address that the Converter Switch would like to Ping. Size: Enter the desired size of the Ping packets. Repeat: Enter the total number of times which Ping will be initiated. Time Out: Enter the desired time-out value of Ping. After finishing the configuration, select Ping then press Enter to start the Ping process.
65
66
Protocol: Press Space Bar to select preferred protocol - FTP or TFTP. File Type: Press Spacebar to select the file to process - Firmware or Configuration. Server Address: Enter the specified IP address of the File Server. User Name: Enter the specified Username for Login the File Server. Password: Enter the specified Password for Login the File Server. File Location: Enter the specific filename (and its path if necessary) within the File Server. Select Get then press Enter to start the download process - receive file from the server. A Transmitting Progress will display during transfer. A process-completed message will pop up to remind the user. Select Put then press Enter to start the upload process - transmit file to the server. A Transmitting Progress will display during transferring. A process-completed message will pop up to remind the user. Select Stop then press Enter to abort the current operation. Select Update then press Enter to instruct the Converter Switch to update existing firmware / configuration to the latest firmware/configuration received. After a successful-update message pops up, the switch will need a reset to make change take effect.
67
68
To Load Factory Setting Except Network Configuration, select OK then press Enter.
69
Auto Backup: Disable (default) / Enable Auto-Backup Backup Time: Set up the time (by oclock) to automatically back up once a day. If the remote server fails or does not exist, this function allows the system to retry around once per minute until a successful backup or times out (next hour). Protocol: Select FTP or TFTP server to backup Server Address: For FTP or TFTP server IP address User Name: For FTP server only Password: For FTP server only File Directory: The place where the backup file will be saved to. File Name: The name of the backup file which will be saved by date.
70
71
72
2.13 Logout
Console Logout will stop current RS-232 or Telnet connection between the system and the PC. To perform Logout, select the option Logout from the Console main menu, the following screen page shows up.
73
74
4. WEB MANAGEMENT
You can manage the Converter Switch via a Web browser. However, you must first assign a unique IP address to the Converter Switch before doing so. Use the RS-232 DB-9 console port or use a RJ45 LAN cable and any of the 10/100Base-TX RJ-45 ports of Converter Switch (as the temporary RJ-45 Management console port) to login to the Converter Switch and set up the IP address for the first time. (The default IP of the Converter Switch can be reached as http://192.168.0.1. You can change later the Converter Switchs IP to the needed one in its Network Management menu.) Follow these steps to manage the Converter Switch through a Web browser: 1. Use through the RS-232 DB-9 console port or any of the 10/100Base-TX RJ-45 ports (as the temporary RJ-45 Management console port) to set up the assigned IP parameters of the Converter Switch, IP address Subnet Mask Default Converter Switch IP address, if required
2. Run a Web browser and specify the Converter Switchs IP address to reach it. (The Converter Switchs default IP can be reached as http://192.168.0.1 before any change.) 3. Login to the Converter Switch to reach the Main menu. Once you gain the access, a Login windows shows up like this,
Enter the user name and password then select OK to login to the main screen page, the default user name is admin (and without password). After a successful login, the Main Menu screen shows up. The rest menu functions in the Web Management are similar as those described at the Console Management.
75
After a successful login, the Main Menu screen shows up. The rest menu functions in the Web Management are similar as those described at the Console Management and also described as following.
1. System Information: Name the Converter Switch, specify the location and check the current version of information. 2. User Authentication: View the registered user list. Add a new user or remove an existing user. 3. Network Management: Set up or view the IP address and related information of the Converter Switch required for network management application. 4. Switch Management: Set up switch/port configuration, VLAN configuration and other functions. 5. Switch Monitor: View the operation status and traffic statistics of the ports. 6. System Utility: Ping, Firmware Upgrade, Load Factory Settings etc. 7. Save Configuration: Save all change to the system. 8. Reset System: Reset the Converter Switch.
