ORing TGS-9120-M12 -BP2 Industrial Managed Ethernet Switch User Manual

ORing TGS-9120-M12 -BP2 Industrial Managed Ethernet Switch User Manual
Add to My manuals

Below you will find brief information for Industrial Managed Ethernet Switch TGS-9120-M12, Industrial Managed Ethernet Switch TGS-9120-M12-BP2. The ORing TGS-9120-M12 series is a managed Gigabit Ethernet switch with 12x10/100/1000Base-T(X) ports. The series consists of BP2 models (TGS-9120-M12-BP2) and non-BP2 models (TGS-9120-M12). The BP2 models provide bypass functions to ensure constant network connectivity if power outage or node failure occurs. The series supports various Ethernet redundancy protocols such as O-Ring (recovery time < 30ms over 250 units of connection), Open-Ring, O-Chain, MRP and MSTP (RSTP/STP compatible) to protect your mission-critical applications from network interruptions or temporary malfunctions. The switch can be managed centrally via Open-Vision, the Web-based interface, Telnet and console (CLI) configuration.

advertisement

Assistant Bot

Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.

ORing Industrial Managed Ethernet Switch TGS-9120-M12 User Manual | Manualzz

T G S

-

9 1 2

0

-

-

M 1 2

I

I n d u s t t r i i a l l

M a n a g e d E t t h e r n e t t S w i i t t c h

U s e r r M a n u a l l

V e r r s i i o n

1 .

.

0

S e p t t e m b e r r

,

, 2 0 1

4

w w w .

o r r i i n g n e t t w o r k i i n g .

.

c o m

TGS-9120-M12 Series User Manual

COPYRIGHT NOTICE

Copyright © 2014 ORing Industrial Networking Corp.

All rights reserved.

No part of this publication may be reproduced in any form without the prior written consent of

ORing Industrial Networking Corp.

TRADEMARKS

is a registered trademark of ORing Industrial Networking Corp.

All other trademarks belong to their respective owners.

REGULATORY COMPLIANCE STATEMENT

Product(s) associated with this publication complies/comply with all applicable regulations.

Please refer to the Technical Specifications section for more details.

WARRANTY

ORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date (5 years for most products). ORing will repair or replace products found by ORing to be defective within this warranty period, with shipment expenses apportioned by ORing and the distributor. This warranty does not cover product modifications or repairs done by persons other than ORing-approved personnel, and this warranty does not apply to ORing products that are misused, abused, improperly installed, or damaged by accidents.

Please refer to the Technical Specifications section for the actual warranty period(s) of the product(s) associated with this publication.

DISCLAIMER

Information in this publication is intended to be accurate. ORing shall not be responsible for its use or infringements on third-parties as a result of its use. There may occasionally be unintentional errors on this publication. ORing reserves the right to revise the contents of this publication without notice.

CONTACT INFORMATION

ORing Industrial Networking Corp.

3F., NO.542-2, Jhongjheng Rd., Sindian District, New Taipei City 231, Taiwan, R.O.C.

Tel: + 886 2 2218 1066 // Fax: + 886 2 2218 1014

Website: www.oring-networking.com

Technical Support

E-mail: [email protected]

Sales Contact

E-mail: [email protected]

(Headquarters) [email protected]

(China)

ORing Industrial Networking Corp

1

TGS-9120-M12 Series User Manual

Table of Content

Getting Started ............................................................................................... 6

1.1

About the TGS-9120-M12 ............................................................................................. 6

1.2

Software Features ......................................................................................................... 6

1.3

Hardware Specifications ................................................................................................ 7

Hardware Overview ........................................................................................ 8

2.1

Front Panel ..................................................................................................................... 8

2.2

Front Panel LED ............................................................................................................ 9

2.3

Bypass Technology (TGS-9120-M12-BP2 Only) ......................................................... 9

Hardware Installation ................................................................................... 11

3.1

Wall-mount Installation ................................................................................................ 11

3.2

Wiring ............................................................................................................................ 12

3.2.1

Grounding ..................................................................................................................... 13

3.2.2

Fault Relay ................................................................................................................... 13

3.2.3

Redundant Power Inputs ............................................................................................. 13

3.3

Connection ................................................................................................................... 13

3.3.1

Cables........................................................................................................................... 13

10/100/1000BASE-T(X) Pin Assignments ............................................................................... 13

Console port wiring ................................................................................................................. 15

3.3.2

O-Ring/O-Chain ........................................................................................................... 15

O-Ring .................................................................................................................................... 15

Redundancy ................................................................................................. 19

4.1

O-Ring .......................................................................................................................... 19

4.1.1

Introduction................................................................................................................... 19

4.1.2

Configurations .............................................................................................................. 19

4.2

OPEN-Ring................................................................................................................... 21

4.2.1

Introduction................................................................................................................... 21

4.2.2

Configurations .............................................................................................................. 21

4.3

O-Chain ........................................................................................................................ 22

4.3.1

Introduction................................................................................................................... 22

4.3.2

Configurations .............................................................................................................. 22

4.4

Bypass (TGS-9120-M12-BP2 Only) ........................................................................... 23

4.4.1

Introduction................................................................................................................... 23

4.4.2

Bypass & Ring Topology ............................................................................................. 24

ORing Industrial Networking Corp

2

TGS-9120-M12 Series User Manual

4.5

MRP .............................................................................................................................. 26

4.5.1

Introduction................................................................................................................... 26

4.5.2

Configurations .............................................................................................................. 26

4.6

STP/RSTP/MSTP ........................................................................................................ 27

4.6.1

STP/RSTP .................................................................................................................... 27

STP Bridge Status ..................................................................................................................... 27

STP Bridge Configurations ....................................................................................................... 29

4.6.2

MSTP ............................................................................................................................ 30

Port Settings .............................................................................................................................. 30

Mapping ..................................................................................................................................... 31

Priority ........................................................................................................................................ 33

4.6.3

CIST .............................................................................................................................. 33

4.7

Fast Recovery .............................................................................................................. 35

Management ................................................................................................. 37

5.1

Basic Settings................................................................................................. 38

5.1.1

System Information ......................................................................................... 38

5.1.2

Admin & Password ......................................................................................... 39

5.1.3

Authentication Methods .................................................................................. 40

5.1.4

IP Settings ...................................................................................................... 40

5.1.5

IPv6 Settings .................................................................................................. 41

5.1.6

Daylight Saving Time ...................................................................................... 43

5.1.7

HTTPS ........................................................................................................... 45

5.1.8

SSH ............................................................................................................... 45

5.1.9

LLDP .............................................................................................................. 46

5.1.10

NTP ........................................................................................................... 49

5.1.11

Modbus TCP .............................................................................................. 50

5.1.12

Backup/Restore Configurations .................................................................. 50

5.1.13

Firmware Update ........................................................................................ 51

5.2

DHCP Server.................................................................................................. 51

5.2.1

Basic Settings ............................................................................................ 51

5.2.2

Dynamic Client List ..................................................................................... 52

5.2.3

Client List ................................................................................................... 52

5.2.4

Relay Agent ................................................................................................ 53

5.3

Port Setting .................................................................................................... 55

5.3.1

Port Control ................................................................................................ 55

5.3.2

Port Trunk .................................................................................................. 56

5.3.4

Loop Gourd ................................................................................................ 61

ORing Industrial Networking Corp

3

TGS-9120-M12 Series User Manual

5.4

VLAN ............................................................................................................. 63

5.4.1

VLAN Membership ..................................................................................... 63

5.4.2

Port Configurations ..................................................................................... 64

Introduction of Port Types ....................................................................................... 66

Examples of VLAN Settings .................................................................................... 69

5.4.3

Private VLAN.............................................................................................. 73

5.5

SNMP............................................................................................................. 74

5.5.1

SNMP System Configurations..................................................................... 75

5.5.2

SNMP Community Configurations............................................................... 77

5.5.3

SNMP User Configurations ......................................................................... 78

5.5.4

SNMP Group Configurations ...................................................................... 79

5.5.5

SNMP View Configurations ......................................................................... 80

5.5.6

SNMP Access Configurations ..................................................................... 81

5.6

Traffic Prioritization ......................................................................................... 82

5.6.1

Storm Control ............................................................................................. 82

5.6.2

Port Classification ....................................................................................... 83

5.6.3

Port Tag Remaking ..................................................................................... 85

5.6.4

Port DSCP ................................................................................................. 85

5.6.5

Policing ...................................................................................................... 87

Queue Policing ....................................................................................................... 88

5.6.7

Scheduling and Shaping ............................................................................. 88

5.6.8

Port Scheduler ........................................................................................... 91

5.6.9

Port Shaping .............................................................................................. 92

5.6.10

DSCP-based QoS .................................................................................. 92

5.6.11

DSCP Translation ................................................................................... 93

5.6.12

DSCP Classification ............................................................................... 94

5.6.13

QoS Control List ..................................................................................... 94

Label ...................................................................................................................... 95

Description.............................................................................................................. 95

5.6.14

QoS Counters ........................................................................................ 97

5.6.15

QCL Status ............................................................................................. 97

5.7

Multicast ......................................................................................................... 98

5.7.1

IGMP Snooping .......................................................................................... 98

5.7.2

VLAN Configurations of IGMP Snooping ..................................................... 99

5.7.3

IGMP Snooping Status ............................................................................. 101

5.7.4

Groups Information of IGMP Snooping ..................................................... 101

5.8

Security ........................................................................................................ 102

ORing Industrial Networking Corp

4

TGS-9120-M12 Series User Manual

5.8.1

Remote Control Security Configurations ................................................... 102

5.8.2

Device Binding ......................................................................................... 103

5.8.3

ACL .......................................................................................................... 108

5.8.4

Authentication, Authorization, and Accounting ........................................... 120

Authentication and Accounting Server Status ........................................................ 123

Authentication and Accounting Server Statistics .................................................... 124

5.8.6

NAS (802.1x)............................................................................................ 127

5.9

Alerts ............................................................................................................ 137

5.9.1

Fault Alarm ............................................................................................... 137

5.9.2

System Warning ....................................................................................... 138

5.10

Monitor and Diag .......................................................................................... 141

5.10.1

MAC Table ........................................................................................... 141

5.10.2

Port Statistics ....................................................................................... 144

5.10.3

Port Mirroring ....................................................................................... 146

5.10.4

System Log Information........................................................................ 147

5.10.5

Cable Diagnostics ................................................................................ 148

5.10.6

SFP Monitor ......................................................................................... 149

5.10.7

Ping ..................................................................................................... 150

IPv6 Ping .............................................................................................................. 151

5.11

Synchronization ............................................................................................ 151

5.12

Troubleshooting ............................................................................................ 153

5.12.1

Factory Defaults ....................................................................................... 153

5.12.2

System Reboot ......................................................................................... 154

Command Line Management .................................................................... 155

ORing Industrial Networking Corp

5

TGS-9120-M12 Series User Manual

G

etting Started

1.1 About the TGS-9120-M12

The TGS-9120-M12 series is a managed Gigabit Ethernet switch with

12x10/100/1000Base-T(X) ports. The series consists of BP2 models (TGS-9120-M12-BP2) and non-BP2 models (TGS-9120-M12). The BP2 models provide bypass functions to ensure constant network connectivity if power outage or node failure occurs. In such situations, the device will bypass the inactive switch and continue to transfer network traffic to the next switch in the relay. The series supports various Ethernet redundancy protocols such as O-Ring

(recovery time < 30ms over 250 units of connection), Open-Ring, O-Chain, MRP and MSTP

(RSTP/STP compatible) to protect your mission-critical applications from network interruptions or temporary malfunctions. With EN50155 compliance and M12 connectors, the series is a perfect choice for tough industrial environments as the features can ensure tight, robust connections, and guarantee reliable operation against environmental disturbances, such as vibration and shock. Supporting wide operating temperature from -40 to 75 degrees, the device can be managed centrally via Open-Vision, the Web-based interface, Telnet and console (CLI) configuration.

1.2 Software Features

Supports Open-Ring interoperates with other vendors

‟ ring technology in open architecture

Supports O-Ring (recovery time < 30ms over 250 units of connection) and

MSTP(RSTP/STP compatible) for Ethernet Redundancy

Supports O-Chain that allows the device to operate in multiple redundant ring topologies

Supports standard IEC 62439-2 MRP (Media Redundancy Protocol)

Supports IEEE 1588v2 clock synchronization

Supports IPv6 new Internet protocol version

Supports Modbus TCP protocol

HTTPS/SSH protocols for higher network security

Supports IEEE 802.3az Energy-Efficient Ethernet technology

Supports SMTP client

Supports IP-based bandwidth management

Supports application-based QoS management

Supports Device Binding security

Supports DOS/DDOS auto prevention

IGMP v2/v3 (IGMP snooping support) for filtering multicast traffic

ORing Industrial Networking Corp

6

TGS-9120-M12 Series User Manual

Supports SNMP v1/v2c/v3 & RMON & 802.1Q VLAN network management

Supports ACL, TACACS+ and 802.1x user authentication

Supports 9.6K bytes Jumbo frame

Multiple notifications during unexpected events

Configuration via Web-based ,Telnet, Console (CLI), and Windows utility (Open-Vision)

Supports LLDP Protocol

1.3 Hardware Specifications

2 12x10/100/1000Base-T(X) ports

3 1 x console port

4 2 sets of bypass ports (TGS-9120-M12-BP2)

5 EN50155-compliance

6 Redundant DC power inputs

7 Operating temperature: -40 to 75 o

C

8 Storage temperature: -40 to 85 o

C

9 Operating humidity: 5% to 95%, non-condensing

10 Casing: IP-30

11 Dimensions: 260 (W) x 91.3 (D) x216 (H) mm

ORing Industrial Networking Corp

7

TGS-9120-M12 Series User Manual

H

ardware Overview

2.1 Front Panel

The device provides the following ports on the front panel. All connectors are in M12 type to ensure tight, robust connections, as well as reliable operation against environmental disturbances, such as vibration and shock.

Port

Power connector

Description

1 x power connector

Ethernet ports

12 x 10/100/1000Base-T(X) M12 ports

Console

1 x console port

Relay output

1 x relay output

Reset button

1 x reset button

ORing Industrial Networking Corp

8

TGS-9120-M12 Series User Manual

1. Reset button

2. Power 1 LED

3. Power 2 LED

4. R.M status LED

5. Ring status LED

6. Fault LED

7. Power connector

8. Gigabit Ethernet ports (G1

– G4 of BP2 model are bypass ports)

9. Link/ACT LED for Gigabit ports

10. Speed LED for Gigabit ports

11. Console port

12. Relay output

2.2 Front Panel LED

LED

PW1

PW2

R.M

Ring

Color

Green

Green

Green

Green

Status

On

On

Description

DC power module 1 activated

DC power module 2 activated

On

On

Device operating in Ring Master mode

Ring enabled

Blinking Ring structure is broken

Fault

Amber On

Errors occur (i.e. power failure or port malfunctioning)

10/100/1000Base-T(X) Ethernet ports

On

LNK/ACT

Green

Port is linked

Blinking Transmitting data

Speed

Green On

Amber On

Green/Amber Off

Port is running at 1000Mbps

Port is running at 100Mbps

Port is running at 10Mbps

2.3 Bypass Technology (TGS-9120-M12-BP2

Only)

When a device connected to other devices through a switch without bypass function, the device will lose connection if he switch loses power as traffic will not be able to flow through the link (as shown in the figure below).

ORing Industrial Networking Corp

9

TGS-9120-M12 Series User Manual

Switches with bypass functions such as the TGS-9120-M12-BP2 provide one or more sets of bypass ports that ensure constant network connectivity during power failure.

ORing Industrial Networking Corp

10

H

ardware Installation

3.1 Wall-mount Installation

TGS-9120-M12 Series User Manual

Wall-mount Measurement (Unit = mm)

Follow the steps below to mount the switch to the wall.

Step 1: Hold the switch upright against the wall

Step 2: Insert two screws through the screw holes located at the top and bottom of the unit and fasten the screw to the wall with a screwdriver.

Step 3: Slide the switch downwards and tighten the screws for added stability.

ORing Industrial Networking Corp

11

TGS-9120-M12 Series User Manual

Instead of screwing the screws in all the way, it is advised to leave a space of about 2mm to allow room for sliding the switch between the wall and the screws.

3.2 Wiring

WARNING

Do not disconnect modules or wires unless power has been switched off or the area is known to be non-hazardous. The devices may only be connected to the supply voltage shown on the type plate.

ATTENTION

1. Be sure to disconnect the power cord before installing and/or wiring your switches.

2. Calculate the maximum possible current in each power wire and common wire.

Observe all electrical codes dictating the maximum current allowable for each wire size.

3. If the current goes above the maximum ratings, the wiring could overheat, causing serious damage to your equipment.

4. Use separate paths to route wiring for power and devices. If power wiring and device wiring paths must cross, make sure the wires are perpendicular at the intersection point.

5. Do not run signal or communications wiring and power wiring through the same wire conduit. To avoid interference, wires with different signal characteristics should be routed separately.

6. You can use the type of signal transmitted through a wire to determine which wires should be kept separate. The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together

7. You should separate input wiring from output wiring

8. It is advised to label the wiring to all devices in the system

ORing Industrial Networking Corp

12

TGS-9120-M12 Series User Manual

3.2.1 Grounding

Grounding and wire routing help limit the effects of noise due to electromagnetic interference

(EMI). Run the ground connection on the power connector to the grounding surface prior to connecting devices.

3.2.2 Fault Relay

The switch uses the M12 A-coded 5-pin male connector on the front panel for relay output. Use a power cord with an M12 A-coded 5-pin female connector to connect the relay contacts from the switch. The relay contacts will detect user-configured events and form an open circuit when an event is triggered.

.

3.2.3 Redundant Power Inputs

The switch provides two sets of power supply on a M23 5-pin connector to enable dual power inputs.

Step 1: Insert a power cable to the power connector on the device.

Step 2: Rotate the outer ring of the cable connector until a snug fit is achieved. Make sure the connection is tight.

3.3 Connection

3.3.1 Cables

10/100/1000BASE-T(X) Pin Assignments

The device provides Ethernet ports in M12 connector type. According to the link type, the

ORing Industrial Networking Corp

13

TGS-9120-M12 Series User Manual switch uses CAT 3, 4, 5,5e UTP cables to connect to any other network devices (PCs, servers, switches, routers, or hubs). Please refer to the following table for cable specifications.

Cable Types and Specifications:

Cable Type Max. Length Connector

10BASE-T Cat. 3, 4, 5 100-ohm

100BASE-TX Cat. 5 100-ohm UTP

1000BASE-TX Cat. 5/Cat. 5e 100-ohm UTP

UTP 100 m (328 ft)

M12 A-coding connector

UTP 100 m (328 ft)

M12 A-coding connector

UTP 100 m (328ft)

M12 A-coding connector

Below is the pin assignment for the Ethernet ports.

10/100/1000Base-T(X) M12 port

Pin Number Assignment

#5

#6

#7

#8

#1

#2

#3

#4

BI_DC+

BI_DD+

BI_DD-

BI_DA-

BI_DB+

BI_DA+

BI_DC-

BI_DB-

The device supports auto MDI/MDI-X operation. You can use a cable to connect the switch to a

PC. The table below shows the 10/100Base-T(X) MDI and MDI-X port pin outs.

10/100 Base-T(X) MDI/MDI-X Pin Assignments:

ORing Industrial Networking Corp

14

TGS-9120-M12 Series User Manual

Pin Number

1

2

3

4

5

6

7

8

1000Base-T MDI/MDI-X Pin Assignments:

MDI port

TD+(transmit)

TD-(transmit)

RD+(receive)

Not used

Not used

RD-(receive)

Not used

Not used

MDI-X port

RD+(receive)

RD-(receive)

TD+(transmit)

Not used

Not used

TD-(transmit)

Not used

Not used

Pin Number

1

2

3

4

5

6

7

MDI port

BI_DA+

BI_DA-

BI_DB+

BI_DC+

BI_DC-

BI_DB-

BI_DD+

MDI-X port

BI_DB+

BI_DB-

BI_DA+

BI_DD+

BI_DD-

BI_DA-

BI_DC+

8 BI_DD- BI_DC-

Note:

“+” and “-” signs represent the polarity of the wires that make up each wire pair.

Console port wiring

The switch has one RS-232 (M12 5-pin) console port, located on the front panel. Use a

M12-to-DB9 console cable to connect the console port to your PC's COM port.

3.3.2 O-Ring/O-Chain

O-Ring

You can connect three or more switches to form a ring topology to gain network redundancy

ORing Industrial Networking Corp

15

TGS-9120-M12 Series User Manual capabilities through the following steps.

1. Connect each switch to form a daisy chain using an Ethernet cable.

2. Set one of the connected switches to be the master and make sure the port setting of each connected switch on the management page corresponds to the physical ports connected. For

information about the port setting, please refer to 4.1.2 Configurations.

3. Connect the last switch to the first switch to form a ring topology.

Coupling Ring

If you already have two O-Ring topologies and would like to connect the rings, you can form them into a coupling ring. All you need to do is select two switches from each ring to be connected, for example, switch A and B from Ring 1 and switch C and D from ring 2. Decide which port on each switch to be used as the coupling port and then link them together, for example, port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D.

Then, enable Coupling Ring option by checking the checkbox on the management page and select the coupling ring in correspondence to the connected port. For more information on port

setting, please refer to 4.1.2 Configurations. Once the setting is completed, one of the

connections will act as the main path while the other will act as the backup path.

ORing Industrial Networking Corp

16

TGS-9120-M12 Series User Manual

Dual Homing

If you want to connect your ring topology to a RSTP network environment, you can use dual homing. Choose two switches (Switch A & B) from the ring for connecting to the switches in the

RSTP network (core switches). The connection of one of the switches (Switch A or B) will act as the primary path, while the other will act as the backup path that is activated when the primary path connection fails.

ORing Industrial Networking Corp

17

TGS-9120-M12 Series User Manual

O-Chain

When connecting multiple O-Rings to meet your expansion demand, you can create an

O-Chain topology through the following steps.

1. Select two switches from the chain (Switch A & B) that you want to connect to the O-Ring and connect them to the switches in the ring (Switch C & D).

2. In correspondence to the port connected to the ring, configure an edge port for both of the

connected switches in the chain by checking the box in the management page (see 4.1.2

Configurations).

3. Once the setting is completed, one of the connections will act as the main path, and the other as the backup path.

ORing Industrial Networking Corp

18

TGS-9120-M12 Series User Manual

R

edundancy

Redundancy for minimized system downtime is one of the most important concerns for industrial networking devices. Hence, ORing has developed proprietary redundancy technologies including O-Ring and Open-Ring featuring faster recovery time than existing redundancy technologies widely used in commercial applications, such as STP, RSTP, and

MSTP.

ORing‟s proprietary redundancy technologies not only support different networking topologies, but also assure the reliability of the network.

