Axiomtek tBOX400-510-FL Transportation Embedded System Owner's Manual

Add to My manuals
225 Pages

advertisement

Axiomtek tBOX400-510-FL Transportation Embedded System Owner's Manual | Manualzz

Firmware Manual for tBOX400 Switch Board

User’s Guide

All Rights Reserved

Dissemination or reproduction of this document, or its contents, is not authorized except where expressly permitted. Violators are liable for damages. All rights reserved, for the purposes of patent application or trademark registration.

ii

Table of Contents

Preface ...................................................................................................................... 1

Audience ................................................................................................................... 1

Document Revision Level .......................................................................................... 1

Document Conventions ............................................................................................. 1

Typographic Conventions .......................................................................................... 1

Unpacking and Installation ..................................................................................... 2

Package Contents ..................................................................................................... 2

Unpacking ................................................................................................................. 2

Connecting Power ..................................................................................................... 3

Required Equipment and Software (Web Interface) ................................................... 3

Computer Setup ....................................................................................................... 4

Management Methods and Protocols ........................................................................ 4

Default IP Address ..................................................................................................... 5

Login Process and Default Credentials ...................................................................... 5

Setting the initial IP address ................................................................................... 6

Simple IP Addressing ................................................................................................ 6

CLI Command Usage ............................................................................................... 7

Navigating the CLI Hierarchy ..................................................................................... 7

CLI Keyboard Shortcuts ............................................................................................. 8

System Menu (Web Interface) ................................................................................. 8

System Information .................................................................................................... 8

System Name/Password.......................................................................................... 10

System Name/Password using the CLI .................................................................... 11

In Case of Lost/Forgotten Password ........................................................................ 11

IP Address ............................................................................................................... 12

IP Address - Configuration using the CLI ................................................................. 14

Management Interface ............................................................................................. 17

Management Interface Configuration using the CLI ................................................. 19

Save Configuration Page ......................................................................................... 20

Save Configuration Page using the CLI ................................................................... 23

Firmware Upgrade ................................................................................................... 25

Firmware Update using the CLI ............................................................................... 26

Booting From Alternate (Backup) Firmware ............................................................. 27

Reboot ..................................................................................................................... 27

Reboot using the CLI ............................................................................................... 27

iii

Logout ..................................................................................................................... 28

Logout from the CLI ................................................................................................. 28

User Account Page .................................................................................................. 28

User Privilege Configuration .................................................................................... 31

User Account Settings using the CLI........................................................................ 33

Diagnostics ............................................................................................................ 36

Utilization ................................................................................................................. 36

System Log.............................................................................................................. 36

System log using CLI command .............................................................................. 37

Remote Logging ...................................................................................................... 37

Remote Logging using CLI commands .................................................................... 39

ARP Table ............................................................................................................... 39

ARP Table using CLI Commands ............................................................................ 40

Route Table ............................................................................................................. 40

Route Table Using CLI Commands ......................................................................... 41

Alarm Setting ........................................................................................................... 42

Port ......................................................................................................................... 43

Configuration ........................................................................................................... 43

Port Status ............................................................................................................... 45

Rate Control ............................................................................................................ 46

RMON Statistics ...................................................................................................... 47

Per Port VLAN Activities .......................................................................................... 48

Port Configuration Examples Using CLI Commands ................................................ 49

Switching ................................................................................................................ 52

Bridging ................................................................................................................... 52

Loopback Detect ...................................................................................................... 53

Storm Detect ............................................................................................................ 55

Static MAC Entry ..................................................................................................... 57

Port Mirroring ........................................................................................................... 59

Link State Tracking .................................................................................................. 60

PoE - System and Port Settings ............................................................................... 62

Switch Configuration Examples Using CLI Commands ............................................ 67

Trunking ................................................................................................................. 77

Overview ................................................................................................................. 77

Port Trunking ........................................................................................................... 79

LACP Trunking ........................................................................................................ 80

Trunking Configuration Examples Using CLI Commands ......................................... 81

iv

STP/Ring Page – Overview ................................................................................... 83

Choosing the Spanning Tree Protocols .................................................................... 83

STP/Ring Page - Configuring RSTP ........................................................................ 84

Global Configuration Page ....................................................................................... 84

RSTP Port Setting Page .......................................................................................... 89

RSTP Configuration Examples Using CLI Commands ............................................. 92

STP/Ring Page - Configuring MSTP ........................................................................ 94

MSTP Properties Page ............................................................................................ 98

MSTP Instance Setting Page ................................................................................. 100

MSTP Port Setting page ........................................................................................ 103

MSTP Configuration Examples Using CLI Commands .......................................... 105

STP/RING PAGE - ALPHA RING .......................................................................... 109

Alpha Ring Setting Page ........................................................................................ 109

Configuring Alpha Ring using CLI commands ........................................................ 111

STP/Ring Page

– Alpha Chain Protocol ................................................................. 113

General Overview .................................................................................................. 114

Alpha Chain Settings ............................................................................................. 114

Alpha Chain Pass-Through Setting ........................................................................ 116

Configuring Alpha Chain using CLI commands ...................................................... 117

STP/Ring Page - Advanced Setting ....................................................................... 118

Advanced Bridge Configuration ............................................................................. 118

Advanced Per Port Configuration ........................................................................... 119

Configuring Spanning Tree Advanced Settings using CLI commands.................... 121

VLAN ..................................................................................................................... 122

Port Based VLAN vs. Tagged Based VLAN ........................................................... 122

VLAN Configuration in 802.1Q Tag Based VLAN Mode ......................................... 122

802.1Q Tag Based VLAN Configuration Examples Using CLI Commands ............ 124

Add an IP to the Management VLAN ..................................................................... 126

Configuring the Port Type and the PVID setting ..................................................... 127

QoS ....................................................................................................................... 130

Global Configuration Page ..................................................................................... 131

QoS Global Configuration using the CLI Interface ................................................. 133

802.1p Priority Page .............................................................................................. 134

802.1p Priority Submenu – CLI Interface ............................................................... 135

DSCP Page – HTTP Interface ............................................................................... 136

DSCP Submenu – CLI Interface ............................................................................ 136

ACL (Access Control List) ...................................................................................... 137

General Overview .................................................................................................. 137

Configuring ACL .................................................................................................. 138

ACL Policy Map ..................................................................................................... 139

v

ACL Configuration Examples Using CLI Commands ............................................. 154

SNMP .................................................................................................................... 159

SNMP General Settings ......................................................................................... 159

Configuring SNMP v1 & v2 Community Groups ..................................................... 163

Configuring SNMP v3 Users .................................................................................. 163

SNMP Configuration Examples Using CLI Commands .......................................... 168

IEEE 802.1X .......................................................................................................... 170

Configuring 802.1X from the Web Interface ........................................................... 171

LLDP ..................................................................................................................... 174

LLDP General Settings .......................................................................................... 175

LLDP Ports Settings .............................................................................................. 177

LLDP Neighbors .................................................................................................... 178

LLDP Statistics ...................................................................................................... 179

LLDP Configuration Examples Using CLI Commands ........................................... 180

Other Protocols.................................................................................................... 183

GVRP .................................................................................................................... 183

IGMP Snooping ..................................................................................................... 189

Network Time Protocol .......................................................................................... 202

GMRP .................................................................................................................... 208

DHCP Server ......................................................................................................... 214

vi

tBOX400-510-FL Firmware Manual

PREFACE

Audience

This guide is designed for the person who installs, configures, deploys, and maintains the

Ethernet network. This document assumes the reader has moderate hardware, computer, and Internet skills.

Document Revision Level

This section provides a history of the revision changes to this document.

Revision Document Version

A Version 1

Date

1/24/2019 Firmware version 2.0.1.1

Description

Document Conventions

This guide uses the following conventions to draw your attention to certain information.

Typographic Conventions

This guide uses the following typographic conventions.

Convention

Bold

Description

Indicates text on a window, other than the window title, including menus, menu options, buttons, fields, and labels.

Italic Indicates a variable, which is a placeholder for actual text provided by the user or system. Angled brackets (< >) are also used to indicate variables. screen/code Indicates text that is displayed on screen or entered by the user.

< > angled brackets

[ ] square brackets

| vertical bar

Indicates a variable, which is a placeholder for actual text provided by the user or system. Italic font is also used to indicate variables.

Indicates optional values.

Indicates that you have a choice between two or more options or arguments.

1

tBOX400-510-FL Firmware Manual

UNPACKING AND INSTALLATION

This chapter describes how to unpack and install the Managed Switch

The topics covered in this chapter are:

Package Contents (Page

2 )

Unpacking (Page

2 )

Required Equipment and Software (Page

3 )

Computer Setup (Page

4 )

Management Methods and Protocols (Page

4 )

 Default IP Address (Page 5 )

Login Process and Default Credentials (Page

5 )

Setting the initial IP address (Page

6 )

Package Contents

When you unpack the product package, you will find the items listed below. Please inspect the contents, and report any apparent damage or missing items immediately to your authorized reseller.

Managed Switch

Product CD

External power adapter/Cable (depending on model)

Console cable (depending on model)

Unpacking

Follow these steps to unpack the Managed Switch and prepare it for operation:

1. Open the carton and carefully remove the contents.

2. Return all packing materials to the carton. If possible, save the carton and packing material in case you need to ship or store the switch in the future.

3. Confirm that all items listed in the "Package Contents" section are included in the shipment. Check each item for damage. If any item is damaged or missing, notify your authorized representative.

2

tBOX400-510-FL Firmware Manual

Connecting Power

Terminal Block

If your switch comes with power cables, connect the cables into the power modules at the back of the switch. If your switch comes with a terminal block (no cable), then connect the switch to a suitable power supply using 12 to 24 AWG wire.

Redundant power supply is supported. However, only one power input is required to operate the switch.

Refer to the Quick Install Guide for the installation details for your specific model.

Required Equipment and Software (Web Interface)

Computer with an Ethernet Interface (RJ-45)

Managing the switch requires a personal computer (PC) or notebook computer equipped with a 10/100base-TX Ethernet interface and a physical RJ-45 connection. The preferred operating system for the computer is Microsoft Windows

7/8/8.1/10. It is possible to use Apple OSX or Linux systems as well, but, for the sake of brevity, all web configurations in this manual will be shown using Windows

7 as the underlying operating system.

Cat 5+ Ethernet Cables

An Ethernet cable of at least Category 5 rating is required to connect your computer to the switch. The cable can be configured as “straight-through” or crossover.

TFTP Server Software

Trivial file transfer protocol (TFTP) server software is needed to update the switch firmware and to upload/download configuration files to the switch. Users not performing these tasks do not need TFTP software installed. Several good TFTP servers are available for free online. The server that will be used in this manual is

TFTPD32 by Philippe Jounin.

3

tBOX400-510-FL Firmware Manual

Web Browser Software

The end user can employ any of the following web browsers during switch configuration: Internet Explorer, Firefox, or Chrome. Internet Explorer is the preferred browser for switch configuration. If there is trouble with other browsers while attempting to program the switch, Internet Explorer should be used.

COMPUTER SETUP

The management computer may need to be reconfigured prior to connecting to the switch in

order to access the switch’s web interface through its default IP address (See Default IP).

Management Methods and Protocols

There are several methods that can be used to manage the switch. This manual will show the details of configuring the switch using a web browser. Each section will be followed by the CLI (Command Line Interface) commands needed to achieve the same results as described in that section.

The methods available to manage the Managed Switch include:

SSH - Secure Shell CLI that is accessible over TCP/IP networks which and is generally regarded as the most secure method of remotely accessing a device.

Telnet - is like SSH in that it allows a CLI to be established across a

TCP/IP network, but it does not encrypt the data stream. This type of connection requires a terminal, or a computer running a terminal emulation application (such as HyperTerminal or Putty).

HTTP (Hypertext Transfer Protocol) is the most popular switch management protocol involving the use of a web browser.

HTTPS (Hypertext Transfer Protocol) HTTP with encryption.

4

tBOX400-510-FL Firmware Manual

RS-232 – The Managed Switch is equipped with a RS-232 serial port that can be used to access the switch ’s CLI. The Serial port is DC-E DB-9F. A straight through serial cable is used to connect to a typical computer serial port (Also requires terminal emulation application).

Default IP Address

The switch’s default IP address is 192.168.1.10. The management computer must be set up so that it is on the same network as the switch. For example, the IP address of the management computer can be set to 192.168.1.100 with a subnet mask of 255.255.255.0.

Login Process and Default Credentials

Once a compatible IP address has been assigned to the management computer, the user is ready to log in to the switch. To log in, type the URL http://192.168.1.10/

into the address field of the browser and hit return. (See Figure 1)

The Default Login is root (case sensitive)

There is no password by default

Enter the login name and click the Login button

Figure 1: Login screen

5

tBOX400-510-FL Firmware Manual

SETTING THE INITIAL IP ADDRESS

Once logged in the user can now configure the switch per the network requirements. The two major addressing options are:

Simple IP addressing

Multiple VLAN addressing (See Add an IP to the Management VLAN on page 126 ).

Simple IP Addressing

A new IP address can now be assigned to the switch. From the System Information screen, go to the left hand navigation menu.

1. Click on the + next to System

2. Click on IP address

3. Enter the desired IP address and subnet mask in the IP Address/Subnet Mask fields associated with VLAN 1

4. Click the Apply & Save

button (See Figure 2)

6

Figure 2: Assigning an IP address

tBOX400-510-FL Firmware Manual

CLI COMMAND USAGE

This chapter describes accessing the Managed Switch by using Telnet, SSH, or serial ports to configure the switch, navigating the Command Line Interface (CLI), typing keyboard shortcuts, and moving between the levels. This chapter assumes the user has a working understanding of Telnet, SSH and Terminal emulation applications.

Note: For a serial port connection use a standard DB-9F to DB-9M Modem Cable. The default Serial port parameters are Baud rate: 115,200bps, Data bits: 8, Parity: none, Stop bit:

1, Flow control: none.

Navigating the CLI Hierarchy

The CLI is organized into a hierarchy of command modes. The basic modes are User exec mode, Privileged exec mode, and Global configuration mode. There are also other modes, specific to certain configurations. Each mode has its own group of commands for a specific purpose. Below are the CLI commands needed to enter a specific mode: switch_a>

← User exec mode

switch_a> enable switch_a#

← Privileged exec mode

switch_a# configure terminal switch_a(config)

← Global configuration mode

switch_a(config) spanning-tree mst configuration switch_a(config-mst)#

← MSTP configuration mode

switch_a(config)# interface fe1 switch_a(config-if)#

← Interface configuration mode

switch_a(config)# vlan database switch_a(config-vlan)#

← VLAN database configuration mode

Saving a Configuration from the CLI

Example: switch_a> enable switch_a# write memory

Building configuration.....

[OK] switch_a#>

7

tBOX400-510-FL Firmware Manual

CLI Keyboard Shortcuts

Ctrl + a: place cursor at the beginning of a line

Ctrl + b: backspace one character

Ctrl + d: delete one character

Ctrl + e: place cursor at the end of the line

Ctrl + f: move cursor forward one character

Ctrl + k: delete from the current position to the end of the line

Ctrl + l: redraw the command line

Ctrl + n: display the next line in the history

Ctrl + p: display the previous line in the history

Ctrl + u: delete entire line and place cursor at start of prompt

Ctrl + w: delete one word back

SYSTEM MENU (WEB INTERFACE)

System Information

The System information link on the Left menu of the Web Configuration page takes you to a

page that shows the following (see Figure 3):

System Name o The System name is typically used by network administrators. If SNMP is enabled on the switch, the system name can be found using MIB II (RFC1213) in the sysName property.

Firmware Version o This displays the primary firmware version and date of last update

System Time o System time can be changed using NTP

MAC Address o The hardware (MAC) address of the Management interface

8

tBOX400-510-FL Firmware Manual

Default Gateway o The IP address of your networks Gateway (Typically a Router on your network)

DNS Server o The Dynamic Name Server (DNS) for your network

Alternate Firmware o This shows the firmware version mirrored on the switch. If the switch becomes unbootable from the primary firmware image, it will boot to this version on the next boot.

VLAN ID o One or more listings depending on the number of VLANs defined on the switch o Lists VLAN ID, IP address, and subnet mask of the VLAN Interface(s)

Figure 3: System Information

9

tBOX400-510-FL Firmware Manual

System Name/Password

The System name is typically used by network administrators to make it easier to document a network's infrastructure and locate equipment on large networks. If SNMP is enabled on the switch, the system name can be found using MIB II (RFC1213) in the sysName property.

To change the system name:

1. Click on the + next to System .

2. Click on System Name/Password

(see Figure 4).

3. Use your mouse to place the cursor in the System Name text box.

4. Replace the existing name with the name you want to assign to the switch.

5. Click on the Update Setting button.

By default there is no password assigned to the switch. To add or change a password:

1. Click on the + next to System .

2. Click on System Name/Password

(see Figure 4).

3. Use your mouse to place the cursor in the Password text box.

4. Enter the new password.

5. Retype the password in the Retype Password text box.

6. Click on the Update Setting button below the Retype Password text box.

Figure 4: System Name/Password

NOTE: To reboot the switch, press and hold the reset button for less than 10 seconds.

To reset the switch to the default password, press and hold the reset button for more than 10 seconds.

10

tBOX400-510-FL Firmware Manual

System Name/Password using the CLI

For more information on CLI command usage see CLI Command Usage.

System Name

To set the system name on a switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: hostname <name> no hostname

Usage Example 1: Setting a Hostname to “switch_a” switch_a(config)# hostname switch_a

Note : Using the no hostname command will reset the switch name to the default “switch_a.”

Password

To enable a password on a switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: enable password <password>

Usage Example : Setting switch password to “mypassword” switch_a(config)# enable password mypassword

In Case of Lost/Forgotten Password

1. If the switch cannot be accessed because the password is not known, then the switch must be reset. This must be done by connecting to the switch through the RS-

232 serial port.

2. Connect to the switch’s RS-232 port with a terminal emulator.

3. Power cycle the switch (turn the power off and then on).

4. While the switch is rebooting, hold down Ctrl + C . This will cause the switch to enter

CFE (Common Firmware Environment) mode. The prompt should look like this:

CFE_1.5>

11

tBOX400-510-FL Firmware Manual

5. Enter the command reset_default . This will reset the switch to its factory default settings.

NOTE: Restoring the switch to factory defaults will reset all data and settings.

IP Address

To navigate to the IP Address page:

1. Click on the + next to System

2. Click on IP Address

(see Figure 5)

There are 4 settings on this page:

Static IP

(see Simple IP Addressing)

DHCP Client

Use this to enable or disable DHCP on a VLAN.

To enable the DHCP Client:

1. Use the drop down box to enable the DHCP client on a particular VLAN

2. Click the Submit Button

Default Gateway

If DHCP is enabled, the gateway setting is controlled by the DHCP server. The setting will be grayed out and the gateway supplied by the DHCP server will be displayed. The default gateway setting can be used when using a Static IP address.

To enable the default gateway:

1. Use the dropdown box to enable the default gateway.

2. Type in the default gateway in the Default Gateway text box.

3.

Click on the Apply & Save button.

DNS Server

If DHCP is enabled, the DNS Server setting is controlled by the DHCP server. The setting will be grayed out and the DNS Server supplied by the DHCP server will be displayed. The DNS Server setting can be used when using a Static IP address. To enable the DNS Server:

1. Use the dropdown box to enable the DNS Server.

2. Type in the default gateway in the Default Gateway text box.

3. Click on the Submit button.

12

tBOX400-510-FL Firmware Manual

Note: After making changes to settings in the IP address section, the configuration needs to be saved using the System/Save configuration

page (See Save

Configuration)

Figure 5: IP Address

13

tBOX400-510-FL Firmware Manual

IP Address - Configuration using the CLI

For more information on CLI command usage see CLI Command Usage.

IP Address

To set the IP address, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip address <A.B.C.D/M> (IP Address/Mask e.g. 10.0.0.1/8) no ip address

Note: The Subnet Mask is defined as a Network Prefix instead of the common dotted decimal (ex. 255.255.255.0).

The most commonly used Network Prefixes are:

/8 – Known as Class A. Also known in dotted decimal as 255.0.0.0

/16

– Known as Class B. Also known in dotted decimal as 255.255.0.0

/24 – Known as Class C. Also known in dotted decimal as 255.255.255.0

Usage Example 1: Assigning an IP address of 192.168.1.1 with subnet mask of

255.255.255.0 switch_a(config)# ip address 192.168.1.1/24 switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Usage Example 2: Removing an IP address switch_a(config)# no ip address switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Default Gateway

To set the Default Gateway, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

14

tBOX400-510-FL Firmware Manual

CLI Command Syntax: ip default-gateway <A.B.C.D> no ip default gateway

Usage Example 1: Setting the default gateway to 192.168.1.254 switch_a(config)# ip default-gateway 192.168.1.254

switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Usage Example 2: Removing the Gateway switch_a(config)# no ip default-gateway switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Domain Name Server (DNS)

To set the DNS, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip dns <A.B.C.D> no ip dns

Usage Example: Set Domain name server to 192.168.1.253 switch_a(config)# ip dns 192.168.1.253

switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Usage Example 2: Remove a DNS IP Address switch_a(config)# no ip dns switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

15

tBOX400-510-FL Firmware Manual

Enable/Disable DHCP Client on a VLAN

To enable the DHCP client on a VLAN, use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: get ip dhcp enable no get ip dhcp enable

Usage Example – Enable DHCP Client on VLAN2: switch_a(config)# interface vlan1.2

switch_a(config-if)# get ip dhcp enable switch_a(config-if)# q switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Enable/Disable Static IP on a VLAN

To set the IP address, use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: ip address <A.B.C.D> no ip address <A.B.C.D>

Usage Example 1 – Enable Static IP of 192.168.1.11 with subnet mask 255.255.255.0 on

VLAN2: switch_a(config)# interface vlan1.2

switch_a(config-if)# ip address 192.168.1.11/24 switch_a(config-if) #q switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Usage Example 2 – Disable Static IP on VLAN2: switch_a(config)# interface vlan1.2

switch_a(config-if)# no ip address switch_a(config-if)# q switch_a(config)# q switch_a# write memory

Building configuration.....

16

tBOX400-510-FL Firmware Manual

[OK]

Management Interface

To navigate to the Management Interface page:

1. Click on the + next to System

2. Click on Management Interface

The Management Interface configuration page has three settings that allow the user to configure the methods available to manage the Managed Switch.

HTTPS

HTTPS (Hypertext Transfer Protocol Secure) allows the user to determine what method, if any, is used to configure the Managed Switch. The default is unencrypted

HTTP (see Figure 6).

To disable the Web interface:

1. Uncheck Http and Https.

2. Click on the Update setting button.

Warning! Once the Submit button is pressed, the Web console will no longer function. As a safety precaution, the configuration is not saved by default. Rebooting the switch will restore the Web Console. To save the configuration, connect using the new IP address.

To enable the Web Interface:

1. Check HTTP , HTTPS or both

2. Click on the Update Setting button.

3. Save the Configuration (see Save Configuration)

Telnet

.

Telnet is a network protocol that allows a remote computer to log into the Managed

Switch to access its CLI (Command Line Interface). The CLI can be access using

Telnet, SSH and the serial port on the Managed Switch. The secure method of accessing the CLI over a network is SSH.

To enable or disable Telnet:

17

tBOX400-510-FL Firmware Manual

1. Click the Enable or Disable radio button in the Telnet section on the

Management Interface page (see Figure 6

below)

2. Click on the Update Setting button

3. Save the Configuration (see Save Configuration)

SSH (Secure Shell)

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices such as a computer and the

Managed Switch. SSH is disabled by default on the switch.

To enable or disable SSH:

1. Click the Enable or Disable radio button in the SSH section on the

Management Interface page (see Figure 6)

2. Click on the Update Setting button

3. Save the Configuration (see Save Configuration)

Figure 6: Management Interface

18

tBOX400-510-FL Firmware Manual

Management Interface Configuration using the CLI

For more information on CLI command usage see CLI Command Usage.

Enabling/Disabling Telnet

To enable or disable telnet, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip telnet no ip telnet

Usage Example: Enabling Telnet: switch_a(config)# ip telnet switch_a(config)# q switch_a# write memory

Building configuration.....

[OK]

Note : If using Telnet to run the CLI Commands that disable telnet you will lose your connection. To Disable Telnet using the CLI, use SSH or the RS-232 Console port on the switch.

Enabling/Disabling SSH

To enable or disable SSH, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip ssh no ip ssh

Note : If using SSH to run the CLI Commands that disable SSH you will lose your connection. To Disable SSH using the CLI, use Telnet or the RS-232 Console port on the switch.

19

tBOX400-510-FL Firmware Manual

Enabling/Disabling HTTP and/or HTTPS

To enable or disable HTTP or HTTPS, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip http server ip http secure-server no ip http server no ip http secure-server

Save Configuration Page

To navigate to the Save Configuration page:

1. Click on the + next to System

2. Click on Save Configuration

The Save Configuration page contains the following configuration functions (see Figure 7):

Save Configuration

To save the currently running configuration to the flash memory on the Managed

Switch:

1. Click the Save Configuration button

2. If the save is successful you will see the message:

Building configuration….. [OK]

Load Configuration

This function is used to load a previously saved configuration. Backing up and loading a configuration is usually achieved using a TFTP server.

