Industrial Management Ethernet Switch
Contents
1. ES v v lt gt w lt gt v C port CH v Specific v Tag_all v Unaware v v None 1 Untag_pvid v Unaware v w Specific Untag_pvid Unaware wl Specific Untag_pvid Unaware v v Specific v Untag_pvid v Unaware v Untagged Specific Untag_pvid Unaware v Untagged Specific v Untag_pvid CH Unaware v Untagged Specific Untag_pvid v Specific Untag_pvic 10 Unaware v d All Specific 1 Untag_ _pvid v 11 linsaweare v Fi All vl Gnarifir s 1l lintan nuvid w i ORing Industrial Networking Corp 62 VLAN 1Q Trunk Mode Switch A Switch B VLAN 10 9000 Series 9000 Series VLAN Trunk ee VLAN 20 40 20 10 20 Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings Open all VLAN Membership Configuration Sa System Information Droa me E Basic Setting Mi DHCP Server Relay Start from VLAN 1 with 20 entries per page W Port Setting MM Redundancy VLAN VLAN Membership Delete VLAN ID VLAN Name Switch C 9000 Series VLAN 10 RGS P9000 Series User Manual VLAN 20 Port Members Bis AS 2 a e a a p e ll ll eck ke kl ke Sa Ports Mm Private VLAN Mm SNMP Traffic Prioritization Add New VLAN Multicast Security Open all Auto refresh L Sa System Information Fr2. RGS P9000 Series Industrial Rack Mount Ethernet Switch User Manual Version 1 0 October 2013 www oring networking com ORing Industrial Networking Corp LZ ORing amp RGS P9000 Series User Manual COPYRIGHT NOTICE Copyright 2010 ORing Industrial Networking Corp All rights reserved No part of this publication may be reproduced in any form without the prior written consent of ORing Industrial Networking Corp TRADEMARKS All other trademarks belong to their respective owners is a registered trademark of ORing Industrial Networking Corp REGULATORY COMPLIANCE STATEMENT Product s associated with this publication complies comply with all applicable regulations Please refer to the Technical Specifications section for more details WARRANT Y ORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date 5 years for most products ORing will repair or replace products found by ORing to be defective within this warranty period with shipment expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORing products that are misused abused improperly installed or damaged by accidents Please refer to the Technical Specifications section for the actual warranty period s of the product s ass
3. Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refresh intervals LACP Status This page provides an overview of the LACP status for all ports LACP Status Auto refresh L Open in new window Partner Partner System ID Port Yes means LACP is enabled and the port link is up No means LACP is not enabled or the port link is down Backup means the port cannot join in the aggregation group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports wth the same key can be aggregated Refresh Clektoreteshihe pageimmediaey Check to enable an automatic refresh of the page at regular intervals ORing Industrial Networking Corp 54 RGS P9000 Series User Manual LACP Statistics This page provides an overview of the LACP statistics for all ports LACP Statistics Auto refresh U Port LACP LACP Discarded Transmitted Received Unknown Illegal Soa ececreoe 68545 Doca D 0 0 0 0 0 0 o 0 0 0 0 0 Pon Swichponmamber SS The number of unknown or illegal LACP frames discarded at each port Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refresh intervals Click to clear the counters for all ports 5 3 4 Loop Gourd This feature prevents loop attack When receiving loop packets the port will be disabled
4. outgoing packet will bring with TPID 8123 tag D o zm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm mm VID 5 TPID 8123 emmmer em em mm ORing Industrial Networking Corp 61 RGS P9000 Series User Manual Examples of VLAN Settings VLAN Access Mode VLAN 20 Switch A Port 7 is VLAN Access mode Port 8 is VLAN Access mode Switch A VLAN 19 9000 Series Switch B 9000 Series Switch C 9000 Series VLAN 10 VLAN Trunk 10 20 VLAN Trunk 10 20 VLAN 20 Untagged 20 Untagged 10 Below are the switch settings Open all D PD P PD D D PPD D P P D a CUUER eebe system Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy VLAN f VLAN Membership f Ports W Private VLAN SNMP Traffic Prioritization Multicast Security Warming Monitor and Diag Synchronization PoE Sa VLAN Membership g Ports DW Private VLAN SNMP Traffic Prioritization Multicast Security Warning Monitor and Diag Synchronization PoE Factory Default System Reboot VLAN Membership Configuration Start from VLAN with entries per page Port Members 17345 6 7 8 9 101112 default eee A Lk Delete VLAN ID VLAN Name Add New VLAN for port 1 VLAN trunk setting for port 7 amp port8 VLAN Access