4.1 O-Ring

4.1.1 Introduction

O-Ring is ORing's proprietary redundant ring technology, with recovery time of less than 30 milliseconds (in full-duplex Gigabit operation) or 10 milliseconds (in full-duplex Fast Ethernet operation) and up to 250 nodes. The ring protocols identify one switch as the master of the network, and then automatically block packets from traveling through any of the network‟s redundant loops. In the event that one branch of the ring gets disconnected from the rest of the network, the protocol automatically readjusts the ring so that the part of the network that was disconnected can reestablish contact with the rest of the network. The O-Ring redundant ring technology can protect mission-critical applications from network interruptions or temporary malfunction with its fast recover technology.

4.1.2 Configurations

O-Ring supports three ring topologies: Ring Master, Coupling Ring, and Dual Homing. You can configure the settings in the interface below.

ORing Industrial Networking Corp

19

TGS-9120-M12 Series User Manual

Label

Redundant

Ring

Description

Check to enable O-Ring topology.

Ring Master

1 st

Ring Port

2 nd

Ring Port

Coupling Ring

Coupling Port

Dual Homing

Only one ring master is allowed in a ring. However, if more than one switches are set to enable Ring Master, the switch with the lowest MAC address will be the active ring master and the others will be backup masters.

The primary port when the switch is ring master

The backup port when the switch is ring master

Check to enable Coupling Ring.

Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches. It is a good method for connecting two rings.

Ports for connecting multiple rings. A coupling ring needs four switches to build an active and a backup link.

Links formed by the coupling ports will run in active/backup mode.

Check to enable Dual Homing. When Dual Homing is enabled, the ring will be connected to normal switches through two RSTP links (ex: backbone Switch). The two links work in active/backup mode, and connect each ring to the normal switches in RSTP mode.

Click to apply the configurations.

Apply

Note: due to heavy computing loading, setting one switch as ring master and coupling ring at the same time is not recommended.

ORing Industrial Networking Corp

20

TGS-9120-M12 Series User Manual

4.2 OPEN-Ring

4.2.1 Introduction

Open-

Ring is a technology developed by ORing to enhance ORing switches‟ interoperability with other vendors‟ products. With this technology, you can add any ORing switches to the network based on other ring technologies.

4.2.2 Configurations

Label

Enable

Vender

ORing Industrial Networking Corp

Description

Check to enable Open-Ring topology

Choose the venders that you want to join in their rings

21

1 st

Ring Port

2 nd

Ring Port

TGS-9120-M12 Series User Manual

The first port to connect to the ring

The second port to connect to the ring

4.3 O-Chain

4.3.1 Introduction

O-

Chain is ORing‟s revolutionary network redundancy technology which enhances network redundancy for any backbone networks, providing ease-of-use and maximum fault-recovery swiftness, flexibility, compatibility, and cost-effectiveness in a set of network redundancy topologies. The self-healing Ethernet technology designed for distributed and complex industrial networks enables the network to recover in less than 30 milliseconds (in full-duplex

Gigabit operation) or 10 milliseconds (in full-duplex Fast Ethernet operation) for up to 250 switches if at any time a segment of the chain fails.

O-Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the most robust network topologies. It can create multiple redundant networks beyond the limitations of current redundant ring technologies.

4.3.2 Configurations

O-Chain is very easy to configure and manage. Only one edge port of the edge switch needs to be defined. Other switches beside them just need to have O-Chain enabled.

ORing Industrial Networking Corp

22

TGS-9120-M12 Series User Manual

Label

Enable

1 st

Ring Port

2 nd

Ring Port

Edge Port

Description

Check to enable O-Chain function

The first port connecting to the ring

The second port connecting to the ring

An O-Chain topology must begin with edge ports. The ports with a smaller switch MAC address will serve as the backup link and RM

LED will light up.

4.4 Bypass (TGS-9120-M12-BP2 Only)

4.4.1 Introduction

Bypass provides reliable and uninterrupted connections of inline network devices when any of the devices encounter hardware failure such as power outage. Figure 1 shows the topology consisting of switches without bypass function. When any of the devices breaks down, the network will lose connection.

Figure 1

Figure 2 shows the topology consisting of switches with bypass functions. When one of the devices is unavailable, the network traffic will bypass the inactive device and continue to flow to other active devices, ensuring consistent connections.

ORing Industrial Networking Corp

23

TGS-9120-M12 Series User Manual

Figure 2

4.4.2 Bypass & Ring Topology

Bypass provides redundancy during device failure and O-Ring provides redundancy when links are broken. Together the two will provide users with dual protection when links and devices are broken.

In a ring topology where switches are not bypass-enabled, the backup link will be activated immediately when one of the links is down, thereby ensuring uninterrupted data transmission.

However, if any inline device fails, the network will be disconnected (see below).

By using bypass-enabled switches in a ring topology, data will continue to flow to the next active switch through the same route when one or more inlay devices fail. Data will bypass the inactive switches during transmission as if they do not exist. In this case, the backup path will remain inactive and the ring topology will remain unchanged (see below).

ORing Industrial Networking Corp

24

TGS-9120-M12 Series User Manual

Fast Ethernet Networks

Fiber Networks

When a link between two switches fails following the breakdown of the switch, the backup link will be activated. Data will then be transmitted via the backup path (see below).

ORing Industrial Networking Corp

Fast Ethernet Networks

25

TGS-9120-M12 Series User Manual

Fiber Networks

Note: The maximum cable length for copper ports is 100 meters and 20km for fiber ports.

When data bypasses the inactive switch(s) to another active switch, the distance between the two active switches must be within the maximum length, otherwise transmission will fail.

4.5 MRP

4.5.1 Introduction

MRP (Media Redundancy Protocol) is an industry standard for high-availability

Ethernet networks. MRP allowing Ethernet switches in ring configuration to recover from failure rapidly to ensure seamless data transmission. A MRP ring (IEC 62439) can support up to 50 devices and will enable a back-up link in 80ms (adjustable to max. 200ms/500ms).

4.5.2 Configurations

Label

Enable

Manager

Description

Enables the MRP function

Every MRP topology needs a MRP manager. One MRP topology can only have a Manager. If two or more switches are

ORing Industrial Networking Corp

26

TGS-9120-M12 Series User Manual

React on Link Change

(Advanced mode)

1 st

Ring Port

2 nd

Ring Port

set to be Manager, the MRP topology will fail.

Faster mode. Enabling this function will cause MRP topology to converge more rapidly. This function only can be set in MRP manager switch.

Chooses the port which connects to the MRP ring

Chooses the port which connects to the MRP ring

4.6 STP/RSTP/MSTP

4.6.1 STP/RSTP

STP (Spanning Tree Protocol), and its advanced versions RSTP (Rapid Spanning Tree

Protocol) and MSTP (Multiple Spanning Tree Protocol), are designed to prevent network loops and provide network redundancy. Network loops occur frequently in large networks as when two or more paths run to the same destination, broadcast packets may get in to an infinite loop and hence causing congestion in the network. STP can identify the best path to the destination, and block all other paths. The blocked links will stay connected but inactive. When the best path fails, the blocked links will be activated. Compared to STP which recovers a link in 30 to

50 seconds, RSTP can shorten the time to 5 to 6 seconds.

STP Bridge Status

This page shows the status for all STP bridge instance.

Label

MSTI

Bridge ID

Root ID

Root Port

Root Cost

Description

The bridge instance. You can also link to the STP detailed bridge status.

The bridge ID of this bridge instance.

The bridge ID of the currently selected root bridge.

The switch port currently assigned the root port role.

Root path cost. For a root bridge, this is zero. For other bridges, it is the sum of port path costs on the least cost path to the Root

Bridge.

The current state of the Topology Change Flag for the bridge

Topology Flag

ORing Industrial Networking Corp

27

TGS-9120-M12 Series User Manual instance.

Topology Change Last

The time since last Topology Change occurred.

Refresh

Click to refresh the page immediately.

Auto-refresh

Check this box to enable an automatic refresh of the page at regular intervals.

STP Port Status

This page displays the STP port status for the currently selected switch.

Label

Port

CIST Role

State

Description

The switch port number to which the following settings will be applied.

The current STP port role of the CIST port. The values include:

AlternatePort, BackupPort, RootPort, and DesignatedPort.

The current STP port state of the CIST port. The values include:

Blocking, Learning, and Forwarding.

The time since the bridge port is last initialized

Click to refresh the page immediately.

Uptime

Refresh

Check this box to enable an automatic refresh of the page at

Auto-refresh

regular intervals.

STP Statistics

This page displays the STP port statistics for the currently selected switch.

ORing Industrial Networking Corp

28

TGS-9120-M12 Series User Manual

Label

Port

RSTP

STP

TCN

Discarded Unknown

Discarded Illegal

Refresh

Auto-refresh

Description

The switch port number to which the following settings will be applied.

The number of RSTP configuration BPDUs received/transmitted on the port

The number of legacy STP configuration BPDUs received/transmitted on the port

The number of (legacy) topology change notification BPDUs received/transmitted on the port

The number of unknown spanning tree BPDUs received (and discarded) on the port.

The number of illegal spanning tree BPDUs received (and discarded) on the port.

Click to refresh the page immediately

Check to enable an automatic refresh of the page at regular intervals

STP Bridge Configurations

Label

Protocol Version

Forward Delay

Description

The version of the STP protocol. Valid values include STP, RSTP and MSTP.

The delay used by STP bridges to transit root and designated

ORing Industrial Networking Corp

29

TGS-9120-M12 Series User Manual

Max Age

Maximum Hop Count

Transmit Hold Count

ports to forwarding (used in STP compatible mode). The range of valid values is 4 to 30 seconds.

The maximum time the information transmitted by the root bridge is considered valid. The range of valid values is 6 to 40 seconds, and Max Age must be <= (FwdDelay-1)*2.

This defines the initial value of remaining hops for MSTI information generated at the boundary of an MSTI region. It defines how many bridges a root bridge can distribute its BPDU information to. The range of valid values is 4 to 30 seconds, and

MaxAge must be <= (FwdDelay-1)*2.

The number of BPDUs a bridge port can send per second. When exceeded, transmission of the next BPDU will be delayed. The range of valid values is 1 to 10 BPDUs per second.

Click to save changes.

Save

Click to undo any changes made locally and revert to previously

Reset

saved values.

4.6.2 MSTP

Since the recovery time of STP and RSTP takes seconds, which are unacceptable in some industrial applications, MSTP was developed. The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning-tree instances, known as MSTIs, to form individual MST regions. Each switch is assigned to an

MST region. Hence, each MST region consists of one or more MSTP switches with the same

VLANs, at least one MST instance, and the same MST region name. Therefore, switches can use different paths in the network to effectively balance loads.

Port Settings

This page allows you to examine and change the configurations of current MSTI ports. A MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured and applicable for the port. The MSTI instance must be selected before MSTI port configuration options are displayed.

This page contains MSTI port settings for physical and aggregated ports. The aggregation settings are stack global.

ORing Industrial Networking Corp

30

TGS-9120-M12 Series User Manual

Label

Port

Path Cost

Priority

Save

Reset

Description

The switch port number of the corresponding STP CIST (and MSTI) port

Configures the path cost incurred by the port. Auto will set the path cost according to the physical link speed by using the

802.1D-recommended values. Specific allows you to enter a user-defined value. The path cost is used when establishing an active topology for the network. Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports. The range of valid values is 1 to 200000000.

Configures the priority for ports having identical port costs. (See above).

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

Mapping

This page allows you to examine and change the configurations of current STP MSTI bridge instance.

ORing Industrial Networking Corp

31

TGS-9120-M12 Series User Manual

Label

Configuration Name

Configuration

Revision

MSTI

VLANS Mapped

Save

Reset

Description

The name which identifies the VLAN to MSTI mapping. Bridges must share the name and revision (see below), as well as the

VLAN-to-MSTI mapping configurations in order to share spanning trees for MSTIs (intra-region). The name should not exceed 32 characters.

Revision of the MSTI configuration named above. This must be an integer between 0 and 65535.

The bridge instance. The CIST is not available for explicit mapping, as it will receive the VLANs not explicitly mapped.

The list of VLANs mapped to the MSTI. The VLANs must be separated with commas and/or space. A VLAN can only be mapped to one MSTI. An unused MSTI will be left empty (ex. without any mapped VLANs).

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

ORing Industrial Networking Corp

32

TGS-9120-M12 Series User Manual

Priority

This page allows you to examine and change the configurations of current STP MSTI bridge instance priority.

Label

MSTI

Priority

Description

The bridge instance. CIST is the default instance, which is always active.

Indicates bridge priority. The lower the value, the higher the priority. The bridge priority, MSTI instance number, and the 6-byte

MAC address of the switch forms a bridge identifier.

Click to save changes

Save

Click to undo any changes made locally and revert to previously

Reset

saved values

4.6.3 CIST

With the ability to cross regional boundaries, CIST is used by MSTP to communicate with other

MSTP regions and with any RSTP and STP single-instance spanning trees in the network. Any boundary port, that is, if it is connected to another region, will automatically belongs solely to

CIST, even if it is assigned to an MSTI. All VLANs that are not members of particular MSTIs are members of the CIST.

ORing Industrial Networking Corp

33

TGS-9120-M12 Series User Manual

Port Settings

Label

Port

STP Enabled

Path Cost

Description

The switch port number to which the following settings will be applied.

Check to enable STP for the port

Configures the path cost incurred by the port. Auto will set the path cost according to the physical link speed by using the

802.1D-recommended values. Specific allows you to enter a user-defined value. The path cost is used when establishing an active topology for the network. Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports. The range of valid values is 1 to 200000000.

Priority

Configures the priority for ports having identical port costs. (See above).

A flag indicating whether the port is connected directly to edge

OpenEdge (setate

devices or not (no bridges attached). Transiting to the forwarding

flag)

state is faster for edge ports (operEdge set to true) than other ports.

AdminEdge

AutoEdge

Restricted Role

Configures the operEdge flag to start as set or cleared.(the initial operEdge state when a port is initialized).

Check to enable the bridge to detect edges at the bridge port automatically. This allows operEdge to be derived from whether

BPDUs are received on the port or not.

When enabled, the port will not be selected as root port for CIST or any MSTI, even if it has the best spanning tree priority vector.

Such a port will be selected as an alternate port after the root port

ORing Industrial Networking Corp

34

Restricted TCN

Point2Point

Save

Reset

TGS-9120-M12 Series User Manual has been selected. If set, spanning trees will lose connectivity. It can be set by a network administrator to prevent bridges outside a core region of the network from influencing the active spanning tree topology because those bridges are not under the full control of the administrator. This feature is also known as Root Guard.

When enabled, the port will not propagate received topology change notifications and topology changes to other ports. If set, it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station location information. It is set by a network administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently.

Configures whether the port connects to a point-to-point LAN rather than a shared medium. This can be configured automatically or set to true or false manually. Transiting to forwarding state is faster for point-to-point LANs than for shared media.

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

4.7 Fast Recovery

Fast recovery mode can be set to connect multiple ports to one or more switches. The device with fast recovery mode will provide redundant links. Fast recovery mode supports 12 priorities.

Only the first priority will be the active port, and the other ports with different priorities will be backup ports.

ORing Industrial Networking Corp

35

TGS-9120-M12 Series User Manual

Label

Active port

Apply

Description

Activate fast recovery mode

Ports can be set to 12 priorities. Only the port with the highest priority will be the active port. 1st Priority is the highest.

Click to activate the configurations.

ORing Industrial Networking Corp

36

TGS-9120-M12 Series User Manual

M

anagement

The switch can be controlled via a built-in web server which supports Internet Explorer

(Internet Explorer 5.0 or above versions) and other Web browsers such as Chrome. Therefore, you can manage and configure the switch easily and remotely. You can also upgrade firmware via a Web browser. The Web management function not only reduces network bandwidth consumption, but also enhances access speed and provides a user-friendly viewing screen.

Note: By default, IE5.0 or later version do not allow Java applets to open sockets. You need to modify the browser setting separately in order to enable Java applets for network ports.

Management via Web Browser

Follow the steps below to manage your switch via a Web browser

System Login

1. Launch an Internet Explorer.

2. Type http:// and the IP address of the switch. Press Enter.

3. A login screen appears.

4. Type in the username and password. The default username and password is

admin.

5. Press Enter or click OK, the management page appears.

Note: you can use the following default values:

IP Address: 192.168.10.1

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.10.254

ORing Industrial Networking Corp

37

TGS-9120-M12 Series User Manual

User Name: admin

Password: admin

After logging in, you will see the information of the switch as below.

On the right hand side of the management interface shows links to various settings. Clicking on the links will bring you to individual configuration pages.

5.1 Basic Settings

The Basic Settings page allows you to configure the basic functions of the switch.

5.1.1 System Information

This page shows the general information of the switch.

ORing Industrial Networking Corp

38

TGS-9120-M12 Series User Manual

Label Description

System Name

An administratively assigned name for the managed node. By convention, this is the node's fully-qualified domain name. A domain name is a text string consisting of alphabets (A-Z, a-z), digits (0-9), and minus sign (-). Space is not allowed to be part of the name. The first character must be an alpha character. And the first or last character must not be a minus sign. The allowed string length is 0 to 255.

System Description

Description of the device

System Location

System Contact

The physical location of the node (e.g., telephone closet, 3rd floor). The allowed string length is 0 to 255, and only ASCII characters from 32 to 126 are allowed.

The textual identification of the contact person for this managed node, together with information on how to contact this person.

The allowed string length is 0 to 255, and only ASCII characters from 32 to 126 are allowed.

Save

Reset

Click to save changes.

Click to undo any changes made locally and revert to previously saved values.

5.1.2 Admin & Password

This page allows you to configure the system password required to access the web pages or log in from CLI.

Label

Old Password

New Password

Description

The existing password. If this is incorrect, you cannot set the new password.

The new system password. The allowed string length is 0 to 31, and only ASCII characters from 32 to 126 are allowed.

ORing Industrial Networking Corp

39

TGS-9120-M12 Series User Manual

Confirm New

Password

Re-type the new password.

Save

Click to save changes.

5.1.3 Authentication Methods

This page allows you to configure how a user is authenticated when he/she logs into the switch via one of the management interfaces.

Label

Client

Authentication

Method

Fallback

Save

Reset

Description

The management client for which the configuration below applies.

Authentication Method can be set to one of the following values:

None: authentication is disabled and login is not possible.

Local: local user database on the switch is used for authentication.

Radius: a remote RADIUS server is used for authentication.

Check to enable fallback to local authentication.

If none of the configured authentication servers are active, the local user database is used for authentication.

This is only possible if Authentication Method is set to a value other than none or local.

Click to save changes

Click to undo any changes made locally and revert to previously saved values

5.1.4 IP Settings

This page allows you to configure IP information for the switch. You can specify configure the settings manually by disabling DHCP Client. After inputting the values, click Renew and the

ORing Industrial Networking Corp

40

TGS-9120-M12 Series User Manual new values will be applied, which will be displayed under Current.

Label

DHCP Client

IP Address

IP Mask

IP Router

VLAN ID

DNS Server

Save

Reset

Description

Enable the DHCP client by checking this box. If DHCP fails or the configured IP address is zero, DHCP will retry. If DHCP retry fails,

DHCP will stop trying and the configured IP settings will be used.

Assigns the IP address of the network in use. If DHCP client function is enabled, you do not need to assign the IP address.

The network DHCP server will assign an IP address to the switch and it will be displayed in this column. The default IP is

192.168.10.1.

Assigns the subnet mask of the IP address. If DHCP client function is enabled, you do not need to assign the subnet mask.

Assigns the network gateway for the switch. The default gateway is 192.168.10.254.

Provides the managed VLAN ID. The allowed range is 1 through

4095.

Enter the IP address of the DNS server in dotted decimal notation.

Click to save changes

Click to undo any changes made locally and revert to previously saved values

5.1.5 IPv6 Settings

IPv6 is the next-generation IP that uses a 128-bit address standard. It is developed to supplement, and eventually replace the IPv4 protocol. You can configure IPv6 information of the switch on the following page.

ORing Industrial Networking Corp

41

TGS-9120-M12 Series User Manual

Label

Auto Configuration

Address

Prefix

Router

Save

Reset

Description

Check to enable IPv6 auto-configuration. If the system cannot obtain the stateless address in time, the configured IPv6 settings will be used. The router may delay responding to a router solicitation for a few seconds; therefore, the total time needed to complete auto-configuration may be much longer.

Specify an IPv6 address for the switch. IPv6 address consists of

128 bits represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in

'fe80::215:c5ff:fe03:4dc7', the symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example,

'::192.1.2.34'.

Specify an IPv6 prefix for the switch. The allowed range is 1 to

128.

Specify an IPv6 address for the switch. IPv6 address consists of

128 bits represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in

'fe80::215:c5ff:fe03:4dc7', the symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example,

'::192.1.2.34'.

Click to save changes

Click to undo any changes made locally and revert to previously saved values

ORing Industrial Networking Corp

42

5.1.6 Daylight Saving Time

TGS-9120-M12 Series User Manual

Label

Time Zone

Acronym

Description

Select an appropriate time zone from the drop down list according to the location of the device and then click Save.

You can set an acronym for the time zone for identification (up to

16 alpha-numeric characters are allowed and can contain '-', '_' or

'.')

Label Description

Daylight Saving Time

This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration. Select Disable to disable the Daylight Saving Time configuration. Select Recurring and the Daylight Saving Time

ORing Industrial Networking Corp

43

TGS-9120-M12 Series User Manual duration will repeat the configuration every year. Select

Non-Recurring and the Daylight Saving Time duration will only take effect once. ( Default is Disabled )

Recurring Configurations - Start time settings

Label Description

Month

Date

Year

Hours

Select the starting month.

Select the starting date.

Select the starting year.

Select the starting hour.

Minutes

Select the starting minute.

Recurring Configurations - Ending time settings

Label

Month

Date

Year

Hours

Select the ending month

Select the ending date

Select the ending year.

Select the ending hour

Minutes

Select the ending minute.

Recurring Configurations

– Offset settings

Label

Description

Description

Enter the number of minutes to add during Daylight Saving Time.

offset

(Range from 1 to 1440 )

Non Recurring Configurations

– Start Time settings

Label Description

Month

Date

Year

Select the starting month.

Select the starting date.

Select the starting year.

Hours

Select the starting hour.

Minutes

Select the starting minute.

Non-Recurring Configurations

– End Time settings

Label

Month

Date

Year

Select the ending month.

Select the ending date.

Select the ending year.

Description

Hours

Select the ending hour.

Minutes

Select the ending minute.

Non-Recurring Configurations

– Offset settings

ORing Industrial Networking Corp

44

TGS-9120-M12 Series User Manual

Label

Offset

Description

Enter the number of minutes to add during Daylight Saving Time.

(Range from 1 to 1440 )

5.1.7 HTTPS

You can configure the HTTPS mode in the following page.

Label

Mode

Save

Reset

Description

Indicates the selected HTTPS mode. When the current connection is HTTPS, disabling HTTPS will automatically redirect web browser to an HTTP connection. The modes include:

Enabled: enable HTTPS.

Disabled: disable HTTPS.