76
Company Name: Enter a company name for this Converter Switch, up to 55 alphanumeric characters. System Object ID: View-only field, the predefined System OID. System Contact: Enter contact information for this Converter Switch, up to 55 alphanumeric characters. System Name: Enter a unique name for this Converter Switch, up to 55 alphanumeric characters. Use a descriptive name to identify the Converter Switch in relation to your network, for example Backbone 1. This name is mainly used for reference purpose only. System Location: Enter a brief description of the Converter Switch location, up to 55 alphanumeric characters. Like the name, the location is for reference only, for example 13th Floor. Model Name: View-only field shows the products model name. Firmware Version: View-only field shows the products firmware version. TP Port: View-only field shows the total numbers of TP ports.
77
M/B Version View-only field shows the Main board version. Serial Number: View-only field shows the serial number of this product. Up Time: View-only, shows the time which the Converter Switch has been on up. Local Time: View-only, shows the local time
78
User can only view the state of user authentication in web. Click View button, then the following page shows up.
79
Current/Total/Max Users: View-only field. Specify: Current: Current number of registered users login in. Total: Total number of registered users. Max Users: Maximum number of available for registered users, default 10. Account State: Press Spacebar to Enable or Disable this User Account. User Name: Specified the authorized user login name, up to 20 alphanumeric characters. Password: Enter desired user password, up to 20 alphanumeric characters. Retype Password: Enter password again for reconfirming and double-checking. Description: Enter a unique description for the User, up to 35 alphanumeric characters. This is mainly for reference purpose only. IP Security: Press Spacebar to Enable or Disable the IP security function. If Enabled, user may access the Converter Switch only through the management station which has the exact IP address specified in below IP address field. If Disabled, user may access the Converter Switch through any station. IP Address: Specify the IP address used for IP Security function. Console Level: Use or to select desired privilege for the console operation
Administrator
Full access right including maintain user account & system information, load factory setting, etc. Full access right but cannot modify user account & system information, cannot load factory setting Allow to view only. Completely forbidden to access.
NOTE: To prevent incautious operation, a user can neither Delete, Modify User Name nor Enable/Disable account states. Press RADIUS Configuration in User Authentication, the following screen page shows up.
When RADIUS Authentication is Enabled, User login will be according to those settings on the RADIUS server(s) with Server Addresses specified in this RADIUS Configuration. *Note: For advanced RADIUS Server set up, please refer to Appendix A or the free RADIUS readme.txt file on the disc shipped with this product. Secret Key: The word to encrypt data of being sent to RADIUS server. Radius Port: The RADIUS service port on RADIUS server. Retry Time: The number of times trying to reconnect if the RADISU server is not reachable. 81
1. Network Configuration: Set up the required IP configuration of the Converter Switch. 2. System Service Configuration: Enable or Disable the specific network services. 3. RS232/Telnet/Console Configuration: View the RS-232 serial port setting, specific Telnet & Console services. 4. Time Server Configuration: Set up the time servers configuration 5. Device Community: View the registered SNMP community name list. community name or remove an existing community name. Add a new
6. Trap Destination: View the registered SNMP trap destination list. Add a new trap destination or remove an existing trap destination. 7. Trap Configuration: View the Converter Switch trap configuration. Enable or disable a specific trap.
82
MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Converter Switch. You cannot change the Converter Switchs MAC address. Configuration Type: To select using "DHCP" or "Manual". If select "DHCP" and a DHCP server also available on the network, the Converter Switch will automatically get the IP address from the DHCP server. If select the "Manual" mode, user need to specify the IP address, Subnet Mask & Gateway. *Note: For advanced DHCP Server set up (for firmware and configurations auto-upgrade), please refer to Appendix B or the DHCP readme.txt file on the disc shipped with this product. IP Address: Enter the unique IP address of this Converter Switch. You can use the default IP address or specify a new one if there is address duplication or the address does not match your network. Subnet Mask: Specify the subnet mask to use with the Converter Switch IP address. The default subnet mask values for the three Internet address classes are as follows: Class A: 255.0.0.0 Class B: 255.255.0.0
83
Class C: 255.255.255.0
Gateway: Specify the IP address of a gateway or a router, which is responsible for the delivery of the IP packets sent by the Converter Switch. This address is required if the Converter Switch and the network management station are on different networks or subnets. The default value of this parameter is 0.0.0.0, which means no gateway exists and the network management station and Converter Switch are on the same network. Current State: This view-only field shows currently assigned (by DHCP or manual) IP address, Subnet Mask & Gateway of the Converter Switch.