To load a configuration:

1. Enter the IP address of your TFTP server in the TFTP Server text box

2. Enter the name of the configuration file in the FILE text box

3. Click on the Backup button

4. If the file is successfully loaded the following message will be shown:

Success! System reboot is required!

20

tBOX400-510-FL Firmware Manual

Backup Configuration

This function is used to back up the current switch configuration. Backing up the configuration is usually achieved using a TFTP server such as TFTPD32.

To back up a configuration:

1. Enter the IP address of your TFTP server in the TFTP Server text box

2. Enter the name of the configuration file in the FILE text box

3. Click on the Backup button

4.

If the backup is successful the following message will be shown: tftp <filename> to ip <ip address> success!!

Restore Default

To restore the switch to factory defaults:

1. Click on the Restore Default button.

2. The switch will ask for confirmation, then reboot.

NOTE: Restoring the switch to factory defaults will reset all data, including user accounts and passwords.

Auto Save

The Auto Save function is used to set the switch to automatically save the configuration to flash. If the saved configuration is the same as the running configuration then a save is not made. The Auto Save interval is used to determine how often the running configuration is checked for changes.

To set the Auto Save function:

1. Click the dropdown box next to Auto Save.

2. Set the Auto Save interval (5~65535 sec)

Note: If a Firewall is running on the PC that is running the TFTP server it may need to be temporarily disabled.

21

tBOX400-510-FL Firmware Manual

Figure 7: Save Configuration Page

Enable / Disable Automatic Restore

When the Restore function is enabled, the configuration currently saved on the EB-

232 will automatically be loaded onto the switch when the EB-232 is connected to the switch’s serial (RS-232) port and the switch is rebooted or power cycled. This function is enabled by default.

Save switch configuration to EB-232

By selecting this options and clicking Submit, the switch’s configuration settings will be saved to the EB-232. Note that the data to be backed up will be the saved configuration on the switch regardless of what is currently running. When the save operation is complete, the Power LED will flash momentarily, and then both LEDs will light up for a few seconds. When only the green Power LED is lit, the EB-232 can be operated further on the same switch or removed.

Load switch configuration from EB-232

This operation will load configuration settings from the EB-232 to the switch. When the transfer is complete, the switch will reboot with the new settings in effect. Wait at least 3 minutes for the switch to fully reboot, then refresh the browser window (you will have to log into the web interface again). Note that the configuration loaded onto the switch includes the switch name. If you are using a specific naming convention, you will need to rename the switch and save changes.

22

tBOX400-510-FL Firmware Manual

Save configuration from TFTP server to EB-232

Use this feature to transfer switch configuration data from a TFTP server to the EB-

232. Enter the TFTP server IP address and file name in the fields provided, and click

Submit. When the transfer is complete, the Power LED will flash momentarily, and then both LEDs will light up for a few seconds.

Delete configuration data on EB-232

This option will erase all data from the EB-232. Data erased from the dongle in this way cannot be recovered.

Compare configuration data on EB-232 to switch

This feature will compare the configuration data on the switch with the data stored on the EB-232, notifying the user if the data differ or are identical. This allows the administrator to quickly assess if a switch is running a specific configuration.

Save Configuration Page using the CLI

For more information on CLI command usage see CLI Command Usage.

Saving a Configuration

To save a running configuration, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: write memory

Usage Example: Saving a Configuration switch_a# write memory

Building configuration.....

[OK]

Restore Default Settings

To restore the switch to its default settings, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

23

tBOX400-510-FL Firmware Manual

CLI Command Syntax: restore default

Usage Example: Restoring a Configuration switch_a# restore default

Load Configuration from a TFTP Server

To Load a Configuration from a TFTP server, use the following CLI commands:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: install config-file <tftpserver_ipaddress> <filename>

Usage Example: Loading a Configuration from TFTP server on 192.168.1.100, where configuration file is file_name.tgz switch_a# install config-file 192.168.1.100 file_name.tgz

Save Configuration to a TFTP Server

To Save a Configuration to a TFTP server, use the following CLI commands:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: write config-file <tftpserver_ipaddress> <filename>

Usage Example: Saving a Configuration to TFTP server on 192.168.1.100, where configuration file is named flash.tgz switch_a# write config-file 192.168.1.100 flash.tgz

Auto Save Configuration

To set the Auto Save Configuration, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: service auto-config enable no service auto-config enable service auto-config interval <number>

24

tBOX400-510-FL Firmware Manual

Usage Example 1: Enabling Auto Save with interval of 10 seconds switch_a(config)# service auto-config enable switch_a(config)# service auto-config interval 10

Usage Example 2: Disabling Auto Save switch_a(config)# no service auto-config enable

Firmware Upgrade

To navigate to the Firmware Upgrade page:

1. Click on the + next to System

2. Click on Firmware Upgrade

To upgrade the firmware, a TFTP server is required. The firmware file for the switch is in a .TGZ or .IMG format. This is a compressed file; however, it should not be decompressed before updating the switch.

To update the firmware on the Managed Switch (see Figure 8):

1.

Copy the firmware file to the correct directory for your TFTP server. The correct directory depends on your TFTP server settings

2.

Enter the filename of the firmware in the Filename text box.

3.

Enter the IP Address of your TFTP server in the TFTP Server IP text box.

4.

Click on the Upgrade button.

5.

During the firmware upgrade you will see the following messages. Do not reboot or unplug the switch until the final message is received.

a.

Downloading now, please wait... b.

tftp <filename> .img from ip <ip address> success!!

Install now. This may take several minutes, please wait... c.

Firmware upgrade success!

Note: If a Firewall is running on the PC that is running the TFTP server it may need to be temporarily disabled.

25

tBOX400-510-FL Firmware Manual

Figure 8: Firmware Upgrade Page

Firmware Update using the CLI

For more information on CLI command usage see CLI Command Usage.

To display the current primary and alternate firmware versions:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show firmware

To update firmware from a TFTP server:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: install image <tftpserver_ipaddress> <filename>

Usage Example: Loading new firmware from TFTP server on 192.168.1.100, where filename is file_name.tgz switch_a# install image 192.168.1.100 flash.tgz

Note: Depending on the firmware being loaded, the extension may not be .tgz. The

Switch does not use the extension to validate firmware.

26

tBOX400-510-FL Firmware Manual

Booting From Alternate (Backup) Firmware

Under certain circumstances, such as when there is a loss of power during an upgrade, the firmware build on the switch can become unstable. To prevent the switch from becoming unbootable in this situation, there are two firmware images stored on the switch: primary and backup. If the primary firmware image becomes unstable, the switch will detect it automatically and boot from the backup image on the next boot.

You can also manually boot from the backup firmware image. To do so, follow these steps:

1. Connect to the switch’s RS-232 port with a terminal emulator.

2. Power cycle the switch (turn the power off and then on).

3. While the switch is rebooting, hold down Ctrl + C . This will cause the switch to enter

CFE mode. The prompt should look like this:

CFE_1.5>

4. Use the command boot_image0 and boot_image1 to manually boot from the primary and alternate firmware images respectively. Future boots will be from the image selected with this command.

Reboot

To navigate to the Reboot page:

1. Click on the + next to System

2. Click on Reboot

To reboot the Managed Switch:

1. Click on the Reboot button.

2. Click OK on the popup message.

Reboot using the CLI

For more information on CLI command usage see CLI Command Usage.

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: reload

27

tBOX400-510-FL Firmware Manual

Logout

To logout of the Web Configuration Console:

1. Click on the + next to System

2. Click on Logout

Logout from the CLI

CLI Command Mode: User Exec Mode or Privileged Exec Mode

CLI Command Syntax: logout

User Account Page

To navigate to the User Account page:

1. Click on the + next to System

2. Click on User Account

From the User Account page, multiple users can be setup with different access privileges to the switch. There are two modes that can be used, Single-User or Multi-User .

Changing the User Mode

To set the user mode (see Figure 9 ):

1. Select Single-User , Multi-User, Radius-User or Tacacs in the dropdown box in the Multi-User Mode section. For more information on setting up Radius

Authentication. Information on Tacacs+ can be found on page 222.

2. Click on the Update Setting button.

3. Click OK on the Popup message that appears.

Note: Changing the user mode saves the configuration and reboots the switch.

28

tBOX400-510-FL Firmware Manual

Figure 9: User Mode

Creating a New User

To create a new user (see Figure 10 ):

1. Choose the Create option from the dropdown list next to the User Account row heading.

2. Enter a User Name (case sensitive) for the new user in the User Name text box.

3. Enter a Password for the new user in the Password text box.

4. Re-enter the Password in the Confirm Password text box.

5. Select a Privilege Level from the dropdown list next to the Privilege Level row

heading. For more information on Privilege levels see the User Privilege

Configuration .

6. Click on the Update button.

7. Save the configuration (See the Save Configuration Page )

29

tBOX400-510-FL Firmware Manual

Figure 10: Creating Users

Changing an Existing User Account

To make modifications to an existing user account:

1. Choose an existing user from the dropdown list next to the User Account row

heading (see Figure 11 ).

2. Change the password and/or access level following the steps in Creating a New User .

3. To delete an existing user, select the user as in step 1 and then click on the Delete

button (see Figure 12 ).

30

Figure 11: Selecting an Existing User Account

tBOX400-510-FL Firmware Manual

Figure 12: Deleting a User Account

User Privilege Configuration

To navigate to the User Privilege page:

1. Click on the + next to System.

2. Click on User Privilege .

There are 3 different Privilege levels on the Managed Switch.

Admin – Has access to all configuration and administration of the switch.

Technician – Configurable by Admin – By default no configuration ability is given.

Operator – Configurable by Admin – By default no configuration ability is given.

The User Privilege Configuration page allows specific configuration and/or administration levels to be assigned or removed from the Technician and Operator user roles.

Note: For each function, an ope rator’s privilege cannot be higher than a technician's

To configure the privileges for each user access level, follow the below steps:

1. For each of the configuration options listed under Web function \ User Privilege

(see Figure 13 ), select the proper privilege from the drop-down list under the

appropriate user access level ( Technician or Operator ). The valid options are: a. Show, Hidden, Read-Only, Read-Write

2. Click on the Update button at the bottom of the page.

3. Save the configuration (see Save Configuration )

31

tBOX400-510-FL Firmware Manual

Figure 13: User Privilege Page

Control Access to show running-config

At the bottom of the User Privilege Configuration page is a separate section where you can control access to the show running-config command in the CLI. Select the desired value

( show or hidden ) for both Technicians and Operators, and click the Update Setting button.

32

tBOX400-510-FL Firmware Manual

User Account Settings using the CLI

Multi-User Mode

To enable the multi-user feature, use the following CLI commands:

CLI Command Mode: Line Configuration Mode

CLI Command Syntax: login local

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# line console 0 switch_a(config-line)# login local

% Switching Single/Multi/Radius-User mode need to reboot the switch to take effect!

switch_a(config-line)# q switch_a(config)# q switch_a#

Single User Mode

To enable the single-user feature, use the following CLI commands:

CLI Command Mode: Line Configuration Mode

CLI Command Syntax: login

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# line console 0 switch_a(config-line)# login

% Switching Single/Multi/Radius-User mode need to reboot the switch to take effect! switch_a(config-line)# q switch_a(config)# q switch_a#

Radius User Mode

To enable the radius-user feature, use the following CLI commands:

33

tBOX400-510-FL Firmware Manual

CLI Command Mode: Line Configuration Mode

CLI Command Syntax: login radius

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# line console 0 switch_a(config-line)# login radius

% Switching Single/Multi/Radius-User mode need to reboot the switch to take effect! switch_a(config-line)# q switch_a(config)# q switch_a#

Tacacs User Mode

To enable the Tacacs-user feature, use the following CLI commands:

CLI Command Mode: Line Configuration Mode

CLI Command Syntax: login tacplus

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# line console 0 switch_a(config-line)# login tacplus

% Switching Single/Multi/Radius/Tacacs-User mode need to reboot the switch to take effect! switch_a(config-line)# q switch_a(config)# q switch_a#

34

tBOX400-510-FL Firmware Manual

Creating a New User

To create a new user, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: username <user name-4 to 16 characters> privilege

<admin|operator|technician> password < 8|blank> <password-1 to 35 characters>

Note: The optional <8> CLI command after the CLI command password is used to specify that the password should be displayed in encrypted form in the configuration file.

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# username user1 privilege operator password 1234 switch_a(config)# username user1 privilege operator password 8 1234 switch_a(config)# username user2 privilege technician password 4321 switch_a(config)# username user2 privilege technician password 8 4321 switch_a(config)# username user3 privilege admin password 5678 switch_a(config)# username user3 privilege admin password 8 5678 switch_a(config)# q switch_a#

Control Access to show running-config

To create a new user, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: multiuser-access show-running-config tech (hide | show) oper (hide | show)

Permissions

Permissions must be set using the Web GUI. See User Privilege Configuration.

35

tBOX400-510-FL Firmware Manual

DIAGNOSTICS

Utilization

To navigate to the Utilization page:

1. Click on the + next to Diagnostics .

2. Click on Utilization .

The Utilization

page shows (see Figure 14):

CPU Utilization – Current and Max Utilization

Memory Utilization

– Total, Used and Free Memory

Figure 14: Utilization Page

System Log

To navigate to the System Log page:

1. Click on the + next to Diagnostics .

2. Click on System Log .

The System Log shows the data and time of port links going up or down (see Figure 15)

36

tBOX400-510-FL Firmware Manual

Figure 15: System Log

System log using CLI command

CLI Command Mode: User Exec Mode or Privileged Exec Mode

CLI Command Syntax: show system-log

Remote Logging

To navigate to the Remote Logging page:

1. Click on the + next to Diagnostics .

2. Click on Remote Logging .

Remote Logging to a Syslog server allows administrators to log important system and debugging information. The Remote Logging configuration page allows reporting to a Syslog server to be enabled or disabled as well as management of a list of Syslog servers to report

to (see Figure 16).

To configure the Remote Logging on the Managed Switch:

1. Click on the Enable or Disable radio button under Remote Logging.

2. Click on the Update Setting button.

To add a Syslog server:

1. Enter the IP Address of the Syslog Server in the Syslog Server IP text box.

37

tBOX400-510-FL Firmware Manual

2. Click on the Add Syslog Server button.

To delete a Syslog server from the list of servers currently on the switch:

1. Select the Syslog server from the Drop down box

2. Click on the Delete Syslog Server button

Figure 16: Remote Logging Page

38

tBOX400-510-FL Firmware Manual

Remote Logging using CLI commands

Enable/Disable Remote Logging

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: remote-log enable no remote-log enable

Usage Example 1: Enable Remote Logging switch_a(config)# remote-log enable

Add/Delete a Remote Logging Host

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: remote-log add <ip_address> remote-log del <ip_address> remote-log del all

Usage Example 1: Add a Remote Logging Host at 192.168.1.100 switch_a(config)# remote-log add 192.168.1.100

Usage Example 2: Delete a Remote Logging Host at 192.168.1.100 switch_a(config)# remote-log del 192.168.1.100

ARP Table

To navigate to the ARP Table page:

1. Click on the + next to Diagnostics .

2. Click on ARP Table .

The ARP Table page shows ARP (Address Resolution Protocol) entries that are stored in the Switches ARP Table. This is useful for troubleshooting purposes. The information shown is:

IP Address of the listed device

Hardware Type – For Ethernet devices this will always be 1 .

Flags o 2 = Device responded to ARP Request

39

tBOX400-510-FL Firmware Manual o 0 = No response to ARP Request

Hardware Type – MAC Address of the listed device

VLAN – The VLAN that the listed device is on

Figure 17: ARP Table

ARP Table using CLI Commands

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: show arp-table

Route Table

To navigate to the Route Table page:

1. Click on the + next to Diagnostics .

2. Click on Route Table .

The Route Table lists the routes to network destinations and metrics (distances) that are associated with those routes. The Route Table contains information about the topology of the network around it.

40

tBOX400-510-FL Firmware Manual

Figure 18: Route Table

Route Table Using CLI Commands

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show route-table

Usage Example: switch_a# show route-table

Destination Gateway Genmask Flags Metric Ref Use VLAN

10.58.7.0 0.0.0.0 255.255.255.0 U 0 0 0 1

41

tBOX400-510-FL Firmware Manual

Alarm Setting

This setting applies only to Switch models that have a hardware relay.

To navigate to the Alarm Setting page:

1. Click on the + next to Diagnostics .

2. Click on Alarm Setting .

The Alarm Setting page allows users to define Ethernet port Link-down and Power failure alarms for triggering an alarm using the relay on the switch.

To configure an Ethernet port or Power input alarm:

1. Select an Ethernet port or Power input from the dropdown box (see Figure 19).

42

Figure 19: Alarm Trigger

2. Select YES or NO

from the dropdown box next to Trigger Enabled (see Figure 20).

3. Click Update Setting to save any changes made.

tBOX400-510-FL Firmware Manual

Figure 20: Trigger Enable

NOTE: The initial normal state of the relay is open, and if switch loses *all* power, then this state will come into effect. This is important to remember when using the relay to indicate a power failure. The relay will close in an alarm state when there is redundant power input and an alarmed input fails.

PORT

Configuration

To navigate to the Configuration page:

1. Click on the + next to Port .

2. Click on Configuration .

Port configuration contains features as flow control, port speed, and duplex settings. These settings can be very useful when the switch is connected to a latency-critical device such as a VOIP phone, IP camera, or video multiplexor. The ability to alter port settings can make the difference between a poorly responding device and one that functions without loss of data or clarity.

.The Configuration

page shows (see Figure 21):

Port Number – fe(n) for 100mb ports and ge(n) for Gigabit ports

Link Status – Operational State of the Port’s Link (Read-Only)

Port Description – User-supplied Port Description

Port type – Select Switch Port or Router Port

IP address – Set the IP address of the port in aaa.bbb.ccc.ddd/mm format

Admin Setting – Administratively Enable or Disable the Port.

Speed – Speed and Duplex Settings for Port.

43

tBOX400-510-FL Firmware Manual

Flow Control – State of Flow Control for the Port.

To provide a description to a port on the Managed Switch:

1. Click in the Description text box for the appropriate port.

2. Type in the description of the port.

3. Click on the Submit button.

To enable or disable a port on the Managed Switch:

1. Click on the drop-down box under Admin Setting and select either Link Up or Link

Down .

2. Click on the Submit button.

To set the Port Speed and/or Port Duplex Settings on the Managed Switch:

1. Click on the drop-down box under Speed and select the desired port speed / duplex settings for that port. Please note, not all port types will have the same options. For example, 100Mb fiber ports will typically be limited to a single option of 100M/FD

(100Mbps and Full Duplex) while running 1Gb UTP ports will have six options for speed/duplex.

2. Click on the Submit button.

To enable or disable a port’s Flow Control settings on the Managed Switch:

1. Click on the drop-down box under Flow Control and select either Enable or Disable.

2. Click on the Submit button.

44

tBOX400-510-FL Firmware Manual

Figure 21: Port Configuration

Port Status

To navigate to the Port Status page:

1. Click on the + next to Port .

2. Click on Port Status .

This page is a read-only page that lists the settings described in the previous section. It is useful if all the user intends to do is read the values of the port settings, not modify the port

settings. The Port Status page shows (see Figure 22):

Port Number – fe(n) for 100mb ports and ge(n) for Gigabit ports

Link Status – Operational State of the Port’s Link.

Port Description – User-supplied Port Description

Port Type – Indicates switch or router port

Admin Setting – Administratively State of the Port.

Speed – Speed and Duplex Settings for Port.

Flow Control – State of Flow Control for the Port.

45

tBOX400-510-FL Firmware Manual

Figure 22: Port Status

Rate Control

To navigate to the Rate Control page:

1. Click on the + next to Port .

2. Click on Rate Control .

The Rate Control page allows the user to set the maximum throughput on a port or ports on both packets entering the port (from the connected device) or packets leaving the port.

The Ingress text box controls the rate of data traveling into the port while the Egress text box controls the rate of data leaving the port.

Note: Entries will be rounded down to the nearest acceptable rate value. If the value entered is below the lowest acceptable value then the lowest acceptable value will be used.

The Rate Control page is shown below (see Figure 23):

To provide either an ingress or egress rate control for a port on the Managed Switch:

1. Click in the Ingress or Egress Text Box for the appropriate port.

2. Type in the ingress/egress rate for the port according to the values listed above.

3. Click on the Update Setting button.

46

tBOX400-510-FL Firmware Manual

Figure 23: Rate Control

RMON Statistics

To navigate to the RMON Statistics page:

1. Click on the + next to Port .

2. Click on RMON Statistics .

RMON Statistics gives a detailed listing of the types and quantity of packets that a particular

port has seen since the last reboot of the switch (see Figure 24).

To view the RMON statistics for a particular port on the Managed Switch:

1. Click on the link to the port at the top of the RMON Statistics page.

To clear the RMON statistics for a particular port on the Managed Switch:

1. Click on the link to the port at the top of the RMON Statistics page.

2. Click on the Clear button at the bottom of the page.

3. The statistics for the port will update every ten seconds.

Pay particular attention to the values for CRC/Alignment errors and collisions. Nonzero values for these fields can indicate that a port speed or duplex mismatch exists on the port.

47

tBOX400-510-FL Firmware Manual

Figure 24: RMON Page

Per Port VLAN Activities

To navigate to the Per Port VLAN Activities page:

1. Click on the + next to Port .

2. Click on Per Port VLAN Activities .

This is a read-only page that will allow the user to see what devices are connected to a particular port and the vlan associated with that device and port.

To clear the MAC addresses for a particular port on the Managed Switch (see Figure 25):

1. Click on the link to the port at the top of the Per Port VLAN Activities page.

2. Click on the Clear MAC button at the bottom of the page.

3. The statistics for the port will update every ten seconds.

48

tBOX400-510-FL Firmware Manual

Figure 25: Port VLAN Activities

Port Configuration Examples Using CLI Commands

Setting the Port Description

To provide a description of a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: description <description text>

Usage Example: switch_a(config-if)# description A_Port_Description

49

tBOX400-510-FL Firmware Manual

Enable or Disable a Port

To administratively enable or disable a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: shutdown no shutdown

Setting the Port Speed

To set the port speed for a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: bandwidth <1-10000000000 bits> (usable units : k, m, g)

Usage Example: switch_a(config-if)# bandwidth 100m

Setting Port Duplex

To set the duplex for a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: duplex <full | half | auto>

Usage Example: switch_a(config-if)# duplex full

Enable or Disable Port Flow Control

To enable or disable flow control for a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: flowcontrol on

Usage Example: switch_a(config-if)# flowcontrol on

Display Port Status

To display the port status for a port use the CLI commands below:

50

tBOX400-510-FL Firmware Manual

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show interface <ifname>

Usage Example: switch_a# show interface fe1

Setting a Ports Rate Control

To set a ports rate control use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: rate-control <ingress | egress> value <value in kbps>

Usage Example: switch_a(config-if)# rate-control ingress value 100000

Display a Ports RMON Statistics

To display a ports RMON statistics use the CLI commands below:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show interface statistics <interface name>

Usage Example: switch_a# show interface statistics fe1

Display a Ports VLAN Activities

To display a port’s VLAN activities use the CLI commands below:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show bridge interface <interface name>

Usage Example: switch_a# show bridge interface fe1

51

tBOX400-510-FL Firmware Manual

SWITCHING

Bridging

To navigate to the Bridging page:

1. Click on the + next to Switching .

2. Click on Bridging.

Ageing Time

The Ageing Time value is a global value and represents the time that a networked device’s

MAC address will live in the switch’s memory before being removed. The default value is

300 seconds (5 minutes) (see Figure 26).

To update the Ageing Time value:

1. Click in the Error Disable Recovery text box at the top of the Port Security Dynamic-

MAC page.

2. Type in the desired value. Values can be from 0 to 65535 seconds . A value of 0 indicates that the port is not to return to normal operating condition until an administrator resets the port or the switch is restarted.

3. Click on the Update Setting button.

Threshold Level

The Threshold Level setting is a per port value . A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. The traffic storm control feature prevents LAN ports from being disrupted by a broadcast or multicast traffic storm on physical interfaces. A Threshold is set to determine when the switch will react to

Broadcasts and/or Multicasts.

To set the Threshold level per port:

1. Type in the desired value. Values can be from 0.1 to 100 . This value is a percentage of allowable broadcast traffic for this port. Once this percentage of traffic is exceeded, all broadcast traffic beyond this percentage is dropped.

2. Click on the Update Setting button.

52

tBOX400-510-FL Firmware Manual

Storm Control Type

The Storm Control Enabled Type setting is a per port value. The Storm Control Enabled

Type allows users to determine the type of storm control to be used by the switch.