Click to save changes

Click to undo any changes made locally and revert to previously saved values

5.1.8 SSH

SSH (Secure Shell) is a cryptographic network protocol intended for secure data transmission and remote access by creating a secure channel between two networked PCs.

You can configure the SSH mode in the following page.

ORing Industrial Networking Corp

45

TGS-9120-M12 Series User Manual

Label

Mode

Save

Reset

Description

Indicates the selected SSH mode. The modes include:

Enabled: enable SSH.

Disabled: disable SSH.

Click to save changes

Click to undo any changes made locally and revert to previously saved values

5.1.9 LLDP

LLDP Configurations

LLDP (Link Layer Discovery Protocol) provides a method for networked devices to receive and/or transmit their information to other connected devices on the network that are also using the protocols, and to store the information that is learned about other devices. This page allows you to examine and configure current LLDP port settings.

Label

Port

Mode

Description

The switch port number to which the following settings will be applied.

Indicates the selected LLDP mode

Rx only: the switch will not send out LLDP information, but LLDP information from its neighbors will be analyzed.

Tx only: the switch will drop LLDP information received from its neighbors, but will send out LLDP information.

Disabled: the switch will not send out LLDP information, and will drop LLDP information received from its neighbors.

Enabled: the switch will send out LLDP information, and will analyze LLDP information received from its neighbors.

ORing Industrial Networking Corp

46

TGS-9120-M12 Series User Manual

LLDP Neighbor Information

This page provides a status overview for all LLDP neighbors. The following table contains information for each port on which an LLDP neighbor is detected. The columns include the following information:

Label

Local Port

Chassis ID

Remote Port ID

System Name

Port Description

System Capabilities

Description

The port that you use to transmits and receives LLDP frames.

The identification number of the neighbor sending out the LLDP frames.

The identification of the neighbor port

The name advertised by the neighbor.

The description of the port advertised by the neighbor.

Description of the neighbor's capabilities. The capabilities include:

1. Other

2. Repeater

3. Bridge

4. WLAN Access Point

5. Router

6. Telephone

7. DOCSIS Cable Device

8. Station Only

9. Reserved

When a capability is enabled, a (+) will be displayed. If the capability is disabled, a (-) will be displayed.

The neighbor's address which can be used to help network management. This may contain the neighbor's IP address.

Click to refresh the page immediately

Management

Address

Refresh

Check to enable an automatic refresh of the page at regular

Auto-refresh

intervals

Port Statistics

This page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters will apply settings to the whole switch stack, while local counters will apply settings to specified switches.

ORing Industrial Networking Corp

47

TGS-9120-M12 Series User Manual

Global Counters

Label

Neighbor entries

were last changed at

Total Neighbors

Entries Added

Total Neighbors

Entries Deleted

Total Neighbors

Entries Dropped

Total Neighbors

Entries Aged Out

Local Counters

Label

Local Port

Tx Frames

Rx Frames

Rx Errors

Frames Discarded

Description

Shows the time when the last entry was deleted or added.

Shows the number of new entries added since switch reboot

Shows the number of new entries deleted since switch reboot

Shows the number of LLDP frames dropped due to full entry table

Shows the number of entries deleted due to expired time-to-live

Description

The port that receives or transmits LLDP frames

The number of LLDP frames transmitted on the port

The number of LLDP frames received on the port

The number of received LLDP frames containing errors

If a port receives an LLDP frame, and the switch's internal table is full, the LLDP frame will be counted and discarded. This situation is known as "too many neighbors" in the LLDP standard. LLDP frames require a new entry in the table if Chassis ID or Remote

Port ID is not included in the table. Entries are removed from the table when a given port links down, an LLDP shutdown frame is

ORing Industrial Networking Corp

48

TGS-9120-M12 Series User Manual received, or when the entry ages out.

TLVs Discarded

Each LLDP frame can contain multiple pieces of information, known as TLVs (Type Length Value). If a TLV is malformed, it will be counted and discarded.

TLVs Unrecognized

The number of well-formed TLVs, but with an unknown type value

Org. Discarded

The number of organizationally TLVs received

Age-Outs

Refresh

Clear

Auto-refresh

Each LLDP frame contains information about how long the LLDP information is valid (age-out time). If no new LLDP frame is received during the age-out time, the LLDP information will be removed, and the value of the age-out counter will be incremented.

Click to refresh the page immediately

Click to clear the local counters. All counters (including global counters) are cleared upon reboot.

Check to enable an automatic refresh of the page at regular intervals

5.1.10 NTP

Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched

Label

Mode

ORing Industrial Networking Corp

Description

Indicates the NTP mode operation. Possible modes are:

49

TGS-9120-M12 Series User Manual

Server

Enabled: Enable NTP client mode operation.

Disabled: Disable NTP clinet mode operation.

Provide the IPv4 or IPv6 address of a NTP server. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, '::192.1.2.34'.

Show date value

Show time value

Date

Time

5.1.11 Modbus TCP

Modbus TCP uses TCP/IP and Ethernet to carry the data of the Modbus message structure between compatible devices. The protocol is commonly used in SCADA systems for communications between a human-machine interface (HMI) and programmable logic controllers. This page enables you to enable and disable Modbus TCP support of the switch.

Label

Mode

Description

Shows the existing status of the Modbus TCP function

5.1.12 Backup/Restore Configurations

You can save/view or load switch configurations. The configuration file is in XML format.

ORing Industrial Networking Corp

50

TGS-9120-M12 Series User Manual

5.1.13 Firmware Update

This page allows you to update the firmware of the switch.

5.2 DHCP Server

The switch provides DHCP server functions. By enabling DHCP, the switch will become a

DHCP server and dynamically assigns IP addresses and related IP information to network clients.

5.2.1 Basic Settings

This page allows you to set up DHCP settings for the switch. You can check the Enabled checkbox to activate the function. Once the box is checked, you will be able to input information in each column.

ORing Industrial Networking Corp

51

TGS-9120-M12 Series User Manual

5.2.2 Dynamic Client List

When DHCP server functions are activated, the switch will collect DHCP client information and display in the following table. You can select the entries and add them to a static table by clicking Add to static Table.

5.2.3 Client List

You can assign a specific IP address within the dynamic IP range to a specific port. When a device is connected to the port and requests for dynamic IP assigning, the switch will assign the IP address that has previously been assigned to the connected device.

ORing Industrial Networking Corp

52

TGS-9120-M12 Series User Manual

5.2.4 Relay Agent

DHCP relay is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. You can configure the function in this page.

Label

Relay Mode

Relay Server

Relay Information

Mode

Description

Indicates the existing DHCP relay mode. The modes include:

Enabled: activate DHCP relay. When DHCP relay is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations.

Disabled: disable DHCP relay

Indicates the DHCP relay server IP address. A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain.

Indicates the existing DHCP relay information mode. The format of

DHCP option 82 circuit ID format is "[vlan_id][module_id][port_no]".

The first four characters represent the VLAN ID, and the fifth and sixth characters are the module ID. In stand-alone devices, the module ID always equals to 0; in stacked devices, it means switch

ID. The last two characters are the port number. For example,

"00030108" means the DHCP message received form VLAN ID 3, switch ID 1, and port No. 8. The option 82 remote ID value equals to the switch MAC address.

The modes include:

Enabled: activate DHCP relay information. When DHCP relay information is enabled, the agent inserts specific information

(option 82) into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to

ORing Industrial Networking Corp

53

TGS-9120-M12 Series User Manual a DHCP client. It only works when DHCP relay mode is enabled.

Disabled: disable DHCP relay information

Relay Information

Policy

Indicates the policies to be enforced when receiving DHCP relay information. When DHCP relay information mode is enabled, if the agent receives a DHCP message that already contains relay agent information, it will enforce the policy. The Replace option is invalid when relay information mode is disabled. The policies includes:

Replace: replace the original relay information when a DHCP message containing the information is received.

Keep: keep the original relay information when a DHCP message containing the information is received.

Drop: drop the package when a DHCP message containing the information is received.

The relay statistics shows the information of relayed packets of the switch.

Label

Transmit to Sever

Transmit Error

Receive from Server

Receive Missing Agent

Option

Receive Missing Circuit

ID

Description

The number of packets relayed from the client to the server

The number of packets with errors when being sent to clients

The number of packets received from the server

The number of packets received without agent information

The number of packets received with Circuit ID

Receive Missing

Remote ID

The number of packets received with the Remote ID option missing.

Receive Bad Circuit ID

The number of packets whose Circuit ID do not match the known circuit ID

Receive Bad Remote ID

The number of packets whose Remote ID do not match the known Remote ID

ORing Industrial Networking Corp

54

TGS-9120-M12 Series User Manual

Label

Transmit to Client

Transmit Error

Receive from Client

Receive Agent Option

Replace Agent Option

Keep Agent Option

Drop Agent Option

Description

The number of packets relayed from the server to the client

The number of packets with errors when being sent to servers

The number of packets received from the server

The number of received packets containing relay agent information

The number of packets replaced when received messages contain relay agent information.

The number of packets whose relay agent information is retained

The number of packets dropped when received messages contain relay agent information.

5.3 Port Setting

Port Setting allows you to manage individual ports of the switch, including traffic, power, and trunks.

5.3.1 Port Control

This page shows current port configurations. Ports can also be configured here.

Label Description

ORing Industrial Networking Corp

55

TGS-9120-M12 Series User Manual

Port

The switch port number to which the following settings will be applied.

Link

The current link state is shown by different colors. Green indicates the link is up and red means the link is down.

Current Link Speed

Indicates the current link speed of the port

Configured Link

Speed

Flow Control

Maximum Frame

The drop-down list provides available link speed options for a given switch port

Auto selects the highest speed supported by the link partner

Disabled disables switch port configuration

<> configures all ports

When Auto is selected for the speed, the flow control will be negotiated to the capacity advertised by the link partner.

When a fixed-speed setting is selected, that is what is used.

Current Rx indicates whether pause frames on the port are obeyed, and Current Tx indicates whether pause frames on the port are transmitted. The Rx and Tx settings are determined by the result of the last auto-negotiation.

You can check the Configured column to use flow control. This setting is related to the setting of Configured Link Speed.

You can enter the maximum frame size allowed for the switch port in this column, including FCS. The allowed range is 1518 bytes to

9600 bytes.

Shows the current power consumption of each port in percentage.

The Configured column allows you to change power saving

Power Control

Total Power Usage

Save

Reset

Refresh

parameters for each port.

Disabled: all power savings functions are disabled

ActiPHY: link down and power savings enabled

PerfectReach: link up and power savings enabled

Enabled: both link up and link down power savings enabled

Total power consumption of the board, measured in percentage

Click to save changes

Click to undo any changes made locally and revert to previously saved values

Click to refresh the page. Any changes made locally will be undone.

5.3.2 Port Trunk

ORing Industrial Networking Corp

56

TGS-9120-M12 Series User Manual

A port trunk is a group of ports that have been grouped together to function as one logical path.

This method provides an economical way for you to increase the bandwidth between the switch and another networking device. In addition, it is useful when a single physical link between the devices is insufficient to handle the traffic load. This page allows you to configure the aggregation hash mode and the aggregation group.

Label

Destination MAC

Address

Description

Source MAC Address Calculates the destination port of the frame. You can check this box to enable the source MAC address, or uncheck to disable. By default, Source MAC Address is enabled.

Calculates the destination port of the frame. You can check this box to enable the destination MAC address, or uncheck to disable. By default, Destination MAC Address is disabled.

IP Address

TCP/UDP Port

Number

Calculates the destination port of the frame. You can check this box to enable the IP address, or uncheck to disable. By default, IP

Address is enabled.

Calculates the destination port of the frame. You can check this box to enable the TCP/UDP port number, or uncheck to disable.

By default, TCP/UDP Port Number is enabled.

Label Description

ORing Industrial Networking Corp

57

TGS-9120-M12 Series User Manual

Group ID Indicates the ID of each aggregation group. Normal means no aggregation. Only one group ID is valid per port.

Port Members Lists each switch port for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and the ports must be in the same speed in each group.

5.3.3 LACP

LACP (Link Aggregation Control Protocol) trunks are similar to static port trunks, but they are more flexible because LACP is compliant with the IEEE 802.3ad standard. Hence, it is interoperable with equipment from other vendors that also comply with the standard. This page allows you to enable LACP functions to group ports together to form single virtual links and change associated settings, thereby increasing the bandwidth between the switch and other

LACP-compatible devices.

Label

Port

LACP Enabled

Description

Indicates the ID of each aggregation group. Normal indicates there is no aggregation. Only one group ID is valid per port.

Lists each switch port for each group ID. Check to include a port in an

ORing Industrial Networking Corp

58

TGS-9120-M12 Series User Manual

Key

Role

aggregation, or clear the box to remove the port from the aggregation.

By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and the ports must be in the same speed in each group.

The Key value varies with the port, ranging from 1 to 65535. Auto will set the key according to the physical link speed (10Mb = 1, 100Mb = 2,

1Gb = 3). Specific allows you to enter a user-defined value. Ports with the same key value can join in the same aggregation group, while ports with different keys cannot.

Indicates LACP activity status. Active will transmit LACP packets every second, while Passive will wait for a LACP packet from a partner

(speak if spoken to).

Click to save changes

Save

Reset

Click to undo changes made locally and revert to previous values

LACP System Status

This page provides a status overview for all LACP instances.

Label

Aggr ID

Partner System ID

Partner Key

Last Changed

Last Changed

Refresh

Auto-refresh

LACP Status

Description

The aggregation ID is associated with the aggregation instance.

For LLAG, the ID is shown as 'isid:aggr-id' and for GLAGs as

'aggr-id'

System ID (MAC address) of the aggregation partner

The key assigned by the partner to the aggregation ID

The time since this aggregation changed.

Indicates which ports belong to the aggregation of the switch/stack. The format is: "Switch ID:Port".

Click to refresh the page immediately

Check to enable an automatic refresh of the page at regular intervals

ORing Industrial Networking Corp

59

TGS-9120-M12 Series User Manual

This page provides an overview of the LACP status for all ports.

Label

Port

LACP

Key

Aggr ID

Partner System ID

Partner Port

Refresh

Auto-refresh

LACP Statistics

ORing Industrial Networking Corp

Description

Switch port number

Yes means LACP is enabled and the port link is up. No means

LACP is not enabled or the port link is down. Backup means the port cannot join in the aggregation group unless other ports are removed. The LACP status is disabled.

The key assigned to the port. Only ports with the same key can be aggregated

The aggregation ID assigned to the aggregation group

The partner

‟s system ID (MAC address)

The partner

‟s port number associated with the port

Click to refresh the page immediately

Check to enable an automatic refresh of the page at regular intervals

60

TGS-9120-M12 Series User Manual

This page provides an overview of the LACP statistics for all ports.

Label

Port

LACP Transmitted

LACP Received

Discarded

Refresh

Auto-refresh

Description

Switch port number

The number of LACP frames sent from each port

The number of LACP frames received at each port

The number of unknown or illegal LACP frames discarded at each port.

Click to refresh the page immediately

Check to enable an automatic refresh of the page at regular intervals

Clear

5.3.4 Loop Gourd

Click to clear the counters for all ports

This feature prevents loop attack. When receiving loop packets, the port will be disabled automatically, preventing the loop attack from affecting other network devices.

ORing Industrial Networking Corp

61

TGS-9120-M12 Series User Manual

Label Description

Enable Loop Protection

Activate loop protection functions (as a whole)

Transmission Time

The interval between each loop protection PDU sent on each

Shutdown Time

port. The valid value is 1 to 10 seconds.

The period (in seconds) for which a port will be kept disabled when a loop is detected (shutting down the port). The valid value is 0 to 604800 seconds (7 days). A value of zero will keep a port disabled permanently (until the device is restarted).

Label

Port

Enable

Action

Tx Mode

Description

Switch port number

Activate loop protection functions (as a whole)

Configures the action to take when a loop is detected. Valid values include Shutdown Port, Shutdown Port, and Log or

Log Only.

Controls whether the port is actively generating loop protection

PDUs or only passively look for looped PDUs.

ORing Industrial Networking Corp

62

TGS-9120-M12 Series User Manual

5.4 VLAN

5.4.1 VLAN Membership

A VLAN is a group of end devices with a common set of requirements, independent of physical location. With the same attributes as a physical LAN, VLANs enable you to group end devices even if they are not located physically on the same LAN segment. By splitting up a network into sets of VLANs, assigning ports to individual VLANs, and defining criteria for VLAN membership for workstations connected to those ports, traffic for the same VLAN can be sent between switches.

Label

Delete

VLAN ID

VLAN Name

Port Members

Add New VLAN

ORing Industrial Networking Corp

Description

Check to delete the entry. It will be deleted during the next save.

The VLAN ID for a tagged port.

The name of the VLAN.

Check to select the ports belonging to individual VLAN.

Click to add a new VLAN ID. An empty row is added to the table, and the VLAN can be configured as needed. Valid values for a VLAN ID are 1 through 4095.

After clicking Save, the new VLAN will be enabled on the selected switch stack but contains no port members.

A VLAN without any port members on any stack will be deleted when you click Save.

Click Delete to undo the addition of new VLANs.

63

TGS-9120-M12 Series User Manual

5.4.2 Port Configurations

With port-based VLANs, the ports of a switch are simply assigned to VLANs, with no extra criteria. All devices connected to a given port automatically become members of the VLAN to which that port was assigned. In effect, this just divides a switch up into a set of independent sub-switches.

Label

Ethertype for

customer S-Ports

Port

Port type

Description

This field specifies the Ethertype used for custom S-ports. This is a global setting for all custom S-ports. Custom Ethertype enables you to change the Ethertype value on a port to any value to support network devices that do not use the standard 0x8100

Ethertype field value on 802.1Q-tagged or 802.1p-tagged frames.

When Port Type is set to S-custom-port, the EtherType (also known as TPID) of all frames received on the port is changed to the specified value. By default, the EtherType is set to 0x88a8

(IEEE 802.1ad)

The switch port to which the following settings will be applied.

Port can be one of the following types: Unaware, Customer

(C-port), Service (S-port), Custom Service (S-custom-port).

C-port: each frame is assigned to the VLAN indicated in the

ORing Industrial Networking Corp

64

Ingress Filtering

Frame Type

Port VLAN Mode

TGS-9120-M12 Series User Manual

VLAN tag, and the tag is removed.

S-port: the EtherType of all received frames is changed to

0x88a8 to indicate that double-tagged frames are being forwarded across the switch. The switch will pass these frames on to the VLAN indicated in the outer tag. It will not strip the outer tag, nor change any components of the tag other than the

EtherType field.

S-custom-port: the EtherType of all received frames is changed to value set in the Ethertype for Custom S-ports field to indicate that double-tagged frames are being forwarded across the switch.

The switch will pass these frames on to the VLAN indicated in the outer tag. It will not strip the outer tag, nor change any components of the tag other than the EtherType field.

Unaware: all frames are classified to the Port VLAN ID and tags are not removed

Enable ingress filtering on a port by checking the box. This parameter affects VLAN ingress processing. If ingress filtering is enabled and the ingress port is not a member of the classified

VLAN of the frame, the frame will be discarded. By default, ingress filtering is disabled (no check mark).

Determines whether the port accepts all frames or only tagged/untagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on the port will be discarded. By default, the field is set to All.

The allowed values are None or Specific. This parameter affects

VLAN ingress and egress processing.

If None is selected, a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port. This mode is normally used for ports connected to VLAN-aware switches. Tx tag should be set to Untag_pvid when this mode is used.

If Specific (the default value) is selected, a port VLAN ID can be configured (see below). Untagged frames received on the port are classified to the port VLAN ID. If VLAN awareness is disabled, all frames received on the port are classified to the port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID, a VLAN tag with the classified

ORing Industrial Networking Corp

65

TGS-9120-M12 Series User Manual

VLAN ID will be inserted in the frame.

Port VLAN ID

Tx Tag

Configures the VLAN identifier for the port. The allowed range of the values is 1 through 4095. The default value is 1.

Note: The port must be a member of the same VLAN as the port

VLAN ID.

Determines egress tagging of a port. Untag_pvid: all VLANs except the configured PVID will be tagged. Tag_all: all VLANs are tagged. Untag_all: all VLANs are untagged.

Introduction of Port Types

Below is a detailed description of each port type, including Unaware, C-port, S-port, and

S-custom-port.

Ingress action Egress action

Unaware

The function of

Unaware can be used for

802.1QinQ

(double tag).

C-port

S-port

When the port receives untagged frames, an The TPID of a frame untagged frame obtains a tag (based on PVID) transmitted by and is forwarded.

When the port receives tagged frames:

Unaware port will be set to 0x8100.

1. If the tagged frame contains a TPID of The final status of the

0x8100, it will become a double-tag frame and frame after egressing will be forwarded. will also be affected by

2. If the TPID of tagged frame is not 0x8100 the Egress Rule.

(ex. 0x88A8), it will be discarded.

When the port receives untagged frames, an The TPID of a frame untagged frame obtains a tag (based on PVID) transmitted by C-port and is forwarded.

When the port receives tagged frames: will be set to 0x8100.

1. If the tagged frame contains a TPID of

0x8100, it will be forwarded.

2. If the TPID of tagged frame is not 0x8100

(ex. 0x88A8), it will be discarded.

When the port receives untagged frames, an The TPID of a frame untagged frame obtains a tag (based on PVID) transmitted by S-port and is forwarded.

When the port receives tagged frames: will be set to 0x88A8.

1. If the tagged frame contains a TPID of

0x8100, it will be forwarded.

ORing Industrial Networking Corp

66

TGS-9120-M12 Series User Manual

2. If the TPID of tagged frame is not 0x88A8

(ex. 0x8100), it will be discarded.

S-custom-port When the port receives untagged frames, an The TPID of a frame untagged frame obtains a tag (based on PVID) transmitted by and is forwarded.

When the port receives tagged frames:

S-custom-port will be set to a

1. If the tagged frame contains a TPID of self-customized value,

0x8100, it will be forwarded. which can be set by

2. If the TPID of tagged frame is not 0x88A8 the user via Ethertype

(ex. 0x8100), it will be discarded.

Below are the illustrations of different port types:

for Custom S-ports.

ORing Industrial Networking Corp

67

TGS-9120-M12 Series User Manual

ORing Industrial Networking Corp

68

Examples of VLAN Settings

VLAN Access Mode:

TGS-9120-M12 Series User Manual

Switch A

,

Port 7 is VLAN Access mode = Untagged 20

Port 8 is VLAN Access mode = Untagged 10

Below are the switch settings.

ORing Industrial Networking Corp

69

VLAN 1Q Trunk Mode:

TGS-9120-M12 Series User Manual

Switch B

,

Port 1 = VLAN 1Qtrunk mode = tagged 10, 20

Port 2 = VLAN 1Qtrunk mode = tagged 10, 20

Below are the switch settings.

ORing Industrial Networking Corp

70

VLAN Hybrid Mode:

Port 1 VLAN Hybrid mode = untagged 10

Tagged 10, 20

Below are the switch settings.