84
Telnet Service: To Enable or Disable the Telnet service. SNMP Service: To Enable or Disable the SNMP service. Web Service: To Enable or Disable the Web service.
85
Baud Rate: 9600 bps, RS-232 setting, view-only field. Stop Bits: 1, RS-232 setting, view-only field. Parity Check: None, RS-232 setting, view-only field. Word Length: 8, RS-232 setting, view-only field. Flow Control: None, RS-232 setting, view-only field. Telnet Port: Specify the desired TCP port number for the Telnet console. Default TCP port number of the Telnet is 23. System Time Out: Specify the desired waiting time that the Converter Switch will wait before cutting off an inactive console/telnet connection. Specifying "0" means never to cut off an inactive connection.
86
Time Synchronization: Press Spacebar to Enable or Disable time synchronization. Time Server Address: NTP timer server address, press test button to test whether it is available. 2nd Time Server Address: When the default Time Server is down, CHASSIS will automatically contact the 2nd time server. Synchronization Interval: The time interval to synchronize from NTP time server. Time Zone: Select from the time zones of cities. Press Spacebar and use Up/Down arrow key to select the appropriate time zone appears. Daylight Saving Time: Press Spacebar to Enable or Disable the daylight saving time function. Its a way of getting more daytime hour(s) by setting the time to be hour(s) ahead in the morning. Daylight Saving Time Offset: Press Spacebar and use Up/Down arrow key to select the time offset of daylight saving time. NOTE: We use SNTP to get the time from those NTP servers. It is recommended that the time server is in the same LAN or at least not too far away, then the time will be more accurate.
87
Up to 10 Device Communities can be set. Use Delete to remove a registered community. Press New to add a new community. Press Edit to view the current community setting, the following screen page appears,
88
Current/Total/Max Agents: View-only field. Specify: Current: Current number of registered community users. Total: Total number of registered community users. Max Users: Maximum number of available registered communities, default 10. Account State: Press Spacebar to Enable or Disable this Community Account. Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name, up to 35 alphanumeric characters. This is mainly for reference purpose only. IP Security: Press Spacebar to Enable or Disable the IP security function. If Enabled, Community may access the Converter Switch only through the management station, which has exact IP address specified in below IP address field. If Disabled, Community may access the Converter Switch through any management station. IP Address: Specify the IP address used for IP Security function. SNMP Level: Use or to select desired privilege for the SNMP operation
NOTE: If the community browses the Converter Switch without proper access right, the Converter Switch will respond nothing. For example, if a community has only Read & Write privilege then it cannot browse Converter Switch User Table.
89
State: Enable or Disable to send Trap to the specified destination. Destination: Enter the specific IP address of the network management system that will receive the trap. Community: Enter the community name of the network management system.
90
Cold Start Trap: Enable or Disable the Converter Switchs sending a Cold Start trap after power on. Warm Start Trap: Enable or Disable the Converter Switchs sending a Warm Start trap after system reset. Authentication Failure Trap: Enable or Disable the Converter Switchs sending Authentication Failure trap after any unauthorized login attempt. Port Link Up/Down Trap: Enable or Disable the Converter Switchs sending a port linkup/link-down trap. Broadcast Storm Trap: Enable or Disable the broadcast storm trap sending from Converter Switch when broadcast packets reach the upper limit. Upper Limit: Maximum broadcast packets number per second. Send the broadcast storm trap if over System Power Down Trap: To send trap notice to the destination while the Converter Switch has a power down. 91
1. Switch Configuration: Set up acceptable frame size and address learning, etc. 2. Priority and Rate Limit Configuration: Enable/Disable Port priority and set up Port Rate limit, etc. 3. Port Configuration: Enable/Disable port speed, flow control, etc. 4. VLAN Configuration: Set up VLAN mode and VLAN configuration 5. Spanning Tree Protocol: Set up (Enable/Disable) Spanning Tree Protocol (STP) to provide network path redundancy that prevents undesirable loops in the network. 6. MAC Address Management: Set up MAC address, enable/disable MAC security, etc. 7. L2 Protocol Converting: Turn On/Off ports Layer-2(L2) control protocol tunnel and set up the specific L2 control protocols of passing though. However, L2 Protocol Converting is supported (available) only at the 802.1q Tag VLAN Mode of Secure.