5. 30 amp RGS P9000 Series User Manual mapped to one MSTI An unused MSTI will be left empty ex without any mapped VLANs Click to save changes Click to undo any changes made locally and revert to previously saved values Priority This page allows you to examine and change the configurations of current STP MSTI bridge instance priority MSTI Configuration MSTI Priority Configuration jee MSTI Priority CIST MST1 MST MST3 MST4 MSTS MST The bridge instance CIST is the default instance which is always active Indicates bridge priority The lower the value the higher the Priority priority The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a bridge identifier Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 31 RGS P9000 Series User Manual 4 4 3 CIST With the ability to cross regional boundaries CIST is used by MSTP to communicate with other MSTP regions and with any RSTP and STP single instance spanning trees in the network Any boundary port that is if it is connected to another region will automatically belongs solely to CIST even if it is assigned to an MSTI All VLANs that are not members of particular MSTIs are members of the CIST Port Settings STP CIST Ports Configuration CIST Aggregated Ports Configuration Port rehab Path Cost Priority Admin Edge Auto Edge Resincted
6. Corp 157 RGS P9000 Series User Manual SMTP Port lt port_list gt disablellinkupllinkdownlboth Mode enableldisable Setup lt ip_start gt lt ip_end gt lt ip_mask gt lt ip_router gt lt ip_dns gt lt ip_tftp gt lt lease gt lt bootfile gt Mode enableldisable Master enableldisable Confi guration RCS Mode enableldisable Add lt ip_addr gt lt port_list gt web_onlweb_off telnet_onltelnet_off snmp_onlsnmp_ off Configuration FastReocvery Mode enableldisable Port lt port_list gt lt fr_priority gt SFP ORing Industrial Networking Corp 158 RGS P9000 Series User Manual syslog enableldisable temp lt temperature gt DeviceBinding Mode enableldisable Port Mode lt port_list gt disablelscanlbindinglshutdown Port DDOS Mode lt port_list gt enableldisable Port DDOS Sensibility lt port_list gt Port DDOS Packet lt port_list gt Port DDOS High lt port_list gt lt socket_number gt Port DDOS Filter lt port_list gt sourceldestination Port DDOS Action lt port_list gt do_nothinglblock_1_minlblock_10_minslblocklshutdownl only_loglreboot_device Port DDOS Status lt port_list gt Port Alive Mode lt port_list gt enableldisable Port Alive Action lt port_list gt do_nothingllink_changelshutdownlonly_loglreboot_devic e Port DeviceType lt port_list gt unkno
7. The payload size of the ICMP packet Values range from 8 to 1400 bytes IPv6 Ping IPv6 Ping rn Address IESSE Ping Size PING6 server 192 168 10 1 sendto sendto ORing Industrial Networking Corp 136 ORing TS RGS P9000 Series User Manual sendto sendto sendto Sent 5 packets received 0 OK 0 bad 5 11 Synchronization MAC based Authentication This page allows you to configure and examine current PTP clock settings PTP External Clock Mode PTP External Clock Mode ei Disable External Enable VCXO Enable Clock Frequency One_pps_mode The box allows you to select One_pps_ mode configurations The following values are possible Output enable the 1 pps clock output Input enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The box allows you to configure external clock output The following values are possible True enable external clock output False disable external clock output VCXO_Enable The box allows you to configure the external VCXO rate adjustment The following values are possible True enable external VCXO rate adjustment False disable external VCXO rate adjustment Clock The box allows you to set clock frequency Frequency The range of values is 1 25000000 1 25MHz ORing Industrial Networking Corp 137 RGS P9000 Series User Manual PTP Clock Configurations PTP Clock Configuration Port List Delete Loch Device 133456789 10 11 1 1