TGS-9120-M12 Series User Manual

ORing Industrial Networking Corp

71

TGS-9120-M12 Series User Manual

VLAN QinQ Mode:

VLAN QinQ mode is usually adopted when there are unknown VLANs, as shown in the figure below

.

VLAN “X” = Unknown VLAN

9000 Series Port 1 VLAN Settings:

VLAN ID Settings

When setting the management VLAN, only the same VLAN ID port can be used to control the switch.

ORing Industrial Networking Corp

72

9000 Series VLAN Settings:

TGS-9120-M12 Series User Manual

5.4.3 Private VLAN

A private VLAN contains switch ports that can only communicate with a given "uplink". The restricted ports are called private ports. Each private VLAN typically contains many private ports and a single uplink. The switch forwards all frames received on a private port out the uplink port, regardless of VLAN ID or destination MAC address. A port must be a member of both a VLAN and a private VLAN to be able to forward packets. This page allows you to configure private VLAN memberships for the switch. By default, all ports are VLAN unaware and members of VLAN 1 and private VLAN 1.

Label

Delete

Private VLAN ID

MAC Address

Port Members

Description

Check to delete the entry. It will be deleted during the next save.

Indicates the ID of this particular private VLAN.

The MAC address for the entry.

A row of check boxes for each port is displayed for each private

VLAN ID. You can check the box to include a port in a private

ORing Industrial Networking Corp

73

TGS-9120-M12 Series User Manual

VLAN. To remove or exclude the port from the private VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked.

Adding a New Static

Entry

Click Add new Private VLAN to add a new private VLAN ID. An empty row is added to the table, and the private VLAN can be configured as needed. The allowed range for a private VLAN ID is the same as the switch port number range. Any values outside this range are not accepted, and a warning message appears.

Click OK to discard the incorrect entry, or click Cancel to return to the editing and make a correction.

The private VLAN is enabled when you click Save.

The Delete button can be used to undo the addition of new private VLANs.

A private VLAN is defined as a pairing of a primary VLAN with a secondary VLAN. A promiscuous port is a port that can communicate with all other private VLAN port types via the primary VLAN and any associated secondary VLANs, whereas isolated ports can communicate only with a promiscuous port.

Label

Port Members

Description

A check box is provided for each port of a private VLAN.

When checked, port isolation is enabled for that port.

When unchecked, port isolation is disabled for that port.

By default, port isolation is disabled for all ports.

5.5 SNMP

SNMP (Simple Network Management Protocol) is a protocol for managing devices on IP networks. It is mainly used network management systems to monitor the operational status of

ORing Industrial Networking Corp

74

TGS-9120-M12 Series User Manual networked devices. In an event-triggered situation, traps and notifications will be sent to administrators.

5.5.1 SNMP System Configurations

Label

Mode

Version

Read Community

Write Community

Engine ID

Description

Indicates existing SNMP mode. Possible modes include:

Enabled: enable SNMP mode

Disabled: disable SNMP mode

Indicates the supported SNMP version. Possible versions include:

SNMP v1: supports SNMP version 1.

SNMP v2c: supports SNMP version 2c.

SNMP v3: supports SNMP version 3.

Indicates the read community string to permit access to SNMP agent.

The allowed string length is 0 to 255, and only ASCII characters from

33 to 126 are allowed.

The field only suits to SNMPv1 and SNMPv2c. SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table.

Indicates the write community string to permit access to SNMP agent. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed.

The field only suits to SNMPv1 and SNMPv2c. SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table.

Indicates the SNMPv3 engine ID. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-'F's are not allowed. Change of the Engine ID will clear all original local users.

ORing Industrial Networking Corp

75

TGS-9120-M12 Series User Manual

Label

Trap Mode

Trap Version

Trap Community

Trap Destination

Address

Trap Destination

IPv6 Address

Trap

Authentication

Failure

Description

Indicates existing SNMP trap mode. Possible modes include:

Enabled: enable SNMP trap mode

Disabled: disable SNMP trap mode

Indicates the supported SNMP trap version. Possible versions include:

SNMP v1: supports SNMP trap version 1

SNMP v2c: supports SNMP trap version 2c

SNMP v3: supports SNMP trap version 3

Indicates the community access string when sending SNMP trap packets. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed.

Indicates the SNMP trap destination address

Provides the trap destination IPv6 address of this switch. IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in 'fe80::215:c5ff:fe03:4dc7', the symbol '::' is a special syntax that can be used as a shorthand way of representing multiple

16-bit groups of contiguous zeros; but it can only appear once. It also uses a following legally IPv4 address. For example, '::192.1.2.34'.

Indicates the SNMP entity is permitted to generate authentication failure traps. Possible modes include:

Enabled: enable SNMP trap authentication failure

ORing Industrial Networking Corp

76

TGS-9120-M12 Series User Manual

Trap Link-up and

Link-down

Trap Inform Mode

Disabled: disable SNMP trap authentication failure

Indicates the SNMP trap link-up and link-down mode. Possible modes include:

Enabled: enable SNMP trap link-up and link-down mode

Disabled: disable SNMP trap link-up and link-down mode

Indicates the SNMP trap inform mode. Possible modes include:

Enabled: enable SNMP trap inform mode

Disabled: disable SNMP trap inform mode

Configures the SNMP trap inform timeout. The allowed range is 0 to

2147.

Trap Inform

Timeout(seconds)

Trap Inform Retry

Times

Configures the retry times for SNMP trap inform. The allowed range is 0 to 255.

5.5.2 SNMP Community Configurations

You can define access to the SNMP data on your devices by creating one or more SNMP communities. An SNMP community is the group that devices and management stations running SNMP belong to. It helps define where information is sent. A SNMP device or agent may belong to more than one SNMP community. It will not respond to requests from management stations that do not belong to one of its communities. This page allows you to configure SNMPv3 community table. The entry index key is Community.

Label

Delete

Community

Source IP

Source Mask

Description

Check to delete the entry. It will be deleted during the next save.

Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed.

Indicates the SNMP source address

Indicates the SNMP source address mask

ORing Industrial Networking Corp

77

TGS-9120-M12 Series User Manual

5.5.3 SNMP User Configurations

Each SNMP user has a specified username, a group to which the user belongs, authentication password, authentication protocol, privacy protocol, and privacy password.

When you create a user, you must associate it with an SNMP group. The user then inherits the security model of the group. This page allows you to configure the SNMPv3 user table. The entry index keys are Engine ID and User Name.

Label

Delete

Engine ID

User Name

Security Level

Description

Check to delete the entry. It will be deleted during the next save.

An octet string identifying the engine ID that this entry should belong to. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-'F's are not allowed. The

SNMPv3 architecture uses User-based Security Model (USM) for message security and View-based Access Control Model (VACM) for access control. For the USM entry, the usmUserEngineID and

usmUserName are the entry keys. In a simple agent, usmUserEngineID is always that agent's own snmpEngineID value.

The value can also take the value of the snmpEngineID of a remote

SNMP engine with which this user can communicate. In other words, if user engine ID is the same as system engine ID, then it is local user; otherwise it's remote user.

A string identifying the user name that this entry should belong to.

The allowed string length is 1 to 32, and only ASCII characters from

33 to 126 are allowed.

Indicates the security model that this entry should belong to. Possible security models include:

NoAuth, NoPriv: no authentication and none privacy

Auth, NoPriv: Authentication and no privacy

Auth, Priv: Authentication and privacy

The value of security level cannot be modified if the entry already exists, which means the value must be set correctly at the time of entry creation.

ORing Industrial Networking Corp

78

TGS-9120-M12 Series User Manual

Authentication

Protocol

Authentication

Password

Privacy Protocol

Privacy Password

Indicates the authentication protocol that this entry should belong to.

Possible authentication protocols include:

None: no authentication protocol

MD5: an optional flag to indicate that this user is using MD5 authentication protocol

SHA: an optional flag to indicate that this user is using SHA authentication protocol

The value of security level cannot be modified if the entry already exists, which means the value must be set correctly at the time of entry creation.

A string identifying the authentication pass phrase. For MD5 authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string length is 8 to 40. Only

ASCII characters from 33 to 126 are allowed.

Indicates the privacy protocol that this entry should belong to.

Possible privacy protocols include:

None: no privacy protocol

DES: an optional flag to indicate that this user is using DES authentication protocol

A string identifying the privacy pass phrase. The allowed string length is 8 to 32, and only ASCII characters from 33 to 126 are allowed.

5.5.4 SNMP Group Configurations

An SNMP group is an access control policy for you to add users. Each SNMP group is configured with a security model, and is associated with an SNMP view. A user within an

SNMP group should match the security model of the SNMP group. These parameters specify what type of authentication and privacy a user within an SNMP group uses. Each SNMP group name and security model pair must be unique. This page allows you to configure the SNMPv3 group table. The entry index keys are Security Model and Security Name.

ORing Industrial Networking Corp

79

TGS-9120-M12 Series User Manual

Label

Delete

Security Model

Security Name

Description

Check to delete the entry. It will be deleted during the next save.

Indicates the security model that this entry should belong to. Possible security models included:

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

usm: User-based Security Model (USM).

A string identifying the security name that this entry should belong to.

The allowed string length is 1 to 32, and only ASCII characters from

33 to 126 are allowed.

Group Name

A string identifying the group name that this entry should belong to.

The allowed string length is 1 to 32, and only ASCII characters from

33 to 126 are allowed.

5.5.5 SNMP View Configurations

The SNMP v3 View table specifies the MIB object access requirements for each View Name.

You can specify specific areas of the MIB that can be accessed or denied based on the entries or create and delete entries in the View table in this page. The entry index keys are View

Name and OID Subtree.

ORing Industrial Networking Corp

80

TGS-9120-M12 Series User Manual

Label

Delete

View Name

View Type

OID Subtree

Description

Check to delete the entry. It will be deleted during the next save.

A string identifying the view name that this entry should belong to.

The allowed string length is 1 to 32, and only ASCII characters from

33 to 126 are allowed.

Indicates the view type that this entry should belong to. Possible view types include:

Included: an optional flag to indicate that this view subtree should be included.

Excluded: An optional flag to indicate that this view subtree should be excluded.

Generally, if an entry's view type is Excluded, it should exist another entry whose view type is Included, and its OID subtree oversteps the Excluded entry.

The OID defining the root of the subtree to add to the named view.

The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk (*).

5.5.6 SNMP Access Configurations

This page allows you to configure SNMPv3 access table. The entry index keys are Group

Name, Security Model, and Security Level.

Label

Delete

Group Name

Security Model

Description

Check to delete the entry. It will be deleted during the next save.

A string identifying the group name that this entry should belong to.

The allowed string length is 1 to 32, and only ASCII characters from

33 to 126 are allowed.

Indicates the security model that this entry should belong to. Possible security models include:

any: Accepted any security model (v1|v2c|usm).

v1: Reserved for SNMPv1.

v2c: Reserved for SNMPv2c.

ORing Industrial Networking Corp

81

TGS-9120-M12 Series User Manual

Security Level

Read View Name

Write View Name

usm: User-based Security Model (USM).

Indicates the security model that this entry should belong to. Possible security models include:

NoAuth, NoPriv: no authentication and no privacy

Auth, NoPriv: Authentication and no privacy

Auth, Priv: Authentication and privacy

The name of the MIB view defining the MIB objects for which this request may request the current values. The allowed string length is

1 to 32, and only ASCII characters from 33 to 126 are allowed.

The name of the MIB view defining the MIB objects for which this request may potentially SET new values. The allowed string length is

1 to 32, and only ASCII characters from 33 to 126 are allowed.

5.6 Traffic Prioritization

5.6.1 Storm Control

A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configuration, or users issuing a denial-of-service attack can cause a storm. Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port. In this page, you can specify the rate at which packets are received for unicast, multicast, and broadcast traffic. The unit of the rate can be either pps (packets per second) or kpps (kilopackets per second).

Note: frames sent to the CPU of the switch are always limited to approximately 4 kpps. For example, broadcasts in the management VLAN are limited to this rate. The management

VLAN is configured on the IP setup page.

Label

Frame Type

Description

Frame types supported by the Storm Control function, including

ORing Industrial Networking Corp

82

TGS-9120-M12 Series User Manual

Unicast, Multicast, and Broadcast.

Status

Enables or disables the given frame type

The rate is packet per second (pps), configure the rate as 1K, 2K,

4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, or 1024K.

Rate

The 1 kpps is actually 1002.1 pps.

5.6.2 Port Classification

QoS (Quality of Service) is a method to achieve efficient bandwidth utilization between devices by prioritizing frames according to individual requirements and transmit the frames based on their importance. Frames in higher priority queues receive a bigger slice of bandwidth than those in a lower priority queue.

Label

Port

QoS Class

Description

The port number for which the configuration below applies

Controls the default QoS class

All frames are classified to a QoS class. There is a one to one mapping between QoS class, queue, and priority. A QoS class of

0 (zero) has the lowest priority.

If the port is VLAN aware and the frame is tagged, then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below. Otherwise the frame is classified to the

ORing Industrial Networking Corp

83

DP level

PCP

DEI

Tag Class

TGS-9120-M12 Series User Manual default QoS class.

PCP value: 0 1 2 3 4 5 6 7

QoS class: 1 0 2 3 4 5 6 7

If the port is VLAN aware, the frame is tagged, and Tag Class is enabled, then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default QoS class.

The classified QoS class can be overruled by a QCL entry.

Note: if the default QoS class has been dynamically changed, then the actual default QoS class is shown in parentheses after the configured default QoS class.

Controls the default Drop Precedence Level

All frames are classified to a DP level.

If the port is VLAN aware and the frame is tagged, then the frame is classified to a DP level that is equal to the DEI value in the tag.

Otherwise the frame is classified to the default DP level.

If the port is VLAN aware, the frame is tagged, and Tag Class is enabled, then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default DP level.

The classified DP level can be overruled by a QCL entry.

Controls the default PCP value

All frames are classified to a PCP value.

If the port is VLAN aware and the frame is tagged, then the frame is classified to the PCP value in the tag. Otherwise the frame is classified to the default PCP value.

Controls the default DEI value

All frames are classified to a DEI value.

If the port is VLAN aware and the frame is tagged, then the frame is classified to the DEI value in the tag. Otherwise the frame is classified to the default DEI value.

Shows the classification mode for tagged frames on this port

Disabled: Use default QoS class and DP level for tagged frames

Enabled: Use mapped versions of PCP and DEI for tagged frames

Click on the mode to configure the mode and/or mapping

Note: this setting has no effect if the port is VLAN unaware.

ORing Industrial Networking Corp

84

TGS-9120-M12 Series User Manual

Tagged frames received on VLAN-unaware ports are always classified to the default QoS class and DP level.

DSCP Based

Click to enable DSCP-based QoS Ingress Port Classification

5.6.3 Port Tag Remaking

You can set QoS egress queues on a port such as classifying data and marking it according to its priority and the policies. Packets will then travel across the switch‟s internal paths carrying their assigned QoS tag markers. At the egress port, these markers are read and used to determine which queue each data packet is forwarded to. When the traffic does not conform to the conditions set in a policer command, you can remark the traffic.

Label

Port

Description

The switch port number to which the following settings will be applied. Click on the port number to configure tag remarking

Mode

Shows the tag remarking mode for this port

Classified: use classified PCP/DEI values

Default: use default PCP/DEI values

Mapped: use mapped versions of QoS class and DP level

5.6.4 Port DSCP

DSCP (Differentiated Services Code Point) is a measure of QoS. It can classify data packets by using the 6-bit DS field in the IP header so you can manage each traffic class differently and efficiently, thereby achieving optimized use of network bandwidth. DSCP-enabled routers on the network will read the DSCP value of the data packet and put the packet into different queues before transmission, such as high priority and most efficient transmission. With such

QoS functions, you can ensure low-latency for critical traffic. This page allows you to configure

ORing Industrial Networking Corp

85

DSCP settings for each port.

TGS-9120-M12 Series User Manual

Label

Port

Ingress

Egress

Description

Shows the list of ports for which you can configure DSCP Ingress and Egress settings.

In Ingress settings you can change ingress translation and classification settings for individual ports.

There are two configuration parameters available in Ingress:

Translate: check to enable the function

Classify: includes four values

Disable: no Ingress DSCP classification

DSCP=0: classify if incoming (or translated if enabled) DSCP is 0.

Selected: classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific

DSCP.

All: classify all DSCP

Port egress rewriting can be one of the following options:

Disable: no Egress rewrite

Enable: rewrite enabled without remapping

Remap DP Unaware: DSCP from the analyzer is remapped and

ORing Industrial Networking Corp

86

TGS-9120-M12 Series User Manual the frame is remarked with a remapped DSCP value. The remapped DSCP value is always taken from the 'DSCP

Translation->Egress Remap DP0' table.

Remap DP Aware: DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value. Depending on the DP level of the frame, the remapped DSCP value is either taken from the 'DSCP Translation->Egress Remap DP0' table or from the 'DSCP Translation->Egress Remap DP1' table.

5.6.5 Policing

Policing is a traffic regulation mechanism for limiting the rate of traffic streams, thereby controlling the maximum rate of traffic sent or received on an interface. When the traffic rate exceeds the configured maximum rate, policing drops or remarks the excess traffic. This page allows you to configure Policer for all switch ports.

Port Policing

Label

Port

Enable

Rate

Description

ORing Industrial Networking Corp

The port number for which the configuration below applies

Check to enable the policer for individual switch ports

Configures the rate of each policer. The default value is 500. This

87

TGS-9120-M12 Series User Manual

Unti

Flow Control

Queue Policing

value is restricted to 100 to 1000000 when the Unit is kbps or

fps, and is restricted to 1 to 3300 when the Unit is Mbps or kfps.

Configures the unit of measurement for each policer rate as kbps,

Mbps, fps, or kfps. The default value is kbps.

If Flow Control is enabled and the port is in Flow Control mode, then pause frames are sent instead of being discarded.

Label

Port

Enable(E)

Rate

Description

The port number for which the configuration below applies.

Check to enable queue policer for individual switch ports

Configures the rate of each queue policer. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps, and is restricted to 1 to 3300 when the Unit is Mbps.

This field is only shown if at least one of the queue policers is enabled.

Unit

Configures the unit of measurement for each queue policer rate as kbps or Mbps. The default value is kbps.

This field is only shown if at least one of the queue policers is enabled.

5.6.7 Scheduling and Shaping

Port scheduling can solve performance degradation during network congestions. The schedulers allow switches to maintain separate queues for packets from each source and prevent specific traffic to use up all bandwidth. This page allows you to configure Scheduler and Shapers for individual ports.

QoS Egress Port Scheduler and Shaper

Strict Priority

Strict Priority uses queues based only priority. When traffic arrives the device, traffic on the

ORing Industrial Networking Corp

88

TGS-9120-M12 Series User Manual highest priority queue will be transmitted first, followed by traffic on lower priorities. If there is always some content in the highest priority queue, then the other packets in the rest of queues will not be sent until the highest priority queue is empty. The SP algorithm is preferred when the received packets contain high priority data, such as voice and video.

Label

Scheduler Mode

Queue Shaper

Enable

Description

Two scheduling modes are available: Strict Priority or Weighted

Check to enable queue shaper for individual switch ports

Queue Shaper Rate

Queues Shaper Unit

Configures the rate of each queue shaper. The default value is

500. This value is restricted to 100 to 1000000 whn the Unit is

kbps", and it is restricted to 1 to 3300 when the Unit is Mbps.

Configures the rate for each queue shaper. The default value is

500. This value is restricted to 100 to 1000000 when the Unit is

kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.

ORing Industrial Networking Corp

89

TGS-9120-M12 Series User Manual

Queue Shaper

Excess

Allows the queue to use excess bandwidth

Port Shaper Enable

Check to enable port shaper for individual switch ports

Configures the rate of each port shaper. The default value is 500

Port Shaper Rate

This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.

Port Shaper Unit

Configures the unit of measurement for each port shaper rate as

kbps or Mbps. The default value is kbps.

Weighted

Weighted scheduling will deliver traffic on a rotating basis. It can guarantee each queue

‟s minimum bandwidth based on their bandwidth weight when there is traffic congestion. Only when a port has more traffic than it can handle will this mode be activated. A queue is given an amount of bandwidth regardless of the incoming traffic on that port. Queue with larger weights will have more guaranteed bandwidth than others with smaller weights.

ORing Industrial Networking Corp

90

TGS-9120-M12 Series User Manual

Label

Scheduler Mode

Queue Shaper

Enable

Description

Two scheduling modes are available: Strict Priority or Weighted

Check to enable queue shaper for individual switch ports

Queue Shaper Rate

Queues Shaper Unit

Configures the rate of each queue shaper. The default value is

500. This value is restricted to 100 to 1000000 when the Unit is

kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.

Configures the rate of each queue shaper. The default value is

500. This value is restricted to 100 to 1000000 when the Unit" is

kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.

Queue Shaper

Excess

Allows the queue to use excess bandwidth

Queue Scheduler

Weight

Configures the weight of each queue. The default value is 17.

This value is restricted to 1 to 100. This parameter is only shown if

Scheduler Mode is set to Weighted.

Queue Scheduler

Percent

Shows the weight of the queue in percentage. This parameter is only shown if Scheduler Mode is set to Weighted.

Port Shaper Enable

Check to enable port shaper for individual switch ports

Port Shaper Rate

Configures the rate of each port shaper. The default value is 500.

This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.

Configures the unit of measurement for each port shaper rate as

Port Shaper Unit

kbps or Mbps. The default value is kbps.

5.6.8 Port Scheduler

This page provides an overview of QoS Egress Port Schedulers for all switch ports.

Label

Port

Description

ORing Industrial Networking Corp

The switch port number to which the following settings will be

91

TGS-9120-M12 Series User Manual applied.

Click on the port number to configure the schedulers

Mode

Shows the scheduling mode for this port

Qn

Shows the weight for this queue and port

5.6.9 Port Shaping

Port shaping enables you to limit traffic on a port, thereby controlling the amount of traffic passing through the port. With port shaping, you can shape the aggregate traffic through an interface to a rate that is less than the line rate for that interface. When configuring port shaping on an interface, you specify a value indicating the maximum amount of traffic allowable for the interface. This value must be less than the maximum bandwidth for that interface.

Label

Port

Description

The switch port number to which the following settings will be applied. Click on the port number to configure the shapers

Shows disabled or actual queue shaper rate - e.g. "800 Mbps"

Mode

Q0~Q7

Shows disabled or actual port shaper rate - e.g. "800 Mbps"

5.6.10 DSCP-based QoS

This page allows you to configure DSCP-based QoS Ingress Classification settings for all ports.

ORing Industrial Networking Corp

92

TGS-9120-M12 Series User Manual

Label

DSCP

Trust

Description

Maximum number of supported DSCP values is 64

Check to trust a specific DSCP value. Only frames with trusted

DSCP values are mapped to a specific QoS class and drop precedence level. Frames with untrusted DSCP values are treated as a non-IP frame.

QoS Class

DPL

QoS class value can be any number from 0-7.