To set the Storm Control Enabled Type:

1. Select the check box next to Broadcast and/or DFL-Multicast for the port that needs to be changed

2. Click on the Update Setting button.

Figure 26: Bridging

Loopback Detect

To navigate to the Loopback Detect page:

1. Click on the + next to Switching .

2. Click on Loopback Detect.

Loopback Detection (Global)

To globally enable the Loopback Detect

feature of the Managed Switch (see Figure 27):

53

tBOX400-510-FL Firmware Manual

1. Click on the Loopback Detect drop-down box.

2. Select Enable from the drop down list.

3. Click on the Update Setting button.

Loopback Detect Action

To change the action that the switch takes when a loopback condition is detected (see

Figure 27):

1. Choose an action from the Loopback Detect Action dropdown list. The available options are None and Error Disable .

2. Click on the Update Setting button.

Loopback Detect Recovery Time

To change the length of time that the Loopback Detect Action

will stay in effect (see Figure

27):

1. Enter a value in the text box next to Error Disable Recovery . Valid values range from 0 to 65535 seconds .

2. Click on the Update Setting button.

Polling Interval

To change the polling interval of the Loopback Detect function (see Figure 27):

1. Enter a value in the text box next to Interval . Valid values range from 1 to 65535 seconds.

2. Click on the Update Setting button.

54

Figure 27: Loopback Detection

tBOX400-510-FL Firmware Manual

Loopback Detection (Per Port)

To enable Loopback Detection for a particular port or ports on the Managed Switch (see

Figure 28):

1. Select the value Enable from the Mode drop down list for a port on the Loopback

Detect page.

2. Click on the Update Setting button.

Figure 28: Loopback Detection (port)

Storm Detect

The Storm Detect feature allows the switch to be configured to disable a port that is receiving a large number of Broadcast and/or Multicast packets. The switch can monitor for packets and take action based on percentage of bandwidth utilization or number of packets per second.

Enable/Disable Storm Detection

1. Enable or Disable Storm Detection by Clicking on the drop down box in the Storm-

Detect Configuration box (see Figure 24 ).

2. Set the Storm Detect interval to a number between 2 and 65535 seconds. The default value is 10 seconds.

55

tBOX400-510-FL Firmware Manual

3. Set the Storm-Detect errdisable-recovery time to value between 0 and 65535 seconds . The Default is 0 (disabled). This value determines if the switch should reenable the port after the specified value or leave the port disabled.

Figure 29: Storm Detect — Global

4. Set the By Utilization (%) for each port in the Storm-Detect Per Port Configuration box (see Figure 25). The default is 0 (not limited). Setting this to a value between 1 and 100 will cause the port to be disabled when the defined percentage of bandwidth is reached.

5. Set the type of packet to be monitored in the Drop-down box under By Broadcast /

Multicast+Broadcast Packets Per Second . Set the value to BC to monitor

Broadcast packets and BC-MC to monitor both Broadcast and Multicast packets.

56

Figure 30: Storm Detect — Per Port Configuration

tBOX400-510-FL Firmware Manual

Static MAC Entry

Occasionally, it may be useful to specify a MAC address on a particular port and VLAN rather than adjusting the ageing time for the entire switch. Alternatively, it is also possible and even desirable to prevent a MAC address from ever being registered with a switch.

These features are offered under the Static MAC Entry menu.

To navigate to the Static MAC Entry menu:

1. Click on the + next to Switching .

2. Click on Static MAC Entry.

Adding a Static MAC Address to a Port

To add a static MAC entry for a particular port (see Figure 31):

1. Enter the MAC address for end the corresponding port’s text box. The format of the

MAC address should be in the form aaaa:bbbb:cccc ).

2. Select the VLAN that this MAC address is associated with from the VLAN ID drop down list for the port.

3. Click on the Submit button.

Figure 31: MAC Static Entry

Removing a Static MAC Address from a Port

To remove a static MAC entry for a particular port (see Figure 32):

1. For a particular port, select the MAC address to be deleted from the Delete MAC

Address drop down box.

2. Click on the Submit button.

57

tBOX400-510-FL Firmware Manual

Figure 32: Removing a Static MAC Address

Adding a MAC to the Static-MAC-Entry Discard Table

To add a MAC address to the Static-MAC-Entry Discard

table (see Figure 33):

1. Enter a MAC address in the form “0000.1234.abdc” in the Add MAC Address text box of the Static-MAC-Entry-Discard section.

2. Select the VLAN associated with the MAC address.

3. It should be noted that while static MAC address for forwarding are associated with the switch on a per-port basis. Static MAC discards are associated with the switch for all ports.

4. Click on the Submit button.

Figure 33: Adding a MAC – Static-MAC-Entry Table

Removing a MAC address from the Static-MAC-Entry Discard Table

To remove a MAC address from the Static-MAC-Entry Discard

table (see Figure 34):

1. From the drop down box underneath Delete MAC Address , select the MAC address to be deleted.

2. Click on the Submit button.

58

tBOX400-510-FL Firmware Manual

Figure 34: Deleting a MAC Address – Static-MAC-Entry Table

Port Mirroring

To navigate to the Port Mirroring menu:

1. Click on the + next to Switching .

2. Click on Port Mirroring.

To configure port mirroring for a port or ports on the Managed Switch (see Figure 35):

1. Select the port or ports that traffic is to be mirrored from under the Mirror From column.

2. Select the destination port under the Mirror To drop down box.

3. Select the type of traffic that should be mirrored from the Mirror Mode drop down box. The available options are: a. TX – transmit only b. RX – Receive Only c. TX/RX – Transmit and Receive.

4. Click on the Submit button.

59

tBOX400-510-FL Firmware Manual

Figure 35: Port Mirroring

To disable port mirroring for a port or ports on the Managed Switch (see Figure 36):

1. Under the Current Settings section, the current port mirroring configuration should be displayed.

2. Click on the Delete button.

.

Figure 36: Disabling Port Mirroring

Link State Tracking

Link-state tracking binds the link state of multiple interfaces. Link-state tracking provides redundancy in the network when used with server network interface card (NIC) adapter teaming or bonding. When the server network adapters are configured in a primary or

60

tBOX400-510-FL Firmware Manual secondary relationship known as teaming and the link is lost on the primary interface, connectivity transparently changes to the secondary interface.

To navigate to the Link State Tracking menu:

1. Click on the + next to Switching .

2. Click on Link State Tracking.

Enable/Disable Link State Tracking

To enable Link State Tracking for a particular group on the Managed Switch (see Figure 37):

1. Under Group Setting , click the check box of the Link State groups that are to be enabled (or disabled).

2. Click on Update Setting.

Figure 37: Link State Tracking

Port Settings

To configure individual ports for a Link State group on the Managed Switch (see Figure 38):

1. Under Port Setting , select the Link State Group that the port will belong to from the

Group drop down box

2. Select if the port is upstream or downstream from the Up/Down Stream)drop down box.

3. Click on Update Setting.

61

tBOX400-510-FL Firmware Manual

Figure 38: Link State Tracking – Port Settings

PoE - System and Port Settings

To navigate to the PoE page :

1. Click on the + next to Switching .

2. Click on PoE.

PoE System Setting

The PoE Page provides access to PoE System Setting information and configuration. The

information provided is (See Figure 39 ):

1. Main Supply Voltage

2. System Temperature

3. Power Allocation – Actual wattage supplied to attached PoE device(s)

4. System Power Budget – Configurable. The default value depends on the model of switch.

62

tBOX400-510-FL Firmware Manual

Figure 39: PoE System Setting

PoE Port Setting

The PoE Port Setting section provides the following configurable settings and information:

1. Enable Mode – Set the PoE Enable Mode by selecting one of the following settings

in the drop-down box under PoE Mode (see Figure 40 )

o Enable – Enable PoE on a specific port o Disable – Disable PoE on a specific port o Scheduling – Schedule time of day that PoE will be enabled per port (see

PoE Scheduling )

2. Fixed Power Limit – Provides a ceiling to the maximum Wattage that can be allocated to an attached PoE (PD) device on a port.

3. Power Priority – Use the Drop-Down box in the Power Priority column to set the priority to High, Medium or Low. Once the PoE power requirements on the switch has exceeded the PoE power budget. Power will be supplied to the port(s) with the highest priority. In the case where multiple ports have the same priority, ports will be prioritized by port number with the lower numbered port receiving priority.

4. Power Down Alarm – This setting only applies to Switches that have a relay. If this box is check, losing PoE power on a port triggers the relay on the switch .

5. Status – Informational only. Provides the status of the PoE port

6. PD Class - Informational only. Provides the PoE Classification of the PoE (PD) device attached to the PoE port

7. Current (mA) – Informational only. Shows the current draw from the attached PoE

(PD) device.

63

tBOX400-510-FL Firmware Manual

8. Consumption (W) - Informational only. Shows the power consumption of the attached PoE (PD) device.

Figure 40: PoE Port Setting

64

tBOX400-510-FL Firmware Manual

PoE Scheduling

PoE Scheduling allows PoE ports to have their power up time scheduled by hour of the day and day of the week. In order for a port to follow a schedule defined here, the port must be set to Scheduling on the PoE settings

page (see PoE Port Setting )

To navigate to the PoE Scheduling page:

1. Click on the + next to Switching .

2. Click on PoE Scheduling.

Each PoE port on the switch can be schedule to power up and down automatically. To configure a port:

1. Select the port from the drop-down list (See Figure 41 )

Figure 41: Selecting a Port

2. Select the hour(s) of day for each day of the week (see Figure 42 ).

3. Click on the Submit button.

65

tBOX400-510-FL Firmware Manual

Figure 42: PoE Power Scheduling

66

tBOX400-510-FL Firmware Manual

Switch Configuration Examples Using CLI Commands

Setting the Ageing Time Value

To update the Ageing Time value on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 ageing-time (time in ms)

Usage Example: Set ageing time to 300ms switch_a(config)# bridge 1 ageing time 300

Enabling Port Isolation

To enable Port Isolation , use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: port-isolation enable

Setting Storm Control

To set the value for the Broadcast and or DLF-Multicast Storm Control value of a port on the Managed Switch, use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: stormcontrol <broadcast | dlf-multicast> <level>

Usage Example: switch_a(config-if)# storm-control broadcast enable switch_a(config-if)# storm-control level 20

Enabling Loopback Detect (Global)

To enable Loopback Detect on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 loopback-detect <enable | disable>

Usage Example:

67

tBOX400-510-FL Firmware Manual switch_a(config)# bridge 1 loopback-detect enable

Setting the Loopback Detect Action

To set the action for Loopback Detect on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 loopback-detect action <err-disable | none>

Usage Example: switch_a(config)# bridge 1 loopback-detect action errdisable

Setting the Loopback Detect Recovery Time

To set the recovery time for Loopback Detect on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 loopback-detect errdisable-recovery <0-65535>

Usage Example: switch_a(config)# bridge 1 loopback-detect errdisable-recovery 30

Setting the Loopback Detect Polling Interval

To set the polling interval for Loopback Detect on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 loopback-detect interval <1-65535>

Usage Example: switch_a(config)# bridge 1 loopback-detect interval 5

68

tBOX400-510-FL Firmware Manual

Enabling Loopback Detect (Port)

To enable Loopback Detection on a port on the Managed Switch, use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: loopback-detect enable

Configuring Storm-Detect

To Enable or Disable Storm-Detect use the CLI command Below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 storm-detect errdisable no bridge 1 storm-detect errdisable

Default: Disabled

Usage Example – Enabling storm detect: switch_a(config)# bridge 1 storm-detect errdisable

Usage Example – Disabling storm detect: switch_a(config)# no bridge 1 storm-detect errdisable

To set the storm-detect interval use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 storm-detect interval <2-65535>

Default: 10

Usage Example: switch_a(config)# bridge 1 storm-detect interval 10

To set the storm-detect recovery time use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 storm-detect errdisable-recovery <0-65535>

69

tBOX400-510-FL Firmware Manual

Default: 0 No errdisable recovery.

Usage Example: switch_a(config)# bridge 1 storm-detect errdisable-recovery 60

Storm Detect Packet Type

Enable this port’s storm detect by detect number of broadcast or broadcast plus multicast packets per second. Unit is packets per second. Set to 0 to disable this feature.

To set the storm-detect packet type use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: storm-detect (bc | mc-bc) pps <0-100000> bc = broadcast only mc-bc = count broadcast & multicast packets together.

Default: 0 (Disabled)

Usage Example 1 – Enabling Multicast + Broadcast: switch_a(config-if)# storm-detect mc-bc pps 50000

Usage Example 2 – Enabling Multicast + Broadcast: switch_a(config-if)# storm-detect bc pps 50000

To set the storm-detect utilization use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: storm-detect utilization <0-100>

Default: 0 (Disabled)

Usage Example: switch_a(config-if)# storm-detect utilization 80

To disable storm-detect on a port use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: no storm-detect port enable

70

tBOX400-510-FL Firmware Manual

Adding a MAC Address for Static-MAC-Entry Forwarding

To add a MAC address for Static-MAC-Entry Forwarding for a port on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 address <mac address> forward <interface> vlan <vlan id>

Usage Example: switch_a(config)# bridge 1 address 00e0.abcd.1245 forward fe1 vlan 1

Discard a Static MAC Entry

To discard a static MAC address, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 address <mac address> discard vlan <vlan id>

Usage Example: switch_a(config)# bridge 1 address 00e0.abcd.1245 discard vlan 1

Configuring Port Mirroring

To configure a port for Port Mirroring on the Managed Switch, use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: mirror interface <interface> direction <both | tx | rx>

Usage Example: switch_a(config-if)# mirror interface fe2 direction both

71

tBOX400-510-FL Firmware Manual

Enabling a Link State Tracking Group

To enable a Link State Tracking Group on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: link state track <group #>

Usage Example: switch_a(config)# link state track 4

Assigning a Port to a Link State Tracking Group

To assign a port to a Link State Tracking group on the Managed Switch, use the following

CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: link state group <group #> <upstream | downstream>

Usage Example: switch_a(config-if)# link state group 4 downstream

Setting PoE Power Budget

To set the PoE Power Budget use the following CLI commands

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: poe system-power-budget <value>

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# poe system-power-budget 144.14

switch_a(config)# q switch_a#

72

tBOX400-510-FL Firmware Manual

PoE Port Settings

The following commands are used to set PoE functions related directly to individual PoE ports:

CLI Command (click link for syntax) Function

enable

Enables PoE on a port

fixed-power-limit power-down-alarm

power-priority

Sets a fixed wattage for a PoE port

Turns on alarm by relay on PoE power down

Sets priority of power distribution to ports

scheduling schedule-time

Enable Scheduling

Sets schedule time to power PoE ports

schedule-time-hour

Schedule time (hour) enable

To enable or disable PoE on a port use the following CLI commands

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe enable no poe enable

Usage Example 1 – Enabling PoE on a port: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe enable switch_a(config-if)# q switch_a(config)# q switch_a#

Usage Example 2 – Disabling PoE on a port: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# no poe enable switch_a(config-if)# q switch_a(config)# q switch_a#

73

tBOX400-510-FL Firmware Manual fixed-power-limit

The fixed-power-limit CLI command sets the maximum wattage that a switch port will provide to the attached PoE device. To set a fixed power limit on a port Power Limit by

Classification must be disabled on the port first (see 錯誤 ! 找不到參照來源。 ). To set the fixed-power-limit, use the following CLI command:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe fixed-power-limit <level>

Level = 0-15.4 (802.3af) / 30 (802.3at) / 60 (W)

Usage Example: switch_a> enable switch_a#configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe fixed-power-limit 7.5

switch_a(config-if)# q switch_a(config)# q switch_a# power-down-alarm

This setting only applies to Switches that have a relay. If this setting is enabled, losing PoE power on a port triggers the relay on the switch.

To enable or disable the power down alarm, use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe power-down-alarm enable no poe power-down-alarm enable

Usage Example 1 – Enabling PoE power down alarm on a port: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe power-down-alarm enable switch_a(config-if)# q switch_a(config)# q switch_a#

74

tBOX400-510-FL Firmware Manual

Usage Example 2 – Disabling PoE power down alarm on a port: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# no poe power-down-alarm enable switch_a(config-if)# q switch_a(config)# q switch_a# power-priority

Use this setting to set the priority to High, Medium or Low.

To set the PoE power priority, use the following CLI command:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe power-priority <high | medium | low>

Usage Example: switch_a>enable switch_a#configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe power-priority medium switch_a(config-if)#q switch_a(config)#q switch_a#

75

tBOX400-510-FL Firmware Manual

PoE Scheduling

PoE Scheduling allows PoE ports to have their power up time scheduled by hour of the day and day of the week . scheduling

To enable PoE Power Scheduling on a port, use the following CLI command:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe scheduling enable

To disable PoE scheduling on a port use the

no poe enable command

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe scheduling enable switch_a(config-if)# q switch_a(config)# q switch_a# schedule-time

To enable PoE Power Scheduling on a port, use the following CLI command:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe schedule-time <day> <hour(s)>

Day = 0 (Sunday) to 6 (Saturday)

Hour = 1 to 23. Multiple hours can be defined using a dash (ex. 1-23)

To disable PoE scheduling on a port use the

no poe enable command

Usage Example 1: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe schedule-time 0 10 switch_a(config-if)# q switch_a(config)# q switch_a#

76

tBOX400-510-FL Firmware Manual

Usage Example 2

– Multiple hours: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe schedule-time 0 10-14 switch_a(config-if)# q switch_a(config)# q switch_a# schedule-time-hour

To enable PoE Power Scheduling on a port, use the following CLI command:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: poe schedule-time <day> <hour>

Day = 0 (Sunday) to 6 (Saturday)

Hour = 1 to 23

To disable PoE scheduling on a port use the

no poe enable command.

Usage Example: switch_a> enable switch_a# configure terminal switch_a(config)# interface fe1 switch_a(config-if)# poe schedule-time 0 10 switch_a(config-if)# q switch_a(config)# q switch_a#

TRUNKING

Overview

Port Trunking refers to the use of multiple network connections in parallel to increase the link speed beyond the limits of any one single cable or port. This is commonly called link aggregation. These aggregated links may be used to interconnect switches or to connect high-capacity servers to a network.

77

tBOX400-510-FL Firmware Manual

There are two popular types of port trunking, static and link aggregation control protocol (LACP). We will take a minute to discuss both types of trunking and why one would want to use them.

Static Channel Trunking

Originally specified in the IEEE802.3AD specification and now in the IEEE

802.1AX2008 specification, this type of trunking is the most basic and easiest to understand.

It simply is the aggregation of two or more Ethernet links to form a virtual link equivalent in bandwidth to the sum of its individual links. For example, if one had four 100Mbps Ethernet links composing a single static channel, the overall bandwidth of the static channel would be

400Mbps.

Prioritization of data through the channel is simple as well. When one of the links of the channel becomes saturated the excess data spills over into the remaining channels. For example, if one were sending a constant stream of data at 250Mbps through a static channel composed of 4 individual 100Mbps links, the first two links of the channel would be completely saturated while the half of the third channel would be utilized and none of the forth channel would be used.

Link Aggregation Control Protocol

Within the IEEE specification, the Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical ports together to form a single logical channel. LACP allows a network device to negotiate an automatic bundling of links by sending LACP packets to the peer (directly connected device that also implements LACP).

This means that both sides of the LACP channel must be configured for LACP which implies both devices must support it.

LACP also has a couple of very important advantages over static channel:

Failover when a link fails and there is (for example) a media converter between the devices which means that the peer will not see the link down. With static link aggregation the peer would continue sending traffic down the link causing it to be lost.

The device can confirm that the configuration at the other end can handle link aggregation. With Static link aggregation a cabling or configuration mistake could go undetected and cause undesirable network behavior.

78

tBOX400-510-FL Firmware Manual

NOTE: Before configuring a port trunk, disable or disconnect all of the ports that you want to use with this trunk. When the trunk has been (re)configured, enable or reconnect the ports.

Port Trunking

To navigate to the Port Trunking menu:

1. Click on the + next to Trunking .

2. Click on Port Trunking.

To create a trunk consisting of 1000Mbps ports:

1. Select Static, LACP, or Disable for each trunk that is being configured.

2. Click on the corresponding checkbox for each desired port to be included in the

Trunk Group . A maximum of eight ports can be assigned to each trunk group.

3. Click on the Submit button.

Figure 43: Port Trunking

79

tBOX400-510-FL Firmware Manual

LACP Trunking

To navigate to the LACP Trunking menu:

1. Click on the + next to Trunking .

2. Click on LACP Trunking.

To create a LACP trunk:

1. In the Trunk Configuration section, select a port in the LACP trunk.

2. Select LACP from the Trunk Type dropdown box for this port.

3. Enter an admin key for this port in the Admin Key textbox. 100Mbps ports admin keys must be 1 and 1Gbps ports must be 3 .

4. Select the LACP Mode to either Active or Passive .

5. Enter a value in the Port Priority textbox.

6. Select a Timeout value of Short or Long .

7. Click on the Submit button.

8. Repeat steps 1-7 for each additional port that is to be used in the trunk.

To set the LACP System Priority

1. Enter a value between 1 and 65535. The default value is 32768.

2. Click on the Submit button.

80

tBOX400-510-FL Firmware Manual

Figure 44: LACP Trunking

Trunking Configuration Examples Using CLI Commands

Adding an Interface to a Static Trunk

To add an interface to a static trunk, use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: static-channel-group <static channel> (1-6 for 100Mbps, 7-8 for 1Gbps ports)

Usage Example:

81

tBOX400-510-FL Firmware Manual switch_a(config-if)# static-channel-group 1

Adding an Interface to a LACP Trunk

To add an interface to a LACP trunk on the Managed Switch, use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: channel-group <LACP Channel> mode <active | passive>

(LACP Channel is 1-6 for 100Mbps, 7-8 for 1Gbps ports)

Usage Example: switch_a(config-if)# channel-group 2 mode passive switch_a(config-if)# q

Setting the LACP Port Priority

To set the port priority for an interface attached to a LACP trunk on the Managed Switch, use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lacp port-priority <1 - 65535>

Usage Example: switch_a(config-if)# lacp port-priority 1

Setting the LACP Timeout

To set the timeout for an interface attached to a LACP trunk on the Managed Switch, use the

CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lacp timeout <long | short>

Usage Example: switch_a(config-if)# lacp timeout long

82

tBOX400-510-FL Firmware Manual

STP/RING PAGE – OVERVIEW

Choosing the Spanning Tree Protocols

The Spanning Tree algorithm works by designating a single switch (The Root Bridge) in the network, as the root or the parent to all the switches. All the switches in the network will use the same algorithm to form unique paths all the way back to the Root Bridge. Some switches establish a blocking point (a port on a switch) somewhere along the path to prevent a loop.

There are 3 versions of the Spanning Tree protocol, STP, RSTP, MSTP, and they are all backwards compatible with each other.

Spanning Tree Protocol (STP)

This is the original Spanning Tree protocol, and it has been superseded by both the

RSTP and MSTP protocol. It is based on a network with a maximum diameter of no more than 17 switches. It uses timers to synchronize any changes in the network topology, and this could take minutes. It is not recommended that you use this version of the Spanning Tree protocol.

Rapid Spanning Tree protocol (RSTP)

The RSTP protocol is the new enhanced version of the original STP protocol. It uses an enhanced negotiation mechanism to directly synchronize any topology changes between switches; it no longer uses timers as in the original STP protocol, which results in a faster re-convergence time. The maximum allowed network diameter for the RSTP protocol is 40 switches.

Multiple Spanning Tree Protocol (MSTP)

The MSTP protocol extends the RSTP protocol by simultaneously running multiple instances of the Spanning Tree Protocol and mapping different VLANs to each instance, thus providing load balance across multiple switches. The MSTP protocol accomplishes this by creating new extended sections within the RSTP protocol, called Regions. Each region runs its own instance of the Spanning Tree Protocol.

Within each Region, the MSTP protocol can accommodate a network diameter of up to 40 switches. There can be a maximum of 40 Regions in a single MSTP network.

83

tBOX400-510-FL Firmware Manual

STP/Ring Page - Configuring RSTP

Global Configuration Page

To navigate to the STP/Ring Global Configuration page:

1. Click on the + next to STP/Ring .

2. Click on Global Configuration .

Enabling the RSTP Protocol

RSTP is enabled by Default. If RSTP has been disabled and you wish to enable it (see

Figure 45):

1. Click the dropdown box next to Spanning Tree Protocol and choose Enable .

2. Click on the dropdown box next to STP Version and select RSTP .

3. Click on the Update Setting button.

Additional Global Configuration page settings

Bridge Priority – Bridge Priority is used to set the Root and backup Root Bridge.

For more details see

The Root Bridge & Backup Root Bridge.

o Default is 32768. Range is 0 to 61440.

Hello Time

– This tells how often a BPDU (Bridge Protocol Data Unit) is sent

(see Bridge Protocol Data Units ). Default is 2 seconds. Range is 1 to 10

seconds.

Max Age – Default is 20. Hop count limit for BPDU packets

Forward Delay - Default is 15 sec.

Note: Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning tree protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination

MAC (01:80:C2:00:00:00). There are three kinds of BPDUs:

Configuration BPDU, used by Spanning Tree Protocol to provide information to all switches.

TCN (Topology change), tells about changes in the topology.

TCA (Topology change Acknowledgment), confirm the reception of the TCN.