8. The switch port number to which the following settings will be applied Port Drop down list for selecting a mirror mode Rx only only frames received on this port are mirrored to the mirror port Frames transmitted are not mirrored Tx only only frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled neither transmitted nor recived frames are mirrored Enabled both received and transmitted frames are mirrored to the mirror port Note for a given port a frame is only transmitted once Therefore you cannot ia im mirror Tx frames to the mirror port In this case mode for the selected mirror port is limited to Disabled or Rx nly 5 10 4 System Log Information This page provides switch system log information System Log Information Auto refresh L Refresh Open in new window Level The total number of entries is 1 for the given level Start from ID with entries per page ID Level Message Info 1970 01 01 00 01 09 0000 Port 1 Devicef 192 168 10 66 Alive Check ORing Industrial Networking Corp 133 amp RGS P9000 Series User Manual Description 1D The D gt t of the system log entry The level of the system log entry The following level types are supported Info provides general information Warning provides warning for abnormal operation Error provides error message All enables all levels The time of the system log entry
9. 2 If the TPID of tagged frame is not Ox88A8 ex 0x8100 it will be discarded S custom port When the port receives untagged The TPID of a frame frames an untagged frame obtains a tag transmitted by based on PVID and is forwarded S custom port will be When the port receives tagged frames settoa ORing Industrial Networking Corp 59 RGS P9000 Series User Manual 1 If the tagged frame contains a TPID of self customized value 0x8100 it will be forwarded which can be set by 2 If the TPID of tagged frame is not the user via Ethertype Ox88A8 ex 0x8100 it will be for Custom S ports discarded Ee VLAN VID 5 TPID 8100 No VLAN VID PVID TPID 8100 VID 5 TPID 8100 9000 Series VID 5 TPID 88A8 Packet Discarded RK VLAN I VLAN VID 8 l TPID 8100 9000 Series N VID 8 TPID 88A8 Packet Discarded VID 8 TPID 8100 ORing Industrial Networking Corp 60 ORing ba RGS P9000 Series User Manual VLAN op VLAN VID 10 TPID 8100 9000 Series Packet Discarded VID 10 VID 10 TPID 88A8 TPID 88A8 RK VLAN I VLAN VID 5 xt TPID 8100 Packet Discarded THAT aN wu ai ai EE VOA D EH EC FBG i TAAMAL AUAUNA 9000 Series VID 5 een TPID 88A8 S custom port is used for user defined TPID While Ethertype for Custom S ports is configured to 8123
10. Counts the number of frames that match this ACE Rate Limiters This page allows you to configure the rate limiter for the ACL of the switch ORing Industrial Networking Corp Select to apply a policy to the port The allowed values are 1 to 8 The defaut value is 1 Select to Permit to permit or Deny to deny forwarding The default value is Permit Select a rate limiter for the port The allowed values are Disabled or numbers from 1 to 15 The default value is Disabled Select which port frames are copied to The allowed values are Disabled or a specific port number The default value is Disabled Specifies the logging operation of the port The allowed values are Enabled frames received on the port are stored in the system log Disabled frames received on the port are not logged The default value is Disabled Please note that system log memory capacity and logging rate is limited Specifies the shutdown operation of this port The allowed values are Enabled if a frame is received on the port the port will be disabled Disabled port shut down is disabled The default value is Disabled 98 RGS P9000 Series User Manual ACL Rate Limiter Configuration Rate Limiter ID H keng ee flee 4 4 4 4 4 4 4 m lt 4 Rate Limiter ID The rate limiter ID for the settings contained in the same row The rate unit is packet per second pps which can be configured as 1 2 4 8 16 32 64 128
11. as aS 2 Action Parameters Class 3 v DPL 1 DSCP 28 AF32 Tag VID Specific vi Value PCP 2 M DEI o w SMAC Specific Ox 00 00 00 DMAC Type UC w ACUEI Ethernet MAC Parameters STAT Specific Y Value 0x FFFF Port Members Check to include the port in the QCL entry By default all ports are included Key Parameters Key configurations include ORing Industrial Networking Corp 85 G e Any Ethernet LLC SNAP IPv4 RGS P9000 Series User Manual Tag value of tag can be Any Untag or Tag VID valid value of VLAN ID can be any value from 1 to 4095 Any user can enter either a specific value or arange of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 arange 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SM AC Source MAC Address can be 24 MS bits OUI or Any DMAC Type Destination MAC type can be unicast UC multicast MC broadcast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 IPv6 Note all frame types are explained below Valid Ethernet values can range from 0x600 to OxFFFF or Any but excluding 0x800 IPv4 and Ox86DD IPv6 The default value is Any SSAP Address valid SSAP Source Service Access Point values can range from 0x00 to OxFF or Any The default value is Any DSAP Address valid DSAP
12. lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt Gp lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt permitldeny lt rate_limiter gt lt port_redirect gt lt mirror gt lt logging gt lt shutdown gt Lookup lt ace_id gt Status combinedlstaticlloop_protectldhcplptplipmclconflicts Port State lt port_list gt enableldisable ORing Industrial Networking Corp 149 bai RGS P9000 Series User Manual security Network DHCP Configuration Mode enableldisable Server lt ip_addr gt Information Policy replacelkeepldrop Information Mode enableldisable Statistics clear Security Network AAA Configuration Timeout lt timeout gt Deadtime lt dead_time gt RADIUS lt server_index gt enableldisable lt ip_addr_string gt lt secret gt lt server_port gt ACCT_RADIUS lt server_index gt enableldisable lt ip_addr_string gt lt secret gt lt server_port gt Statistics lt server_index gt STP Version lt stp_vers
13. automatically preventing the loop attack from affecting other network devices General Settings Global Configuration SEIT Bil Sie e Disable Transmission Time seconds Shutdown Time seconds ORing Industrial Networking Corp 55 ORing amp RGS P9000 Series User Manual Label Description Enable Loop Protection Activate loop protection functions as a whole Transmission Time The interval between each loop protection PDU sent on each port The valid value is 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid value is O to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Port Configuration Port Enable Action Tx Mode 1 Shutdown Port Enable 2 Shutdown Port 3 4 Shutdown Port v 5 6 Shutdown Port v Et Label Description Switch port number Activate loop protection functions as a whole Port Enable Configures the action to take when a loop is detected Valid values include Tee Tx Mode Controls whether the port is actively generating loop protection PDUs or only ee cena e S 5 4 VLAN 5 4 1 VLAN Membership You can view and change VLAN membership configurations for a selected switch stack in this page Up to 64 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each
14. enter a specific SIP address in dotted decimal notation When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation Specifies the destination IP filter for the ACE Any no destination IP filter is specified destination IP filter is don t care Host destination IP filter is set to Host Specify the destination IP address in the DIP Address field that appears Network destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear When Host or Network is selected for the destination IP filter you DIP Address can enter a specific DIP address in dotted decimal notation When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation ARP Parameters ARP RARP ARP SMAC Match i w Request Reply RARP SMAC Match Sender IP Filter Network se IP Ethernet Length Smee 192 168 1 1 IP Sender IP Mask 255 255 255 0 Ethernet Target IP Filter Taroet ID Addrese 192 168 1 254 Target IP Mask 299 292 222 0 Specifies the available ARP RARP opcode OP flag for the ACE Any no ARP RARP OP flag is specified OP is don t care ARP RARP ARP frame must have ARP RARP opcode set to ARP RARP frame must have ARP RARP opcode set to RARP Other frame has unknown ARP RARP Opcode flag Specifies the available ARP RARP opcode OP flag for the
15. 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable Follow the steps below to access the console via RS 232 serial cable Step 1 On Windows desktop click on Start gt Programs gt Accessories gt Communications gt Hyper Terminal ORing Industrial Networking Corp 140 nal HEL R pl Mardy stones Lg q g i E FEIS E e KI Si ba ny hes File Edt Call Transfer Help Dia S 3 ka Accessories RGS P9000 Series User Manual Le Accessibility ty Communications d HyperTerminal Le Network Time Protocol gt Network and Dial up Connections Lea System Tools b Lea HyperTerminal Ay Acrobat Reader 5 0 Address Book EB Calculator E Command Prompt CH NetTime A7 Notepad W paint ES Windows Explorer e BR WordPad If Network Associates gt Step 3 Select a COM port in the drop down list ORing Industrial Networking Corp 141 RGS P9000 Series User Manual termnial HyperTerminal i m 0 x File Edit Yiew Call Transfer Help Connect ro ia D termnial Enter details for the phone number that you want to dial Country region Mawan i Area code a Phone number SS Connect using lt Cancel Disconnected Auto detect Auto detect SCROLL CAPs NUM Capture Print echo E Step 4 A pop up window that indicates COM port properties appears including bits per second data