Drop Precedence Level (0-1)

5.6.11 DSCP Translation

This page allows you to configure basic QoS DSCP translation settings for all switches. DSCP translation can apply to Ingress or Egress.

Label

DSCP

Ingress

Description

Maximum number of supported DSCP values is 64 and valid

DSCP value ranges from 0 to 63.

Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map.

There are two configuration parameters for DSCP Translation -

1. Translate: Enables ingress translation of DSCP values based on the specified classification method. DSCP can be translated to any of (0-63) DSCP values.

ORing Industrial Networking Corp

93

TGS-9120-M12 Series User Manual

Egress

2. Classify: Enable Classification at ingress side as defined in the

QoS Port DSCP Configuration table.

Configurable engress parameters include;

Remap DP0: R e-maps DP0 field to selected DSCP value. DP0 indicates a drop precedence with a low priority. You can select the

DSCP value from a selected menu to which you want to remap.

DSCP value ranges from 0 to 63.

Remap DP1: Re-maps DP1 field to selected DSCP value. DP1 indicates a drop precedence with a high priority. You can select the DSCP value from a selected menu to which you want to remap. DSCP value ranges from 0 to 63.

5.6.12 DSCP Classification

This page allows you to configure the mapping of QoS class and Drop Precedence Level to

DSCP value.

Label

QoS Class

DPL

Description

Actual QoS class

Actual Drop Precedence Level

DSCP

Select the classified DSCP value (0-63)

5.6.13 QoS Control List

This page shows all the QCE (Quality Control Entries) for a given QCL. You can edit or ad new

QoS control entries in this page. A QCE consists of several parameters. These parameters vary with the frame type you select.

ORing Industrial Networking Corp

94

TGS-9120-M12 Series User Manual

Label

Port Members

Key Parameters

Any

Ethernet

Description

Check to include the port in the QCL entry. By default, all ports are included.

Key configurations include:

Tag: value of tag, can be Any, Untag or Tag.

VID: valid value of VLAN ID from 1 to 4095

Any: can be a specific value or a range of VIDs.

PCP: Priority Code Point, can be specific numbers (0, 1, 2, 3, 4, 5,

6, 7), a range (0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or Any

DEI: Drop Eligible Indicator, can be any of values between 0 and

1 or Any

SMAC: Source MAC Address, can be 24 MS bits (OUI) or Any

DMAC Type: Destination MAC type, can be unicast (UC),

multicast (MC), broadcast (BC) or Any

Frame Type can be the following values: Any, Ethernet, LLC,

SNAP, IPv4, and IPv6

Note: all frame types are explained below.

Allow all types of frames

Valid Ethernet values can range from 0x600 to 0xFFFF or Any' but

ORing Industrial Networking Corp

95

LLC

SNAP

IPv4

IPv6

Action Parameters

TGS-9120-M12 Series User Manual excluding 0x800(IPv4) and 0x86DD(IPv6). The default value is

Any.

SSAP Address: valid SSAP (Source Service Access Point) values can range from 0x00 to 0xFF or Any. The default value is Any.

DSAP Address: valid DSAP (Destination Service Access Point) values can range from 0x00 to 0xFF or Any. The default value is

Any.

Control Valid Control: valid values can range from 0x00 to 0xFF or

Any. The default value is Any.

PID: valid PID (a.k.a ethernet type) values can range from 0x00 to

0xFFFF or Any. The default value is Any.

Protocol IP Protocol Number: (0-255, TCP or UDP) or Any

Source IP: specific Source IP address in value/mask format or

Any. IP and mask are in the format of x.y.z.w where x, y, z, and w are decimal numbers between 0 and 255. When the mask is converted to a 32-bit binary string and read from left to right, all bits following the first zero must also be zero.

DSCP (Differentiated Code Point): can be a specific value, a range, or Any. DSCP values are in the range 0-63 including BE,

CS1-CS7, EF or AF11-AF43.

IP Fragment: Ipv4 frame fragmented options include 'yes', 'no', and 'any'.

Sport Source TCP/UDP Port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP

Dport Destination TCP/UDP Port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP

Protocol IP protocol number: (0-255, TCP or UDP) or Any

Source IP IPv6 source address: (a.b.c.d) or Any, 32 LS bits

DSCP (Differentiated Code Point): can be a specific value, a range, or Any. DSCP values are in the range 0-63 including BE,

CS1-CS7, EF or AF11-AF43.

Sport Source TCP/UDP port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP

Dport Destination TCP/UDP port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP

Class QoS class: (0-7) or Default

Valid Drop Precedence Level value can be (0-1) or Default.

ORing Industrial Networking Corp

96

TGS-9120-M12 Series User Manual

Valid DSCP value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) or Default.

Default means that the default classified value is not modified by this QCE.

5.6.14 QoS Counters

This page shows information on the number of packets sent and received at each queue.

Label

Port

Description

The switch port number to which the following settings will be applied.

There are 8 QoS queues per port. Q0 is the lowest priority

Qn

Rx / Tx

The number of received and transmitted packets per queue

5.6.15 QCL Status

This page shows the QCL status by different QCL users. Each row describes the QCE that is defined. A conflict will occur if a specific QCE is not applied to the hardware due to hardware limitations. The maximum number of QCEs is 256 on each switch.

ORing Industrial Networking Corp

97

TGS-9120-M12 Series User Manual

Label

User

QCE#

Frame Type

Port

Action

Conflict

Description

Indicates the QCL user

Indicates the index of QCE

Indicates the type of frame to look for incoming frames. Possible frame types are:

Any: the QCE will match all frame type.

Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed.

LLC: Only (LLC) frames are allowed.

SNAP: Only (SNAP) frames are allowed.

IPv4: the QCE will match only IPV4 frames.

IPv6: the QCE will match only IPV6 frames.

Indicates the list of ports configured with the QCE.

Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content.

There are three action fields: Class, DPL, and DSCP.

Class: Classified QoS; if a frame matches the QCE, it will be put in the queue.

DPL: Drop Precedence Level; if a frame matches the QCE, then

DP level will set to a value displayed under DPL column.

DSCP: if a frame matches the QCE, then DSCP will be classified with the value displayed under DSCP column.

Displays the conflict status of QCL entries. As hardware resources are shared by multiple applications, resources required to add a QCE may not be available. In that case, it shows conflict status as Yes, otherwise it is always No. Please note that conflict can be resolved by releasing the hardware resources required to add the QCL entry by pressing Resolve Conflict button.

5.7 Multicast

5.7.1 IGMP Snooping

IGMP (Internet Group Management Protocol) snooping monitors the IGMP traffic between hosts and multicast routers. The switch uses what IGMP snooping learns to forward multicast traffic only to interfaces that are connected to interested receivers. This conserves bandwidth by allowing the switch to send multicast traffic to only those interfaces that are connected to hosts that want to receive the traffic, instead of flooding the traffic to all interfaces in the VLAN.

ORing Industrial Networking Corp

98

TGS-9120-M12 Series User Manual

This page allows you to set up IGMP snooping configurations.

Label Description

Snooping Enabled Check to enable global IGMP snooping

Unregistered

IPMCv4Flooding enabled

Check to enable unregistered IPMC traffic flooding

Router Port

Fast Leave

Specifies which ports act as router ports. A router port is a port on the

Ethernet switch that leads towards the Layer 3 multicast device or

IGMP querier.

If an aggregation member port is selected as a router port, the whole aggregation will act as a router port.

Check to enable fast leave on the port

5.7.2 VLAN Configurations of IGMP Snooping

If a VLAN is not IGMP snooping-enabled, it floods multicast data and control packets to the entire VLAN in hardware. When snooping is enabled, IGMP packets are trapped to the CPU.

Data packets are mirrored to the CPU in addition to being VLAN flooded. The CPU then installs hardware resources, so that subsequent data packets can be switched to desired ports in hardware without going to the CPU.

Each page shows up to 99 entries from the VLAN table, depending on the value in the Entries

Per Page field. By default, the page will show the first 20 entries from the beginning of the

ORing Industrial Networking Corp

99

TGS-9120-M12 Series User Manual

VLAN table. The first displayed will be the one with the lowest VLAN ID found in the VLAN

Table.

The VLAN field allows the user to select the starting point in the VLAN Table. Clicking Refresh will update the displayed table starting from that or the next closest VLAN Table match.

The >> button will use the last entry of the currently displayed entry as a basis for the next lookup. When the end is reached, the text No more entries is shown in the displayed table.

Use the |<< button to start over.

Label

Delete

VLAN ID

IGMP Snooping

Enable

IGMP Querier

Description

Check to delete the entry. The designated entry will be deleted during the next save.

The VLAN ID of the entry

Check to enable IGMP snooping for individual VLAN. Up to 32

VLANs can be selected.

Check to enable the IGMP Querier in the VLAN

ORing Industrial Networking Corp

100

5.7.3 IGMP Snooping Status

This page provides IGMP snooping status.

TGS-9120-M12 Series User Manual

Label

VLAN ID

Querier Version

Host Version

Querier Status

Querier Receive

V1 Reports

Receive

Description

The VLAN ID of the entry

Active Querier version

Active Host version

Shows the Querier status as ACTIVE or IDLE

The number of transmitted Querier

The number of received V1 reports

V2 Reports

Receive

V3 Reports

Receive

The number of received V2 reports

The number of received V3 reports

V2 Leave Receive

The number of received V2 leave packets

Refresh

Click to refresh the page immediately

Clear

Auto-refresh

Port

Clear all statistics counters

Check to enable an automatic refresh of the page at regular intervals

Switch port number

Status

Indicates whether a specific port is a router port or not

5.7.4 Groups Information of IGMP Snooping

Information about entries in the IGMP Group Table is shown in this page. The IGMP Group

Table is sorted first by VLAN ID, and then by group.

ORing Industrial Networking Corp

101

TGS-9120-M12 Series User Manual

Label

VLAN ID

Groups

Port Members

Description

The VLAN ID of the group

The group address of the group displayed

Ports under this group

5.8 Security

5.8.1 Remote Control Security Configurations

Remote Control Security allows you to limit remote access to the management interface.

When enabled, requests of the client which is not in the allowed list will be rejected.

Label

Port

IP Address

Web

Description

Port number of the remote client

IP address of the remote client. 0.0.0.0 means "any IP".

Check to enable management via a Web interface

ORing Industrial Networking Corp

102

Telnet

SNMP

Delete

TGS-9120-M12 Series User Manual

Check to enable management via a Telnet interface

Check to enable management via a SNMP interface

Check to delete entries

5.8.2 Device Binding

Device binding is ORing's proprietary technology which binds the IP/MAC address of a device with a specified Ethernet port. If the IP/MAC address of the device connected to the Ethernet port does not conform to the binding requirements, the device will be locked for security concerns. Device Binding also provides security functions via alive checking, streaming check, and DoS/DDoS prevention.

Label

Mode

Alive Check

Active

Alive Check

Status

Stream Check

Active

Description

Indicates the device binding operation for each port. Possible modes are:

---: disable

Scan: scans IP/MAC automatically, but no binding function

Binding: enables binding. Under this mode, any IP/MAC that does not match the entry will not be allowed to access the network.

Shutdown: shuts down the port (No Link)

Check to enable alive check. When enabled, switch will ping the device continually.

Indicates alive check status. Possible statuses are:

---: disable

Got Reply: receive ping reply from device, meaning the device is still alive

Lost Reply: not receiving ping reply from device, meaning the device might have been dead.

Check to enable stream check. When enabled, the switch will detect the stream change (getting low) from the device.

ORing Industrial Networking Corp

103

TGS-9120-M12 Series User Manual

Stream Check

Status

DDoS Prevention

Acton

DDoS Prevention

Status

Indicates stream check status. Possible statuses are:

---: disable

Normal: the stream is normal.

Low: the stream is getting low.

Check to enable DDOS prevention. When enabled, the switch will monitor the device against DDOS attacks.

Indicates DDOS prevention status. Possible statuses are:

---: disable

Analyzing: analyzes packet throughput for initialization

Running: analysis completes and ready for next move

Attacked: DDOS attacks occur

Device IP Address

Specifies IP address of the device

Device MAC

Specifies MAC address of the device

Address

Advanced Configurations

Alias IP Address

This page provides alias IP address configuration. Some devices might have more than one IP addresses. You could specify other IP addresses here.

Label

Alias IP Address

Description

Specifies alias IP address. Keep 0.0.0.0 if the device does not have an alias IP address.

ORing Industrial Networking Corp

104

TGS-9120-M12 Series User Manual

Alive Check

Alive Check monitors the real-time status of the device connected to the port. Alive-checking packets will be sent to the device to probe if the device is running. If the switch receives no response from the device, actions will be taken according to your configurations.

Label

Link Change

Only log it

Shunt Down the

Port

Reboot Device

Description

Disables or enables the port

Simply sends logs to the log server

Disables the port

Disables or enables PoE power

DDoS Prevention

The switch can monitor ingress packets, and perform actions when DDOS attack occurred on this port. When network traffic from a specific device increases significantly in a short period of time, the switch will lock the IP address of that device to protect the network from attacks. You can configure DDoS prevention on this page to achieve maximum protection.

ORing Industrial Networking Corp

105

TGS-9120-M12 Series User Manual

Label

Mode

Sensibility

Packet Type

Socket Number

Filter

Action

Description

Enables or disables DDOS prevention of the port

Indicates the level of DDOS detection. Possible levels are:

Low: low sensibility

Normal: normal sensibility

Medium: medium sensibility

High: high sensibility

Indicates the types of DDoS attack packets to be monitored. Possible types are:

RX Total: all ingress packets

RX Unicast: unicast ingress packets

RX Multicast: multicast ingress packets

RX Broadcast: broadcast ingress packets

TCP: TCP ingress packets

UDP: UDP ingress packets

If packet type is UDP (or TCP), please specify the socket number here. The socket number can be a range, from low to high. If the socket number is only one, please fill the same number in the low and high fields.

If packet type is UDP (or TCP), please choose the socket direction

(Destination/Source).

Indicates the action to take when DDOS attacks occur. Possible actions are:

---: no action

Blocking 1 minute: blocks the forwarding for 1 minute and log the event

Blocking 10 minute: blocks the forwarding for 10 minutes and log

ORing Industrial Networking Corp

106

TGS-9120-M12 Series User Manual the event

Blocking: blocks and logs the event

Shunt Down the Port: shuts down the port (No Link) and logs the event

Only Log it: simply logs the event

Reboot Device: if PoE is supported, the device can be rebooted.

The event will be logged.

Status

Indicates the DDOS prevention status. Possible statuses are:

---: disables DDOS prevention

Analyzing: analyzes packet throughput for initialization

Running: analysis completes and ready for next move

Attacked: DDOS attacks occur

Device Description

This page allows you to configure device description settings.

Label

Device Type

Description

Indicates device types. Possible types are:

---: no specification

IP Camera

IP Phone

Access Point

ORing Industrial Networking Corp

107

TGS-9120-M12 Series User Manual

PC

PLC

Network Video Recorder

Location Address

Indicates location information of the device. The information can be used for Google Mapping.

Description

Device descriptions

Stream Check

Stream check monitors the consistency of real-time network traffic from the device bound with the port. When the traffic changes sharply all of a sudden, an alert will be issued. This page allows you to configure stream check settings.

Label

Mode

Description

Enables or disables stream monitoring of the port

Action

Indicates the action to take when the stream gets low. Possible actions are:

---: no action

Log it: simply logs the event

5.8.3 ACL

An ACL (Access Control List) is a list of permissions attached to an object. An ACL specifies which users or system processes are authorized to access the objects and what operations are allowed on given objects.

ORing Industrial Networking Corp

108

TGS-9120-M12 Series User Manual

Port Configuration

Label

Port

Description

The switch port number to which the following settings will be applied

Policy ID

Action

Rate Limiter ID

Port Copy

Logging

Shutdown

Select to apply a policy to the port. The allowed values are 1 to 8.

The default value is 1.

Select to Permit to permit or Deny to deny forwarding. The default value is Permit.

Select a rate limiter for the port. The allowed values are Disabled or numbers from 1 to 15. The default value is Disabled.

Select which port frames are copied to. The allowed values are

Disabled or a specific port number. The default value is Disabled.

Specifies the logging operation of the port. The allowed values are:

Enabled: frames received on the port are stored in the system log

Disabled: frames received on the port are not logged

The default value is Disabled. Please note that system log memory capacity and logging rate is limited.

Specifies the shutdown operation of this port. The allowed values are:

Enabled: if a frame is received on the port, the port will be disabled.

Disabled: port shut down is disabled.

The default value is Disabled.

Counter

Rate Limiters

Counts the number of frames that match this ACE.

This page allows you to define the rate limits applied to a port.

ORing Industrial Networking Corp

109

TGS-9120-M12 Series User Manual

Label

Rate Limiter ID

Description

The rate limiter ID for the settings contained in the same row.

Rate

The rate unit is packet per second (pps), which can be configured as

1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K,

128K, 256K, 512K, or 1024K.

The 1 kpps is actually 1002.1 pps.

ACL Control List

An ACE (Access Control Entry) is an element in an access control list (ACL). An ACL can have zero or more ACEs. Each ACE controls or monitors access to an object based on user-defined configurations. Each ACE consists of several parameters which vary with the frame type you have selected.

Label

Ingress Port

Description

Indicates the ingress port to which the ACE will apply.

ORing Industrial Networking Corp

110

Frame Type

Action

Rate Limiter

Port Copy

Logging

Shutdown

TGS-9120-M12 Series User Manual

Any: the ACE applies to any port

Port n: the ACE applies to this port number, where n is the number of the switch port.

Policy n: the ACE applies to this policy number, where n can range from 1 to 8.

Indicates the frame type of the ACE. These frame types are mutually exclusive.

Any: any frame can match the ACE.

Ethernet Type: only Ethernet type frames can match the ACE. The

IEEE 802.3 descripts the value of length/types should be greater than or equal to 1536 decimal (equal to 0600 hexadecimal).

ARP: only ARP frames can match the ACE. Notice the ARP frames will not match the ACE with Ethernet type.

IPv4: only IPv4 frames can match the ACE. Notice the IPv4 frames will not match the ACE with Ethernet type.

Specifies the action to take when a frame matches the ACE.

Permit: takes action when the frame matches the ACE.

Deny: drops the frame matching the ACE.

Specifies the rate limiter in number of base units. The allowed range is 1 to 15. Disabled means the rate limiter operation is disabled.

Frames matching the ACE are copied to the port number specified here. The allowed range is the same as the switch port number range. Disabled means the port copy operation is disabled.

Specifies the logging operation of the ACE. The allowed values are:

Enabled: frames matching the ACE are stored in the system log.

Disabled: frames matching the ACE are not logged.

Please note that system log memory capacity and logging rate is limited.

Specifies the shutdown operation of the ACE. The allowed values are:

Enabled: if a frame matches the ACE, the ingress port will be disabled.

Disabled: port shutdown is disabled for the ACE.

Indicates the number of times the ACE matched by a frame.

Counter

ORing Industrial Networking Corp

111

TGS-9120-M12 Series User Manual

Label

SMAC Filter

SMAC Value

DMAC Filter

DMAC Value

Description

(Only displayed when the frame type is Ethernet Type or ARP.)

Specifies the source MAC filter for the ACE.

Any: no SMAC filter is specified (SMAC filter status is "don't-care").

Specific: if you want to filter a specific source MAC address with the

ACE, choose this value. A field for entering an SMAC value appears.

When Specific is selected for the SMAC filter, you can enter a specific source MAC address. The legal format is

"xx-xx-xx-xx-xx-xx". Frames matching the ACE will use this SMAC value.

Specifies the destination MAC filter for this ACE

Any: no DMAC filter is specified (DMAC filter status is "don't-care").

MC: frame must be multicast.

BC: frame must be broadcast.

UC: frame must be unicast.

Specific: If you want to filter a specific destination MAC address with the ACE, choose this value. A field for entering a DMAC value appears.

When Specific is selected for the DMAC filter, you can enter a specific destination MAC address. The legal format is

"xx-xx-xx-xx-xx-xx". Frames matching the ACE will use this DMAC value.

ORing Industrial Networking Corp

112

TGS-9120-M12 Series User Manual

Label

VLAN ID Filter

VLAN ID

Tag Priority

Description

Specifies the VLAN ID filter for the ACE

Any: no VLAN ID filter is specified (VLAN ID filter status is

"don't-care").

Specific: if you want to filter a specific VLAN ID with the ACE, choose this value. A field for entering a VLAN ID number appears.

When Specific is selected for the VLAN ID filter, you can enter a specific VLAN ID number. The allowed range is 1 to 4095. Frames matching the ACE will use this VLAN ID value.

Specifies the tag priority for the ACE. A frame matching the ACE will use this tag priority. The allowed number range is 0 to 7. Any means that no tag priority is specified (tag priority is "don't-care").

ORing Industrial Networking Corp

113

TGS-9120-M12 Series User Manual

Label

IP Protocol Filter

IP Protocol Value

IP TTL

IP Fragment

IP Option

SIP Filter

Description

Specifies the IP protocol filter for the ACE

Any: no IP protocol filter is specified ("don't-care").

Specific: if you want to filter a specific IP protocol filter with the ACE, choose this value. A field for entering an IP protocol filter appears.

ICMP: selects ICMP to filter IPv4 ICMP protocol frames. Extra fields for defining ICMP parameters will appear. For more details of these fields, please refer to the help file.

UDP: selects UDP to filter IPv4 UDP protocol frames. Extra fields for defining UDP parameters will appear. For more details of these fields, please refer to the help file.

TCP: selects TCP to filter IPv4 TCP protocol frames. Extra fields for defining TCP parameters will appear. For more details of these fields, please refer to the help file.

Specific allows you to enter a specific value. The allowed range is 0 to 255. Frames matching the ACE will use this IP protocol value.

Specifies the time-to-live settings for the ACE

Zero: IPv4 frames with a time-to-live value greater than zero must not be able to match this entry.

Non-zero: IPv4 frames with a time-to-live field greater than zero must be able to match this entry.

Any: any value is allowed ("don't-care").

Specifies the fragment offset settings for the ACE. This includes settings of More Fragments (MF) bit and Fragment Offset (FRAG

OFFSET) for an IPv4 frame.

No: IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry.

Yes: IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry.

Any: any value is allowed ("don't-care").

Specifies the options flag settings for the ACE

No: IPv4 frames whose options flag is set must not be able to match this entry.

Yes: IPv4 frames whose options flag is set must be able to match this entry.

Any: any value is allowed ("don't-care").

Specifies the source IP filter for this ACE

ORing Industrial Networking Corp

114

SIP Address

SIP Mask

DIP Filter

DIP Address

DIP Mask

TGS-9120-M12 Series User Manual

Any: no source IP filter is specified (Source IP filter is "don't-care").

Host: source IP filter is set to Host. Specify the source IP address in the SIP Address field that appears.

Network: source IP filter is set to Network. Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear.

When Host or Network is selected for the source IP filter, you can enter a specific SIP address in dotted decimal notation.