84

tBOX400-510-FL Firmware Manual

Figure 45: STP/Ring Global Configuration

The Root Bridge & Backup Root Bridge

To configure the Spanning Tree protocol on your network, you will need to setup a Root

Bridge and Backup Root Bridge. In order to configure a switch to be the Root Bridge of a

Spanning Tree network, you have to make sure that the Bridge Priority (which is the most significant 4 bits of the Bridge ID) of the switch is the lowest among any of the switches on the network. Similarly for the Backup Root Bridge, it must have the next lowest Bridge Priority of all the switches.

Note: Since the Bridge Priority is the most significant 4 bit of the Bridge ID, the lowest Bridge Priority will always be the Root Bridge and the second lowest

Bridge Priority will be the Backup Root Bridge. If all switches have the same

Bridge Priority , then The 12 bit System ID or MAC

Address (if the system ID’s are

the same) will be used to determine the Root and Backup Root Bridge (See 如下 ).

85

tBOX400-510-FL Firmware Manual

Figure 46: Bridge ID

Bridge ID is a concatenation of 3 values: a 4 bit Bridge Priority (most significant), a 12 bit

System ID (less significant), and the 48 bit MAC address of the local switch (least significant).

Setting the Root Bridge and Backup Root Bridge

To navigate to the STP/Ring Global Configuration page:

1. Click on the + next to STP/Ring .

2. Click on Global Configuration .

To set the Bridge Priority:

1. Enter the Bridge Priority ID in the text box to the right of Bridge Priority

(0..61440)

2. Click on the Update Setting button.

Note: The valid values for this parameter are from 0 to 61440, in increments of

4096; you will see this value reflected in the first hexadecimal digit of the Bridge ID field after you click the Update Setting

button (See Figure 47). Set this value to be less than

any other switch on the network, in order to make this switch the Root Switch. To set a

Backup Root Bridge set the Bridge ID to be between the Root Bridge and the rest of the network switches.

86

tBOX400-510-FL Firmware Manual

Figure 47: Bridge ID Display

Setting the MAX Age, Forward Delay and Hello Timer

To navigate to the STP/Ring Global Configuration page:

1. Click on the + next to STP/Ring .

2. Click on Global Configuration .

The Network Diameter

The Diameter of a network depends on the type of topology your network uses. In a ring topology, the Network Diameter is the total number of switches in a network minus the

Root Bridge. In a star topology, the Network Diameter is the maximum number of hops to get from Root Bridge to the switch that is the most hops away. the In the RSTP protocol, the Max Age parameter is used as a hop count limit on how far the Spanning

Tree protocol packet can propagate throughout the network topology, therefore, it must be configured with a value that is greater than the network diameter.

Relationship between Max Age, Forward Delay and Hello Time

87

tBOX400-510-FL Firmware Manual

The following rules must be followed when setting the Max Age , Forward Delay and

Hello Timer :

Max Age >= 2 × (Hello Time + 1.0 second)

2 × (Forward Delay – 1.0 second) >= Max Age

To change the Max Age , Forward Delay and Hello Timer (see

Figure 48):

1. Enter the Max Age in the text box to the right of Max Age (6..40 sec) label.

2. Enter the Hello Time in the text box to the right of the Hello Time (1..10 sec) label.

3. Enter the Forward Delay in the text box to the right of the Forward Delay (4..30 sec) label.

4. Click on the Update Setting button.

5.

Save the configuration (see the Save Configuration Page)

88

Figure 48: Max Age, Hello Timer & Forward Delay

tBOX400-510-FL Firmware Manual

RSTP Port Setting Page

To navigate to the STP/Ring RSTP Port Setting page:

1. Click on the + next to STP/Ring .

2. Click on RSTP Port Setting.

Spanning Tree Port Roles

In a stable RSTP topology, each port on a switch can function in any one of 4 different

Spanning Tree port roles. These Spanning Tree port roles are (see Figure 49):

Root Port

Designated Port

Alternate Port

Backup Port

Figure 49: Spanning Tree Port Roles

89

tBOX400-510-FL Firmware Manual

Path Cost & Port Priority

By default, each port on a Spanning Tree switch will be assigned a Path Cost based on the port’s transmission speed according to the IEEE standard below:

Link speed Recommended value

Less than or equal 100Kb/s 200,000,000

1 Mb/s

10 Mb/s

20,000,000

2,000,000

100 Mb/s

1 Gb/s

10 Gb/s

100 Gb/s

1 Tb/s

10 Tb/s

200,000

20,000

2,000

200

20

2

By default each port on a Spanning Tree switch will be assigned a Port Priority of

128, according to the IEEE standard. This Port Priority is part of the Port ID, which is

a concatenation of 2 values: Port Priority (4 bits) + Interface ID (12 bits) (see 如下 )

Figure 50: Port ID

Port Priority is part of the Port ID, which is a concatenation of 2 values: Port Priority

(4 bits) + Interface ID (12 bits).

The default values will work fine in most scenarios; however, there are times when you may need to adjust these values manually in order to influence the location of the Alternate Port, the Root Port or the Backup Port.

90

tBOX400-510-FL Firmware Manual

To adjust the Port Priority value or the Path Cost value on a port:

1. Choose the correct port from the drop down list under Port

(see 如下 )

2. Enter the proper value under the Priority (Granularity 16) a. The Port Priority range is between 0 and 240 in multiples of 16.

3. Enter the proper value under the Admin. Path Cost entry field. a. The Path Cost range is between 1 and 200,000,000.

4. Click on the Update Setting button

5. Save your configuration (see the Save Configuration Page).

Figure 51: Port Priority and Path Cost

Point to Point Link

By default, RSTP will assume any full-duplex link as a Point to Point Link , but if the switch detects that the neighbor switch is not running the RSTP protocol, it will assume the port to be a Shared Port . You can force a port to be a Shared Port , if you know in advance that there will be more than one switch connecting to this link (through an unmanaged switch, for example), or if you know in advance that the other switch on this link will be running the older STP protocol.

To manually force a port to be a Shared Port or a Point to Point Link:

1. Choose the correct port from the drop down list under Port , and choose Enable or Disable under Point to Point Link

(see Figure 51).

2. Click on the Update Setting button.

3. Save the configuration (see the Save Configuration Page)

91

tBOX400-510-FL Firmware Manual

Edge Port

By enabling the Edge Port feature on a port, the switch will stop reacting to any linkup event on this port, and will not send out any Topology Change notification to the neighbor bridges.

1. Choose the correct port from the drop down list under Port , and choose Enable or Disable under Edge Port

(see Figure 51).

2. Click on the Update Setting button.

3. Save the configuration (see the Save Configuration Page)

RSTP Configuration Examples Using CLI Commands

Enabling the Spanning Tree Protocol

To enable the Spanning Tree function on a switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: no bridge shutdown 1 bridge 1 protocol rstp vlan-bridge

Usage Example: switch_a(config)# no bridge shutdown 1 switch_a(config)# bridge 1 protocol rstp vlan-bridge

Bridge Priority, Max Age, Forward Delay, and Hello Time

To configure the Bridge Priority, Max Age, Forward Delay, and Hello Time of a Spanning

Tree Bridge, please use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 priority <0-61440> bridge 1 max-age <6-40> bridge 1 forward-time <4-30> bridge 1 hello-time <1-10>

Usage Example: switch_a(config)# bridge 1 priority 4096 switch_a(config)# bridge 1 max-age 20 switch_a(config)# bridge 1 forward-time 15

92

tBOX400-510-FL Firmware Manual switch_a(config)# bridge 1 hello-time 2

Modifying the Port Priority and Path Cost

To modify the Port Priority and Path Cost on a switch, use the below CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: bridge-group 1 path-cost <1-200000000> bridge-group 1 priority <0-240>

Usage Example: switch_a(config-if)# bridge-group 1 path-cost 200000 switch_a(config-if)# bridge-group 1 priority 128

Manually Setting a Port to be a Shared or Point to Point Link

To manually force a port to be a shared link or Point-to-point link, use the below CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: spanning-tree link-type point-to-point spanning-tree link-type shared

Usage Example 1: Setting port 1 to be point-to-point: switch_a(config-if)# spanning-tree link-type point-to-point

Usage Example 2: Setting port 1 to be shared: switch_a(config-if)# spanning-tree link-type shared

Enabling/Disabling a port to be an Edge Port

To manually enable or disable a port to be an Edge Port , use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: spanning-tree edgeport no spanning-tree edgeport

93

tBOX400-510-FL Firmware Manual

Usage Example 1: Enabling edge port on port 1: switch_a(config-if)# spanning-tree edgeport

Usage Example 2: Disabling edge port on port 1: switch_a(config-if)# no spanning-tree edgeport

STP/Ring Page - Configuring MSTP

The MSTP protocol adds a new concept called a Region to the Spanning Tree algorithm.

Unlike RSTP and STP, inside each MSTP Region, there can be more than one instance of

Spanning Tree Protocol running simultaneously. The MSTP protocol can then map multiple

VLANs to each instance of Spanning Tree protocol to provide load balancing among the switches. Between Regions, the MSTP runs a single instance of Spanning Tree similar to, and is backward compatible with, the RSTP protocol.

Enabling the MSTP Protocol

Navigate to the STP/Ring Global Configuration page:

1. Click on the + next to STP/Ring .

2. Click on Global Configuration .

3. Verify that the Spanning Tree Protocol is enabled (see Figure 52), if not, choose

Enabled from the Spanning Tree Protocol drop down list.

4. Choose MSTP in the STP Version drop down list.

5. Click on the Update Setting button.

6. Save the configuration (see the Save Configuration Page).

94

tBOX400-510-FL Firmware Manual

Figure 52: Enabling MSTP on STP/Ring Global Configuration Page

The CIST Root Bridge & Backup CIST Root Bridge

In order to configure a switch to be the CIST Root Bridge of a Spanning Tree network, you just have to make sure that the Bridge Priority (which is the most significant 4 bits of the

Bridge ID) of the switch is the lowest among any of the switches on the network. Similarly for the Backup CIST Root Bridge, it must have the next lowest Bridge Priority of all the switches.

This Bridge ID is a concatenation of 3 values: a 4 bit Bridge Priority (most significant), a 12 bit System ID (less significant), and the 48 bit MAC address of the local switch (least

significant) (see 如下 ).

Figure 53: Bridge ID

95

tBOX400-510-FL Firmware Manual

Setting Bridge Priority

To set the Bridge Priority:

1. Enter the Bridge Priority ID in the text box to the right of Bridge Priority

(0..61440)

2. Click on the Update Setting button.

Note: The valid values for this parameter are from 0 to 61440, in increments of

4096; you will see this value reflected in the first hexadecimal digit of the Bridge ID field after you click the Update Setting

button (See Figure 54). Set this value to be less than

any other switch on the network, in order to make this switch the Root Switch. To set a

Backup Root Bridge set the Bridge ID to be between the Root Bridge and the rest of the network switches.

96

Figure 54: Bridge ID Display

tBOX400-510-FL Firmware Manual

Configuring the CST Network Diameter

When using MSTP, the Max Age parameter is used for the CST (Common Spanning Tree) topology simply as a hop count limit on how far the Spanning Tree protocol packet can propagate throughout the CST topology, therefore, the Max Age must be configured with a value that is greater than the network diameter of the CST topology. The Max Age parameter will need to be configured correctly on both the CIST Root Bridge as well as on the Backup CIST Root Bridge (in the event when the CIST Root Bridge fails).

Setting the MAX Age, Forward Delay and Hello Timer

Navigate to the STP/Ring Global Configuration page:

1. Click on the + next to STP/Ring .

2. Click on Global Configuration .

Relationship between Max Age, Forward Delay and Hello Time

The following rules must be followed when setting the Max Age , Forward Delay and

Hello Timer :

Max Age >= 2 × (Hello Time + 1.0 second)

2 × (Forward Delay – 1.0 second) >= Max Age

To change the Max Age , Forward Delay and Hello Timer

(see Figure 55):

1. Enter the Max Age in the text box to the right of Max Age (6..40 sec) label.

2. Enter the Hello Time in the text box to the right of the Hello Time (1..10 sec) label.

3. Enter the Forward Delay in the text box to the right of the Forward Delay (4..30 sec) label.

4. Click on the Update Setting button.

5.

Save the configuration (see the Save Configuration Page)

97

tBOX400-510-FL Firmware Manual

Figure 55: Max Age, Hello Timer & Forward Delay

MSTP Properties Page

Configuring an MSTP Region

In order to form a MSTP Region, the switches that will be connected together to form the

MSTP Region must have the same values for the configuration parameters listed below.

Two of the parameters can be configured directly, the third parameter (Configuration Digest) will be automatically calculated by the switch based on the VLAN to MSTI (Multiple

Spanning Tree Instance) mapping. The VLAN to MSTI instance mapping must be the same for all the switches within the same MSTP Region

(see MSTP Instance Setting Page).

Region name

Revision level

Configuration Digest

To navigate to the STP/Ring MSTP Properties page:

98

tBOX400-510-FL Firmware Manual

1. Click on the + next to STP/Ring .

2. Click on MSTP Properties.

To configure both the MSTP Regional Configuration Name and the Revision Level for each

of the switches located in the same MSTP Region (see 如下 ):

1. Enter the Region Name of the Region that the switch will belong to in the Region

Name entry field,

2. Enter the Revision Level value for the corresponding Region in the Revision Level entry field.

3. Click on the Update Setting button.

4.

Save the configuration (see the Save Configuration Page)

Figure 56: MSTP Region and Revision Level

Configuring the IST Network Diameter

To navigate to the STP/Ring MSTP Properties page:

1. Click on the + next to STP/Ring .

2. Click on MSTP Properties.

In the MSTP protocol, the Max Hops parameter is used for the IST (Internal Spanning Tree) and the MSTI (Multiple Spanning Tree Instance) topology as a hop count limit on how far the

Spanning Tree protocol packet can propagate inside of a MSTP Region, therefore, it must

99

tBOX400-510-FL Firmware Manual be configured with a value that is greater than the network diameter of the IST/MSTI topology. The Max Hops parameters should be configured correctly on the CIST Root and the Backup CIST Root switch and on all of the Boundary switches of a MSTP Region (if there are multiple Regions within your MSTP network).

Follow the steps below to configure the Max Hops parameter:

1. Enter the desired hop count in the entry field next to Max Hops

2. Click on the Update Setting

button (see 如下 ).

3. Save the configuration (see the Save Configuration Page)

Figure 57: MSTP Properties – Max Hops

MSTP Instance Setting Page

Setting an MSTP Instance

Navigate to the STP/Ring MSTP Instance Setting page:

1. Click on the + next to STP/Ring .

2. Click on MSTP Instance Setting.

To create the Spanning Tree instances to be run inside a MSTP Region and its VLAN mappings, follow the below steps.

1. Click on the VLAN Instance Configuration

button (see Figure 58),

100

tBOX400-510-FL Firmware Manual

2. Choose the VLAN that you want to map to a MSTI instance from the VLAN ID drop

down box (see Figure 59).

3. Enter the Instance ID that you want the VLAN to map to In the entry field next to

Instance ID (1..15) .

4. Click on the Update Settings button.

5. Save the configuration (see the Save Configuration Page)

Note: You can enter a new instance number here, which is how a new MSTI instance is created. You can use an existing MSTI instance if it has already been created on another switch.

Figure 58: VLAN Instance Configuration

Figure 59: VLAN Instance ID

101

tBOX400-510-FL Firmware Manual

Modifying MSTP parameters for load balancing

To navigate to the STP/Ring MSTP Instance Setting page:

1. Click on the + next to STP/Ring .

2. Click on MSTP Instance Setting.

To load balance switches within a MSTP Region, set different switches within the MSTP

Region to be the Root Bridge for different MSTI instances. A Root Bridge in a particular

MSTI instance is called a MSTI Regional Root Bridge.

To designate a specific switch in a MSTP Region to be the Root Bridge in a specific MSTI instance, the bridge priority must be set to be the lowest number of all the switches in a particular MSTI instance.

To set the bridge priority on the switch for a specific MSTI Instance (see Figure 60):

1. Choose the particular instance in the Instance ID drop down list for which the switch will be a MSTI Regional Root Bridge;

2. Enter the desired value in the Bridge Priority text box

3. Click on the Update Setting button. The valid values for this parameter are from 0 to

61440, in increments of 4096.

4. Save the configuration (see the Save Configuration Page)

102

Figure 60: Setting the MSTI Regional Root Bridge

tBOX400-510-FL Firmware Manual

MSTP Port Setting page

Adjusting the blocking port in a MSTP network

To navigate to the STP/Ring MSTP Port Setting page:

1. Click on the + next to STP/Ring .

2. Click on MSTP Port Setting.

You can adjust the location of the blocking port in a MSTP network by modifying the Port

Priority and the Path Cost of the ports on the switch. Modifying the Port Priority adjusts the blocking port between two switches. Modify the Port Cost adjusts the location of the blocking port in a MSTP loop.

To modify the Port Priority and the Path Cost of the ports on a MSTP switch for the MSTI instance only, please follow the below steps:

1. Choose the correct MSTI Spanning Tree instance from the drop down list under

Instance ID

(see Figure 61).

2. Choose the correct port number from the drop down list under Port , and enter the proper value under the Priority and the Admin. Path Cost text box,

3. Click on the Update Setting

button (see Figure 61).

4. Save the configuration (see the Save Configuration Page)

103

tBOX400-510-FL Firmware Manual

Figure 61: Port Cost & Priority

MSTP Instance Port Membership

To navigate to the STP/Ring MSTP Port Settings page:

1. Click on the + next to STP/Ring .

2. Click on MSTP Port Setting.

If changes have been made to the port membership of a VLAN, you must also reconfigure the MSTP port membership for the MSTP instance that the VLAN maps to.

To reconfigure the MSTP instance port membership:

1. Click on the Port Instance Configuration

button (see Figure 62)

2. Choose the correct MSTP instance from the drop down list next to Instance ID (see

Figure 63).

3. Check the box next to all the ports that should be part of this instance

4. Click on the Update Setting button.

5.

Save the configuration (see the Save Configuration Page)

104

tBOX400-510-FL Firmware Manual

Figure 62: Port Instance Configuration

Figure 63: Port Instance - Adding Ports

MSTP Configuration Examples Using CLI Commands

Enabling Spanning Tree for MSTP

To enable the Spanning Tree function on a switch use the below CLI commands.:

CLI Command Mode: Global Configuration Mode

105

tBOX400-510-FL Firmware Manual

CLI Command Syntax: no bridge shutdown 1 bridge 1 protocol mstp

Usage Example: switch_a(config)# no bridge shutdown 1 switch_a(config)# bridge 1 protocol mstp

Bridge Priority, Max Age, Forward Delay, and Hello Time

To configure the CIST Bridge Priority, Max Age, Forward Delay, and Hello Time of a

Spanning Tree Bridge, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 priority <0-61440> bridge 1 max-age <6-40> bridge 1 forward-time <4-30> bridge 1 hello-time <1-10>

Usage Example: switch_a(config)# bridge 1 priority 4096 switch_a(config)# bridge 1 max-age 20 switch_a(config)# bridge 1 forward-time 15 switch_a(config)# bridge 1 hello-time 2

IST MAX Hops

To configure the IST Max Hops parameter on a switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 max-hops <1-40>

Usage Example: switch_a(config)# bridge 1 max-hops 20

106

tBOX400-510-FL Firmware Manual

MSTP Regional Configuration Name and the Revision Level

To configure both the MSTP Regional Configuration Name and the Revision Level on a switch, use the following CLI commands:

CLI Command Mode: MSTP Configuration Mode

CLI Command Syntax: bridge 1 region < region_name > bridge 1 revision < revision_number>

Usage Example: switch_a(config)# spanning-tree mst configuration switch_a(config-mst)# bridge 1 region R1 switch_a(config-mst)# bridge 1 revision 0

Creating an MSTP Instance

To create a MSTP instance and map it to a VLAN, use the following CLI commands:

CLI Command Mode: MSTP Configuration Mode

CLI Command Syntax: bridge 1 instance <1-15> vlan <vlan_ID>

Usage Example: switch_a(config)# spanning-tree mst configuration switch_a(config-mst)# bridge 1 instance 1 vlan 10

Setting MSTP Priority

To set the MSTI priority of a switch in a MSTP Region, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 instance <1-15> priority <0-61440>

Usage Example: switch_a(config)# bridge 1 instance 1 priority 0

107

tBOX400-510-FL Firmware Manual

Modifying CIST Port Priority and Port Path Cost

To modify the CIST Port Priority and CIST Port Path Cost on a switch, use the below CLI commands:

CLI Command Mode: Interface Configuration Mode (port)

CLI Command Syntax: bridge-group 1 path-cost <1-200000000> ; bridge-group 1 priority <0-240>

Usage Example: switch_a(config-if)# bridge-group 1 path-cost 200000 switch_a(config-if)# bridge-group 1 priority 128

To modify the MSTP Port Priority and MSTP Port Path Cost for an Instance on a switch, please use the below CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: bridge-group 1 instance <1-15> path-cost <1-200000000> bridge-group 1 instance <1-15> priority <0-240>

Usage Example: switch_a(config-if)# bridge-group 1 instance 1 path-cost 20000 switch_a(config-if)# bridge-group 1 instance 1 priority 128

Adding a Port to an MSTP Instance

To add a port to a MSTP instance (this port must be a member port of the VLAN that is mapped to the MSTP instance), please use the below CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: bridge-group 1 instance <1-15>

Usage Example:

108

tBOX400-510-FL Firmware Manual switch_a(config-if)# bridge-group 1 instance 1

STP/RING PAGE - ALPHA RING

Alpha Ring Setting Page

To navigate to the STP/Ring Alpha -Ring Settings page:

1. Click on the + next to STP/Ring .

2. Click on Alpha-Ring Setting.

Alpha-Ring Technology

The Alpha-Ring protocol was designed and developed by to overcome traditional

STP and RSTP’s inability to provide fast network recovery and minimize packet loss caused by link failure. Among the advantages of Alpha-Ring are:

High-speed Recovery – Less than 15 milliseconds

Flexibility for Network Deployment – Coexistence with STP, RSTP, and MSTP

Ring Coupling – Smaller rings coupled together to increase network efficiency

Implementing a Simple Alpha-Ring

1. Change the Ring State to Enabled

2. Click on the Update Setting button.

Next, the ports that will be used to connect this switch to the Alpha-Ring need to be assigned to provide the connection redundancy.

1. Change Ring Port 1 to the port you will be using for the first redundant connection

2. Change Ring Port 2 to the port you will be using for the second redundant connection.

3. Click on the Update Setting button.

4. Save the configuration

109

tBOX400-510-FL Firmware Manual

Figure 64: Alpha-Ring Settings

Connecting two Alpha-Ring Networks together

To navigate to the STP/Ring Alpha-Ring Settings page:

1. Click on the + next to STP/Ring .

2. Click on Alpha-Ring Setting .

As additional switches are added to a network, it may become necessary to connect multiple

Alpha-Ring networks together. This is called Ring-coupling and uses two additional

Ethernet ports on the switch. To setup Ring-coupling (see Figure below):

1. Change the Ring-coupling state to Enable .

2. Click on the Update Setting button next to the Ring-coupling state.

3. Choose the desired port from the drop-down list under Ring Coupling Port 1

4. Choose the desired port from the drop-down list under Ring Coupling Port 2

5. Click on the Update Setting button.

6. Save the configuration.

110

tBOX400-510-FL Firmware Manual

Figure 65: Ring Coupling

Configuring Alpha Ring using CLI commands

For more information on CLI command usage see CLI Command Usage .

Enable Alpha Ring Protocols

To enable the Alpha Ring protocols, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 ring enable/disable

(no) ring v2 enable

Usage Example 1: Enabling alpha ring switch_a> enable switch_a# configure terminal switch_a(config)# bridge 1 ring enable switch_a(config)# q switch_a#

Set the Ring Ports

To configure the ports used in the ring, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ring set-port <interface1> <interface2>

( interface1 and interface2 will be set as ring-port 1 and ring-port 2 )

111

tBOX400-510-FL Firmware Manual

Usage Example 1: switch_a> enable switch_a# configure terminal switch_a(config)# ring set-port fe2 fe3 switch_a(config)# q switch_a#

Show Ring, Port and All States

There are three CLI commands for viewing Alpha Ring statuses:

CLI Command Mode: Privileged Exec Mode

CLI Commands: show ring state -- Shows ring service state as enable or disabled.

show ring port-state -- Shows whether ring ports are in BLOCK or

FORWARD mode.