16. been transmitted by the switch These backend RADIUS frame counters are available for the 123 e 802 1X e MAC based Auth Backend Server Counters Direction IEEE Name Access Challenges dotixAuthBackendAccessChallenges Other Requests dotixAuthBackendOtherRequestsToSupplicant Auth Successes dotixAuthBackendAuthSuccesses Auth Failures dotixAuthBackendAuthFails dotixAuthBackendResponses about the last This administrative states e 802 1X e MAC based Auth Information authenticate information Last Supplicant Client Info Last IEEE Name MAC Address VLAN ID Supplicant Clien t Info 802 1X based supplicant client is available RGS P9000 Series User Manual Description Port based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Port based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Port and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully aut
17. with 20 entries per page Port Members VLAN MAC Address CPU 1 2 3 4 5 6 7 8 9 101112 00 1E 94 98 89 89 wi 00 1E 94 FF FF FF wi 01 80 C2 4A 44 06 W www ww ww ww wi wi wi 33 33 FF A8 0A 01 y 33 33 FF FF FF FF wi FE FE FF FE FF FF W wl wl wl NW WW Wl Wl Wl ww 5 10 2 Port Statistics Traffic Overview This page provides an overview of general traffic statistics for all switch ports Port Statistics Overview Auto refresh L Port Packets Bytes Errors Drops Filtered Receive Transmit Receive Transmit Receive Transmit Receive Transmit Receive 117980 86946125 9117790 6259918088 0 oo 0 0 0 0 0 68732984 68732987 4957477714 4957477932 24710409 0 0 0 0 0 0 0 0 0 68732985 68732987 4957477883 4957477932 OOOOOOtaOOO OO 4 OOOOOOOOOOOOH OOOOOOOOOOOOOH OOOOOOOOOcH 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 H 0 ORing Industrial Networking Corp 130 RGS P9000 Series User Manual The number of received and transmitted packets per port The number of received and transmitted bytes per port The number of frames received incomplete transmissions per port Drops The urbe of ames cecarded due 1o wares gege ment The number of received ramos tered byte fomarding process Retresn Undetes the counter entries staring Forth cunententy D Detailed Statistics in error and the number of This page provides detailed traffic statistics for a specific switch port Use the port drop down list to dec
18. 1 Translate 2 Classify Classification has 4 different values Disable no Ingress DSCP classification gt Classify DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific DSCP All classify all DSCP Port egress rewriting can be one of the following options Disable no Egress rewrite Enable rewrite enabled without remapping Remap DP Unaware DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation gt Egress Remap DO table Remap DP Aware DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation gt Egress Remap DO table or from the DSCP Translation gt Egress Remap DP1 table 5 6 5 Port Policing This page allows you to configure Policer settings for all switch ports QoS Ingress Port Policers Port Enabled Rate Unit Flow Control bo 500 lt gt 500 kbps e 500 kbps 500 kbps 500 kbps 500 kbps si 500 kbps 500 kbps e 500 kbps e 500 kbps wi 500 kbps 500 kbps 500 kbps zi 500 kbps D JO UUN ra L b b b b bjb b b b b bjb bjb JOOOOOOOOOOOO0O00 ORing Indus
19. 126 are allowed The textual identification of the contact person for this managed node together with information on how to contact this person System Contact The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed Provides the time zone offset from UTC GMT System Timezone a a l l The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Click to save changes Click to undo any changes made locally and revert to previously saved values 5 1 2 Admin amp Password This page allows you to configure the system password required to access the web pages or offset minutes log in from CLI System Password Username Old Password New Password Confirm New Password Old Password The existing password If this is incorrect you cannot set the new password New Password The new system password The allowed string length is O to 31 and only ASCII characters from 32 to 126 are allowed Confirm New Re type the new password Password Save Click to save changes ORing Industrial Networking Corp 37 RGS P9000 Series User Manual 5 1 3 Authentication This page allows you to configure how a user is authenticated when he she logs into the switch via one of the management interfaces Authentication Method Configuration Client SCAS Method Fallback console telnet e ssh local T web local Save Reset Client The manag