92
Maximum Frame Size: To toggle between 1522 and 1536 two ranges. Address Learning: Enable is the default to learn MAC addresses in RAM, otherwise the disable option would stop learning MAC address. MAC Address Aging Time: Between 0-4080 seconds. Fiber Port Redundancy: Disabled only since no Fiber port is available Port 8 Media Type: Copper only, unchangeable IGMP Snooping: If enabled, user can then monitor those computers being connected to the switch and joining certain multicast groups, through the option IGMP Snooping of Switch Monitor menu. The default is disabled. 0180C2000000-0F: Set/toggle the Filter or Not Filter option for these range of addresses 0180C2000020-2F: Set/toggle the Filter or Not Filter option for these range of addresses 0180C2000010: Set/toggle the Filter or Not Filter option for the address
93
Priority Mode: To select among Default, IP, TAG, IP+Tag, Tag+IP modes. Default mode: default value which Schedule mode is Weight (8:4:2:1) and port priority set Q1, where Weight (8:4:2:1) mean Q4:Q3:Q2:Q1 4 kinds of frames type quantity occupied bandwidth ratio is 8:4:2:1 when frames passing over switch based on IP TOS Priority MAP and Tag Priority Map. IP defined as below. TAG use 802.1Q tag value as frame passing in switch priority. IP+TAG mean IP TOS priority has higher precedence while work with TAG Priority. TAG+IP are vice versa. Schedule Mode: To select Weight (8:4:2:1) and strict modes. Strict mode means send most high priority packets first. Ex: Q4 is highest precedence. Port Priority: To select Q1, Q2, Q3, Q4. The four queues priorities depend upon priority and schedule mode combination. IP TOS Priority Map: To select TOS (0)TOS (12) modes. The Type of Service (TOS) field is an 8-bit field. It is located in the IP packet and used by a device to indicate the precedence or priority of a given frame. The second field is up to first field use which TOS 94
with what kind of queue. Tag Priority Map: To select 0,1,2,3 tag values as priority level. The second field is up to the first field use which TAG with what kind of queue. Ingress Rate: To select ON / OFF. ON: Enable Ingress Rate Limiting OFF: Disable Ingress Rate Limiting Bandwidth (Mbps): To select Ingress bandwidth (1~99Mbps). Egress Rate: To select ON / OFF. ON: Enable Egress Rate Limiting OFF: Disable Egress Rate Limiting Bandwidth (Mbps): To select Egress bandwidth (1~99Mbps). TCP/UDP Priority Map: 1st, to select the rate limit type Disabled/DA/SA/DA or SA; 2nd, to select the port (1~8); 3rd, specify which TCP/UDP port is to be limited; 4th, to select the quality level (Q1~Q4).
95
Port Number: To select among options of All, port 1, port 2, and port 3. Port State: Enable or disable current port state. Port Type: To choose option among Auto-Negotiation, Manual, 10M bps and Half duplex Flow Control: To select between Enabled and Disabled.
96
VLAN Mode: Select either Port-Based VLAN or IEEE 802.1Q Tag VLAN mode to approach.
97
Use New to add a new VLAN entity. Use Delete to remove a VLAN entity. Use Edit to view and edit the current VLAN setting, the following screen page shows up.
98
VLAN Name: Use default name or specify a VLAN name. VLAN Members: Move cursor to VLAN member marked with V to denote which port belongs to VLAN.