Usage Example 1: switch_a> enable switch_a# show ring state switch_a(config)# ring enable switch_a(config)# show ring port-state ring-port 1 fe2 BLOCK ring-port 2 fe3 FORWARD

Enable Ring Coupling

To enable the ring to be coupled to another ring, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: (no) ring-coupling enable

Usage Example 1: switch_a> enable switch_a# configure terminal switch_a(config)# ring-coupling enable switch_a(config)# q switch_a#

112

tBOX400-510-FL Firmware Manual

Set Ring Coupling Ports

To define the ports that will be used for ring coupling, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ring set-coupling-port <interface1> <interface2>

Usage Example 1: Set ports fe7 and fe8 as coupling ports for connection to another ring switch_a> enable switch_a# configure terminal switch_a(config)# ring set-coupling-port fe7 fe8 switch_a(config)# q switch_a#

Show Ring Coupling, Port Coupling, and Redundancy Pair States

To view the statuses of ring couplings and rings connected by redundancy pair, use the following CLI commands:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show ring-coupling state

CLI Command Syntax: show ring-coupling port-state

Usage Example 1: switch_a> enable switch_a# show ring-coupling state ring-coupling enable switch_a(config)# show ring-coupling port-state ring-coupling-port 1 fe7 DOWN ring-coupling-port 2 fe8 DOWN switch_a(config)# q switch_a#

STP/Ring Page

Alpha Chain Protocol

Although the Spanning Tree Protocols are very versatile in forming all possible redundant topologies, its re-convergence time is too slow for most mission critical applications. The

Alpha Ring protocol can be used in mission critical applications to recover from a link failure in 15 milliseconds or less. However, with the Alpha Ring protocols (Alpha Ring, Alpha Ring-

113

tBOX400-510-FL Firmware Manual

Coupling), the redundant topologies that these protocols can be applied to will be limited to at the most two Rings per switch. Alpha Chain protocol can be used independently, or in conjunction with the Alpha Ring protocols, to form almost limitless redundant topologies, all with the recovering time from a link failure in less than a second. With the Alpha Chain protocol, a redundant network segment can be created anywhere that a single path of daisychained switches exists.

General Overview

To insure that the Alpha Chain protocol will function properly on your network, please follow the minimum configuration guidelines listed below for the two types of Alpha Chain switches

(Chain Port switch, Chain-pass-through switch).

There are two types of port configurations used in the Alpha Chain setup. The flexibility of

Alpha Chain allows for many different types of topologies to be created.

Alpha Chain Port – Alpha Chain Ports make up the Beginning and End of an Alpha

Chain. Each Alpha Chain segment contains a Master and a Slave port. The Master and Slave ports can be on one switch or they can be on two different switches.

Chain Pass-Through Port – Every port that is part of the chain that is not a Master or Slave Alpha Chain port must be configured as a Chain Pass-Through port.

Alpha Chain Settings

To navigate to the STP/Ring Alpha-Chain Setting page:

1. Click on the + next to STP/Ring .

2. Click on Alpha-Chain Setting.

Global Settings

To configure Alpha Chain use the instructions below:

1. VLAN (91-4096, default: 1) - In the text entry, enter the VLAN number of a VLAN

that is supported on all the switches in the Alpha Chain segment (see Figure 66:

Alpha Chain Setting).

2. Priority (0-255, default:128) - The Chain Port switch(es) at the ends of an Alpha

Chain segment will automatically determine which Chain Port switch should be forwarding and which should be blocking. However, if you should have a preference as to which Chain Port switch should be forwarding on the Alpha Chain segment, then you can enter a priority number in the range of 0-255 , in the entry field, to control if the local switch will be forwarding or blocking.

114

tBOX400-510-FL Firmware Manual a.

Enter a number that is lower than the partner Chain Port switch’s Priority setting, if you want the local switch to be the forwarding Chain Port switch. b.

Enter a number that is higher than the partner Chain Port switch’s Priority setting, if you want the partner Chain Port switch to be the forwarding switch.

3. Timeout Count (3-255, default:5) - Enter the number PDUs (protocol data units) that a Chain Port is allowed to miss into the entry field. a. The Alpha Chain protocol works by sending PDUs between two Chain Ports to determine the forwarding and blocking status of each the two Chain Ports at the end points of an Alpha Chain Segment. One PDU is sent every 200 milliseconds. You can configure the number PDUs that a Chain Port is allowed to miss, before the port determines a link failure has occurred.

4. Storm Control (broadcast and multicast) - Choose Disable or Enable from the dropdown list. a. Warning!

When this option is enabled, all the ports on the switch will have the Storm Control feature automatically enabled.

5. Click on the Submit button to load the changes into the running configuration.

Figure 66: Alpha Chain Setting

Configuring the Alpha Chain Ports

1. Check the check box next to the port number of the ports that you want to be configured as a Chain Port.

2. Click on the Submit button to load the changes into the running configuration.

115

tBOX400-510-FL Firmware Manual

Figure 67: Chain Ports

– Master and Slave on one Switch

Figure 68: Chain Ports – Master Chain Port

Alpha Chain Pass-Through Setting

To navigate to the Chain Pass-Through Setting page:

1. Click on the + next to STP/Ring .

2. Click on Chain Pass-Through Setting.

To configure the Alpha Chain Pass-Through ports:

1. From the drop-down list below the Chain Pass-Through Port 1 heading, choose one of the daisy chained ports on the switch to be the Chain Pass-Through Port #1 for the switch.

116

tBOX400-510-FL Firmware Manual

2. Next, from the drop-down list below the Chain Pass-Through Port 2 heading choose the remaining daisy chained port on the switch to be the Chain Pass-Through

Port #2 for the switch.

3. To change the port number for either of the Chain pass-through ports on the switch, you must first click on the Disable button to clear the settings for both Chain Pass-

Through ports. Repeat the previous steps to set the new port numbers to be Chain

Pass-Through.

4. Click on the Submit button to load the changes into the running configuration.

Figure 69: Chain Pass-Through Settings

Configuring Alpha Chain using CLI commands

Storm Control

To disable the automatic enabling of Storm Control feature on all the ports, use the following

CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: no bridge 1 chain-storm

Usage Example: switch_a(config)# no bridge 1 chain-storm

Configuring Chain Ports

To configure the Chain Ports on a Chain Port Switch, use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

117

tBOX400-510-FL Firmware Manual

CLI Command Syntax: chain port enable no chain port

Usage Example 1: Enabling a chain port switch_a(config)# interface fe6 switch_a(config-if)# chain port enable

Configuring Chain Pass-Through Ports

To configure the Chain Pass-Through Ports on a Chain Pass-through Switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: chain pass-through <port #1 port #2> no chain pass-through

Usage Example 1: Enabling chain pass-through switch_a(config)# chain pass-through fe3 fe4

Usage Example 2: Disabling chain port pass-through switch_a(config)# no chain pass-through

STP/Ring Page - Advanced Setting

To navigate to the STP/Ring Advanced Setting page:

1. Click on the + next to STP/Ring .

2. Click on Advanced Setting.

Advanced Bridge Configuration

The Advanced Setting Page contains several settings to determine how the switch will handle BPDU packets.

118

tBOX400-510-FL Firmware Manual

Bridge bpdu-guard configuration - When the BPDU Guard feature is set for a bridge, all portfast-enabled ports of the bridge that have bpdu-guard set to default shut down the port on receiving a BPDU. In this case, the BPDU is not processed.

Error disable timeout configuration – Enabling this allows a Disabled port to reenable itself automatically after the specified Interval.

Interval – Default is 300 seconds. This is the length of time a port will remain disabled after shutting down due to the bpdu-guard .

Figure 70: Advanced Bridge Configuration

Advanced Per Port Configuration

Portfast Configuration / status – Enabling this for Edge ports (ports connecting to an end device as opposed to another switch) protect the

BPDU-Guard Configuration – When set to Default the port will default to the

Advanced Bridge Configuration settings. Enable or Disable to override the Bridge

BPDU-Guard

119

tBOX400-510-FL Firmware Manual

120

Figure 71: Advanced Per Port Configuration

tBOX400-510-FL Firmware Manual

Configuring Spanning Tree Advanced Settings using CLI commands

Enabling BPDU Guard Globally

To enable the BPDU Guard feature globally on the switch use the below CLI commands

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 spanning-tree portfast bpdu-guard

Usage Example: switch_a(config)# bridge 1 spanning-tree portfast bpdu-guard

Enabling BPDU Guard on a Port

To enable the BPDU Guard feature on an individual switch port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: spanning-tree portfast; spanning-tree portfast bpdu-guard enable

Usage Example: switch_a(config-if)# spanning-tree portfast switch_a(config-if)# spanning-tree portfast bpdu-guard enable

Enabling BPDU Guard Error Disable-timeout

To enable the BPDU Guard Error Disable-timeout feature on a switch port, and set the timeout interval, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: bridge 1 spanning-tree errdisable-timeout enable bridge 1 spanning-tree errdisable-timeout interval 300

Usage Example:

121

tBOX400-510-FL Firmware Manual switch_a(config)# bridge 1 spanning-tree errdisable-timeout enable switch_a(config)# bridge 1 spanning-tree errdisable-timeout interval

300

VLAN

Port Based VLAN vs. Tagged Based VLAN

The Managed Switch can be configured to operate in one of two VLAN modes: Port based

VLAN mode or Tagged based VLAN mode. In Port based VLAN mode, packets from different VLANs can only be segregated from one another while within a single switch, but not when the packets travel to other switches in the network. The VLAN association rule for all incoming packets in Port based VLAN mode is determined only by the VLAN ID that is associated with the port when a packet enters the switch.

In Tagged based VLAN mode, traffic from different VLANs can be segregated from one another even after it travels to another switch. This is done by “tagging” (inserting information inside a packet) a packet with the VLAN ID that the packet belongs to when the packet exits the switch. The VLAN association rule for incoming packets in Tag based VLAN mode can either be based on the VLAN ID that is assigned to the port (PVID) when a packet enters the switch (in the event when the packet does not contain a VLAN ID), or it can be determined from the packet itself (when the packet does contains a VLAN ID).

VLAN Configuration in 802.1Q Tag Based VLAN Mode

General Overview

802.1Q VLAN configuration consists of the following four elements:

1. Creating all VLANs in the VLAN database.

2. Configuring an incoming untagged packet’s VLAN association rule: this is accomplished by configuring the PVID setting on each individual port.

3. Configuring the ports that are associated with a VLAN to allow the packets that belong to that VLAN to exit and enter the switch through that port.

122

tBOX400-510-FL Firmware Manual

4. Configuring the tag action on the outgoing packets for each VLAN, that is to say, deciding on whether or not an outgoing packet will be tagged with the VLAN number that the packet belongs to.

All ports on the Managed Switch can be configured with different Port Types that have different tagging restrictions as defined below.

Access Port - If a port is configured to be an Access Port, then this port can only be a member of a single VLAN based on the Access Port’s PVID VLAN setting, and this port’s outgoing packets cannot be modified to contain a VLAN Tag.

Trunk Port - If a port is configured to be a Trunk Port, then this port can be a member of multiple VLANs. This port’s outgoing packets will be automatically modified to contain a VLAN tag of the VLAN that the packet belongs to, with the exception of the PVID VLAN on that port. The PVID VLAN on a Trunk Port will not be automatically modified to contain a VLAN tag of the PVID VLAN.

Hybrid Port - A Hybrid Port has no restriction on it. If a port is configured to be a

Hybrid Port, then this port can be a member of multiple VLANs, and this port’s outgoing packets can be configured to be either with or without a VLAN tag of the

VLAN that the packet belongs to, including the PVID VLAN of the Hybrid Port.

For all three types of ports above, if an incoming packet contains a VLAN tag, then the packet’s VLAN association rule will be based on the VLAN Tag.

Configuring VLAN Database

To navigate to the VLAN Setting page:

1. Click on the + next to VLAN .

2. Click on VLAN Setting.

To configure the VLAN Database, do the following:

1.

Click on the Add VLAN

button (see Figure 72).

Figure 72: Add VLAN

123

tBOX400-510-FL Firmware Manual

2. Enter the VLAN ID .

3. Enter the VLAN Name .

4. Select Attach or Detach for the CPU Port.

a. Attaching the CPU to a VLAN is typically done on the Management VLAN.

5. Select the ports to be a member of the VLAN (see Configuring the VLAN Egress

(outgoing) Member Ports)

6. Click on Submit button.

7. Repeat for all the VLANs that are needed.

8. Save the configuration (see the Save Configuration Page)

Figure 73: Add VLAN Page

802.1Q Tag Based VLAN Configuration Examples Using

CLI Commands

Configuring a 802.1Q VLAN

To configure a 802.1Q VLAN on a switch use the following CLI commands

CLI Command Mode: VLAN Database Configuration Mode

CLI Command Syntax: switchport portbase add vlan <1 – 16> vlan <1 – 4094> bridge 1 name VLAN NAME state enable

Usage Example: switch_a(config)# vlan database switch_a(config-vlan)# vlan 100 bridge 1 name Management state enable switch_a(config-vlan)# vlan 200 bridge 1 name Accounting state enable

124

tBOX400-510-FL Firmware Manual switch_a(config-vlan)# vlan 300 bridge 1 name Sales state enable

Configuring an IP Address for a Management VLAN

To configure the IP address for the management VLAN use the following CLI commands

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: ip address IP_ADDRESS/PREFIX [e.g. 10.0.0.1/24]

Usage Example: switch_a(config)# interface vlan1.100

switch_a(config-if)# ip address 192.168.100.10/24

Removing an IP Address from a Management VLAN

To remove an IP address from a management VLAN use the following CLI commands

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: no ip address

Usage Example: switch_a(config)# interface vlan1.100

switch_a(config-if)# no ip address

Configuring an Access Port

To configure an Access Port use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: switchport mode access

CLI Command Syntax: switchport access vlan <1 – 4094>

Usage Example: switch_a(config-if)# switchport mode access switch_a(config-if)# switchport access vlan 100

125

tBOX400-510-FL Firmware Manual

Configuring a Trunk Port

To configure a Trunk Port use the following CLI commands:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: switchport mode trunk

CLI Command Syntax: switchport trunk allowed vlan add 100,200,300

CLI Command Syntax: switchport trunk native vlan 1

Usage Example: switch_a(config)# interface fe7 switch_a(config-if)# switchport mode trunk switch_a(config-if)# switchport trunk allowed vlan add 100,200,300 switch_a(config-if)# switchport trunk native vlan 1

Add an IP to the Management VLAN

To navigate to the System/IP Address page:

1. Click on the + next to System .

2. Click on IP Address.

To add an IP for a Management VLAN:

1. Enter the IP address and subnet mask for the management VLAN

2. Click on the Submit

button (see 如下 ).

3.

Save the configuration (see the Save Configuration Page)

126

Figure 74: Management VLAN IP Address

tBOX400-510-FL Firmware Manual

To delete an IP from a VLAN (the default VLAN, for an example):

1. Delete the IP and the subnet mask of the default VLAN and leave it as blank

2. Click on the Submit button.

Warning : Before completing the steps above, make sure that you have already set up another management IP on another VLAN, and have set up a port properly for accessing that VLAN.

Configuring the Port Type and the PVID setting

To navigate to the 802.1Q Port Setting page:

1. Click on the + next to VLAN .

2. Click on Port Setting.

To configure the proper port type and the PVID setting for each switch port:

1. Choose the port type for each port in the drop-down list (see General Overview for

port type details).

2. Enter the PVID VLAN for each port (see below).

3. Enter the Priority Level (optional).

4. Click on the Update Setting button.

5. Save the configuration (see the Save Configuration Page)

Warning : Modifying the Port Type using the Web GUI will cause that switch port to lose all its current VLAN membership and become a member port for the PVID VLAN only. You will lose your current connection to the switch, should you choose to modify the PVID of the port that connects your Computer to the switch.

127

tBOX400-510-FL Firmware Manual

Figure 75: VLAN Port Setting

Configuring the VLAN Egress (outgoing) Member Ports

To navigate to the VLAN Setting page:

1. Click on the + next to VLAN .

2. Click on VLAN Setting.

To configure the egress member ports for each VLAN:

1. Click on the VLAN link that you want to configure (see 如下 ).

128

Figure 76: VLAN Links

2. Check the check box next to the port number that should be the egress member port for this VLAN

3. Click on the Submit

button (see Figure 77).

tBOX400-510-FL Firmware Manual

Note : If an egress member port for a VLAN has the PVID set on that port to be the same as the VLAN, then that port will automatically be configured as an egress member port for the VLAN by the switch. If a check box is not checked and is grayed out, it is because that port is an Access Port with the PVID set to be a different VLAN than the current VLAN.

Figure 77: VLAN Ports

If any of the egress member ports are Hybrid ports, you must also configure the Tag

action on this port (see Figure 78).

4. Select the correct Tag option in the drop down list under Tag or Untag for this port.

5.

Click on the Submit button.

129

tBOX400-510-FL Firmware Manual

Figure 78: Tag or Untag ports

QOS

QoS (Quality of Service) refers to several related aspects of computer networks that allow the transport of traffic with special requirements. In particular, technology has been developed to allow computer networks to become as useful as telephone networks for audio conversations, as well as supporting new applications with even stricter service demands. Beyond the audio applications that QoS was originally intended, data traffic such as video or real-time information can benefit from QoS.

QoS as it pertains to the Managed Switch can be broken down into two types, CoS and

DCSP. CoS or Class of Service operates at Layer 2 and was developed by an IEEE working group in the 1990s. CoS uses a 3-bit field called the Priority Code Point (PCP) within an Ethernet frame header when using VLAN tagged frames as defined by IEEE

802.1Q. It specifies a priority value between 0 and 7, inclusive that can be used by QoS disciplines to differentiate traffic. Although this technique is commonly referred to as

IEEE 802.1p, there is no standard or amendment by that name published by the IEEE.

Rather the technique is incorporated into the IEEE 802.1Q standard which specifies the tag inserted into an Ethernet frame.

130

tBOX400-510-FL Firmware Manual

Eight different classes of service are available as expressed through the 3-bit PCP field in an IEEE 802.1Q header added to the frame. The way traffic is treated when assigned to any particular class is undefined and left to the implementation. The IEEE however has made some broad recommendations:

PCP Priority

1 0 (lowest)

1 1

2 2

3 3

4 4

5 5

6 6

7 7 (highest)

Acronym

BK

BE

EE

CA

VI

VO

IC

NC

Traffic Types

Background

Best Effort

Excellent Effort

Critical Applications

Video, < 100 ms latency and jitter

Voice, < 10 ms latency and jitter

Internetwork Control

Network Control

The above recommendations are implemented in the switch

’s 802.1p submenu.

DSPC or Diffserv Code Point uses the first 6 bits in the ToS field of the IP(v4) packet header. This type of QoS is primarily useful if the QoS needs to pass through a router or routers. We will touch on DSPC briefly later in this section.

Global Configuration Page

Web GUI Interface

To navigate to the QoS Global Configuration

page (see 如下 ):

1. Click on the + next to QoS .

2. Click on Global Configuration .

131

tBOX400-510-FL Firmware Manual

Figure 79: Enabling QoS

To Enable the QoS settings:

1. Enable QoS, by selecting the drop-down box to the right of the QoS option.

2. Choose CoS and/or DSCP next to the Trust option.

3. Select the desired option next to Policy: a. Strict Priority(Queue3) +WRR(Queue0-2) – Packets must be emptied from queue 3 first and the three remaining queues are emptied according the

WRR weights in the Weighted Round Robin section (see below).

b. WRR (Queue 0 – 3) – each queue is allowed to discharge a certain number of packets (according to the WRR weights in the Weighted Round Robin section) before moving to the next queue.

4. Enter the Weight for each queue in the Weight Round Robin section

5. Click on the Submit button.

6. Save the configuration (see the Save Configuration Page)

Note: Weighted Round Robin – There are four text fields, one for each queue (0 –

3). A number from 1 to 20 can be assigned for each queue. This number is used with

WRR policy and is the value of the number of packets that must be emptied from the queue before the next queue is considered. By default, these values are:

132

tBOX400-510-FL Firmware Manual

Queue Weight

0 1

1

2

3

2

4

8

QoS Global Configuration using the CLI Interface

This section gives information on Command line commands related to QoS and assumes the user has a working knowledge of connecting to the switch using Telnet, SSH or the

Serial port.. Telnet is enabled by default. To enable or disable Telnet or SSH see the

Management Interface section.

For more information on CLI command usage see CLI Command Usage.

Enabling/Disabling QoS

To get to the CLI level to configure QoS:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: mls qos enable no mls qos

Enable/Disable QoS Trust

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: mls qos trust <cos/dscp> no qos trust

Usage Example – Enable QoS Trust: switch_a(config)# mls qos trust cos

Usage Example – Disable QoS Trust: switch_a(config)# no mls qos trust

Configuring the Egress Expedite Queue

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: priority-queue strict priority-queue out

133

tBOX400-510-FL Firmware Manual no priority-queue out mls qos <WRR_WTS> (4 values separated by spaces. Range is 1-20 (See the

Usage Example).

Usage Example

– Enable QoS Strict Priority (Queue 3) + WWR (Queue 0-2): switch_a(config)# priority-queue out

Usage Example – Disable QoS Strict Priority: switch_a(config)# no priority-queue

Usage Example – The following example specifies the bandwidth ratios of the four transmit queues, starting with queue 0, on the switch. WRR_WTS Weighted Round Robin

(WRR) weights for the 4 queues (4 values separated by spaces). Range is 1-20.

switch_a(config)# wrr-queue bandwidth 1 2 4 8

802.1p Priority Page

Web Interface

To navigate to the QoS 802.1p Priority

page (see Figure 80):

1. Click on the + next to QoS .

2. Click on 802.1p Priority .

The 802.1p Priority page allows a user to assign the queues to VLAN priorities (see Global

Configuration Page for more information on queues).

Each VLAN priority is expressed as the three-bit PCP field in the 802.1Q header discussed previously. The values shown above are the default values with the higher VLAN priorities corresponding to the higher priority queues.

134

tBOX400-510-FL Firmware Manual

Figure 80: 802.1p Priority

By default, the higher priority queue 3 are assigned to VLAN priorities 6 and 7, queue 2 assigned to VLAN priorities 4 and 5; queue 1 assigned to VLAN priorities 2 and 3; and finally, queue 0 assigned to VLAN priorities 0 and 1.

After making any changes on the page, click on the Submit button to ensure that the changes are stored.

802.1p Priority Submenu

CLI Interface

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: wrr-queue cos-map <QUEUE_ID> <COS_VALUE>

Queue ID. Range is 0-3.

COS_VALUE CoS values. Up to 8 values (separated by spaces).

Usage Example The following example shows mapping CoS values 0 and 1 to queue 1 on the switch: switch_a(config)# wrr-queue cos-map 1 0 1

135

tBOX400-510-FL Firmware Manual

DSCP Page

HTTP Interface

The DSCP submenu is much like the 802.1p submenu except there are many more

DSCP priorities to choose from and they are all assigned to the lowest-priority queue,

0. For each DSCP priority, the user can change the value of the queue to between 0 and 3. See Figure 3 for more information:

Figure 81: DSCP

DSCP Submenu

CLI Interface

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: mls qos map dscp-queue <dscp_value> to <queue_ID> dscp_value: Up to 8 values (separated by spaces). Range is 0-63. queue_ID: Range is 0-3.

136

tBOX400-510-FL Firmware Manual

Usage Example The following example shows mapping DSCP values 0 to 3 to queue 1 on the switch: switch_a(config)# mls qos map dscp-queue 0 1 2 3 to 1

QoS Interface Commands

CLI Interface

To assign a VLAN Priority to an Interface:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: user-priority <0-7>

ACL (Access Control List)

The settings in the ACL feature of the switch can be used to control which packets are allowed to enter the switch (Packet Filtering), as well as to control the amount of bandwidth that can be allocated for those packets (Bandwidth Policing).

General Overview

The ACL feature on the Managed Switch filters packets through access control lists. Any combination of 4 different types of access control lists (called Access Lists) can be used for this purpose. These four different types of access control lists are explained below:

IP Access List:

This Access List can be used to filter IP packets bas ed on the packet’s source IP address only.

IP Access List (Extended):

This Access List can be used to filter IP packets based on the packet’s source and destination IP addresses, as well as the packet’s source and destination transport layer protocol port numbers.

MAC Access List:

This Access List can be used to filter Ethernet packets based on the packet’s source and destination Ethernet addresses as well as the packet’s Ethernet payload protocol number (EtherType).

Layer 4:

This Access List, if it is used by itself, can only be used to classify IP packets based

137

tBOX400-510-FL Firmware Manual only on the IP packet’s source and destination transport layer protocol port numbers.

Use this Access List in conjunction with another type of Access List mentioned above, if you wish to filter any packet from entry to the switch that did not match the classification rules from this Access Lists, otherwise all packets that did not match the classification rules of this Access List will also be allowed entry into the switch.

Note: You can use any combination of the above four types of Access Lists to filter packets through the ACL feature, the switch will apply these Access Lists in the order that they were configured. Since Access List filters allow packets through, there must be at least one catch all deny rule that can deny all types of packets from entry to the switch in the very last Access List, This will ensure that only packets specified in the access list will be allowed.

CONFIGURING ACL

To navigate to the ACL/ACL Configuration page:

1. Click on the + next to ACL .

2. Click on ACL Configuration.

In order to enable the ACL feature on the switch, the QoS feature must be enabled on the switch as well. In order to apply the ACL packet filtering features on a port, you must:

1. Create and configure an ACL Access List first.

2. Next, you will need to create and configure an ACL Class Map,

3. Associate the previously created ACL Access Lists to this ACL Class Map.

4. Next, create and configure an ACL Policy Map

5. Associate all the appropriate and necessary ACL Classes into this ACL Policy

Map.