20. 19 0 01 01705 53 344 00 00 System Uptime Od 05 53 34 Kernel Version v9 00 Software Version v1 00 Software Date 20135 05 307T15 36 26 08 00 Auto refresh L Enable Location Alert On the right hand side of the management interface shows links to various settings You can click on the links to access the configuration pages of different functions 5 1 Basic Settings Basic Settings allow you to configure the basic functions of the switch 5 1 1 System Information This page shows the general information of the switch system Information Configuration System Name 1GS 9812GP System Description Industrial 20 port managed Gii System Location System Contact ee System Timezone Offset minutes ERR EC An administratively assigned name for the managed node By convention this is the node s fully qualified domain name A System Name domain name is a text string consisting of alphabets A Z a z digits 0 9 and minus sign Space is not allowed to be part of the name The first character must be an aloha character And the ORing Industrial Networking Corp 36 amp RGS P9000 Series User Manual first or last character must not be a minus sign The allowed string length is to 255 System Description Description of the device The physical location of the node e g telephone closet 3rd System Location floor The allowed string length is O to 255 and only ASCII characters from 32 to
21. 72 amp RGS P9000 Series User Manual Check to delete the entry It will be deleted during the next save A string identifying the view name that this entry should belong to View Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates the view type that this entry should belong to Possible view types include Included an optional flag to indicate that this view subtree should be included View Type Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist another entry whose view type is Included and its OID subtree oversteps the Excluded entry The OID defining the root of the subtree to add to the named view OID Subtree The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 5 5 6 SNMP Access Configurations This page allows you to configure SNMPv3 access table The entry index keys are Group Name Security Model and Security Level SNMPv3 Accesses Configuration Delete Group Name Security Model Security Level Read View Name Write View Name Fj default_ro_group any NoAuth NoPriv default_view e C default rw Oroup any WNoAuth NoPriv default_view e default view e Check to delete the entry It will be deleted during the next save A string identifying the group name that this entry should belong to The allowed string length is 1
22. Classified Classified Classified Classified Classified Classified Classified Classified Classified mge The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Shows the tag remarking mode for this port Classified use classified PCP DEI values Default use default PCP DEI values Mapped use mapped versions of QoS class and DP level 5 6 4 Port DSCP This page allows you to configure basic QoS Port DSCP settings for all switch ports QoS Port DSCP Configuration Ingress Egress Translate Classify Rewrite Les 4 sl 1 F Disable Disable v 2 d Disable el Disable E 3 F Disable wi Disable v 4 d Disable wi Disable o M 5 F Disable Disable vi 6 d Disable Disable v 7 O Disable ei Disable vi 8 d Disable e Disable v 9 F Disable wl Disable v 10 d Disable wei Disable v 11 C Disable Disable v 12 d Disable wl Disable v 13 F Disable Disable v 14 d Disable e Disable v 15 Fi Disahle Disahle v label I ege O Shows the list of ports for which you can configure DSCP Ingress and Egress settings ORing Industrial Networking Corp 77 amp RGS P9000 Series User Manual In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress
23. Destination Service Access Point values can range from 0x00 to OxFF or Any The default value is Any Control Valid Control valid values can range from 0x00 to OxFF or Any The default value is Any PID valid PID a k a ethernet type values can range from 0x00 to OxFFFF or Any The default value is Any Protocol IP Protocol Number 0 255 TCP or UDP or Any Source IP specific Source IP address in value mask format or Any IP and mask are in the format of x y z w where x y Z and w are decimal numbers between 0 and 255 When the mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF ORing Industrial Networking Corp 86 RGS P9000 Series User Manual or AF11 AF 43 IP Fragment lpv4 frame fragmented options include yes no and Sport Source TCP UDP Port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP Port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Protocol IP protocol number 0 255 TCP or UDP or Any Source IP IPv6 source address a b c d or Any 32 LS bits DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 S