99
Use New to add a new VLAN entity. Use Delete to remove a VLAN entity. Use Edit to view and edit the current IEEE 802.1Q Tag VLAN setting, the following screen page shows up.
100
VLAN ID: From 1 to 4094, specify a VLAN ID VLAN Name: Use default name or specify a VLAN name. VLAN Members: Move cursor to VLAN member marked with V to denote which port belongs to VLAN.
101
There are 4 different modes to choose from as the IEEE 802.1q Tag VLAN mode: Disabled: It ignores all setting below and Tagged packet. This setting depends on Portbased VLAN. If receive a packet without Tag, the packet follows up the setting of Tagging. If receive a Tagged packet, the packet follows up the previous setting of VLAN table. When VLAN table exists, the packet will follow up the VLAN table. If not, the packet broadcasts and follows up Port-Based VLAN. If receive a packet without Tag, the packet follows up the setting of Tagging. If receive a Tagged packet, the packet follows up the previous setting of VLAN table. When VLAN table exists, the packet will follow up the VLAN table. If not, the packet drops. The function is the same with Check. Additionally, if the packet from Ingress port does not belong to one of VLAN table, the packet drops.
Fallback:
Check:
Secure:
102
Note: L2 Protocol Converting is supported (available) only at the 802.1q Tag VLAN Mode of Secure. Per Port Settings: Every port can be set to be different VLAN mode. Default Port VLAN ID (PVID): The setting range is 1 to 4094. Default Egress Mode: F: When VLAN table dose not exist or VLAN mode is disabled, the Egress packet will be unmodified and forwarded. U: When VLAN table dose not exist or VLAN mode is disabled, the Egress packet will be untagged. T: When VLAN table dose not exist or VLAN mode is disabled, the Egress packet will be tagged with Ingress PVID. D: Force to add one tag with Ingress PVID on Egress packet. Default Ingress mode: F: The packet from Ingress will be unmodified and forwarded. U: The packet will be untagged. If the packet is Double-Tagged, the packet will be untagged one of the tags. D: Force to add one tag with Ingress PVID on Ingress packet.
103
The Spanning Tree Protocol follows the ANSI/IEEE 802.1D standard. For details, please refer to the standard documents The configuration algorithm and protocol described in this clause reduce the Bridged LAN topology to a single Spanning Tree. There is a bridge to be assigned as the root. The following abbreviations are used in this standard: BPDU: Bridge Protocol Data Unit MAC: Media Access Control STP Switch Setting: The switch-based global STP parameters setting. STP Port Setting: The port-based STP parameters setting.
104
Spanning Tree Protocol: Enable or disable spanning tree protocol (STP) function for all ports of switch. STP is supported only at port-based VLAN mode, but not supported at 802.1Q Tag VLAN mode. Its because this Converter Switch cant enable multiple STP domains for multiple 802.1Q Tag VLANs. Designated Root: Shows the unique Bridge Identifier which is being used as the Root. If (Self) is shown, the root is itself. Root Path Cost: The cost of the path to the Root from this Bridge. This parameter has the value of zero when the Bridge is the Root. Otherwise, it is equal to the sum of the values of the Designated Cost and Path Cost parameters held for the Root Port. This parameter is used to test the value of the Root Path Cost parameter conveyed in the received Configuration Message information, and as the value of the Root Path Cost parameter in the transmitted Configuration Message information. Root Port: The Port Identifier of the Port that offers the lowest cost path to the Root, i.e., that Port for which the sum of the values of the Designated Cost and Path Cost parameters held for the Port is the lowest. Root Max Age: Set up the maximum aging time on the switch root to expire. The maximum aging time is the number of seconds that a switch will wait without receiving spanning-tree 105
configuration messages before attempting a reconfiguration. For seconds, the range is 6 to 40; the default is 20. Root Hello Time: Set up the hello time of a root switch. The hello time here is the time between each bridge protocol data unit (BPDU) containing configuration message that is sent by a bridge that is attempting to become or has been a Root also meaning alive. For seconds, the range is 1 to 10; the default is 2. Root Forward Delay: Forward Delay of root. Root Bridge Priority: Bridge Priority of root. Max Age: The maximum age of protocol information received before it is discarded. Hello Time: The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port of switch. For seconds, the range is 1 to 10; the default is 2. Forward Delay: Set up the forward delay time of a switch. The forward delay is the number of seconds that a port interface waits before changing from its spanning-tree listening or learning state to the learning or forwarding state respectively. For seconds, the range is 4 to 30; the default is 15. It is also the value used for the aging time of dynamic entries in the Filtering Database, while Configuration Messages received indicates a topology change. Bridge Priority: Set up the priority of a switch, the range is 0 to 65535; the default is 32768. The unique bridge Identifier of the Bridge is used as the value of a) The bridge Identifier parameter in all configuration BPDUs transmitted by the bridge. b) The Bridges Designated Root when the bridge is a Root, or is attempting to become the Root, following expiry of all information concerning the current Root, or following management action.