6. Then apply this ACL Policy Map (and all the Access Lists that it contains) to a specific port.

To enable the ACL feature on the switch first enable the QoS feature using the steps below.

1. From the drop-down list next to QoS , choose the Enable option

2. Click on the Submit

button. For more details see QoS.

138

tBOX400-510-FL Firmware Manual

ACL Policy Map

To create a new ACL Policy Map, follow the instructions below.

1.

Make sure that the Create option is selected from the drop-down list next to Policy

Map

(see 如下 ).

2.

Next, make sure that the Create option is selected from the drop-down list under

Class Name

(see 如下 ).

Figure 82: Policy Map

Next, you will be creating a new ACL Access List which is necessary to create an ACL Class

Map. From the information listed below you will find the configuration steps necessary for all of the four available ACL Access Lists. You can choose one Access List from the below list and follow the steps there to complete the configuration for that Access List. One Access

List can be created during the initial ACL Policy Map creation process. After you have chosen just one Access List from below and have finished all the configuration steps for it, please continue onto step #3.

139

tBOX400-510-FL Firmware Manual

IP Access List

Figure 83: IP Access List

To configure an IP Access List (See Figure 83 above):

1. Select the IP Access List option from the drop-down list below Access List Type .

2. If you have already created an IP Access List previously and would like to apply it to the new ACL Class, then select the Access List number from the drop-down list next to Access List .

3. If you want to create a new IP Access List, make sure that the Create option is selected from the drop-down list next to Access List .

4. To give the new IP access list an ID, enter a number in the range from 1 – 99, or from 1300 – 1999, into the entry field next to the “Create” option drop-down list.

5. You can enter a source IP address to allow an IP packet with that source IP to gain entry into the switch. To do this, choose the permit option from the drop-down list under the Action column.

6. Next, enter the source IP address into the entry field from the IP address column.

7. Next, enter the Comparison Mask for the source IP address in reverse logic, into the entry field from the Mask column. In reverse logic, 255.255.255.0 would be 0.0.0.255.

8. Next, click on the Add button.

9. You can enter a source IP address in order to deny an IP packet with that source IP to gain entry into the switch. To do so, you must choose the deny option from the

140

tBOX400-510-FL Firmware Manual drop-down list under the Action column. Next, enter the IP address and mask as described in step 6 and 7. a.

You can also use the any wild card in lieu of entering a source IP address in the entry field from the IP address column. You will need to do this if you wish to deny any additional IP packet from entry to the switch that did not match any of the previous rules from all the previous access control lists, otherwise these additional IP packets will also be allowed entry into the switch.

IP Access List (Extended)

Figure 84: Access List Extended

1. Select the IP Access List (Extended) option from the drop-down list below Access

List Type

(see Figure 84)

2. To apply an existing Extended IP Access to the new ACL Class, then select the

Access List number for the previously configured Extended IP Access List from the drop-down list next to Access List .

3. if you want to create a new Extended IP Access List, verify that the Create option is selected from the drop-down list next to Access List .

141

tBOX400-510-FL Firmware Manual

4. To give this particular Extended IP access list an ID, enter a number in the range from 100

– 199, or from 2000 – 2699, into the entry field next to the

Create option drop-down list.

5. You can enter a source and a destination IP address to allow an IP packet with these pair of IP addresses to gain entry into the switch. To do this, choose the permit option from the drop-down list under the Action column.

6. Next, enter the source IP address of the IP packet into the entry field under the

Source Address column.

7. Next, enter the comparison Mask for the source IP address in reverse logic (a binary

“0” in the mask means “this bit position needs to checked”, whereas a binary “1” in the mask means “this bit position does not need to be checked”) into the entry field from the Source Wildcard Bits column. In reverse logic, 255.255.255.0 is listed as

0.0.0.255.

8. Next, enter the destination IP address of the IP packet into the entry field under the

Destination Address column.

9. Next, enter the comparison Mask for the destination IP address in reverse logic into the entry field from the Destination Wildcard Bits column.

10. Next, click on the Add button.

11. You can also filter the IP packet using the packet’s source and destination Transport

Layer protocol port numbers in addition to the source and destination IP addresses.

Just enter the source Transport Layer protocol port number into the entry field under the port (1-65535) column following the source IP address comparison mask column.

Next, enter the destination Transport Layer protocol port number into the entry field under the port (1-65535) column following the destination IP address comparison mask column.

12. To enter an extended IP access list entry in order to deny the entry of an IP packet into the switch, you must choose the deny option from the drop-down list under the

Action column. Next, enter the IP addresses and Transport Layer protocol port numbers using the same steps as in the previous two bullets.

13.

You can also use the any wild card in lieu of entering an IP address in the entry field from both the Source Address and Destination Address column. You will need to do this if you wish to deny any additional IP packet from entry to the switch that did not match any of the previous rules from all the previous access control lists, otherwise these additional IP packets will also be allowed entry into the switch.

142

Mac Access List

tBOX400-510-FL Firmware Manual

Figure 85: MAC Access list

1. To configure a MAC access list, select the MAC Access List option from the dropdown list below Access List Type

(see Figure 85).

2. If a MAC Access List was previously created and you would like to apply it to the new

ACL Class, then select the Access List number for the previously configured MAC

Access List from the drop-down list next to Access List . If you want to create a new

MAC Access List, insure that the Create option is selected from the drop-down list next to Access List .

3. To give this particular MAC Access List an ID, enter a number in the range from 2000

– 2699, into the entry field next to the

Create option drop-down list.

4. You can enter a source and a destination Ethernet address to allow a specific

Ethernet packet entry into the switch. To do so, you must choose the permit option from the drop-down list under the Action column.

5. Next, enter the source Ethernet address of the Ethernet packet into the entry field under the Source MAC column.

143

tBOX400-510-FL Firmware Manual

6. Next, enter the Comparison Mask for the source Ethernet address in reverse logic

(Ex. 255.255.255.0 is 0.0.0.255 in reverse logic) into the entry field from the Mask column following the Source MAC column.

7. Next, enter the destination Ethernet address of the Ethernet packet into the entry field under the Destination MAC column.

8. Next, enter the comparison Mask for the destination Ethernet address in reverse logic into the entry field from the Mask column following the Destination MAC column. Next, choose the appropriate encapsulation format of the Ethernet packet that you want to allow entry into the switch from the drop-down list under the Format column.

9. Next, click on the Add button.

10. You can also filter the Ethernet packet using the Ethernet packet payload’s

EtherType number in addition to the source and destination Ethernet addresses.

Just enter the EtherType number of the Ethernet packet into the entry field under the Ether type column.

11. Next, you can also enter a comparison mask for the EtherType number into the entry field under the Mask column next to the Ether type column.

12. To enter a MAC Access List entry in order to deny the entry of an Ethernet packet into the switch, you must choose the deny option from the drop-down list under the

Action column.

13. Next, enter the Ethernet addresses and the EtherType number using the same steps as in steps 11 and 12.

14. You can also use the any wild card in lieu of entering an Ethernet address in the entry field from both the Source MAC and Destination MAC column. You will need to do this if at any time this Access List should become the very last Access List rule in a ACL Policy Map to serve as the catch all deny rule in order to deny any and all types of packets from entry into the switch that did not match any of the previous rules from all the previous access control lists.

144

tBOX400-510-FL Firmware Manual

Layer 4

Figure 86: Layer 4

1. To use the Layer 4 access list feature and apply it to the new ACL Class, select the

Layer 4 option from the drop-down list below Access List Type

(see Figure 86).

2. You can enter a source or destination Transport Layer protocol port number to allow any IP packet with this port number to gain entry into the switch. To do this, choose the appropriate port number type (Source port or Destination port) from the dropdown list next to Option .

3. Next, enter the correct port number into the entry field next to “TCP/UDP Port No.(1-

65535)”.

4. After you have finished configuring just one ACL Access List from the previous step, you must now create a name for the new ACL Class Map that will be associated with this Access List. To do this, just enter a name for the new ACL Class Map into the text box under Class Name

(see Figure 87).

Note : Since this particular Access List type does not contain any deny rules, this

Access List will have to be used in conjunction with another type of Access List, if you wish to filter any packet from entry to the switch that did not match the classification rules from this Access Lists. Otherwise all packets that did not match the classification rules of this Access List will also be allowed entry into the switch.

145

tBOX400-510-FL Firmware Manual

Figure 87: IP Access List Name

Bandwidth Limiting

1. The amount of bandwidth that is being allocated for the traffic that is being allowed under this new ACL Class can also be limited. To do this, enter the bandwidth amount that you want to allocate for the traffic in the entry fieldes in the Attach Class

Map to Policy Map section

(see Figure 88).

Update the following text entries:

Committed Information Rate (1-1000000 kbps)

Peak Information Rate(1-1000000kbps)

Committed Burst (1-20000 bytes)

Peak Burst (1-20000bytes)

Note: The Peak rates must be higher than the Committed Rate. Current firmware discards any packets that exceed the Committed Rate

146

tBOX400-510-FL Firmware Manual

Figure 88: ACL Configuration

2.

Next, enter a name in the entry field next to “Policy Map Name” for the new ACL

“Policy Map” that you are currently creating, and click on the submit button (see

Figure 89).

Figure 89: Policy Map Name

147

tBOX400-510-FL Firmware Manual

Applying a Policy Map to a Port

To apply an ACL Policy Map to a port:

1. Select the correct ACL Policy Map from the drop-down list next to Policy Map (see

Figure 90).

2. Next, check the boxes below Attach Class Map to Policy Map next to all the ports that you would like to apply this Policy Map to.

3. Click on the Attach button.

Figure 90: Applying a Policy Map to a Port

Adding a New ACL Class to an Existing Policy Map

If you would like to create a new ACL Class and add it to this ACL Policy Map follow the steps below

Make sure that the Create option is selected from the drop-down list under Class Name

(see Figure 91)

1. ACL Policy Map Next, follow the instructions on how to create a new on page 139 .

2.

Next, click on the Submit button.

148

tBOX400-510-FL Firmware Manual

Figure 91: Adding a New ACL Class to an Existing Policy Map

Adding an Existing ACL Class to an Existing Policy Map

If you would like to add an existing ACL Class to this ACL Policy Map (see Figure 92):

1. Select the correct ACL Class from the drop-down list under Class Name , and then wait for the GUI to update itself.

2.

Click on the Submit button.

Figure 92: Policy Map Setting

– Class Name

149

tBOX400-510-FL Firmware Manual

3. You can confirm that the ACL Class has been added correctly to this Policy Map by checking the dropdown list under “Class Name”. If you see the newly added ACL

Class in the list above the dash line, then it has been added properly (see below).

Figure 93: Policy Map Setting

Removing an ACL Class

If you would like to remove an ACL Class from this ACL Policy Map:

1. Make sure to select the correct ACL Class that is above the dash line from the dropdown list under Class Name

(see Figure 94).

2. Next, click on the Remove button under Attach Class Map to Policy Map .

150

tBOX400-510-FL Firmware Manual

Figure 94: Removing an ACL Class

3. You can confirm that the ACL Class has been removed from this Policy Map by checking the dropdown list under Class Name . If you do not see the ACL Class in the list above the dash line, but see it below the dash line, then it means it has been

removed from this Policy Map (see Figure 95).

Figure 95: Verifying ACL Class Removal

151

tBOX400-510-FL Firmware Manual

To remove an existing ACL Policy Map entirely, follow the instructions below:

1. Select the correct ACL Policy Map that you want to remove entirely, from the dropdown list next to Policy Map

(see Figure 96)

2. Next, detach the Policy Map from all the ports by deselecting all the check boxes below Attach Class Map to Policy Map for all the selected ports,

3. Click on the Attach button.

4.

Next, click on the Remove button.

Figure 96: Removing a Policy Map

To remove an existing ACL Class entirely, follow the instructions below.

1. Make sure that the ACL Class is not associated with any ACL Policy Map. If it is, you must remove it from that Policy Map first.

2. Next, make sure that the Create option is selected from the drop-down list next to

Policy Map

(see Figure 97).

3. Next, select the correct ACL Class from the drop-down list under Class Name , and then wait for the GUI to update itself.

4. Next, click on the Remove button under Attach Class Map to Policy Map

152

tBOX400-510-FL Firmware Manual

Figure 97: Policy Map 2

5. You can confirm that this ACL Class has been removed completely by checking the dropdown list under “Class Name”. If you do not see the ACL Class in the list then it means it has been completely removed (see below).

Figure 98: Policy Map 3

153

tBOX400-510-FL Firmware Manual

ACL Configuration Examples Using CLI Commands

Enabling QoS

To enable the ACL feature on the EtherWA N switch by enabling the QoS feature on the switch, just follow the steps below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: mls qos enable

Usage Example: switch_a(config)# mls qos enable

Creating a Standard IP Access List

To create a new Standard IP Access List to allow or deny an IP address/range access to the switch, use the following CLI commands with the Access list ID in the range from 1

– 99, or from 1300 – 1999:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip-access-list <1-99, 1300-1999> permit <source IP> <source bit mask> ip-access-list <1-99, 1300-1999> deny <source IP> <source bit mask> ip-access-list <1-99, 1300-1999> deny any

Usage Example: switch_a(config)# ip-access-list 1 permit 192.168.1.224 0.0.0.31

switch_a(config)# ip-access-list 1 deny 192.168.1.224 0.0.0.31

switch_a(config)# ip-access-list 1 deny any

Creating an Extended IP Access List

To create a new Extended IP Access List to allow or deny an source IP address/range and destination IP address/range pair access to the switch, use the following CLI commands with the Access list ID in the range from 100 – 199, or from 2000 – 2699:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip-access-list <100-199, 2000-2699> permit ip <source IP> <source bit mask>

<destination IP> <destination bit mask> ip-access-list <100-199, 2000-2699> deny ip <source IP> <source bit mask>

<destination IP> <destination bit mask> ip-access-list <100-199, 2000-2699> deny ip any any

154

tBOX400-510-FL Firmware Manual

Usage Example: switch_a(config)# ip-access-list 100 permit ip 192.168.1.224 0.0.0.31

192.168.1.224 0.0.0.31

switch_a(config)# ip-access-list 100 deny ip 192.168.1.224 0.0.0.31

192.168.1.224 0.0.0.31

switch_a(config)# ip-access-list 100 deny ip any any

Creating a MAC Access List

To create a new MAC Access List to allow or deny a source and destination Ethernet address pair access to the switch, use the CLI commands below with the Access list ID in the range from 100 – 199, or from 2000 – 2699.:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: mac-access-list <2000-2699> permit <source MAC address> <source bit mask>

<destination MAC address> <destination bit mask> <encapsulation format:

1=Ethernet II, 2=SNAP, 4=802.3, 8=LLC> ether-type <EtherType> < EtherType bit mask> mac-access-list <2000-2699> deny <source MAC address> <source bit mask>

<destination MAC address> <destination bit mask> <encapsulation format:

1=Ethernet II, 2=SNAP, 4=802.3, 8=LLC> ether-type <EtherType> < EtherType bit mask> mac-access-list <2000-2699> deny any any <encapsulation format: 1=Ethernet

II, 2=SNAP, 4=802.3, 8=LLC> ether-type <EtherType> < EtherType bit mask>

Usage Example: switch_a(config)# mac-access-list 2000 permit 00e0.b321.03de

0000.0000.0000 00e0.b321.03df 0000.0000.0000 1 ether-type 800 0000 switch_a(config)# mac-access-list 2000 deny 00e0.b321.03de

0000.0000.0000 00e0.b321.03df 0000.0000.0000 1 ether-type 800 0000 switch_a(config)# mac-access-list 2000 deny any any 1 ether-type 800

0000

155

tBOX400-510-FL Firmware Manual

Creating an ACL Class Map with Layer 4 Access List

In order to create a Layer 4 Access List you must create it within an ACL Class Map. Use the CLI commands below to create an ACL Class Map together with the Layer 4 Access List.

The Layer 4 Access List only classifies the ingress packets for the ACL Policy Map that it is associated with; therefore, all packets will be allowed entry to the switch with the Layer 4

Access List. You will have to use this Access List in conjunction with another type of Access

List, if you wish to filter any packet that did not match the classification rules from this

Access List.

Note: The bandwidth policing capabilities of the ACL Class cannot be configured here; it can only be configured during the ACL Policy Map creation or modification:

CLI Command Mode:

Global Configuration Mode

Class Map Configuration Mode

CLI Command Syntax: class-map <Class Map Name> match layer4 source-port <TCP/UDP Port number> match layer4 destination-port <TCP/UDP Port number>

Usage Example: switch_a(config)# class-map FTP switch_a(config-cmap)# match layer4 destination-port 21 switch_a(config-cmap)# q switch_a(config)# switch_a(config)# class-map FTP_Download switch_a(config-cmap)# match layer4 source-port 20

Creating a ACL Class Map with an IP or MAC Access List

To create a new ACL Class Map with a Standard/Extended IP Access List or a MAC Access

List, you must have first created a Standard/Extended IP Access List or MAC Access List already. You can then use the CLI commands below to create a new ACL Class Map and assign one (you can only assign one Access List per Class Map) existing

Standard/Extended IP Access List, or MAC Access List, to the ACL Class Map by referencing its Access list ID.

Note: The bandwidth policing capabilities of the ACL Class cannot be configured here; it can only be configured during the ACL Policy Map creation or modification:

156

tBOX400-510-FL Firmware Manual

CLI Command Mode:

Global Configuration Mode

Class Map Configuration Mode

CLI Command Syntax: class-map <ACL Class Name> match access-group <Access List ID>

Usage Example: switch_a(config)# class-map Layer_2-3_Class switch_a(config-cmap)# match access-group 1

Creating an ACL Policy Map

To create a new ACL Policy Map you must have first created the ACL Class Maps that you want to assign to the ACL Policy Map. You can then use the CLI commands below to create the new ACL Policy Map and assign one or multiple existing ACL Class Maps to the ACL

Policy Map by referencing its ACL Class Map name. You can also complete or modify the bandwidth policing capabilities of the ACL Class Maps used during the ACL Policy Map creation process

CLI Command Mode:

Global Configuration Mode

Policy Map Configuration Mode

Policy Map Class Configuration Mode

CLI Command Syntax: policy-map <ACL Policy Name> class <ACL Class Name> police <1-1000000> <1-20000> exceed-action drop

Usage Example: switch_a>enable switch_a#configure terminal

switch_a (config) #

class IP_Class_1 switch_a(config-cmap)# policy-map IP_Policy_1 switch_a(config-pmap)# class IP_Class_1 switch_a(config-pmap-c)# police 50000 5000 5000 5000 exceedaction drop

157

tBOX400-510-FL Firmware Manual switch_a(config-pmap-c)# q switch_a(config-pmap)# class IP_Class_2 switch_a(config-pmap-c)# police 50000 5000 5000 5000 exceedaction drop switch_a(config-pmap-c)# q switch_a(config-pmap)# class IP_Class_3 switch_a(config-pmap-c)# police 50000 5000 5000 5000 exceedaction drop

Appling an Existing ACL Policy to a Port

To apply the ACL packet filtering features on a port, you must have first created an ACL

Policy already. You can then use the CLI commands below to apply the existing ACL Policy to a port.

CLI Command Mode:

Global Configuration Mode

Interface Configuration Mode

CLI Command Syntax: interface <Interface Name> service-policy input <ACL Policy Name>

Usage Example: switch_a(config)# interface fe1 switch_a(config-if)# service-policy input IP_Policy_1

Deleting an ACL Class

You can use the CLI commands below to delete an existing ACL Class.

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: no class-map <ACL Class Name>

Usage Example: switch_a(config)# no class-map IP_Class_1

158

tBOX400-510-FL Firmware Manual

Deleting an ACL Policy

You can use the below CLI commands to delete an existing ACL Policy:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: no policy-map <ACL Policy Name>

Usage Example: switch_a(config)# no policy-map IP_Policy_1

SNMP

SNMP is a TCP/IP application layer network management protocol that allows any TCP/IP device to be managed across a TCP/IP network. It is based on the client-server paradigm.

The server (called a SNMP Agent) runs a process on the managed device that listens for a client’s (a network management software running on a computer, usually called a NMS, short for Network Management Station) polling requests to fetch or to set a data item on the managed device. The SNMP Agent can also send alert messages (called Traps) to a NMS automatically, based on the occurrence of certain events on the device that the Agent resides.

SNMP General Settings

To navigate to the SNMP General Settings page:

1. Click on the + next to SNMP .

2. Click on SNMP General Settings .

To configure the general settings for the SNMP feature (see

Figure 99):

1. The SNMP server on the switch can be enabled or disabled by selecting the appropriate choice from the dropdown list next to SNMP Status.

2. Enter a short description (up to 256 characters) into the entry field next to Description, for the purpose of switch identification.

3. Enter a name into the entry field next to Location, for the purpose of identifying the location of the switch.

159

tBOX400-510-FL Firmware Manual

4. Enter a name (up to 256 characters) into the entry field next to Contact, to identify the entity that is responsible for this switch.

5. Enter a trap community name (up to 256 characters) into the entry field next to any one of the 5 Trap community name entry boxes from Trap Community Name 1 to

Trap Community Name 5.

a.

Community names identify the SNMP Trap community group that the traps on this switch should be sending to. The identical Trap community names should also be set on the NMS hosts that will be receiving the traps. Each name defined corresponds with the Trap host IP address entry box with the same number. For example, Trap

Community Name 1 corresponds with Trap Host 1 IP Address .

6. Enter an IP address, for the NMS host(s) that should be receiving traps from this switch, into the entry field next to any one of the 5 Trap host IP address entry boxes from Trap Host 1 IP Address to Trap Host 5 IP Address

7. Enable or disable the link down trap by selecting the appropriate choice from the drop-down list next to Link Down Trap . This will allow or stop the switch from sending a trap to the identified trap community groups when any port on the switch moves from the link up state to the link down state .

8. Enable or disable the link up trap by selecting the appropriate choice from the dropdown list next Link Up Trap . This will allow or stop the switch from sending a trap to the identified trap community groups when any port on the switch moves from the link down state to the link up state.

9. Enable or disable the MAC notification trap by selecting the appropriate choice from the drop-down list next to MAC Notification Trap . This will allow or stop the switch from sending a trap to the identified trap community groups anytime there is a change in the MAC table on certain selected ports of the switch.

10. Set the interval between the MAC notification traps that you want the switch to send by entering the interval (in number of seconds from 1 to 65535) into the entry field next to MAC Notification Interval (1 to 65535 seconds) .

11. Set the size of the MAC notification history table by entering the total number of records (from 1 to 500) that the switch will keep for user to review at any one time into the entry field next to MAC Notification History Size (1 to 500) .

12. Select which ports on the switch for which traps should be sent when there is a new

MAC address added to the MAC table for the port, by checking the appropriate check boxes for these ports in the MAC Notification Added section.

13. Select which ports on the switch for which traps should be sent when there is a MAC address being removed from the MAC table for the port, by checking the appropriate check boxes for these ports in the MAC Notification Removed section.

160

tBOX400-510-FL Firmware Manual

14. Click on the Update button after you have finished the configuration of the SNMP

Server (Agent) General Settings.

15.

Save the configuration (see the Save Configuration Page)

161

tBOX400-510-FL Firmware Manual

162

Figure 99: SNMP General Settings

tBOX400-510-FL Firmware Manual

Configuring SNMP v1 & v2 Community Groups

To navigate to the SNMP v1/v2 page:

1. Click on the + next to SNMP .

2. Click on SNMP v1/v2 .

To configure the SNMP v1 & v2 community groups (see Figure 100):

1. Enter the SNMP community name into the entry field next to Get Community Name .

This will allow the NMS to poll status information from the switch (read only).

2. Enter the SNMP community name, into the entry field next to Set Community Name .

This will allow a NMS to change the status of a data item in the switch.

3. Click on the Update Setting button after you have finished the configuration.

4. Save the configuration (see the Save Configuration Page)

Figure 100: Community Name V1/V2c

Configuring SNMP v3 Users

To navigate to the SNMP v3 page:

1. Click on the + next to SNMP .

2. Click on SNMP v3 .

163

tBOX400-510-FL Firmware Manual

Adding SNMP v3 Users to the switch

1. Click on the Add User

button. See 如下 .

164

Figure 101: Add User

2. Next, select the desired authentication/privacy protocols from the drop-down list next

to “NMP Version, according to the chart below (also see Figure 102):

a. SNMPv3 No-Auth = Only user name match is required for SNMP access to the switch. No user authentication or data encryption will be used.

b. SNMPv3 Auth-MD5 = User authentication will be required using the MD5 hashing algorithm, but no data encryption will be used.

c. SNMPv3 Auth-SHA = User authentication will be required using the SHA-1 hashing algorithm, but no data encryption will be used.

d. SNMPv3 Priv Auth-MD5 = User authentication will be required using the

MD5 hashing algorithm, and in addition, all data in protocol message will be encrypted using 56-bit DES encryption algorithm.

e.

SNMPv3 Priv Auth-SHA = User authentication will be required using the

SHA-1 hashing Algorithm, and in addition, all data in protocol message will be encrypted using 56-bit DES encryption algorithm.

tBOX400-510-FL Firmware Manual

Figure 102: SNMP v3 Settings

3. Next, enter the desired username in the entry field next to User Name .

4. Next, please select the desired access authorization for the user from the drop-down list next to Access Mode

. See Figure 103.