When Network is selected for the source IP filter, you can enter a specific SIP mask in dotted decimal notation.

Specifies the destination IP filter for the ACE

Any: no destination IP filter is specified (destination IP filter is

"don't-care").

Host: destination IP filter is set to Host. Specify the destination IP address in the DIP Address field that appears.

Network: destination IP filter is set to Network. Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear.

When Host or Network is selected for the destination IP filter, you can enter a specific DIP address in dotted decimal notation.

When Network is selected for the destination IP filter, you can enter a specific DIP mask in dotted decimal notation.

Label

ARP/RARP

Description

Specifies the available ARP/RARP opcode (OP) flag for the ACE

Any: no ARP/RARP OP flag is specified (OP is "don't-care").

ARP: frame must have ARP/RARP opcode set to ARP

ORing Industrial Networking Corp

115

TGS-9120-M12 Series User Manual

Request/Reply

RARP: frame must have ARP/RARP opcode set to RARP.

Other: frame has unknown ARP/RARP Opcode flag.

Specifies the available ARP/RARP opcode (OP) flag for the ACE

Any: no ARP/RARP OP flag is specified (OP is "don't-care").

Request: frame must have ARP Request or RARP Request OP flag set.

Reply: frame must have ARP Reply or RARP Reply OP flag.

Specifies the sender IP filter for the ACE

Any: no sender IP filter is specified (sender IP filter is "don't-care").

Host: sender IP filter is set to Host. Specify the sender IP address in

Sender IP Filter

the SIP Address field that appears.

Network: sender IP filter is set to Network. Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear.

Sender IP Address

When Host or Network is selected for the sender IP filter, you can enter a specific sender IP address in dotted decimal notation.

Sender IP Mask

When Network is selected for the sender IP filter, you can enter a specific sender IP mask in dotted decimal notation.

Target IP Filter

Specifies the target IP filter for the specific ACE

Any: no target IP filter is specified (target IP filter is "don't-care").

Host: target IP filter is set to Host. Specify the target IP address in the Target IP Address field that appears.

Network: target IP filter is set to Network. Specify the target IP address and target IP mask in the Target IP Address and Target IP

Mask fields that appear.

Target IP Address

Target IP Mask

ARP SMAC Match

RARP SMAC

Match

When Host or Network is selected for the target IP filter, you can enter a specific target IP address in dotted decimal notation.

When Network is selected for the target IP filter, you can enter a specific target IP mask in dotted decimal notation.

Specifies whether frames will meet the action according to their sender hardware address field (SHA) settings.

0: ARP frames where SHA is not equal to the SMAC address

1: ARP frames where SHA is equal to the SMAC address

Any: any value is allowed ("don't-care").

Specifies whether frames will meet the action according to their target hardware address field (THA) settings.

0: RARP frames where THA is not equal to the SMAC address

ORing Industrial Networking Corp

116

IP/Ethernet

Length

IP

Ethernet

TGS-9120-M12 Series User Manual

1: RARP frames where THA is equal to the SMAC address

Any: any value is allowed ("don't-care")

Specifies whether frames will meet the action according to their

ARP/RARP hardware address length (HLN) and protocol address length (PLN) settings.

0: ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must not match this entry.

1: ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must match this entry.

Any: any value is allowed ("don't-care").

Specifies whether frames will meet the action according to their

ARP/RARP hardware address space (HRD) settings.

0: ARP/RARP frames where the HLD is equal to Ethernet (1) must not match this entry.

1: ARP/RARP frames where the HLD is equal to Ethernet (1) must match this entry.

Any: any value is allowed ("don't-care").

Specifies whether frames will meet the action according to their

ARP/RARP protocol address space (PRO) settings.

0: ARP/RARP frames where the PRO is equal to IP (0x800) must not match this entry.

1: ARP/RARP frames where the PRO is equal to IP (0x800) must match this entry.

Any: any value is allowed ("don't-care").

Label Description

ORing Industrial Networking Corp

117

TGS-9120-M12 Series User Manual

ICMP Type Filter

ICMP Type Value

ICMP Code Filter

ICMP Code Value

Specifies the ICMP filter for the ACE

Any: no ICMP filter is specified (ICMP filter status is "don't-care").

Specific: if you want to filter a specific ICMP filter with the ACE, you can enter a specific ICMP value. A field for entering an ICMP value appears.

When Specific is selected for the ICMP filter, you can enter a specific ICMP value. The allowed range is 0 to 255. A frame matching the ACE will use this ICMP value.

Specifies the ICMP code filter for the ACE

Any: no ICMP code filter is specified (ICMP code filter status is

"don't-care").

Specific: if you want to filter a specific ICMP code filter with the ACE, you can enter a specific ICMP code value. A field for entering an

ICMP code value appears.

When Specific is selected for the ICMP code filter, you can enter a specific ICMP code value. The allowed range is 0 to 255. A frame matching the ACE will use this ICMP code value.

Label

TCP/UDP Source

Filter

Description

Specifies the TCP/UDP source filter for the ACE

Any: no TCP/UDP source filter is specified (TCP/UDP source filter status is "don't-care").

Specific: if you want to filter a specific TCP/UDP source filter with the

ACE, you can enter a specific TCP/UDP source value. A field for entering a TCP/UDP source value appears.

ORing Industrial Networking Corp

118

TGS-9120-M12 Series User Manual

TCP/UDP Source

No.

TCP/UDP Source

Range

Range: if you want to filter a specific TCP/UDP source range filter with the ACE, you can enter a specific TCP/UDP source range. A field for entering a TCP/UDP source value appears.

When Specific is selected for the TCP/UDP source filter, you can enter a specific TCP/UDP source value. The allowed range is 0 to

65535. A frame matching the ACE will use this TCP/UDP source value.

When Range is selected for the TCP/UDP source filter, you can enter a specific TCP/UDP source range value. The allowed range is 0 to

65535. A frame matching the ACE will use this TCP/UDP source

TCP/UDP

Destination Filter

TCP FIN

TCP SYN

value.

Specifies the TCP/UDP destination filter for the ACE

Any: no TCP/UDP destination filter is specified (TCP/UDP destination filter status is "don't-care").

Specific: if you want to filter a specific TCP/UDP destination filter with the ACE, you can enter a specific TCP/UDP destination value. A field for entering a TCP/UDP destination value appears.

Range: if you want to filter a specific range TCP/UDP destination filter with the ACE, you can enter a specific TCP/UDP destination range. A field for entering a TCP/UDP destination value appears.

TCP/UDP

Destination

Number

When Specific is selected for the TCP/UDP destination filter, you can enter a specific TCP/UDP destination value. The allowed range is 0 to 65535. A frame matching the ACE will use this TCP/UDP destination value.

TCP/UDP

When Range is selected for the TCP/UDP destination filter, you can enter a specific TCP/UDP destination range value. The allowed

Destination Range

range is 0 to 65535. A frame matching the ACE will use this

TCP/UDP destination value.

Specifies the TCP FIN ("no more data from sender") value for the

ACE.

0: TCP frames where the FIN field is set must not be able to match this entry.

1: TCP frames where the FIN field is set must be able to match this entry.

Any: any value is allowed ("don't-care").

Specifies the TCP SYN ("synchronize sequence numbers") value for the ACE

ORing Industrial Networking Corp

119

TGS-9120-M12 Series User Manual

TCP PSH

0: TCP frames where the SYN field is set must not be able to match this entry.

1: TCP frames where the SYN field is set must be able to match this entry.

Any: any value is allowed ("don't-care").

Specifies the TCP PSH ("push function") value for the ACE

0: TCP frames where the PSH field is set must not be able to match this entry.

1: TCP frames where the PSH field is set must be able to match this entry.

Any: any value is allowed ("don't-care").

TCP ACK

TCP URG

Specifies the TCP ACK ("acknowledgment field significant") value for the ACE

0: TCP frames where the ACK field is set must not be able to match this entry.

1: TCP frames where the ACK field is set must be able to match this entry.

Any: any value is allowed ("don't-care").

Specifies the TCP URG ("urgent pointer field significant") value for the ACE

0: TCP frames where the URG field is set must not be able to match this entry.

1: TCP frames where the URG field is set must be able to match this entry.

Any: any value is allowed ("don't-care").

5.8.4 Authentication, Authorization, and Accounting

An AAA server is an application that provides authentication, authorization, and accounting services for attempted access to a network. An AAA server can reside in a dedicated computer, an Ethernet switch, an access point or a network access server. The current standard by which devices or applications communicate with an AAA server is RADIUS (Remote Authentication

Dial-In User Service). RADIUS is a protocol used between the switch and the authentication server. This page allows you to configure common settings for an authentication server.

ORing Industrial Networking Corp

120

TGS-9120-M12 Series User Manual

Label

Timeout

Description

The timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server.

If the server does not reply within this time frame, we will consider it to be dead and continue with the next enabled server (if any).

RADIUS servers are using the UDP protocol, which is unreliable by design. In order to cope with lost frames, the timeout interval is divided into 3 subintervals of equal length. If a reply is not received within the subinterval, the request is transmitted again. This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead.

Dead Time

The dead time, which can be set to a number between 0 and 3600 seconds, is the period during which the switch will not send new requests to a server that has failed to respond to a previous request.

This will stop the switch from continually trying to contact a server that it has already determined as dead.

Setting the dead time to a value greater than 0 (zero) will enable this feature, but only if more than one server has been configured.

5.8.5 RADIUS

Authentication and Accounting Server

When a user requests network connection, a RADIUS client which receives the request will perform an initial access negotiation with the user to obtain identity/password information. The client then passes the information to a RADIUS server as part of an authentication/authorization request.

The RADIUS server matches data from the authentication/authorization request with information in a trusted database. If a match is found and the user's credentials are correct, the

RADIUS server sends an accept message to the client to grant access. If a match is not found or a problem is found with the user's credentials, the server returns a reject message to deny access. The NAD then establishes or terminates the user's connection. The NAD may then

ORing Industrial Networking Corp

121

TGS-9120-M12 Series User Manual forward accounting information to the RADIUS server to document the transaction; the

RADIUS server may store or forward this information as needed to support billing for the services provided.

Label

#

Enabled

IP Address

Port

Secret

Description

The RADIUS authentication server number for which the configuration below applies.

Check to enable the RADIUS authentication server.

The IP address or hostname of the RADIUS authentication server. IP address is expressed in dotted decimal notation.

The UDP port to use on the RADIUS authentication server. If the port is set to 0 (zero), the default port (1812) is used on the RADIUS authentication server.

The secret is a text string used by RADIUS to encrypt the client and server authenticator field during exchanges between the router and a

RADIUS authentication server. The router encrypts PPP PAP passwords using this text string. The secret - up to 29 characters long - shared between the RADIUS authentication server and the switch stack.

ORing Industrial Networking Corp

122

TGS-9120-M12 Series User Manual

Label

#

Enabled

IP Address

Port

Description

The RADIUS accounting server number for which the configuration below applies.

Check to enable the RADIUS accounting server

The IP address or hostname of the RADIUS accounting server. IP address is expressed in dotted decimal notation.

The UDP port to use on the RADIUS accounting server. If the port is set to 0 (zero), the default port (1813) is used on the RADIUS accounting server.

Secret

The secret is a text string used by RADIUS to encrypt the client and server authenticator field during exchanges between the router and a

RADIUS authentication server. The router encrypts PPP PAP passwords using this text string. The secret - up to 29 characters long - shared between the RADIUS authentication server and the switch stack.

Authentication and Accounting Server Status

This page provides information about the status of the RADIUS server configurable on the authentication configuration page.

Label

#

IP Address

Status

Description

The RADIUS server number. Click to navigate to detailed statistics of the server

The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of the server

The current status of the server. This field has one of the following values:

Disabled: the server is disabled.

Not Ready: the server is enabled, but IP communication is not yet up and running.

ORing Industrial Networking Corp

123

TGS-9120-M12 Series User Manual

Ready: the server is enabled, IP communications are built, and the

RADIUS module is ready to accept access attempts.

Dead (X seconds left): access attempts are made to this server, but it does not reply within the configured timeout. The server has temporarily been disabled, but will be re-enabled when the dead-time expires. The number of seconds left before this occurs is displayed in parentheses. This state is only reachable when more than one server is enabled.

Label

#

IP Address

Description

The RADIUS server number. Click to navigate to detailed statistics of the server

The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of the server

Status

The current status of the server. This field has one of the following values:

Disabled: the server is disabled.

Not Ready: the server is enabled, but IP communication is not yet up and running.

Ready: the server is enabled, IP communication is up and running, and the RADIUS module is ready to accept accounting attempts.

Dead (X seconds left): accounting attempts are made to this server, but it does not reply within the configured timeout. The server has temporarily been disabled, but will be re-enabled when the dead-time expires. The number of seconds left before this occurs is displayed in parentheses. This state is only reachable when more than one server is enabled.

Authentication and Accounting Server Statistics

ORing Industrial Networking Corp

124

TGS-9120-M12 Series User Manual

This page shows the access statistics of the authentication and accounting servers. Use the server drop-down list to switch between the backend servers to show related details.

Label Description

RADIUS authentication server packet counters. There are seven

„receive‟ and four „transmit‟ counters.

Packet Counters

ORing Industrial Networking Corp

125

Other Info

TGS-9120-M12 Series User Manual

This section contains information about the state of the server and the latest round-trip time.

Label Description

RADIUS accounting server packet counters. There are five

„receive‟ and four

„transmit‟ counters.

Packet Counters

ORing Industrial Networking Corp

126

TGS-9120-M12 Series User Manual

This section contains information about the state of the server and the latest round-trip time.

Other Info

5.8.6 NAS (802.1x)

A NAS (Network Access Server) is an access gateway between an external communications network and an internal network. For example, when the user dials into the ISP, he/she will be given access to the Internet after being authorized by the access server. The authentication between the client and the server include IEEE 802.1X- and MAC-based.

The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. One or more backend servers (RADIUS

)

determine whether the user is allowed access to the network.

MAC-based authentication allows for authentication of more than one user on the same port, and does not require the users to have special 802.1X software installed on their system. The switch uses the users' MAC addresses to authenticate against the backend server. As intruders can create counterfeit MAC addresses, MAC-based authentication is less secure than 802.1X authentication.

Overview of 802.1X (Port-Based) Authentication

In an 802.1X network environment, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the authentication server. The switch acts as the man-in-the-middle, forwarding requests and responses between the supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over LANs) frames which encapsulate EAP PDUs (RFC3748).

Frames sent between the switch and the RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch's IP address, name, and the supplicant's port number on the switch. EAP is very flexible as it allows for different authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is that the authenticator (the switch) does not need to know which authentication method the supplicant and the authentication server are using, or how many information exchange frames are needed for a particular method. The switch simply encapsulates the EAP part of the frame

ORing Industrial Networking Corp

127

TGS-9120-M12 Series User Manual into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication. Besides forwarding the result to the supplicant, the switch uses it to open up or block traffic on the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the server timeout is configured to X seconds (using the authentication configuration page), and the first server in the list is currently down (but not considered dead), if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds, it will never be authenticated because the switch will cancel on-going backend authentication server requests whenever it receives a new EAPOL

Start frame from the supplicant. Since the server has not failed (because the X seconds have not expired), the same server will be contacted when the next backend authentication server request from the switch. This scenario will loop forever. Therefore, the server timeout should be smaller than the supplicant's EAPOL Start frame retransmission rate.

Overview of MAC-Based Authentication

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-practices method adopted by the industry. In MAC-based authentication, users are called clients, and the switch acts as the supplicant on behalf of clients. The initial frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses the client's MAC address as both username and password in the subsequent EAP exchange with the RADIUS server. The

6-byte MAC address is converted to a string in the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between the lower-cased hexadecimal digits. The switch only supports the MD5-Challenge authentication method, so the RADIUS server must be configured accordingly.

When authentication is complete, the RADIUS server sends a success or failure indication, which in turn causes the switch to open up or block traffic for that particular client, using static entries into the MAC Table. Only then will frames from the client be forwarded on the switch.

There are no EAPOL frames involved in this authentication, and therefore, MAC-based authentication has nothing to do with the 802.1X standard.

The advantage of MAC-based authentication over 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients do npt need special supplicant software to authenticate.

The disadvantage is that MAC addresses can be spoofed by malicious users, equipment whose MAC address is a valid RADIUS user can be used by anyone, and only the

MD5-Challenge method is supported.

802.1X and MAC-Based authentication configurations consist of two sections: system- and port-wide.

ORing Industrial Networking Corp

128

TGS-9120-M12 Series User Manual

Label

Mode

Reauthentication

Enabled

Reauthentication

Period

EAPOL Timeout

Description

Indicates if 802.1X and MAC-based authentication is globally enabled or disabled on the switch. If globally disabled, all ports are allowed to forward frames.

If checked, clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for

802.1X-enabled ports can be used to detect if a new device is plugged into a switch port.

For MAC-based ports, reauthentication is only useful if the

RADIUS server configuration has changed. It does not involve communication between the switch and the client, and therefore does not imply that a client is still present on a port (see Age

Period below).

Determines the period, in seconds, after which a connected client must be re-authenticated. This is only active if the

Reauthentication Enabled checkbox is checked. Valid range of the value is 1 to 3600 seconds.

Determines the time for retransmission of Request Identity

EAPOL frames.

ORing Industrial Networking Corp

129

Age Period

Hold Time

Port

Admin State

TGS-9120-M12 Series User Manual

Valid range of the value is 1 to 65535 seconds. This has no effect for MAC-based ports.

This setting applies to the following modes, i.e. modes using the

Port Security functionality to secure MAC addresses:

MAC-Based Auth.:

When the NAS module uses the Port Security module to secure

MAC addresses, the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time.

This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds.

For ports in MAC-based Auth. mode, reauthentication does not cause direct communications between the switch and the client, so this will not detect whether the client is still attached or not, and the only way to free any resources is to age the entry.

This setting applies to the following modes, i.e. modes using the

Port Security functionality to secure MAC addresses:

MAC-Based Auth.:

If a client is denied access - either because the RADIUS server denies the client access or because the RADIUS server request times out (according to the timeout specified on the

"ConfigurationSecurityAAA" page) - the client is put on hold in Unauthorized state. The hold timer does not count during an on-going authentication.

The switch will ignore new frames coming from the client during the hold time.

The hold time can be set to a number between 10 and 1000000 seconds.

The port number for which the configuration below applies

If NAS is globally enabled, this selection controls the port's authentication mode. The following modes are available:

Force Authorized

In this mode, the switch will send one EAPOL Success frame when the port link is up, and any client on the port will be allowed network access without authentication.

Force Unauthorized

In this mode, the switch will send one EAPOL Failure frame when

ORing Industrial Networking Corp

130

TGS-9120-M12 Series User Manual the port link is up, and any client on the port will be disallowed network access.

Port-based 802.1X

In an 802.1X network environment, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the authentication server. The authenticator acts as the man-in-the-middle, forwarding requests and responses between the supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over LANs) frames which encapsulate

EAP PDUs (RFC3748). Frames sent between the switch and the

RADIUS server is RADIUS packets. RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch's IP address, name, and the supplicant's port number on the switch. EAP is very flexible as it allows for different authentication methods, like MD5-Challenge, PEAP, and TLS.

The important thing is that the authenticator (the switch) does not need to know which authentication method the supplicant and the authentication server are using, or how many information exchange frames are needed for a particular method. The switch simply encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a success or failure indication. Besides forwarding the result to the supplicant, the switch uses it to open up or block traffic on the switch port connected to the supplicant.

Note: in an environment where two backend servers are enabled, the server timeout is configured to X seconds (using the authentication configuration page), and the first server in the list is currently down (but not considered dead), if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds, it will never be authenticated because the switch will cancel on-going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant. Since the server has not failed (because the X seconds have not expired), the same server will be contacted when the next backend authentication server request from the switch This scenario will

ORing Industrial Networking Corp

131

TGS-9120-M12 Series User Manual loop forever. Therefore, the server timeout should be smaller than the supplicant's EAPOL Start frame retransmission rate.

a. Single 802.1X

In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened for network traffic. This allows other clients connected to the port (for instance through a hub) to piggy-back on the successfully authenticated client and get network access even though they are not authenticated individually. To overcome this security breach, use the Single 802.1X variant.

Single 802.1X is not yet an IEEE standard, but features many of the same characteristics as port-based 802.1X. In Single 802.1X, at most one supplicant can get authenticated on the port at a time.

Normal EAPOL frames are used in the communications between the supplicant and the switch. If more than one supplicant are connected to a port, the one that comes first when the port's link is connected will be the first one considered. If that supplicant does not provide valid credentials within a certain amount of time, the chance will be given to another supplicant. Once a supplicant is successfully authenticated, only that supplicant will be allowed access. This is the most secure of all the supported modes. In this mode, the Port Security module is used to secure a supplicant's

MAC address once successfully authenticated.

b. Multi 802.1X

In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened for network traffic. This allows other clients connected to the port (for instance through a hub) to piggy-back on the successfully authenticated client and get network access even though they are not authenticated individually. To overcome this security breach, use the Multi 802.1X variant.

Multi 802.1X is not yet an IEEE standard, but features many of the same characteristics as port-based 802.1X. In Multi 802.1X, one or more supplicants can be authenticated on the same port at the same time. Each supplicant is authenticated individually and secured in the MAC table using the Port Security module.

In Multi 802.1X it is not possible to use the multicast BPDU MAC

ORing Industrial Networking Corp

132

TGS-9120-M12 Series User Manual address as the destination MAC address for EAPOL frames sent from the switch to the supplicant, since that would cause all supplicants attached to the port to reply to requests sent from the switch. Instead, the switch uses the supplicant's MAC address, which is obtained from the first EAPOL Start or EAPOL Response

Identity frame sent by the supplicant. An exception to this is when no supplicants are attached. In this case, the switch sends

EAPOL Request Identity frames using the BPDU multicast MAC address as destination - to wake up any supplicants that might be on the port.

The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality.

MAC-based Auth.

Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely a best-practices method adopted by the industry. In MAC-based authentication, users are called clients, and the switch acts as the supplicant on behalf of clients. The initial frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses the client's MAC address as both username and password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is converted to a string in the following form "xx-xx-xx-xx-xx-xx", that is, a dash (-) is used as separator between the lower-cased hexadecimal digits.

The switch only supports the MD5-Challenge authentication method, so the RADIUS server must be configured accordingly.

When authentication is complete, the RADIUS server sends a success or failure indication, which in turn causes the switch to open up or block traffic for that particular client, using the Port

Security module. Only then will frames from the client be forwarded on the switch. There are no EAPOL frames involved in this authentication, and therefore, MAC-based authentication has nothing to do with the 802.1X standard.

The advantage of MAC-based authentication over port-based

802.1X is that several clients can be connected to the same port

(e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't need special

ORing Industrial Networking Corp

133

Port State

Restart

TGS-9120-M12 Series User Manual supplicant software to authenticate. The advantage of

MAC-based authentication over 802.1X-based authentication is that the clients do not need special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by anyone. Also, only the

MD5-Challenge method is supported. The maximum number of clients that can be attached to a port can be limited using the Port

Security Limit Control functionality.