106
STP Port State: STP on this port is either On or Off. STP Port Cost (0-65535): The contribution of the path through this Port. When the Port is the Root Port, the port cost is the total cost of the path to the Root for this Bridge. STP Port Priority (0-255): The unique Port identifier among the Ports of this Bridge. This parameter is used as the value of the Port Identifier parameter of all Configuration Messages transmitted through the Port.
107
* Note: The switch only supports switch-based MAC security and does not support portbased MAC security. The switch can support up to 128 entries of MAC security list. MAC Security: Enable or disable MAC security. When it is enabled, only the MAC address in the table and its specified forwarding port where packets can be forwarded to, for others packets are dropped. Use Delete to remove a MAC address entity. Use Edit to view and edit the selected MAC address entity. Use New to add a new MAC address entity, the following screen page shows up.
108
Current/Total/Max MAC Nums: Current/Total Maximum number of MAC address entry or entries Destination MAC Address: Destination MAC address in the packet. Forwarding Port: If the incoming packet has the same destination MAC address as that specified above, it is forwarded to the selected port directly.
109
Our Converter Switch supports Layer-2 protocol converting for the following protocols: CDP (Cisco Discovery Protocol), STP (Spanning Tree Protocol), and VTP (VLAN Trunk Protocol). For emulated point-to-point network topologies, it also supports others Layer-2 control protocols. But, user must know first which MAC address and its LLC code should be used for the L2 control protocol. Then, user can fill in the MAC and LLC code information to the specific converting table provided for the L2 conversion of the control protocol. The LLC code is very important since some of L2 control protocols could share the same MAC address but with different LLC codes for enabling different control functions. For example: If in case the VTP and CDP both use same MAC address of 01-00-0C-CC-CCCC, it still could be with a LLC code of VTP as AAAA0300000C2003.but with a different LLC code of CDP as AAAA0300000C2000.
110
Those MAC /LLC code information can be got by using the software and/or hardware of any protocol analyzer. More information about them is also available and can be studied from the IEEE standard books. The format of L2 control protocol frame is shown as below, PRE SFD DA SA L LLC Payload and other information 62 bits Used to synchronize traffic 2 bits Marks the beginning of the header 6 bytes The MAC address of the destination 6 bytes The MAC address of the source 2 bytes 8 bytes < or = 1500 bytes User data FCS
PRE Preamble SFD Start Frame Delimiter DA Destination Address SA Source Address L Frame Length LLC Logical-Link Control Payload FCS Frame Check Sequence
Select the option L2 Protocol Converting from the Switch Management menu, the following screen page shows up.
Converting State: Set On/Off on port to Encapsulated / Decapsulated the control protocols.