Figure 103: User name & Access Mode

5. Next, if authentication is required for this user, and you have chosen an authentication protocol, then the entry field next to Auth. Password will have been

enabled. Enter a password for this user inside this entry field. See Figure 104.

165

tBOX400-510-FL Firmware Manual

Figure 104: Auth Password

6. Next, if both authentication and privacy are required for this user, and you have chosen both an authentication and privacy protocol, then the entry field next to

Privacy PassPhrase will have been enabled. Enter a pass phrase inside this entry field, as part of the key used to encrypt the protocol message for this user. See

Figure 105.

166

Figure 105: Privacy PassPhrase

tBOX400-510-FL Firmware Manual

Deleting SNMP v3 Users from the switch

1.

Go to SNMP  SNMP v3, you should see a list of previously configured users. Next, click on the Delete User

button. See 如下 .

Figure 106: Delete User

2. Next, select the user that you wish to delete from the drop-down list next to Select

User Name .

3.

Click on the Submit

button. See 如下 .

Figure 107: Select User

167

tBOX400-510-FL Firmware Manual

SNMP Configuration Examples Using CLI Commands

Enabling SNMP and configuring general settings

To enable the SNMP feature of the switch, and configure its general settings (Description,

Location, and Contact information), you must use the below CLI commands.

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: snmp-server enable snmp-server description <1 -256 characters> snmp-server location <1 -256 characters> snmp-server contact <1 -256 characters>

Usage Example: switch_a(config)# snmp-server enable switch_a(config)# snmp-server description Hub_Switch_1 switch_a(config)# snmp-server location First_Floor_Closet switch_a(config)# snmp-server contact Administrator

Configuring SNMP Traps

To configure the Trap features of the SNMP protocol on the switch, you use the following

CLI commands:

CLI Command Mode:

Global Configuration Mode

Interface Configuration Mode

CLI Command Syntax: snmp-server trap-community 1 <1 -256 characters > snmp-server trap-community 2 <1 -256 characters > snmp-server trap-community 3 <1 -256 characters > snmp-server trap-community 4 <1 -256 characters > snmp-server trap-community 5 <1 -256 characters > snmp-server trap-ipaddress 1 <IP Address> snmp-server trap-ipaddress 2 <IP Address> snmp-server trap-ipaddress 3 <IP Address> snmp-server trap-ipaddress 4 <IP Address> snmp-server trap-ipaddress 5 <IP Address> snmp-server trap-type enable linkDown snmp-server trap-type enable linkup

168

tBOX400-510-FL Firmware Manual snmp-server trap-type enable mac-notification snmp-server mac-notification interval <1 to 65535 seconds> snmp-server mac-notification history-size <1 to 500 entries> snmp-server trap mac-notification added snmp-server trap mac-notification removed

Usage Example: switch_a(config)# snmp-server trap-community 1 Trap_Group_1 switch_a(config)# snmp-server trap-community 2 Trap_Group_2 switch_a(config)# snmp-server trap-community 3 Trap_Group_3 switch_a(config)# snmp-server trap-community 4 Trap_Group_4 switch_a(config)# snmp-server trap-community 5 Trap_Group_5 switch_a(config)# snmp-server trap-ipaddress 1 192.168.1.100

switch_a(config)# snmp-server trap-ipaddress 2 192.168.2.100

switch_a(config)# snmp-server trap-ipaddress 3 192.168.3.100

switch_a(config)# snmp-server trap-ipaddress 4 192.168.4.100

switch_a(config)# snmp-server trap-ipaddress 5 192.168.5.100

switch_a(config)# snmp-server trap-type enable linkDown switch_a(config)# snmp-server trap-type enable linkup switch_a(config)# snmp-server trap-type enable mac-notification switch_a(config)# snmp-server mac-notification interval 60 switch_a(config)# snmp-server mac-notification history-size 100 switch_a(config)# interface fe1 switch_a(config-if)# snmp-server trap mac-notification added switch_a(config-if)# snmp-server trap mac-notification removed

Configuring SNMP v1 & v2 Community Groups

To configure the SNMP v1 & v2 community groups to make the SNMP feature more secure, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: snmp-server enable snmp-server community get <1 -256 characters> snmp-server community set <1 -256 characters>

Usage Example: switch_a(config)# snmp-server community get public switch_a(config)# snmp-server community set private

169

tBOX400-510-FL Firmware Manual

Adding SNMP v3 Users

To add SNMP v3 Users to the switch and maximize the security for the SNMP feature, you must use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: snmp-server v3-user <username> <ro|rw> noauth snmp-server v3-user <username> <ro|rw> auth <md5|sha> <password> snmp-server v3-user <username> <ro|rw> priv <md5|sha> <password> des

<pass_phrase>

Usage Example: switch_a(config)# snmp-server v3-user SNMP_User_1 ro noauth switch_a(config)# snmp-server v3-user SNMP_User_2 ro auth md5 User2 switch_a(config)# snmp-server v3-user SNMP_User_3 rw priv md5 User3 des Private_User

IEEE 802.1X

This switche supports the IEEE 802.1X protocol to provide port based security on a switch port against unauthorized access. In order for this protocol to work, two additional components are required; an EAP (Extensible Authentication Protocol) compatible RADIUS server to authenticate a client station that is trying to gain access to the network through a port on the switch, and an 802.1X client software (known as the “Supplicant” software) used on the end device to communicate with the RADIUS server for the purposes of authenticating the end device that is trying to gain access to the network through the switch port.

When an end device is initially connected to a port on the switch where the 802.1X protocol is enabled on the port, the switch will only pass 802.1X authentication traffic (known as

EAPOL traffic) on that port between the Supplicant on the end device and the RADIUS server, and will not allow any other traffic to pass. After the initial connection, the switch will request authentication credentials from the Supplicant in the end device that has just connected to the port. After the switch receives the proper authentication credentials from the Supplicant in the end device, the switch will sent the credentials to the EAP compatible

RADIUS server that’s configured in the switch for the purpose of authenticating the end device. If the end device is successfully authenticated by the RADIUS server, the RADIUS

170

tBOX400-510-FL Firmware Manual server will sent an “Access-Accept” message to the switch; at this point the switch will inform the Supplicant in the end device of the successful authentication and open up the port for all network traffic to pass.

Configuring 802.1X from the Web Interface

To navigate to the 802.1X / Radius Configuration page:

1. Click on the + next to 802.1X

2. Click on Radius Configuration

Enabling Radius

By default, the 802.1X function is globally disabled on the switch. If you want to use the

802.1X port based security on a port, you must enable it globally on the switch first, and then enable it on a per port basis.

To enable the 802.1X function globally on the switch:

1. Choose enable from the drop down list next to Radius Status

2. Click on the Update Setting

button. (See Figure 108)

Figure 108: Enable Radius

Adding a Radius Server

Next, you will need to configure the settings that the switch will need in order to connect to a

RADIUS server.

171

tBOX400-510-FL Firmware Manual

1. Click on the Add Radius

button (see 如上 ).

2. Next, enter the IP address of the RADIUS server that the switch will use in order to authenticate in the entry field next to Radius Server IP

(see Figure 109).

3. Enter the password for RADIUS server in the entry field next to Secret Key .

4. Optionally, the UDP port number for the RADIUS server (if it is different from the standard default 1812) can be changed. To do this, enter the port number in the entry field next to Radius Server Port .

5. Next, you can choose to configure the minimum time that the switch must wait, before it is allowed to retransmit a message to the RADIUS server due to no response. To do this, enter the number of seconds that the switch must wait

(between 1 and 1000 seconds) into the entry field next to Timeout <1-1000> .

6. Next, you can choose to configure the maximum number of times that the switch can attempt to retransmit a message to the RADIUS server. To do this, please enter a number (from 1 to 100) into the entry field next to Retransmit .

7. Click on the Submit button.

172

Figure 109: Radius Setup

tBOX400-510-FL Firmware Manual

Figure 110: Resulting Radius Server Setup

Enabling 802.1X on a Port

After the 802.1X port based security is enabled globally, you must enable it locally on the port.

To navigate to the 802.1X / Port Authentication page:

1. Click on the + next to 802.1X

2. Click on Port Authentication

To enable 802.1X on a port (see Figure 111):

1. Choose the desired port from the drop-down list next to Interface , to have the

802.1X feature applied to that port.

2. Next, make sure Enabled is selected from the drop-down list next to Authentication

State , this will enable the 802.1X function on the previously selected port.

3. Next, make sure that the choice Auto is selected in the drop-down list next to Port

Control ; this will allow the port to use 802.1X to authentic the end station. a. If you choose to have the port to be always unauthorized or to be always authorized, you can choose the appropriate choice in the drop-down list.

4. Next, you can choose to have the end station to be re-authenticated periodically. To do this, choose Enabled in the drop-down list next to Periodic Re-authentication .

5. After you have enabled periodic re-authentication, you must also configure the time period interval for the re-authentication of the end station. To do this, enter the

173

tBOX400-510-FL Firmware Manual number of seconds (1-4294967295), in to the entry field next to Re-authentication

Period .

6.

Next, Update Setting button in order to activate all the configured settings (see the below screenshot)

Figure 111: Enabling 802.1X on a Port

LLDP

LLDP is a network discovery protocol that defines a method for network access devices using Ethernet connectivity to advertise information about devices to peer devices on the same physical LAN and store information about the network. It allows a device to learn higher layer management reachability and connection endpoint information from adjacent devices.

Using LLDP, a device is able to advertise its own identification information, its capabilities and media-specific configuration information, as well as learn the same information from the devices connected to it. LLDP advertises this information over Logical

Link-Layer Control frames and the information received from other agents in IEEE-defined

Management Information Bases (MIB) modules.

LLDP significantly aids in the deployment of any network device that supports the protocol. As a media independent protocol intended to be run on all IEEE 802 devices, LLDP may be used to discover routers, bridges, repeaters, WLAN APs, IP telephones, network

174

tBOX400-510-FL Firmware Manual camera or any LLDP-enabled device, regardless of manufacturer. Since LLDP runs over the data-link layer only, a switch running one network layer protocol can discover and learn about an access device running a different network layer protocol.

LLDP General Settings

To navigate to the LLDP General Settings page:

1. Click on the + next to LLDP .

2. Click on General Settings.

Enable/Disable LLDP

To enable LLDP on the Managed Switch:

1. Select Enable or Disable from the Drop Down box in the LLDP field of the LLDP

Transmit Settings box (see Figure 112)

2. Click on the Update Settings button.

3. Save the configuration (see the Save Configuration Page)

Holdtime Multiplier

The Holdtime multiplier for transmit TTL is used to compute the actual time-to-live (TTL) value used in an LLDP frame. The TTL value is the length of time the receiving device should maintain the information in its MIB. To compute the TTL value, the system multiplies the LLDP transmit (TX) interval by the holdtime multiplier. For example, if the LLDP transmit

(TX) interval is 30 and the holdtime multiplier for TTL is 4, then the value 120 is encoded in the TTL field in the LLDP header.

To adjust the Holdtime multiplier:

1. Enter a numeric value between 2 and 10 (default is 4) in the Holdtime Multiplier text box.

2. Click on the Update Settings button.

The TX Interval setting adjusts the time that LLDP information is transmitted by the switch.

Values can range from 5 to 32768 seconds (default is 30 seconds).

To adjust the TX Interval setting (see Figure 112):

1. Enter a numeric value between 5 and 32768 (default is 30) in the TX Interval text box.

175

tBOX400-510-FL Firmware Manual

2. Click on the Update Settings button.

3. Save the configuration (see the Save Configuration Page)

Global TLV Setting

The global TLV (Time – Length – Value) settings are advertised by the switch to other LLDP

devices. The TLVs supported by the Managed Switch are (see Figure 112):

Port Description

System Name

System Description

System Capabilities

Management Address

Port VLAN ID

MAC/PHY Configuration/Status

Port And Protocol VLAN ID

VLAN Name

Protocol Identity

Power Via MDI

Link Aggregation

Maximum Frame Size

To enable specific TLVs for the Managed Switch:

1. Select the check box for each TLV that is to be enabled or select the checkbox for the All option which will enable all TLVs for the switch.

2. Click on the Update Settings button.

3. Save the configuration (see the Save Configuration Page)

176

tBOX400-510-FL Firmware Manual

Figure 112: LLDP Global Settings

LLDP Ports Settings

LLDP Ports Settings allows the individual ports on the switch to be configured for LLDP independently of one another. Each port can be configured to transmit LLDP information, receive LLDP information, and notify (via SNMP or Syslog) if there are changes in the LLDP information received from neighboring devices.

To navigate to the LLDP Port Settings page:

1. Click on the + next to LLDP .

4. Click on LLDP Ports Settings

(see Figure 113)

Enabling LLDP transmission for a specific Port

To enable the transmission of LLDP information for a specific port:

1. Select Enable from the Drop Down box under the Transmit field for each port for which the transmission of LLDP information should be enabled.

2. Click on the Submit button.

Enabling LLDP Reception for a specific Port

To enable the reception of LLDP information for a specific port:

177

tBOX400-510-FL Firmware Manual

1. Select Enable from the Drop Down box under the Receive field for each port for which the reception of LLDP information should be enabled.

2. Click on the Submit button.

Enabling Notifications

To enable notification whenever a port receives changed LLDP information:

1. Select Enable from the Drop Down box under the Notify field for each port that should send a notification whenever received LLDP information changes.

2. Click on the Submit button

3. Save the configuration (see the Save Configuration Page) after making changes

shown on this page.

Figure 113: LLDP Ports Settings

LLDP Neighbors

LLDP Neighbors is a read-only page (see Figure 114) that will display all the LLDP capable

devices detected by the switch. The following information about connected LLDP-enabled devices is displayed in a tabular format. The columns displayed are:

Port – The local switch port to which the remote device is connected.

Chassis ID – The MAC address of the remote device.

178

tBOX400-510-FL Firmware Manual

Port ID – The port number of the remote device.

IP Address – The management IP address of the remote device.

TTL – Time to Live, the amount time remaining before the remote device’s LLDP is aged-out from the switch.

Figure 114: LLDP Neighbors

LLDP Statistics

This is a read-only page (see Figure 115) that displays LLDP device statistics and LLDP

statistics on a per-port basis. The information collected on this page includes:

Port – switch port number.

TX Total

– Total LLDP packets sent.

RX Total – Total LLDP packets received.

Discards

– Number of LLDP packets discarded.

Errors – LLDP errors.

Ageout

– LLDP information that has been aged out by the switch.

TLV Discards – TLV information discarded

TLV Unknown

– TLV information that is unknown

179

tBOX400-510-FL Firmware Manual

Figure 115: LLDP Statistics

LLDP Configuration Examples Using CLI Commands

Enable/Disable LLDP

To enable or disable LLDP on the Managed Switch use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: lldp enable no lldp enable

LLDP Holdtime Multiplier

To modify LLDP holdtime multiplier use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: lldp holdtime multiplier <1-10>

Usage Example: switch_a(config)# lldp holdtime multiplier 4

180

tBOX400-510-FL Firmware Manual

LLDP Transmit Interval

To modify LLDP Transmit Interval use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: lldp txinterval <5-32768>

Usage Example: Set LLDP Transmit interval to 30 seconds switch_a(config)# lldp txinterval 30

Enable/Disable Global LLDP TLVs

To enable or disable global LLDP TLVs use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: lldp tlv-global <TLV>

TLV Parameters

TLV Parameters port-descr sys-name sys-descr sys-cap mgmt-addrs port-vlan-id mac-phy

Description

Port Description

System Name TLV

System Description TLV

System Capabilities

Management Address

Port VLAN ID

MAC/PHY Configuration/Status port-and-protocol Port And Protocol VLAN ID vlan-name VLAN Name protocol-identity link-aggregation max-frame

Protocol Identity

(Link Aggregation

Maximum Frame Size

181

tBOX400-510-FL Firmware Manual

Usage Example: switch_a(config)# lldp tlv-global mgmt-addrs

Enabling LLDP Transmit on a Port

To enable LLDP Transmit for a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lldp tx-pkt

Usage Example: switch_a(config)# lldp tx-pkt

Enabling LLDP Receive on a Port

To enable LLDP Receive for a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lldp rcv-pkt

Usage Example: switch_a# interface fe1 switch_a(config)# lldp rcv-pkt

Enabling LLDP Notify

To enable LLDP Notify for a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lldp notification

Enabling Transmission of the Management IP

To enable the transmission of the management IP address through a port use the CLI commands below:

182

tBOX400-510-FL Firmware Manual

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lldp mgmt-ip vlan <vlan id>

Usage Example: switch_a(config)# lldp mgmt-ip vlan 1

Enabling Specific TLV’s on a Port

To enable specific TLVs on a port use the CLI commands below:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: lldp tlv-select <TLV ID>

(see TLV Parameters on page 181 )

Usage Example: switch_a(config)# lldp tlv-select mgmt-addrs

OTHER PROTOCOLS

GVRP

Defined in IEEE 802.1Q, GVRP is a protocol used to dynamically create VLANs on a switch.

Any IEEE 802.1Q compliant switch must implement this protocol.

To navigate to the Other Protocols / GVRP

page (see Figure 116):

1. Click on the + next to Other Protocols .

2. Click on GVRP .

183

tBOX400-510-FL Firmware Manual

Figure 116: GVRP

General Overview

To enable the GVRP protocol on your network, you must make sure that the switches in your network are configured with the minimum requirements for each type of switches listed below:

For the Access Switches at the edge of the network, below are the minimum requirements:

All of the user VLANs have been created in the VLAN Database.

The IP address for the Management VLAN has been configured.

The appropriate Port Type (Access or Trunk) and the PVID have been configured for all the ports of the switch.

All the member Trunk ports for all the user VLANs have been configured.

The GVRP protocol has been globally enabled, and GVRP is locally enabled on the

Trunk Ports as well.

For the Distribution Switches in the core of the network, below are the minimum requirements:

The Management VLAN has been created in the VLAN Database.

184

tBOX400-510-FL Firmware Manual

The IP address for the Management VLAN has been configured.

The appropriate Port Type (Access or Trunk) and the PVID have been configured for all the ports of the switch.

The GVRP protocol has been globally enabled and GVRP is locally enabled on the

Trunk Ports as well.

The Dynamic VLAN Creation feature has been enabled.

Enabling the GVRP Protocol at the Global Level

To enable the GVRP protocol globally on a distribution switch (see Figure 117):

1. Under GVRP Global Setting , choose the Enable option from the drop-down list next to GVRP .

2. Choose the Enable option from the drop-down list next to Dynamic VLAN Creation .

3. Click on the Update Setting button.

Figure 117: GVRP Configuration Distribution Switch

To enable the GVRP protocol globally on an Access Switch

(see Figure 118):

185

tBOX400-510-FL Firmware Manual

1. Under GVRP Global Setting , choose the Enable option from the drop-down list next to GVRP .

2. Click on the Update Setting button.

Figure 118: GVRP Configuration Access Switch

Enabling the GVRP Protocol at the Port Level

To navigate to the Other Protocols / GVRP

page (see Figure 116):

1. Click on the + next to Other Protocols .

2. Click on GVRP .

To enable the GVRP protocol locally at the port level, for both the Access switch and the

Distribution switch, apply the following procedures to all the Trunk Ports of the switch:

1. For all the Trunk Ports under the Per Port Setting (include LAG) section, choose the Enable option from the drop-down list under the GVRP column.

2. For all the Trunk Ports under the Per Port Setting (include LAG) section, choose the Active or Normal option from the drop-down list under the GVRP Applicant column.

o Active - Use this option if you want to run the GVRP protocol on that Trunk

Port even if it is blocked by the STP protocol. o Normal – Use this option if you do not wish to run the GVRP protocol on a

Trunk Port when it is being blocked by the STP protocol.

3. For all the Trunk Ports under the Per Port Setting (include LAG) section, choose the Enable option from the drop-down list under the GVRP Registration column.

4. Click on the Update Setting button.

5. Save the configuration (see the Save Configuration Page)

186

tBOX400-510-FL Firmware Manual

Figure 119: GVRP Per Port Settings

GVRP Configuration Examples Using CLI Commands

To enable or disable GVRP globally on the switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set gvrp enable bridge 1 set gvrp disable bridge 1

Usage Examples: switch_a(config)# set gvrp enable bridge 1 switch_a(config)# set gvrp disable bridge 1

To enable the dynamic VLAN creation feature of GVRP on the switch, you must use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set gvrp dynamic-vlan-creation disable bridge 1

Usage Example:

187

tBOX400-510-FL Firmware Manual switch_a(config)# set gvrp dynamic-vlan-creation disable bridge 1

To enable or disable GVRP locally on a port on the switch, you must use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set port gvrp enable <port id> set port gvrp disable <port id>

Usage Examples: switch_a(config)# set port gvrp enable fe1 switch_a(config)# set port gvrp disable fe1

By default, when GVRP is enabled on a port the Applicant runs in Normal mode, which means that the GVRP protocol will not send out any PDUs from a port if the port is being blocked by STP. When you enable the GVRP Applicant to run in Active mode on a port, the

GVRP protocol will continue to send PDUs from a port even if the port is being blocked by

STP.

The GVRP Applicant can be set to run in Normal or Active mode on a port by issuing the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set gvrp applicant state normal <port id> set gvrp applicant state active <port id>

Usage Examples: switch_a(config)# set gvrp applicant state normal fe1 switch_a(config)# set gvrp applicant state active fe1

When you enable GVRP on a port, the Registrar is enabled on the port by default. You can enable or disable the GVRP Registrar on a port by issuing the following CLI commands:

CLI Command Mode: Global Configuration Mode

188

tBOX400-510-FL Firmware Manual

CLI Command Syntax: set gvrp registration normal <port id> set gvrp registration forbidden <port id>

Usage Examples: switch_a(config)# set gvrp registration normal fe1 switch_a(config)# set gvrp registration forbidden fe1

IGMP Snooping

The settings in the IGMP Snooping feature of the switch controls how the switch forwards multicast packets.

General Overview

The Managed Switch has been outfitted with the IGMP Snooping function in three modes:

Disabled: o The switch will forward all multicast packets according to the Forced

Forwarding Port setting based on the following rule:

 All multicast packets will be forwarded to only the port specified by either the PassiveForwardMode or the ForcedForwardMode function.

Passive mode: o The switch will forward any multicast packets that have known receivers to the known multicast receiver ports only. o The switch will forward any unknown multicast packets (multicast packets without any known receivers) according to the Forced Forwarding Port setting based on the following rule:

 When there is no Querier Port (a port that receives IGMP queries) present all unknown multicast packets will be forwarded to the port specified by either the PassiveForwardMode function or the

ForcedForwardMode function.

 When there is a Querier port present, the switch will forward all unknown multicast packets to the Querier port. In addition, all unknown multicast packets will be forwarded to the port specified by the ForcedForwardMode function as well.

189

tBOX400-510-FL Firmware Manual

Querier mode: o The switch will forward any multicast packets that have known receivers to the known multicast receiver ports only. o The switch will forward any unknown multicast packets according to the

Forced Forwarding Port setting based on the following rule:

 All unknown multicast packets will be sent to only the port specified by the ForcedForwardMode function.

 The switch will also transmit IGMP Queries to the specified VLAN and according to the specified IGMP Query parameters.

Enabling the IGMP Snooping Modes

To navigate to the IGMP Snooping page:

1. Click on the + next to Other Protocols .

2. Click on IGMP Snooping .

To put the IGMP Snooping feature in the correct Mode, follow the steps below:

Choose the appropriate choice from the dropdown list next to IGMP mode

Click on the Update Setting

button (See 如下 )

190

Figure 120: IGMP Mode

tBOX400-510-FL Firmware Manual

Configuring IGMP Snooping General properties

To navigate to the IGMP Snooping page:

1. Click on the + next to Other Protocols .

2. Click on IGMP Snooping .

To configure the general features for IGMP Snooping in either the Passive or Querier mode,

follow the steps below (see Figure 121):

1. From the dropdown list next to VLAN ID , choose the VLAN that you want the IGMP

Snooping process to run on.

2. From the dropdown list next to IGMP Version , choose the correct IGMP version to be run on this VLAN. This setting must match the IGMP version being used by the

IGMP querier and the IGMP client on the network.

3. Choosing the appropriate choice (Enable or Disable) from the dropdown list next to

Fast Leave .

 If this feature is enabled on the switch, and the switch receives a request to leave a multicast stream on a port, then the switch will drop this multicast stream on that port without checking to see if there are any other multicast clients on that port that might still be interested in receiving this multicast stream. This allows the multicast stream to disappear from a port much faster.

4. Next, click on the Update Setting button

Figure 121: IGMP General Properties

191

tBOX400-510-FL Firmware Manual

Configuring IGMP Passive Mode Specific properties

To navigate to the IGMP Snooping page:

1. Click on the + next to Other Protocols .

2. Click on IGMP Snooping .

To configure specific properties for IGMP Passive Mode, please follow the steps below.