The current state of the port. It can undertake one of the following values:

Globally Disabled: NAS is globally disabled.

Link Down: NAS is globally enabled, but there is no link on the port.

Authorized: the port is in Force Authorized or a single-supplicant mode and the supplicant is authorized.

Unauthorized: the port is in Force Unauthorized or a single-supplicant mode and the supplicant is not successfully authorized by the RADIUS server.

X Auth/Y Unauth: the port is in a multi-supplicant mode.

Currently X clients are authorized and Y are unauthorized.

Two buttons are available for each row. The buttons are only enabled when authentication is globally enabled and the port's

Admin State is in an EAPOL-based or MAC-based mode.

Clicking these buttons will not cause settings changed on the page to take effect.

Reauthenticate: schedules a reauthentication whenever the quiet-period of the port runs out (EAPOL-based authentication).

For MAC-based authentication, reauthentication will be attempted immediately.

The button only has effect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized.

Reinitialize: forces a reinitialization of the clients on the port and hence a reauthentication immediately. The clients will transfer to the unauthorized state while the reauthentication is in progress.

ORing Industrial Networking Corp

134

TGS-9120-M12 Series User Manual

NAS Status

This page shows the information on current NAS port statuses.

Label

Port

Admin State

Port State

Last Source

Description

The switch port number. Click to navigate to detailed 802.1X statistics of each port.

The port‟s current administrative state. Refer to NAS Admin State for more details regarding each value.

The current state of the port. Refer to NAS Port State for more details regarding each value.

The source MAC address carried in the most recently received

EAPOL frame for EAPOL-based authentication, and the most recently received frame from a new client for MAC-based authentication.

Last ID

The user name (supplicant identity) carried in the most recently received Response Identity EAPOL frame for EAPOL-based authentication, and the source MAC address from the most recently received frame from a new client for MAC-based authentication.

This page provides detailed IEEE 802.1X statistics for a specific switch port using port-based authentication. For MAC-based ports, only the statistics of selected backend server statistics will be shown. Use the drop-down list to select which port details to be displayed.

ORing Industrial Networking Corp

135

TGS-9120-M12 Series User Manual

Label

Admin State

Port State

Description

The port's current administrative state. Refer to NAS Admin State for more details regarding each value.

The current state of the port. Refer to NAS Port State for more details regarding each value.

These supplicant frame counters are available for the following administrative states:

Force Authorized

Force Unauthorized

• 802.1X

EAPOL Counters

Backend Server

Counters

These backend (RADIUS) frame counters are available for the following administrative states:

802.1X

MAC-based Auth.

ORing Industrial Networking Corp

136

TGS-9120-M12 Series User Manual

Last

Supplicant/Client

Info

Information about the last supplicant/client that attempts to authenticate. This information is available for the following administrative states:

802.1X

MAC-based Auth.

5.9 Alerts

5.9.1 Fault Alarm

When any selected fault event happens, the Fault LED on the switch panel will light up and the electric relay will signal at the same time. The following pages allow you to set up alert conditions based on your needs for individual switch ports, including actions to be taken during disconnection and power failure.

ORing Industrial Networking Corp

137

TGS-9120-M12 Series User Manual

5.9.2 System Warning

SYSLOG Setting

SYSLOG is a protocol that allows a device to send event notification messages across IP networks to event message collectors. It permits separation of the software that generates messages from the system that stores them and the software that reports and analyzes them.

As Syslog messages are UDP-based, the sender and receiver will not be aware of it if the packet is lost due to network disconnection and no UDP packet will be resent.

Label

Server Mode

ORing Industrial Networking Corp

Description

Indicates existing server mode. When the mode operation is enabled, the syslog message will be sent to syslog server. The syslog protocol is based on UDP communications and received on UDP port 514 and the syslog server will not send acknowledgments back to the

138

TGS-9120-M12 Series User Manual sender since UDP is a connectionless protocol and it does not provide acknowledgments. The syslog packet will always be sent even if the syslog server does not exist.

Possible modes are:

Enabled: enable server mode

Disabled: disable server mode

SYSLOG Server IP Address

Indicates the IPv4 host address of syslog server. If the switch provides DNS functions, it also can be a host name.

SMTP Setting

SMTP (Simple Mail Transfer Protocol) is a protocol for transmitting e-mails across the Internet.

By setting up SMTP alert, the device will send a notification e-mail when a user-defined event occurs.

Label

E-mail Alarm

Sender E-mail

Address

Mail Subject

Authentication

Description

Enables or disables transmission of system warnings by e-mail

SMTP server IP address

Subject of the mail

Username: the authentication username

Password: the authentication password

Confirm Password: re-enter password

The recipient's e-mail address. A mail allows for 6 recipients.

Recipient E-mail

ORing Industrial Networking Corp

139

TGS-9120-M12 Series User Manual

Address

Apply

Click to activate the configurations

Help

Shows help file

Event Selection

The device supports both SYSLOG and SMTP alerts. Check the corresponding box to enable the system event warning method you want. Please note that the checkboxes will gray out if

SYSLOG or SMTP is disabled.

Label

System Cold Start

Power Status

SNMP Authentication

Failure

Description

Sends out alerts when the system is restarted

Sends out alerts when power is up or down

Sends out alert when SNMP authentication fails

O-Ring Topology

Change

Port Event

SYSLOG / SMTP event

Sends out alerts when O-Ring topology changes

Disable

Link Up

Link Down

ORing Industrial Networking Corp

140

TGS-9120-M12 Series User Manual

Link Up & Link Down

Click to activate the configurations

Shows help file

Apply

Help

5.10 Monitor and Diag

5.10.1 MAC Table

A MAC address tablet is a table in a network switch that maps MAC addresses to ports. The switch uses the table to determine which port the incoming packet should be forwarded to.

Entries in a MAC address table fall into two types: dynamic and static entries. Entries in a static

MAC table are added or removed manually and cannot age out by themselves. Entries in a dynamic MAC tablet will age out after a configured aging time. Such entries can be added by learning or manual configuration.

Aging Configuration

Aging enables the switch to track only active MAC addresses on the network and flush out

MAC addresses that are no longer used, thereby keeping the table current. By default, aged entries are removed after 300 seconds. You can configure aging time by entering a value in the

Age Time box in seconds. The allowed range is 10 to 1000000 seconds. You can also disable

ORing Industrial Networking Corp

141

TGS-9120-M12 Series User Manual the automatic aging of dynamic entries by checking Disable Automatic Aging.

MAC Table Learning

The switch can add the address and port on which the packet was received to the MAC table if the address does not exist in the table by examining the source address of each packet received on a port. This is called learning. It allows the MAC table to expand dynamically. If the learning mode for a given port is grayed out, it means another module is in control of the mode, and thus the user cannot change the configurations. An example of such a module is

MAC-Based authentication under 802.1X.

Label

Auto

Description

Learning is done automatically as soon as a frame with unknown

SMAC is received.

No learning is done.

Disable

Secure

Only static MAC entries are learned, all other frames are dropped.

Note: make sure the link used for managing the switch is added to the static Mac table before changing to secure learning mode, otherwise the management link will be lost and can only be restored by using another non-secure port or by connecting to the switch via the serial interface.

Static MAC Table Configurations

This tablet shows the static entries in the MAC table which can contain up to 64 entries. Using static MAC address entries can reduce broadcast packets remarkably and are suitable for networks where network devices seldom change. You can manage the entries in this page.

The MAC table is sorted first by VLAN ID and then by MAC address.

ORing Industrial Networking Corp

142

TGS-9120-M12 Series User Manual

Label

Delete

VLAN ID

MAC Address

Port Members

Description

Check to delete an entry. It will be deleted during the next save.

The VLAN ID for the entry

The MAC address for the entry

Checkmarks indicate which ports are members of the entry.

Check or uncheck to modify the entry.

Click to add a new entry to the static MAC table. You can specify

Adding New Static

the VLAN ID, MAC address, and port members for the new entry.

Entry

Click Save to save the changes.

MAC Table

Each page shows up to 999 entries from the MAC table, with a default value of 20, selected by the Entries Per Page input field. When first visited, the web page will show the first 20 entries from the beginning of the MAC Table. The first displayed will be the one with the lowest VLAN

ID and the lowest MAC address found in the MAC Table.

The Start from MAC address and VLAN fields allow the user to select the starting point in the

MAC table. Clicking Refresh will update the displayed table starting from that or the closest next MAC table match. In addition, the two input fields will

– upon clicking Refresh - assume the value of the first displayed entry, allows for continuous refresh with the same start address.

The >> button will use the last entry of the currently displayed VLAN/MAC address pairs as a basis for the next lookup. When it reaches the end, the text "no more entries" is shown in the displayed table. Use the |<< button to start over.

ORing Industrial Networking Corp

143

TGS-9120-M12 Series User Manual

Label

Type

MAC address

VLAN

Port Members

Description

Indicates whether the entry is a static or dynamic entry

The MAC address of the entry

The VLAN ID of the entry

The ports that are members of the entry.

5.10.2 Port Statistics

Traffic Overview

This page provides an overview of general traffic statistics for all switch ports.

Label

Port

Packets

Bytes

Description

The switch port number to which the following settings will be applied.

The number of received and transmitted packets per port

The number of received and transmitted bytes per port

ORing Industrial Networking Corp

144

TGS-9120-M12 Series User Manual

Errors

Drops

Filtered

Auto-refresh

Refresh

The number of frames received in error and the number of incomplete transmissions per port

The number of frames discarded due to ingress or egress congestion

The number of received frames filtered by the forwarding process

Check to enable an automatic refresh of the page at regular intervals.

Updates the counter entries, starting from the current entry ID.

Clear

Detailed Statistics

Flushes all counters entries

This page provides detailed traffic statistics for a specific switch port. Use the port drop-down list to decide the details of which switch port to be displayed.

The displayed counters include the total number for receive and transmit, the size for receive and transmit, and the errors for receive and transmit.

Detailed Statistics

– Total Receive & Transmit

ORing Industrial Networking Corp

145

TGS-9120-M12 Series User Manual

Label Description

Rx and Tx Packets The number of received and transmitted (good and bad) packets

The number of received and transmitted (good and bad) bytes,

Rx and Tx Octets

including FCS, except framing bits

Rx and Tx Unicast

The number of received and transmitted (good and bad) unicast packets

Rx and Tx

Multicast

Rx and Tx

Broadcast

Rx and Tx Pause

The number of received and transmitted (good and bad) multicast packets

The number of received and transmitted (good and bad) broadcast packets

The number of MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation

Rx Drops

The number of frames dropped due to insufficient receive buffer or egress congestion

The number of frames received with CRC or alignment errors

Rx

CRC/Alignment

Rx Undersize

Rx Oversize

Rx Fragments

Rx Jabber

The number of short

1

frames received with a valid CRC

The number of long

2

frames received with a valid CRC

The number of short

1

frames received with an invalid CRC

The number of long

2

frames received with an invalid CRC

The number of received frames filtered by the forwarding process

Rx Filtered

Tx Drops

The number of frames dropped due to output buffer congestion

Tx Late / Exc.Coll.

The number of frames dropped due to excessive or late collisions

1. Short frames are frames smaller than 64 bytes.

2. Long frames are frames longer than the maximum frame length configured for this port.

5.10.3 Port Mirroring

Port mirroring function will copy the traffic of one port to another port on the same switch to allow the network analyzer attached to the mirror port to monitor and analyze packets. The function is useful for troubleshooting. To solve network problems, selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow.

The traffic to be copied to the mirror port can be all frames received on a given port (also known as ingress or source mirroring) or all frames transmitted on a given port (also known as egress or destination mirroring). The port to which the monitored traffic is copied is called mirror port.

ORing Industrial Networking Corp

146

TGS-9120-M12 Series User Manual

Label

Port

Description

The switch port number to which the following settings will be applied.

Mode

Drop-down list for selecting a mirror mode.

Rx only: only frames received on this port are mirrored to the mirror port. Frames transmitted are not mirrored.

Tx only: only frames transmitted from this port are mirrored to the mirror port. Frames received are not mirrored.

Disabled: neither transmitted nor received frames are mirrored.

Enabled: both received and transmitted frames are mirrored to the mirror port.

Note: for a given port, a frame is only transmitted once. Therefore, you cannot mirror Tx frames to the mirror port. In this case, mode for the selected mirror port is limited to Disabled or Rx only.

5.10.4 System Log Information

This page provides switch system log information.

ORing Industrial Networking Corp

147

TGS-9120-M12 Series User Manual

Label

ID

Level

Time

Message

Auto-refresh

Refresh

Clear

|<<

<<

>>

Description

The ID (>= 1) of the system log entry

The level of the system log entry. The following level types are supported:

Info: provides general information

Warning: provides warning for abnormal operation

Error: provides error message

All: enables all levels

The time of the system log entry

The MAC address of the switch

Check this box to enable an automatic refresh of the page at regular intervals.

Updates system log entries, starting from the current entry ID

Flushes all system log entries

Updates system log entries, starting from the first available entry ID

Updates system log entries, ending at the last entry currently displayed

Updates system log entries, starting from the last entry currently displayed.

>>|

Updates system log entries, ending at the last available entry ID.

5.10.5 Cable Diagnostics

You can perform cable diagnostics for all ports or selected ports to diagnose any cable faults

(short, open etc.) and feedback a distance to the fault. Simply select the port from the drop-down list and click Start to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status

ORing Industrial Networking Corp

148

TGS-9120-M12 Series User Manual table. Note that VeriPHY diagnostics is only accurate for cables 7 - 140 meters long. 10 and

100 Mbps ports will be disconnected while running VeriPHY diagnostics. Therefore, running

VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until

VeriPHY is completed

.

Label

Port

Description

The port where you are requesting VeriPHY Cable Diagnostics

Cable Status Port: port number

Pair: the status of the cable pair

Length: the length (in meters) of the cable pair

5.10.6 SFP Monitor

SFP modules with DDM (Digital Diagnostic Monitoring) function can measure the temperature of the apparatus, helping you monitor the status of connection and detect errors immediately.

You can manage and set up event alarms through DDM Web interface.

ORing Industrial Networking Corp

149

TGS-9120-M12 Series User Manual

5.10.7 Ping

This command sends ICMP echo request packets to another node on the network. Using the ping command, you can see if another site on the network can be reached.

After you press Start, five ICMP packets will be transmitted, and the sequence number and roundtrip time will be displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs

.

PING6 server ::10.10.132.20

64 bytes from ::10.10.132.20: icmp_seq=0, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=1, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=2, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=3, time=0ms

64 bytes from ::10.10.132.20: icmp_seq=4, time=0ms

ORing Industrial Networking Corp

150

TGS-9120-M12 Series User Manual

Sent 5 packets, received 5 OK, 0 bad

You can configure the following properties of the issued ICMP packets

:

Label Description

IP Address

Ping Size

The destination IP Address

The payload size of the ICMP packet. Values range from 8 to

1400 bytes.

IPv6 Ping

PING6 server ::192.168.10.1 sendto sendto sendto sendto sendto

Sent 5 packets, received 0 OK, 0 bad

5.11 Synchronization

PTP External Clock Mode

PTP External Clock Mode is a protocol for synchronizing clocks throughout a computer network. On a local area network, it achieves clock accuracy in the sub-microsecond range, making it suitable for measurement and control systems.

ORing Industrial Networking Corp

151

TGS-9120-M12 Series User Manual

Label

One_pps_mode

External Enable

VCXO_Enable

Description

The box allows you to select One_pps_mode configurations.

The following values are possible:

Output: enable the 1 pps clock output

Input: enable the 1 pps clock input

Disable: disable the 1 pps clock in/out-put

The box allows you to configure external clock output.

The following values are possible:

True: enable external clock output

False: disable external clock output

The box allows you to configure the external VCXO rate adjustment.

The following values are possible:

True: enable external VCXO rate adjustment

False: disable external VCXO rate adjustment

Clock Frequency

The box allows you to set clock frequency.

The range of values is 1 - 25000000 (1 - 25MHz).

PTP Clock Configurations

Label

Delete

Clock Instance

Device Type

Description

Check this box and click Save to delete the clock instance

Indicates the instance of a particular clock instance [0..3]

Click on the clock instance number to edit the clock details

Indicates the type of the clock instance. There are five device types.

Ord-Bound: ordinary/boundary clock

P2p Transp: peer-to-peer transparent clock

E2e Transp: end-to-end transparent clock

ORing Industrial Networking Corp

152

Port List

2 Step Flag

Clock Identity

One Way

Protocol

VLAN Tag Enable

VID

PCP

TGS-9120-M12 Series User Manual

Master Only: master only

Slave Only: slave only

Set check mark for each port configured for this Clock Instance.

Static member defined by the system; true if two-step Sync events and Pdelay_Resp events are used

Shows a unique clock identifier

If true, one-way measurements are used. This parameter applies only to a slave. In one-way mode no delay measurements are performed, i.e. this is applicable only if frequency synchronization is needed. The master always responds to delay requests.

Transport protocol used by the PTP protocol engine

Ethernet PTP over Ethernet multicast ip4multi PTP over IPv4 multicast ip4uni PTP over IPv4 unicast

Note: IPv4 unicast protocol only works in Master Only and Slave

Only clocks

For more information, please refer to Device Type.

In a unicast Slave Only clock, you also need to configure which master clocks to request Announce and Sync messages from.

For more information, please refer to Unicast Slave Configuration

Enables VLAN tagging for PTP frames

Note: Packets are only tagged if the port is configured for vlan tagging. i.e:

Port Type != Unaware and PortVLAN mode == None, and the port is member of the VLAN.

VLAN identifiers used for tagging the PTP frames

Priority code point values used for PTP frames

5.12 Troubleshooting

5.12.1 Factory Defaults

This function is to force the switch back to the original factory settings. To reset the switch, select Reset to Factory Defaults from the drop-down list and click Yes. Only the IP configuration is retained.

ORing Industrial Networking Corp

153

TGS-9120-M12 Series User Manual

Label

Yes

Description

Click to reset the configuration to factory defaults

No

Click to return to the Port State page without resetting

5.12.2 System Reboot

You can reset the stack switch on this page. After reset, the system will boot normally as if you have powered on the devices

.

Label

Yes

No

Description

Click to reboot device

Click to return to the Port State page without rebooting

ORing Industrial Networking Corp

154

TGS-9120-M12 Series User Manual

C

ommand Line Management

Besides Web-based management, the device also supports CLI management. You can use console or telnet to manage the switch by CLI.

CLI Management by RS-232 Serial Console (115200, 8, none, 1, none)

Before configuring RS-232 serial console, connect the RS-232 port of the switch to your PC

Com port using a RJ45 to DB9-F cable.

Follow the steps below to access the console via RS-232 serial cable.

Step 1: On Windows desktop, click on Start -> Programs -> Accessories ->

Communications -> Hyper Terminal

Step 2. Input a name for the new connection.

ORing Industrial Networking Corp

155

TGS-9120-M12 Series User Manual

Step 3. Select a COM port in the drop-down list.

Step 4. A pop-up window that indicates COM port properties appears, including bits per second, data bits, parity, stop bits, and flow control.

ORing Industrial Networking Corp

156

TGS-9120-M12 Series User Manual

Step 5. The console login screen will appear. Use the keyboard to enter the Username and

Password (same as the password for Web browsers), then press Enter.

CLI Management by Telnet

You can can use TELNETto configure the switch. The default values are:

IP Address: 192.168.10.1

ORing Industrial Networking Corp

157

TGS-9120-M12 Series User Manual

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.10.254

User Name: admin

Password: admin

Follow the steps below to access console via Telnet.

Step 1. Telnet to the IP address of the switch from the Run window by inputingcommands (or from the MS-DOS prompt) as below.

Step 2. The Login screen will appear. Use the keyboard to enter the Username and Password

(same as the password for Web browser), and then press Enter.