111
Converting Protocols: Up to 16 entries of protocols in the table can be set up. Suggestion: set up Enabled/Disable for all or some of CDP, VTP and STP at same time and let them to be the first four entries of Converting Protocols table. Otherwise, sure all total 16 entries can be used up for other use. If to convert other L2 control protocols, the following four parameters need to be set up: Invalid/Valid: Use Spacebar to switch between options to enable the L2 protocol converting on the entry. Decapsulated DA: Specify the MAC address of the specific L2 control protocol. Logical-Link Control: Specify the specific LLC code for the specific MAC address. Encapsulated DA: Specify a multicast MAC address for encapsulate the MAC address of L2 control protocol. There is no any specific MAC address except the MAC address defined by standard. (Note: If the first byte of MAC address is an odd number, the MAC address is called a multicast MAC address.) Note: L2 Protocol Converting is supported (available) only at the 802.1q Tag VLAN Mode of Secure.
112
1. Switch Port State: View current port media type, port state, etc. 2. Port Traffic Statistics: View port Receive/Send Byte Frames, utilization, etc. 3. Port Packet Error Statistics: View the traffic condition of ports, CRC, fragment, Jabber, etc. 4. Port Packet Analysis Statistics: Count ports RX/TX Frames in different length, unicast number, etc. 5. Mac Address Table: List current MAC address learned by the Converter Switch 6. IGMP Snooping: Display the IGMP snooping queries and reports of multicast groups
113
Port Number: The number of the port. Media Type: The media type of the port; only TP (no Fiber). Link State: The current link status of the port, either Up or Down. Speed (Mbps): The current operation speed of the port, either 10 or 100. Duplex: The current operation Duplex mode of the port, either Full or Half. Flow Control: The current state of Flow Control, either On or Off. Port State will change from D -> B/L -> L -> F, if Spanning Tree Protocol is enabled. D: Disabled, A Port in this state does not participate in frame relay or the operation of the Spanning Tree Algorithm and Protocol. B/L: Blocking/Listening. Blocking: A Port in this state does not participate in frame relay, thus preventing frame duplication arising through multiple paths existing in the active topology of the Bridged LAN.
114
Listening: A Port in this state is preparing to participate in frame relay. Frame relay is temporarily disabled in order to prevent temporary loops, which may occur in a Bridged LAN during the lifetime of this state as the active topology of the Bridged LAN changes. Learning is disabled since changes in active topology can lead to the information acquired being incorrect when the active topology becomes stable. L: Learning, A Port in this state is preparing to participate in frame relay. Frame relay is temporarily disabled in order to prevent temporary loops, which may occur in a Bridged LAN during the lifetime of this state as the active topology of the Bridged LAN changes. Learning is enabled to allow information to be acquired prior to frame relay in order to reduce the number of frames unnecessarily relayed. F: Forwarding, A Port in this state is participating in frame relay. Packets can be forwarded only when port state is forwarding.
115
Bytes Received: Total bytes received from the current port. Frames Received: Total frames received from the current port. Utilization: Real port receiving traffic ratio to the current port of total bandwidth. Bytes Sent: Total bytes sent from the current port. Frames Sent: Total frames sent from the current port. Utilization: Real port transmitting traffic ratio to the current port of total bandwidth. Total Bytes: Total bytes received and sent from the current port. Total Utilization: Real traffic of receiving and sending to the current port of total bandwidth.
116
117
Use the arrow keys <- and -> to select the port to view. Ctrl-A: Press Ctrl-A will clear all port's counter values back to zero.
RX Total Errors:
Total number of errors detected when receiving frames. Total number of transmitting frames collision detected.
TX Total Collisions:
118
119
RX frames (64): RX Frames (65 - 127): RX frames (128 - 255): RX frames (256 - 512): RX frames (512 - 1023): RX frames (1024 - Max): RX Unicast Frames: RX Multicast frames: RX Broadcast Frames: TX Unicast Frames: TX Multicast frames: TX Broadcast Frames:
Total 64 bytes packets received. Total 65 - 127 bytes frames received. Total 128 - 255 bytes frames received. Total 256 - 512 bytes frames received. Total 512 - 1023 bytes frames received. Total 1024 - Maximum Frame size packets received. Total unicast frames received Total Good Multicast frames received. Total Good Broadcast frames received. Total unicast frames sent. Total Good Multicast packets sent. Total Good Broadcast packets sent.