Figure 122: IGMP Passive Mode

1. From the dropdown list next to VLAN ID , choose the VLAN for which you wish to configure the Report Suppression feature.

2. Choose Enable or Disable in the dropdown list next to Report Suppression .

(Note: if the switch is not in Passive mode, then this feature will have no effect.)

Note: If you are using IGMP version 1 or 2, the Query Interval , and the Max

Response Time setting must be configured even if you are not configuring IGMP Querier mode. For IGMP version 1 and 2, the membership registration timer (used to time out the membership status on each port) is based on these two parameters on the local switch.

These two parameters should configure to match that of the current active IGMP Querier.

The formula for the membership registration timer is: 2 X query-interval + max-responsetime = Timeout period.

192

tBOX400-510-FL Firmware Manual

Configuring IGMP Querier Mode Specific properties

To navigate to the IGMP Snooping page:

1. Click on the + next to Other Protocols .

2. Click on IGMP Snooping .

To configure specific properties for IGMP Querier Mode, follow the steps below

(see Figure 123):

1. In the text box next to Query Interval, enter a value between 10 and 18000

 This value will represent the time interval, in seconds, between any two queries that the switch scents on to the network. It is recommended that you use the default setting of 125 seconds that are according to the IGMP standard.

2. In the text box next to Max Response Time , enter a value between 1 and

240.

 This value represents the maximum time in seconds that a multicast client will have to respond to an IGMP query. Any response received after this time will not be accepted by the Querier. It is recommended that you use the default setting of 10 seconds according to the IGMP standard.

Figure 123: Querier Mode Properties

193

tBOX400-510-FL Firmware Manual

Configuring IGMP Unknown Multicast Forwarding

To navigate to the IGMP Snooping page:

1. Click on the + next to Other Protocols .

2. Click on IGMP Snooping .

With IGMP enabled, the switch will transmit all multicast packets to their only multicast receiver ports. However, some multicast packets will not have any known multicast receiver ports either due to IGMP Snooping being disabled on the switch, or because no multicast receiver has sent IGMP requests for these multicast packets. The multicast packets in these scenarios are referred to as unknown multicast packets . You can use the Passive Mode

Forwarding Port section of the IGMP Snooping configuration page to control how the switch will forward these unknown multicast packets under different IGMP Snooping modes

of the switch (see Figure 124).

Disabled Mode Forwarding Port Configuration

When IGMP is in Disabled Mode, all multicast packets are unknown multicast packets, and by default all unknown multicast packets are forwarded to all the ports of the switch. To modify the default behavior and to control how the switch will forward unknown multicast packets when the switch is in IGMP Snooping Disabled mode :

1. Select either the PassiveForwardMode or the ForceForwardMode radio button.

2. Make sure that only the ports that you would like to have the unknown multicast packets to be forwarded to, have a check mark next to it.

3.

Click on the Update Setting button.

194

Figure 124: Disabled Mode Forwarding Port

tBOX400-510-FL Firmware Manual

Passive Mode Forwarding Port Configuration

You can control how the switch forwards unknown multicast packets under IGMP Passive mode in two different conditions:

When there is no IGMP Querier port (a port that receives IGMP queries) present.

When an IGMP Querier port is present or when no IGMP Querier port is present.

To configure how the switch forwards unknown multicast packets when the switch is in

IGMP Passive mode, follow the steps below:

No IGMP Querier port present

1. Under the Passive Mode Forwarding Port section, select the

PassiveForwardMode radio button.

2. Select the checkbox under the ports that you would like to have the unknown multicast packets forwarded to.

3.

Click on the “Update Setting” button.

Note: The presence of an IGMP Querier port will make the settings provided by the PassiveForwardMode to have no effect, and all unknown multicast packets will be forwarded to the IGMP Querier port only.

Figure 125: PassiveForwardMode

195

tBOX400-510-FL Firmware Manual

IGMP Querier port present or no IGMP Querier port present

1. Under the Passive Mode Forwarding Port section, select the ForceForwardMode radio button

2. Select the checkbox under the ports that you would like to have the unknown multicast packets forwarded to.

3. Click on the Update Setting button.

Note: The settings according to the ForceForwardMode will always be in effect both with and without the presence of an IGMP Querier port. In addition, when an

IGMP Querier port is present, all unknown multicast packets will also be forwarded to the IGMP Querier port as well, in addition to the settings in the ForceForwardMode function.

Figure 126: ForceForwardMode

IGMP Querier Mode Forwarding Port Configuration

To configure how the switch forwards unknown multicast packets when the switch is in

IGMP Querier mode, follow the below instructions:

1. Under the Passive Mode Forwarding Port section, select the ForceForwardMode radio button

196

tBOX400-510-FL Firmware Manual

2. Select the checkbox under the ports that you would like to have the unknown multicast packets forwarded to.

3. Click on the Update Setting button.

Note: When the switch is in IGMP Snooping Querier mode , there will not be an IGMP Querier port present, and the settings according to the

ForceForwardMode will always be in effect.

Figure 127: IGMP Querier Mode Forwarding

Monitoring Registered Multicast Groups

To navigate to the Multicast Current Table page:

1. Click on the + next to Other Protocols .

2. Click on IGMP Snooping .

3. Click on the Multicast Current Table link at the top of the page.

When the switch is in IGMP Passive or IGMP Querier mode, registered Multicast Groups

can be monitored on each port, as well as the location of the IGMP Querier port (see Figure

128).

All the registered multicast Groups will be listed in the Group Address column.

The port where each registered Group ID was received can be found in the

Membership column in each registered Groups corresponding row.

197

tBOX400-510-FL Firmware Manual

Note: when an IGMP Querier port is present, all registered multicast group IDs will show up in the Membership column as a checked box for the IGMP Querier port, even if an IGMP Join was never received for that Group ID on the Querier port.

Figure 128: Current Multicast Groups

IGMP Configuration Examples Using CLI Commands

To put the IGMP Snooping feature in Disabled Mode use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: no ip igmp snooping

To put the IGMP Snooping feature in Passive Mode use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp snooping enable no ip igmp snooping querier

198

tBOX400-510-FL Firmware Manual

Usage Example: switch_a(config)# ip igmp snooping enable switch_a(config)# no ip igmp snooping querier

To put the IGMP Snooping feature in Querier Mode use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp snooping enable ip igmp snooping querier

Usage Example: switch_a(config)# ip igmp snooping enable switch_a(config)# ip igmp snooping querier

To set the IGMP version per VLAN, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp version <1-3>

Usage Example: switch_a(config)# interface vlan1.1 switch_a(config-if)# ip igmp version 2

To enable or disable the IGMP fast-leave feature on a VLAN, use the CLI commands below:

CLI Command Mode: VLAN Interface Configuration Mode

CLI Command Syntax: ip igmp snooping fast-leave no ip igmp snooping fast-leave

Usage Example - Enabling the IGMP fast-leave feature: switch_a(config)# interface vlan1.1 switch_a(config-if)# ip igmp snooping fast-leave

Usage Example - Disabling the IGMP fast-leave feature:

199

tBOX400-510-FL Firmware Manual switch_a(config)# interface vlan1.1

switch_a(config-if)# no ip igmp snooping fast-leave

To enable or disable the IGMP Report Suppression feature on a VLAN, use the CLI commands below:

CLI Command Mode: VLAN Interface Configuration Mode

CLI Command Syntax: ip igmp snooping report-suppression no ip igmp snooping report-suppression

Usage Example - Enabling the IGMP Report Suppression feature: switch_a(config)# interface vlan1.1

switch_a(config-if)# ip igmp snooping report-suppression

To configure the IGMP query-interval , and the max-response-time settings per VLAN, use the CLI commands below:

CLI Command Mode: VLAN Interface Configuration Mode

CLI Command Syntax: ip igmp query-interval <10-18000> ip igmp query-max-response-time <1-240>

Usage Example - Configuring the IGMP query-interval parameter: switch_a(config-if)# ip igmp query-interval 125

Usage Example - Configuring the IGMP max-response-time parameter: switch_a(config-if)# ip igmp query-max-response-time 10

To control how the switch forwards unknown multicast packets when the switch is in IGMP

Disabled mode, follow the instructions below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp snooping passive-forward all ip igmp snooping passive-forward none ip igmp snooping passive-forward <ifname>,<ifname>,<ifname>

200

tBOX400-510-FL Firmware Manual

Usage Example - Flood all unknown multicast packets: switch_a(config)# ip igmp snooping passive-forward all

Usage Example - Drop all unknown multicast packets: switch_a(config)# ip igmp snooping passive-forward none

Usage Example - Forward unknown multicast packets to the specified ports only: switch_a(config)# ip igmp snooping passive-forward fe1,fe2,fe3

To only control how the switch will forward unknown multicast packets when the switch is in

IGMP Passive mode and also without a Querier Port present, follow the below instructions:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp snooping passive-forward all ip igmp snooping passive-forward none ip igmp snooping passive-forward <ifname>,<ifname>,<ifname>

Usage Example - Flood all unknown multicast packets: switch_a(config)# ip igmp snooping passive-forward all

Usage Example - Drop all unknown multicast packets: switch_a(config)# ip igmp snooping passive-forward none

Usage Example - Forward unknown multicast packets to the specified ports only: switch_a(config)# ip igmp snooping passive-forward fe1,fe2,fe3

To control how the switch will forward unknown multicast packets when the switch is in

IGMP Passive mode, both with or without a Querier Port present, follow the instructions below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp snooping force-forward all ip igmp snooping force-forward none ip igmp snooping force-forward <ifname>,<ifname>,<ifname>

201

tBOX400-510-FL Firmware Manual

Usage Example - Flood all unknown multicast packets: switch_a(config)# ip igmp snooping force-forward all

Usage Example - Drop all unknown multicast packets: switch_a(config)# ip igmp snooping force-forward none

Usage Example - Forward unknown multicast packets to the specified ports only: switch_a(config)# ip igmp snooping force-forward fe1,fe2,fe3

To control how the switch will forward unknown multicast packets when the switch is in

IGMP Querier mode, follow the below instructions:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ip igmp snooping force-forward all ip igmp snooping force-forward none ip igmp snooping force-forward <ifname>,<ifname>,<ifname>

Usage Example - Flood all unknown multicast packets: switch_a(config)# ip igmp snooping force-forward all

Usage Example - Drop all unknown multicast packets: switch_a(config)# ip igmp snooping force-forward none

Usage Example - Forward unknown multicast packets to the specified ports only: switch_a(config)# ip igmp snooping force-forward fe1,fe2,fe3

Network Time Protocol

NTP or Network Time Protocol is a useful tool designed to update your switch with the most accurate time available from a user specified time source. This is useful for the end user in that the switch logging is noted with the actual time rather than the default switch time

(begins on Jan 1st, 2010) as it can aid debugging switching related problems by showing an accurate time an event occurred.

202

tBOX400-510-FL Firmware Manual

To navigate to the NTP page:

1. Click on the + next to Other Protocols .

2. Click on NTP

Enabling NTP

To enable the NTP client, follow the steps below (see Figure 129):

1. Choose Enable from the dropdown list next to NTP Status

2. Click on the Update Setting button

Setting the NTP Server IP Address

To provide a time source for the NTP client, follow the steps below:

1. Enter an IP address or host name in the NTP Server text box.

2. Click on the Update Setting button

Setting the Time Zone

To change the timezone of the switch, follow the steps below:

1. Select the proper time zone from the dropdown list next to Time Zone.

2. Click on the Update Setting button

Setting the Polling Period

To alter the polling period (how often the NTP client checks the server for the correct time), follow the steps below:

1. Enter the new polling period in the Polling Interval textbox .

2. Click on the Update Setting button

Manually Syncing Time

To set the time immediately using an NTP server, follow the steps below:

1. Enter the new polling period in the Polling Interval textbox .

2. Click on the Sync Time button in the NTP Server field

203

tBOX400-510-FL Firmware Manual

Figure 129: NTP Settings

Daylight Savings Time - Weekday Mode

To adjust the switch’s clock for Daylight Savings Time using the weekday mode, follow the steps below:

1. Select the option Weekday from the Daylight Saving Mode dropdown box.

2. Enter the value for the time offset in the Time Set Offset textbox.

3. Enter the name of the Daylight Saving Time Zone .

4. In the Weekday Box , select the month, week, day, hour, and minute for both the from and to fields. For example, if Daylight Saving Time begins on the second

Sunday in March at 2:00AM and ends on the first Sunday in November at 2:00AM,

then select the values as shown in Figure 130.

5. Click on the Update Setting button

204

tBOX400-510-FL Firmware Manual

Figure 130: Daylight Savings – Weekday Mode

Daylight Savings Time – Date Mode

To adjust th e switch’s clock for Daylight Savings Time using the date mode, follow the steps below:

1. Select the option Date from the Daylight Saving Mode dropdown box.

2. Enter the value for the time offset in the Time Set Offset textbox.

3. Enter the name of the Daylight Saving Time Zone .

4. In the Date section , select the month and enter the date, hour, and minute for both the from and to fields. For example, if Daylight Saving Time begins on March 9th at

2:00AM and ends on November 2nd at 2:00AM, then select the values as shown in

Figure 131.

5. Click on the Update Setting button

205

tBOX400-510-FL Firmware Manual

Figure 131: Daylight Savings

– Date Mode

Network Time Protocol Configuration Examples Using CLI Commands

To enable NTP on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ntp enable

To set the NTP server on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ntp server <IP Address or Host Name of NTP Server>

Usage Example: switch_a(config)# ntp server 192.168.1.126

To set the NTP polling interval on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

206

tBOX400-510-FL Firmware Manual

CLI Command Syntax: ntp polling-interval <time in minutes, 1-10080>

Usage Example: switch_a(config)# ntp polling-interval 180

To have the NTP client sync the clock immediately on the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: ntp sync-time

Usage Example: switch_a(config)# ntp sync-time

To set the current time zone for the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: clock timezone <Name of Time Zone> <UTC Offset in hh:mm format>

Usage Example: switch_a(config)# clock timezone CDT -6:00

To set the Daylight Savings Time settings using weekday mode for the Managed Switch, use the CLI commands below:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: clock summer-time <Name of Time Zone> weekday <start week number> <start day> <start month> <start hour> <start minute> <end week number> <end day>

<end hour> <end minute> <time offset in minutes>

Usage Example: switch_a(config)# clock summer-time CDT weekday 2 Sun March 2

0 1 Sun November 2 0 60

To set the Daylight Savings Time settings using date mode for the Managed Switch, use the

CLI commands below:

CLI Command Mode: Global Configuration Mode

207

tBOX400-510-FL Firmware Manual

CLI Command Syntax: clock summer-time <Name of Time Zone> date <start date> <start month>

<start hour> <start minute> <end date> <end month> <end hour> <end minute>

<time offset in minutes>

Usage Example: switch_a(config)# clock summer-time CDT date 9 March 2 0 2 November 2

0 60

GMRP

The settings in the GMRP feature controls how the switch automates the process of multicast packet forwarding, both within a single switch as wells as between switches in a bridged network. With the GMRP feature enabled, when the switch receives any GMRP multicast group registration requests from either a multicast client or a neighbor switch, the switch will register these multicast groups on these ports and will only transmit the multicast packets that belong to these groups to these ports. The switch will also automatically propagate these multicast group registrations onto the neighbor switches to allow the neighbor switches to forward the multicast packets that belong to these groups to the local switch.

To navigate to the Other Protocols / GMRP page:

1. Click on the + next to Other Protocols .

2. Click on GMRP .

General Overview

The ports on the switch can be configured with the GMRP feature in five modes:

Disabled

Normal

Fixed

Forbidden

Forward All.

208

tBOX400-510-FL Firmware Manual

GMRP Normal mode

When a port is put in GMRP Normal mode, that port can accept both multicast group registration and multicast group deregistration from the multicast client or the neighbor switch that is residing on that port. Also, the switch will propagate all the registered multicast groups on the switch to the neighbor switch residing on that port.

GMRP Fixed mode

When a port is put in GMRP Fixed mode, that port can accept group registration but will not accept any group deregistration from multicast clients or neighbor switches that reside on that port. Also, the switch will be propagating all the registered multicast groups on the switch to the neighbor switch residing on that port.

GMRP Forbidden mode

When a port is put in GMRP Forbidden mode, all multicast groups will be deregistered on that port and that port will not be accepting any further multicast group registrations. However, the switch will still be propagating all the registered multicast groups on the switch to the neighbor switch residing on that port.

GMRP Forward All mode

When a port is put in GMRP Forward All mode, all the registered multicast groups on the switch will automatically be registered to this port, so the switch will be forwarding all the multicast packets that belong to these groups to this port and this port will also be propagating all the registered multicast groups on the switch to the neighbor switch residing on that port.

GMRP Disabled mode

When a port is put in GMRP disabled mode that port will not participate in any

GMRP activities.

Enabling the GMRP Feature Globally on the Switch

To navigate to the Other Protocols / GMRP page:

1. Click on the + next to Other Protocols .

2.

Click on GMRP .

209

tBOX400-510-FL Firmware Manual

To enable the GMRP function in the switch, follow the procedure below:

1. Choose the Enable option from the dropdown list next to GMRP

2.

Click on the Update Setting

button. (See Figure 132)

210

Figure 132: GMRP Global Setting

tBOX400-510-FL Firmware Manual

Configuring the GMRP Feature Per Port

To navigate to the Other Protocols / GMRP page:

1. Click on the + next to Other Protocols .

2. Click on GMRP .

GMRP should be enabled on all the ports that could be a potential source of multicast traffic, and on the ports that are connected to multicast clients. You can also further configure each

GMRP enabled port with the particular application modes described in the below configuration.

To allow a port to dynamically receive GMRP multicast group registrations and dynamically transmit the multicast packets that belong to these multicast groups on this port configure the items listed below:

For each port that you wish to apply this application, select the Enable option from the drop-down list under the GMRP column.

For each port that you wish to apply this application, select the Normal option from the drop-down list under the GMRP Registration column.

For each port that you wish to apply this application, select the Disable option from the drop-down list under the GMRP Forward All column.

Click on the Update Setting button.

To allow a port to dynamically receive GMRP multicast group registrations and then make the multicast packets that belong to these multicast groups constantly available on this port, configure the items listed below:

For each port that you wish to apply this application, select the Enable option from the drop-down list under the GMRP column.

For each port that you wish to apply this application, select the Fixed option from the drop-down list under the GMRP Registration column.

For each port that you wish to apply this application, select the Disable option from the drop-down list under the GMRP Forward All column.

Click on the Update Setting button.

If you do not wish to transmit any multicast packets on a port based on the received GMRP multicast group registrations on that port, but would like to receive multicast packets that belong to the currently registered multicast groups on the switch on that port, configure the items listed below:

211

tBOX400-510-FL Firmware Manual

For each port that you wish to apply this application, select the Enable option from the drop-down list under the GMRP column.

For each port that you wish to apply this application, select the Forbidden option from the drop-down list under the GMRP Registration column.

For each port that you wish to apply this application, select the Disable option from the drop-down list under the GMRP Forward All column.

Click on the Update Setting button.

If you wish to transmit all the multicast packets that belong to all the currently registered multicast groups on the switch on a port, configure the items listed below:

 For each port that you wish to apply this application, select the “ Enable ” option from the drop-down list under the GMRP column.

For each port that you wish to apply this application, select the appropriate option from the drop-down list under the GMRP Registration column, according to the previous instructions.

For each port that you wish to apply this application, select the Enable option from the drop-down list under the GMRP Forward All column.

Click on the Update Setting button.

If you do not want a port to participate in the GMRP protocol, configure the items listed below:

For each port that you wish to apply this application, select the Disable option from the drop-down list under the GMRP column.

Click on the Update Setting button.

212

tBOX400-510-FL Firmware Manual

GMRP Configuration Examples Using CLI Commands

To enable or disable GMRP globally on the switch, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set gmrp enable bridge 1 set gmrp disable bridge 1

Usage Examples: switch_a(config)# set gmrp enable bridge 1 switch_a(config)# set gmrp disable bridge 1

To enable GMRP locally on a port on the switch, you must use the below CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set port gmrp enable <port id> set port gmrp disable <port id>

Usage Examples: switch_a(config)# set port gmrp enable fe1 switch_a(config)# set port gmrp disable fe1

When you enable GMRP on a port, the Registrar is in Normal mode by default.

The GMRP Registrar on a port can be configured in 3 different modes by issuing the following CLI commands

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set gmrp registration normal <port id> set gmrp registration fixed fe1 <port id> set gmrp registration forbidden <port id>

Usage Examples:

213

tBOX400-510-FL Firmware Manual switch_a(config)# set gmrp registration normal fe1 switch_a(config)# set gmrp registration fixed fe1 switch_a(config)# set gmrp registration forbidden fe1

By default when you enable GVRP on a port this feature is disabled

To enable or disable the Forward All feature on a port, use the following CLI commands:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: set gmrp fwdall enable <port id> set gmrp fwdall disable <port id>

Usage Examples: switch_a(config)# set gmrp fwdall enable fe1 switch_a(config)# set gmrp fwdall disable fe1

DHCP Server

DHCP is a TCP/IP application protocol that allows any TCP/IP device to dynamically obtain its initial TCP/IP configurations through the TCP/IP protocol itself (in this case, through the

UDP protocol). It is based on the client-server paradigm. The switch can be set up as a

DHCP server to allow any DHCP client to dynamically obtain its IP address, default router, and DNS servers.

General Overview

The switch can function as a DHCP server for a single VLAN (it can be any VLAN) on the switch. When functioning as a DHCP server, the switch can be configured with a range of IP addresses, default gateway and DNS servers, which will allow the switch to use the dynamic configuration function of the DHCP protocol to provide any TCP/IP device that is a DHCP client, to dynamically obtain an IP address, default router, and DNS servers. The DHCP server can also be configured with a lease period that the DHCP clients are allowed the use of their assigned IP address. In this simple implementation, both the DHCP Client and the

DHCP Server must be on the same network (same VLAN).

214

tBOX400-510-FL Firmware Manual

Configuring the DHCP Server

To navigate to the DHCP Server page:

1. Click on the + next to Other Protocols

2. Click on DHCP Server

(see Figure 133)

You can use the GUI to set the following DHCP server parameters:

DHCP Server Enable

DHCP VLAN.

DHCP Client Parameters o IP Address range o Subnet Mask o Default gateway o Primary and Secondary DNS.

DHCP Client lease time

To set the DHCP server parameters:

1. From the drop-down list next to DHCP Server Status, select the VLAN that will get the DHCP provided TCP/IP Parameters.

2. Enter the starting and ending IP addresses for the DHCP Client IP address range, in the text boxes next to Start IP and End IP .

3. Enter the Subnet Mask in the text box next to Subnet Mask.

4. Enter the IP address for the DHCP Client default router in the entry field next to

Gateway .

5. Enter the IP addresses for the DHCP Client primary and secondary DNS servers, in the entry field next to Primary DNS and Secondary DNS .

6. Enter the lease period in seconds, which the DHCP clients are allowed the use of their leased IP addresses, in the entry field next to Lease Time .

7.

Click on the Update Setting button.

215

tBOX400-510-FL Firmware Manual

Figure 133: DHCP Server

To check what IP addresses has been allocated to which DHCP clients:

1. Click on the DHCP Binding Table

link (see Figure 134)

2.

Click on the DHCP General Setting link to get back to the previous DHCP

configuration Web GUI page (see Figure 135).

216

tBOX400-510-FL Firmware Manual

Figure 134: DHCP Bindings

Figure 135: DHCP Binding Table

217

tBOX400-510-FL Firmware Manual

DHCP Configuration Examples Using CLI Commands

To set the DHCP server parameters:

CLI Command Mode: Global Configuration Mode

CLI Command Syntax: dhcp-server range <start IP> <end IP > dhcp-server subnet-mask <subnet mask in doted decimal notation> dhcp-server gateway <IP address> dhcp-server dns 1 <IP address> dhcp-server dns 2 <IP address> dhcp-server lease-time <0-864000>

Usage Example: switch_a(config)# dhcp-server range 192.168.7.100 192.168.7.107 switch_a(config)# dhcp-server subnet-mask 255.255.255.0 switch_a(config)# dhcp-server gateway 192.168.7.1 switch_a(config)# dhcp-server dns 1 1.2.3.4 switch_a(config)# dhcp-server dns 2 5.6.7.8 switch_a(config)# dhcp-server lease-time 86400

To enable the DHCP server and set the DHCP VLAN:

CLI Command Mode: Interface Configuration Mode

CLI Command Syntax: dhcp-server enable; no dhcp-server enable

To restart DHCP server:

CLI Command Syntax: dhcp-server restart

Usage Examples: switch_a(config)# interface vlan1.100

switch_a(config-if)# dhcp-server enable switch_a(config-if)# no dhcp-server enable

To check what IP addresses has been allocated:

CLI Command Mode: Privileged Exec Mode

CLI Command Syntax: show dhcp-server binding

218

tBOX400-510-FL Firmware Manual

Usage Example: switch_a# show dhcp-server binding

Mac Address IP-Address Expires in a4:ba:db:de:d6:2f 192.168.7.100 23 hours, 57 minutes, 15 seconds

219

advertisement

Related manuals

Download PDF

advertisement

Table of contents