ORing Industrial Networking Corp

158

Commander Groups

TGS-9120-M12 Series User Manual

ORing Industrial Networking Corp

159

TGS-9120-M12 Series User Manual

System

System>

Configuration [all] [<port_list>]

Reboot

Restore Default [keep_ip]

Contact [<contact>]

Name [<name>]

Location [<location>]

Description [<description>]

Password <password>

Username [<username>]

Timezone [<offset>]

Log [<log_id>] [all|info|warning|error] [clear]

IP

IP>

Configuration

DHCP [enable|disable]

Setup [<ip_addr>] [<ip_mask>] [<ip_router>] [<vid>]

Ping <ip_addr_string> [<ping_length>]

SNTP [<ip_addr_string>]

Port

port>

Configuration [<port_list>] [up|down]

Mode [<port_list>]

[auto|10hdx|10fdx|100hdx|100fdx|1000fdx|sfp_auto_ams]

Flow Control [<port_list>] [enable|disable]

State [<port_list>] [enable|disable]

MaxFrame [<port_list>] [<max_frame>]

Power [<port_list>] [enable|disable|actiphy|dynamic]

Excessive [<port_list>] [discard|restart]

Statistics [<port_list>] [<command>] [up|down]

VeriPHY [<port_list>]

SFP [<port_list>]

MAC

MAC>

Configuration [<port_list>]

Add <mac_addr> <port_list> [<vid>]

Delete <mac_addr> [<vid>]

ORing Industrial Networking Corp

160

TGS-9120-M12 Series User Manual

Lookup <mac_addr> [<vid>]

Agetime [<age_time>]

Learning [<port_list>] [auto|disable|secure]

Dump [<mac_max>] [<mac_addr>] [<vid>]

Statistics [<port_list>]

Flush

VLAN

Configuration [<port_list>]

PVID [<port_list>] [<vid>|none]

FrameType [<port_list>] [all|tagged|untagged]

IngressFilter [<port_list>] [enable|disable] tx_tag [<port_list>] [untag_pvid|untag_all|tag_all]

PortType [<port_list>] [unaware|c-port|s-port|s-custom-port]

EtypeCustomSport [<etype>]

Add <vid>|<name> [<ports_list>]

VLAN> Forbidden Add <vid>|<name> [<port_list>]

Delete <vid>|<name>

Forbidden Delete <vid>|<name>

Forbidden Lookup [<vid>] [(name <name>)]

Lookup [<vid>] [(name <name>)] [combined|static|nas|all]

Name Add <name> <vid>

Name Delete <name>

Name Lookup [<name>]

Status [<port_list>] [combined|static|nas|mstp|all|conflicts]

Private VLAN

Configuration [<port_list>]

Add <pvlan_id> [<port_list>]

PVLAN> Delete <pvlan_id>

Lookup [<pvlan_id>]

Isolate [<port_list>] [enable|disable]

Security

Security >

Switch

Switch security setting

Network

Network security setting

ORing Industrial Networking Corp

161

TGS-9120-M12 Series User Manual

AAA

Authentication, Authorization and Accounting setting

Security Switch

Password <password>

Auth

Authentication

Security/switch>

SSH

Secure Shell

HTTPS

Hypertext Transfer Protocol over

Secure Socket Layer

RMON

Remote Network Monitoring

Security Switch Authentication

Configuration

Security/switch/auth>

Method [console|telnet|ssh|web] [none|local|radius]

[enable|disable]

Security Switch SSH

Security/switch/ssh>

Configuration

Mode [enable|disable]

Security Switch HTTPS

Security/switch/ssh>

Configuration

Mode [enable|disable]

Security Switch RMON

Statistics Add <stats_id> <data_source>

Statistics Delete <stats_id>

Statistics Lookup [<stats_id>]

History Add <history_id> <data_source> [<interval>]

[<buckets>]

History Delete <history_id>

Security/switch/rmon>

History Lookup [<history_id>]

Alarm Add <alarm_id> <interval> <alarm_variable>

[absolute|delta]<rising_threshold> <rising_event_index>

<falling_threshold> <falling_event_index>

[rising|falling|both]

Alarm Delete <alarm_id>

Alarm Lookup [<alarm_id>]

ORing Industrial Networking Corp

162

TGS-9120-M12 Series User Manual

Security Network

Psec

Port Security Status

Security/Network>

NAS

Network Access Server (IEEE 802.1X)

ACL

Access Control List

DHCP

Dynamic Host Configuration Protocol

Security Network Psec

Security/Network/Psec>

Switch [<port_list>]

Port [<port_list>]

Security Network NAS

Configuration [<port_list>]

Mode [enable|disable]

State [<port_list>] [auto|authorized|unauthorized|macbased]

Reauthentication [enable|disable]

Security/Network/NAS>

ReauthPeriod [<reauth_period>]

EapolTimeout [<eapol_timeout>]

Agetime [<age_time>]

Holdtime [<hold_time>]

Authenticate [<port_list>] [now]

Statistics [<port_list>] [clear|eapol|radius]

Security Network ACL

Configuration [<port_list>]

Action [<port_list>] [permit|deny]

[<rate_limiter>][<port_redirect>] [<mirror>] [<logging>]

[<shutdown>]

Policy [<port_list>] [<policy>]

Rate [<rate_limiter_list>] [<rate_unit>] [<rate>]

Security/Network/ACL>

Add [<ace_id>] [<ace_id_next>][(port <port_list>)] [(policy

<policy> <policy_bitmask>)][<tagged>] [<vid>]

[<tag_prio>] [<dmac_type>][(etype [<etype>] [<smac>]

[<dmac>]) |

(arp [<sip>] [<dip>] [<smac>] [<arp_opcode>]

[<arp_flags>]) |

(ip [<sip>] [<dip>] [<protocol>] [<ip_flags>]) |

(icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>]

ORing Industrial Networking Corp

163

TGS-9120-M12 Series User Manual

[<ip_flags>]) |

(udp [<sip>] [<dip>] [<sport>] [<dport>]

[<ip_flags>]) |

(tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]

[<tcp_flags>])]

[permit|deny] [<rate_limiter>] [<port_redirect>]

[<mirror>] [<logging>][<shutdown>]

Delete <ace_id>

Lookup [<ace_id>]

Clear

Status [combined|static|loop_protect|dhcp|ptp|ipmc|conflicts]

Port State [<port_list>] [enable|disable]

Security Network DHCP

Configuration

Mode [enable|disable]

Security/Network/DHCP>

Server [<ip_addr>]

Information Mode [enable|disable]

Information Policy [replace|keep|drop]

Statistics [clear]

Security Network AAA

Configuration

Timeout [<timeout>]

Deadtime [<dead_time>]

Security/Network/AAA>

RADIUS [<server_index>] [enable|disable]

[<ip_addr_string>] [<secret>] [<server_port>]

ACCT_RADIUS [<server_index>] [enable|disable]

[<ip_addr_string>] [<secret>] [<server_port>]

Statistics [<server_index>]

STP

STP>

Configuration

Version [<stp_version>]

Non-certified release, v

Txhold [<holdcount>]lt 15:15:15, Dec 6 2007

ORing Industrial Networking Corp

164

TGS-9120-M12 Series User Manual

MaxAge [<max_age>]

FwdDelay [<delay>] bpduFilter [enable|disable] bpduGuard [enable|disable] recovery [<timeout>]

CName [<config-name>] [<integer>]

Status [<msti>] [<port_list>]

Msti Priority [<msti>] [<priority>]

Msti Map [<msti>] [clear]

Msti Add <msti> <vid>

Port Configuration [<port_list>]

Port Mode [<port_list>] [enable|disable]

Port Edge [<port_list>] [enable|disable]

Port AutoEdge [<port_list>] [enable|disable]

Port P2P [<port_list>] [enable|disable|auto]

Port RestrictedRole [<port_list>] [enable|disable]

Port RestrictedTcn [<port_list>] [enable|disable]

Port bpduGuard [<port_list>] [enable|disable]

Port Statistics [<port_list>]

Port Mcheck [<port_list>]

Msti Port Configuration [<msti>] [<port_list>]

Msti Port Cost [<msti>] [<port_list>] [<path_cost>]

Msti Port Priority [<msti>] [<port_list>] [<priority>]

Aggr

Aggr>

Configuration

Add <port_list> [<aggr_id>]

Delete <aggr_id>

Lookup [<aggr_id>]

Mode [smac|dmac|ip|port] [enable|disable]

LACP

LACP>

Configuration [<port_list>]

Mode [<port_list>] [enable|disable]

Key [<port_list>] [<key>]

ORing Industrial Networking Corp

165

TGS-9120-M12 Series User Manual

Role [<port_list>] [active|passive]

Status [<port_list>]

Statistics [<port_list>] [clear]

LLDP

Configuration [<port_list>]

Mode [<port_list>] [enable|disable]

LLDP>

Statistics [<port_list>] [clear]

Info [<port_list>]

PoE

PoE>

Configuration [<port_list>]

Mode [<port_list>] [disabled|poe|poe+]

Priority [<port_list>] [low|high|critical]

Mgmt_mode [class_con|class_res|al_con|al_res|lldp_res|lldp_con]

Maximum_Power [<port_list>] [<port_power>]

Status

Primary_Supply [<supply_power>]

QoS

QoS>

DSCP Map [<dscp_list>] [<class>] [<dpl>]

DSCP Translation [<dscp_list>] [<trans_dscp>]

DSCP Trust [<dscp_list>] [enable|disable]

DSCP Classification Mode [<dscp_list>] [enable|disable]

DSCP Classification Map [<class_list>] [<dpl_list>] [<dscp>]

DSCP EgressRemap [<dscp_list>] [<dpl_list>] [<dscp>]

Storm Unicast [enable|disable] [<packet_rate>]

Storm Multicast [enable|disable] [<packet_rate>]

Storm Broadcast [enable|disable] [<packet_rate>]

QCL Add [<qce_id>] [<qce_id_next>]

[<port_list>]

[<tag>] [<vid>] [<pcp>] [<dei>] [<smac>] [<dmac_type>]

[(etype [<etype>]) |

(LLC [<DSAP>] [<SSAP>] [<control>]) |

(SNAP [<PID>]) |

ORing Industrial Networking Corp

166

TGS-9120-M12 Series User Manual

(ipv4 [<protocol>] [<sip>] [<dscp>] [<fragment>] [<sport>] [<dport>])

|

(ipv6 [<protocol>] [<sip_v6>] [<dscp>] [<sport>] [<dport>])]

[<class>] [<dp>] [<classified_dscp>]

QCL Delete <qce_id>

QCL Lookup [<qce_id>]

QCL Status [combined|static|conflicts]

QCL Refresh

Mirror

Mirror>

Configuration [<port_list>]

Port [<port>|disable]

Mode [<port_list>] [enable|disable|rx|tx]

Dot1x

Configuration [<port_list>]

Mode [enable|disable]

State [<port_list>] [macbased|auto|authorized|unauthorized]

Authenticate [<port_list>] [now]

Dot1x>

Reauthentication [enable|disable]

Period [<reauth_period>]

Timeout [<eapol_timeout>]

Statistics [<port_list>] [clear|eapol|radius]

Clients [<port_list>] [all|<client_cnt>]

Agetime [<age_time>]

Holdtime [<hold_time>]

IGMP

Configuration [<port_list>]

Mode [enable|disable]

IGMP>

State [<vid>] [enable|disable]

Querier [<vid>] [enable|disable]

Fastleave [<port_list>] [enable|disable]

Router [<port_list>] [enable|disable]

Flooding [enable|disable]

Groups [<vid>]

ORing Industrial Networking Corp

167

TGS-9120-M12 Series User Manual

Status [<vid>]

ACL

Configuration [<port_list>]

Action [<port_list>] [permit|deny] [<rate_limiter>] [<port_copy>]

[<logging>] [<shutdown>]

Policy [<port_list>] [<policy>]

Rate [<rate_limiter_list>] [<packet_rate>]

ACL>

Add [<ace_id>] [<ace_id_next>] [switch | (port <port>) | (policy

<policy>)]

[<vid>] [<tag_prio>] [<dmac_type>]

[(etype [<etype>] [<smac>] [<dmac>]) |

(arp [<sip>] [<dip>] [<smac>] [<arp_opcode>] [<arp_flags>]) |

(ip [<sip>] [<dip>] [<protocol>] [<ip_flags>]) |

(icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>]

[<ip_flags>]) |

(udp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) |

(tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]

[<tcp_flags>])]

[permit|deny] [<rate_limiter>] [<port_copy>] [<logging>]

[<shutdown>]

Delete <ace_id>

Lookup [<ace_id>]

Clear

Mirror

Mirror>

Configuration [<port_list>]

Port [<port>|disable]

Mode [<port_list>] [enable|disable|rx|tx]

Config

Save <ip_server> <file_name>

Config>

Load <ip_server> <file_name> [check]

Firmware

Firmware

>

Load <ip_addr_string> <file_name>

ORing Industrial Networking Corp

168

TGS-9120-M12 Series User Manual

SNMP

Trap Inform Retry Times [<retries>]

Trap Probe Security Engine ID [enable|disable]

Trap Security Engine ID [<engineid>]

Trap Security Name [<security_name>]

Engine ID [<engineid>]

Community Add <community> [<ip_addr>] [<ip_mask>]

Community Delete <index>

Community Lookup [<index>]

SNMP>

User Add <engineid> <user_name> [MD5|SHA] [<auth_password>]

[DES]

[<priv_password>]

User Delete <index>

User Changekey <engineid> <user_name> <auth_password>

[<priv_password>]

User Lookup [<index>]

Group Add <security_model> <security_name> <group_name>

Group Delete <index>

Group Lookup [<index>]

View Add <view_name> [included|excluded] <oid_subtree>

View Delete <index>

View Lookup [<index>]

Access Add <group_name> <security_model> <security_level>

[<read_view_name>] [<write_view_name>]

Access Delete <index>

Access Lookup [<index>]

Firmware

Firmware> Load <ip_addr_string> <file_name>

PTP

Configuration [<clockinst>]

PortState <clockinst> [<port_list>] [enable|disable|internal]

PTP>

ClockCreate <clockinst> [<devtype>] [<twostep>] [<protocol>]

[<oneway>] [<clockid>] [<tag_enable>] [<vid>] [<prio>]

ORing Industrial Networking Corp

169

TGS-9120-M12 Series User Manual

ClockDelete <clockinst> [<devtype>]

DefaultDS <clockinst> [<priority1>] [<priority2>] [<domain>]

CurrentDS <clockinst>

ParentDS <clockinst>

Timingproperties <clockinst> [<utcoffset>] [<valid>] [<leap59>]

[<leap61>] [<timetrac>] [<freqtrac>] [<ptptimescale>]

[<timesource>]

PTP PortDataSet <clockinst> [<port_list>] [<announceintv>]

[<announceto>] [<syncintv>] [<delaymech>] [<minpdelayreqintv>]

[<delayasymmetry>] [<ingressLatency>]

LocalClock <clockinst> [update|show|ratio] [<clockratio>]

Filter <clockinst> [<def_delay_filt>] [<period>] [<dist>]

Servo <clockinst> [<displaystates>] [<ap_enable>] [<ai_enable>]

[<ad_enable>] [<ap>] [<ai>] [<ad>]

SlaveTableUnicast <clockinst>

UniConfig <clockinst> [<index>] [<duration>] [<ip_addr>]

ForeignMasters <clockinst> [<port_list>]

EgressLatency [show|clear]

MasterTableUnicast <clockinst>

ExtClockMode [<one_pps_mode>] [<ext_enable>] [<clockfreq>]

[<vcxo_enable>]

OnePpsAction [<one_pps_clear>]

DebugMode <clockinst> [<debug_mode>]

Wireless mode <clockinst> [<port_list>] [enable|disable]

Wireless pre notification <clockinst> <port_list>

Wireless delay <clockinst> [<port_list>] [<base_delay>]

[<incr_delay>]

Loop Protect

Configuration

Mode [enable|disable]

Transmit [<transmit-time>]

Loop Protect> Shutdown [<shutdown-time>]

Port Configuration [<port_list>]

Port Mode [<port_list>] [enable|disable]

Port Action [<port_list>] [shutdown|shut_log|log]

ORing Industrial Networking Corp

170

TGS-9120-M12 Series User Manual

Port Transmit [<port_list>] [enable|disable]

Status [<port_list>]

IPMC

IPMC>

Configuration [igmp]

Mode [igmp] [enable|disable]

Flooding [igmp] [enable|disable]

VLAN Add [igmp] <vid>

VLAN Delete [igmp] <vid>

State [igmp] [<vid>] [enable|disable]

Querier [igmp] [<vid>] [enable|disable]

Fastleave [igmp] [<port_list>] [enable|disable]

Router [igmp] [<port_list>] [enable|disable]

Status [igmp] [<vid>]

Groups [igmp] [<vid>]

Version [igmp] [<vid>]

Fault

Fault>

Alarm PortLinkDown [<port_list>] [enable|disable]

Alarm PowerFailure [pwr1|pwr2|pwr3] [enable|disable]

Event

Event>

Configuration

Syslog SystemStart [enable|disable]

Syslog PowerStatus [enable|disable]

Syslog SnmpAuthenticationFailure [enable|disable]

Syslog RingTopologyChange [enable|disable]

Syslog Port [<port_list>] [disable|linkup|linkdown|both]

SMTP SystemStart [enable|disable]

SMTP PowerStatus [enable|disable]

SMTP SnmpAuthenticationFailure [enable|disable]

SMTP RingTopologyChange [enable|disable]

SMTP Port [<port_list>] [disable|linkup|linkdown|both]

DHCPServer

DHCPServer> Mode [enable|disable]

ORing Industrial Networking Corp

171

TGS-9120-M12 Series User Manual

Setup [<ip_start>] [<ip_end>] [<ip_mask>] [<ip_router>] [<ip_dns>]

[<ip_tftp>] [<lease>] [<bootfile>]

Ring

Ring>

Mode [enable|disable]

Master [enable|disable]

1stRingPort [<port>]

2ndRingPort [<port>]

Couple Mode [enable|disable]

Couple Port [<port>]

Dualhoming Mode [enable|disable]

Dualhoming Port [<port>]

Chain

Chain>

Configuration

Mode [enable|disable]

1stUplinkPort [<port>]

2ndUplinkPort [<port>]

EdgePort [1st|2nd|none]

RCS

RCS>

Mode [enable|disable]

Add [<ip_addr>] [<port_list>] [web_on|web_off]

[telnet_on|telnet_off] [snmp_on|snmp_off]

Del <index>

Configuration

FastReocvery

FastRecovery>

Mode [enable|disable]

Port [<port_list>] [<fr_priority>]

SFP

SFP> syslog [enable|disable] temp [<temperature>]

Info

ORing Industrial Networking Corp

172

TGS-9120-M12 Series User Manual

DeviceBinding

Mode [enable|disable]

Port Mode [<port_list>] [disable|scan|binding|shutdown]

Port DDOS Mode [<port_list>] [enable|disable]

Port DDOS Sensibility [<port_list>] [low|normal|medium|high]

Port DDOS Packet [<port_list>]

[rx_total|rx_unicast|rx_multicast|rx_broadcast|tcp|udp]

Port DDOS Low [<port_list>] [<socket_number>]

Port DDOS High [<port_list>] [<socket_number>]

Port DDOS Filter [<port_list>] [source|destination]

Port DDOS Action [<port_list>]

[do_nothing|block_1_min|block_10_mins|block|shutdown|only_log|re boot_device]

Port DDOS Status [<port_list>]

Devicebinding>

Port Alive Mode [<port_list>] [enable|disable]

Port Alive Action [<port_list>]

[do_nothing|link_change|shutdown|only_log|reboot_device]

Port Alive Status [<port_list>]

Port Stream Mode [<port_list>] [enable|disable]

Port Stream Action [<port_list>] [do_nothing|only_log]

Port Stream Status [<port_list>]

Port Addr [<port_list>] [<ip_addr>] [<mac_addr>]

Port Alias [<port_list>] [<ip_addr>]

Port DeviceType [<port_list>]

[unknown|ip_cam|ip_phone|ap|pc|plc|nvr]

Port Location [<port_list>] [<device_location>]

Port Description [<port_list>] [<device_description>]

MRP

MRP>

Configuration

Mode [enable|disable]

Manager [enable|disable]

React [enable|disable]

1stRingPort [<mrp_port>]

2ndRingPort [<mrp_port>]

ORing Industrial Networking Corp

173

TGS-9120-M12 Series User Manual

Parameter MRP_TOPchgT [<value>]

Parameter MRP_TOPNRmax [<value>]

Parameter MRP_TSTshortT [<value>]

Parameter MRP_TSTdefaultT [<value>]

Parameter MRP_TSTNRmax [<value>]

Parameter MRP_LNKdownT [<value>]

Parameter MRP_LNKupT [<value>]

Parameter MRP_LNKNRmax [<value>]

Modbus

Modbus>

Status

Mode [enable|disable]

ORing Industrial Networking Corp

174

T

echnical Specifications

ORing Switch Model

Physical Ports

10/100/1000Base-T(X) Ports in M12

Auto MDI/MDIX

Technology

Ethernet Standards

MAC Table

Priority Queues

Processing

Switch Properties

Jumbo frame

Security Features

Software Features

Network Redundancy

RS-232 Serial Console Port

LED Indicators

Power Indicator (PWR)

Ring Master Indicator (R.M.)

O-Ring Indicator (Ring)

Fault Indicator (Fault)

TGS-9120-M12 TGS-9120-M12-BP2

12 (8-pin A-coding)

12 (8-pin A-coding with 2 x bypass function included)

IEEE 802.3 for 10Base-T

IEEE 802.3u for 100Base-TX

IEEE 802.3ab for 1000Base-T

IEEE 802.3x for Flow control

IEEE 802.3ad for LACP (Link Aggregation Control Protocol )

IEEE 802.1p for COS (Class of Service)

IEEE 802.1Q for VLAN Tagging

IEEE 802.1w for RSTP (Rapid Spanning Tree Protocol)

IEEE 802.1s for MSTP (Multiple Spanning Tree Protocol)

IEEE 802.1x for Authentication

IEEE 802.1AB for LLDP (Link Layer Discovery Protocol)

8k

8

Store-and-Forward

Switching latency: 7 us

Switching bandwidth: 24Gbps

Max. Number of Available VLANs: 256

IGMP multicast groups: 128 for each VLAN

Port rate limiting: User Define

Up to 9.6K Bytes

Device Binding security feature

Enable/disable ports, MAC based port security

Port based network access control (802.1x)

VLAN (802.1Q ) to segregate and secure network traffic

Radius centralized password management

SNMPv3 encrypted authentication and access security

Https / SSH enhance network security

STP/RSTP/MSTP (IEEE 802.1D/w/s)

Redundant Ring (O-Ring) with recovery time less than 30ms over 250 units

TOS/Diffserv supported

Quality of Service (802.1p) for real-time traffic

VLAN (802.1Q) with VLAN tagging and GVRP supported

IGMP Snooping

IP-based bandwidth management

Application-based QoS management

DOS/DDOS auto prevention

Port configuration, status, statistics, monitoring, security

DHCP Server/Client/Relay

SMTP Client

Modbus TCP

O-Ring

Open-Ring

O-Chain

MRP

MSTP (RSTP/STP compatible)

RS-232 in 5-pin M12 connector with console cable. 115200bps, 8, N, 1

Green : Power LED x 2

Green : Indicates that the system is operating in O-Ring Master mode

Green : Indicates that the system operating in O-Ring mode

Green Blinking : Indicates that the Ring is broken.

Amber : Indicate unexpected event occurred

TGS-9120-M12 Series User Manual

10/100/1000Base-T(X) M12 Port

Indicator

Top Green LED for Link/Act indicator

Fault contact

Relay

Power

Bottom dual color LED for Ethernet speed indicator : Green LED for 1000Mbps, Amber for 100Mbps, Off for 10Mbps

Relay output to carry capacity of 3A at 24VDC on M12 connector (A-coding)

Redundant Input power

Power consumption (Typ.)

Overload current protection

Reverse Polarity Protection

Physical Characteristic

Enclosure

Dimension (W x D x H)

Weight (g)

Environmental

Storage Temperature

Operating Temperature

Dual DC inputs. 12~48VDC on 5-pin M23 connector

17.3 Watts

Present

Present

IP-30

260 (W) x 91.3 (D) x216 (H) mm

2196g

-40 to 85 o C (-40 to 185 o F)

-40 to 75

o

C (-40 to 158

o

F )

17.8 Watts

2218g

Operating Humidity

Regulatory Approvals

EMI

EMS

Shock

Free Fall

Vibration

Safety

Warranty

5% to 95% Non-condensing

FCC Part 15, CISPR (EN55022) class A, EN50155 (EN50121-3-2, EN55011, EN50121-4)

EN61000-4-2 (ESD)

EN61000-4-3 (RS),

EN61000-4-4 (EFT),

EN61000-4-5 (Surge),

EN61000-4-6 (CS),

EN61000-4-8,

EN61000-4-11

IEC60068-2-27

IEC60068-2-32

IEC60068-2-6

EN60950-1

5 years

ORing Industrial Networking Corp

1

advertisement

Key Features

  • O-Ring, Open-Ring, O-Chain, MRP and MSTP
  • Bypass function
  • Web-based interface, Telnet and console (CLI)
  • 12x10/100/1000Base-T(X) ports
  • EN50155-compliance
  • Redundant DC power inputs
  • Wide operating temperature from -40 to 75 degrees

Frequently Answers and Questions

What is the warranty period for the ORing TGS-9120-M12 series?
ORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date (5 years for most products).
What is the recovery time of the O-Ring technology?
The O-Ring redundant ring technology has a recovery time of less than 30 milliseconds (in full-duplex Gigabit operation) or 10 milliseconds (in full-duplex Fast Ethernet operation) and up to 250 nodes.
How can I manage the ORing TGS-9120-M12 series?
The switch can be managed centrally via Open-Vision, the Web-based interface, Telnet and console (CLI) configuration.

Related manuals

Download PDF

advertisement

Table of contents