120
121
Press Update to Update Table Press Clear to Clear Table The table above shows the MAC addresses learned from each port of the switch.
122
Press Previous for previous page of IGMP Snooping information Press Next for next page of IGMP Snooping information IGMP Snooping: If enabled, user can then monitor those computers being connected to the switch and joining certain multicast groups, through the option IGMP Snooping of Switch Monitor menu
123
1. Event Log: Log system event like system warm start, cold start, link up/down, user login/logoutetc. Event Log can be kept on CPU version A06 with Boot ROM version A08 or later version. If CPU or Boot ROM version is earlier, all events will lose when system shut down or reboot. 2. Load Factory Setting: Load Factory Setting will set the configuration of the Converter Switch back to the factory default settings. The IP and Gateway addresses will also return to the factory default. 3. Load Factory Setting Except Network Configuration: Select this will also set the configuration of the Converter Switch back to the factory default settings. However, this will not return the IP and Gateway addresses to the factory default. 4. Backup configuration: Set up the configuration for backup.
124
125
126
127
Auto Backup: Disable (default) / Enable Auto-Backup Backup Time: Set up the time (by oclock) to automatically back up once a day. If the remote server fails or does not exist, this function allows the system to retry around once per minute until a successful backup or times out (next hour). Protocol: Select FTP or TFTP server to backup Server Address: For FTP or TFTP server IP address User Name: For FTP server only Password: For FTP server only File Directory: The place where the backup file will be saved to. File Name: The name of the backup file which will be saved by date.
128
129
130
APPENDIX A
free RADIUS readme
The advanced RADIUS Server Set up for RADIUS Authentication is as below to follow. When free RADIUS client is enabled on the device, On the server side, it needs to put this file "dictionary.cts" under the directory /raddb, and modify as following these three files - "users", "clients.conf" and "dictionary", which are on the disc shipped with this product. * Please use any text editing software (e.g. Notepad) to do the following file editing works. In the file "users", Set up user name, password, and other attributes. In the file "clients.conf", Set the valid range of RADIUS client IP address. In the file "dictionary", Add this following line $INCLUDE dictionary.cts
131
APPENDIX B
DHCP readme
The advanced DHCP Server Set up for auto-upgrade of firmware and configuration is as below to follow. Converter Switch Auto-upgrade Proposal Version 0.3 The Converter Switch supports the DHCP option 60 to work as a DHCP client. The system includes ISC DHCP server, FTP file server, and the Converter Switch. DHCP server includes the following vender specification options (by 43) to respond to the Converter Switch. 1. Option 43: Protocol (0: TFTP or 1: FTP) 2. Option 43: IP (TFTP or FTP server) 3. Option 43: User (Server login name) 4. Option 43: Password (Server login password) 5. Option 43: Filename (Firmware image) 6. Option 43: MD5 Code (Firmware image MD5 code) 7. Option 43: Filename (Configuration image) 8. Option 43: MD5 Code (Configuration image MD5 code) 9. Option 43: 16 Bits Option (Bit 0: Urgency Bit 1-15: Reserve) File server includes the following items: 1. Firmware image 2. Configuration image 3. User account for the Converter Switch The Converter Switch is setting-free (through auto-upgrade and configuration) and its upgrade procedure is as following: 1. Add the content of dhcpd.txt into dhcpd.conf. Then the ISC DHCP server will recognize the Converter Switch whenever the Converter Switch sends an IP address request to it. And ISC DHCP server will tell the Converter Switch how to get a new firmware or configuration. 2. The Converter Switch will compare the firmware and configuration MD5 code form of DHCP option every time when it communicates with DHCP server. 3. If MD5 code is different, Converter Switch will then upgrade the firmware or configuration. However, it will not be activated right after. . 4. If the Urgency Bit is set, Converter Switch will be reset to activate the new firmware or configuration immediately. 5. The Converter Switch will retry for 3 times if the file is incorrect, then it gives up until getting another DHCP ACK packet again. 132