24. Discarded frames require a new entry in the table if Chassis ID or Remote Port ID is not included in the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out Each LLDP frame can contain multiple pieces of information TLVs Discarded known as TLVs Type Length Value If a TLV is malformed it will be counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Each LLDP frame contains information about how long the LLDP information is valid age out time If no new LLDP frame is Age Outs received during the age out time the LLDP information will be removed and the value of the age out counter will be incremented Refresh Click to refresh the page immediately Click to clear the local counters All counters including global Clear counters are cleared upon reboot Check to enable an automatic refresh of the page at regular Auto refresh intervals 5 1 9 Modbus TCP This page shows Modbus TCP support of the switch For more information regarding Modbus please visit http www modbus org ORing Industrial Networking Corp 44 ORing TS RGS P9000 Series User Manual Mee Shows the existing status of the Modbus TCP function 5 1 10 Backup Restore Configurations You can save view or load switch configurations The configurati
25. L DHCP Relay Statistics Server Statistics z Receive P S Receive Transmit Receive SES ES Receive Receive Receive Transmit Missing SE Ee z Bad from Missing Missing Bad Ss Remote ch Server sie a Circuit ID Remote ID Circuit ID Option Transmit to Sever The number of packets relayed from the client to the server Transmit Error The number of packets with errors when being sent to clients Receive from Server The number of packets received from the server Receive Missing Agent The number of packets received without agent information Option Receive Missing Circuit The number of packets received with Circuit ID ORing Industrial Networking Corp 48 RGS P9000 Series User Manual Receive Missing Remote The number of packets received with the Remote ID option ID missing Receive Bad Circuit ID The number of packets whose Circuit ID do not match the known circuit ID Receive Bad Remote ID The number of packets whose Remote ID do not match the known Remote ID Chent Statistics Transmit Transmit Receive Receive Replace Keep Drop to Client Error from Client Agent Option Agent Option Agent Option Agent Option 0 0 0 A 0 0 0 Transmit to Client The number of packets relayed from the server to the client Transmit Error The number of packets with errors when being sent to servers Receive from Client The number of packets received from the server Receive Agent Option The number of received packets containing rel
26. N ek ek g i 3 3 4 sl 6 H g de 4 de 4 Maximum number of supported DSCP values is 64 and valid Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP can be translated to any of 0 63 DSCP values 2 Classify check to enable ingress classification You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges form 0 to 63 Remap DP1 controls the remapping for frames with DP level 1 You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges form 0 to 63 Configurable engress parameters include Remap DPO controls the remapping for frames with DP level 0 5 6 12 DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value ORing Industrial Networking Corp 84 RGS P9000 Series User Manual DSCP Classification QoS Class DPL DSCP x Ka e5 QO BE 9 C51 14 AF13 O BE 0 BE 4 4 LU g 1 1 2 oO Fa oO e CH Select the classified DSCP value 0 63 5 6 13 QoS Control List This page allows you to edit or insert a single QoS control entry at a time A QCE consists of several parameters These parameters vary with the frame type you select QCE Configuration Port Members Ba as E ai L a
27. Networking Corp 58 ORing amp RGS P9000 Series User Manual Introduction of Port Types Below is a detailed description of each port type including Unaware C port S port and S custom port oo l Ingress action Egress action Unaware When the port receives untagged The TPID of a frame frames an untagged frame obtains a tag transmitted by The function of based on PVID and is forwarded Unaware por will be Unaware can be used When the port receives tagged frames set to 0x8100 for 802 1QinQ 1 If the tagged frame contains a TPID of The final status of the double tag 0x8100 it will become a double tag frame after egressing frame and will be forwarded will also be affected by 2 If the TPID of tagged frame is not the Egress Rule 0x8100 ex 0x88A8 it will be discarded When the port receives untagged The TPID of a frame frames an untagged frame obtains atag transmitted by C port based on PVID and is forwarded will be set to 0x8100 When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not 0x8100 ex 0x88A8 it will be discarded When the port receives untagged The TPID of a frame frames an untagged frame obtains a tag transmitted by S port based on PVID and is forwarded will be set to Ox88A8 When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded
28. PR9000 is furnished with Layer 3 function which boasts faster forwarding via hardware With complete support for Ethernet redundancy protocols such as O Ring recovery time lt 30ms over 250 units of connection and MSTP RSTP STP compatible the switch can protect your mission critical applications from network interruptions or temporary malfunctions with its fast recovery technology Featuring a wide operating temperature from 40 C to 70 C 20 C 60 C when using 10G SFP module the RGS P9000 series can be managed centrally and conveniently via Open Vision web browsers Telnet and console CLI configuration making it one of the most reliable choice for highly managed and Fiber Ethernet power substation and rolling stock application 1 2 Software Features Supports GRE Generic Routing Encapsulation tunneling protocol Supports O Ring recovery time lt 30ms over 250 units of connection and MSTP RSTP STP compatible for Ethernet redundancy WR Supports Open Ring to interoperate with other vendors ring technology in open architecture Supports O Chain to allow multiple redundant network rings Supports standard IEC 62439 2 MRP Media Redundancy Protocol function Supports IPV6 new Internet protocol Supports Modbus TCP protocol Supports priority tagged frames to be received by specific IEDs Supports IEEE 802 3az Energy Efficient Ethernet technology ORing Industrial Networking Corp 6 ORing 1 ORing Industrial Networking Co
29. QCEs is 256 on each switch QoS Control List Status Action User CE Frame Type Port Conflict Q YP Class DPL DSCP No entries Indicates the QCL user Indicates the index of QCE Indicates the type of frame to look for incoming frames Possible frame types are Any the QCE will match all frame type Ethernet Only Ethernet frames with Ether Type Ox600 OxFFFF are Frame Type allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 the QCE will match only IPV4 frames IPv6 the QCE will match only IPV6 frames Indicates the list of ports configured with the QCE Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS if a frame matches the QCE it will be put in the DPL Drop Precedence Level if a frame matches the QCE then DP level ORing Industrial Networking Corp 88 amp RGS P9000 Series User Manual will set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required to add a QCE may not l be available In that case it shows conflict status as Yes otherwise it is SN always No Please note that conflict can be resolved by rel
30. STP Forwardin OO O C The switch port number to which the following settings will be applied The current STP port role of the CIST port The values include CIST Role Alternate Port BackupPort RootPort and De signatedPort The time since the bridge port is last initialized Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refre sh regular intervals The current STP port state of the CIST port The values include Blocking Learning and Forwarding STP Statistics This page displays the STP port statistics for the currently selected switch STP Statistics Auto refresh L Port Transmitted Received Discarded MSTP RSTP STP TCN MSTP RSTP STP TCN Unknown Illegal ports enabled ORing Industrial Networking Corp 26 RGS P9000 Series User Manual The switch port number to which the following settings will be The number of RSTP configuration BPDUs received transmitted The number of legacy SITP configuration BPDUs received transmitted on the port TEN The number of legacy topology change notification BPDUs received transmitted on the port The number of unknown spanning tree BPDUs received and Discarded Unknown discarded on the port The number of illegal spanning tree BPDUs received and Discarded Illegal discarded on the port Click to refresh the page immediately Check to enable an automatic refresh of the page
31. STR OSCE EST eEn Te Etre tere Eere ee ER TeR mE nye nt not tte ete ete tn ea 88 5 Vill wie ae E nares ives tos E sipessacinnss 89 SL IOMP SAO ODIING senec EEA 89 5 7 2 VLAN Configurations of IGMP Gnoopmg 90 S79 IGMP ITO ODI SIAS E 90 5 7 4 Groups Information of IGMP Gnoopimg 91 5 8 CU e E E E A E 92 5 8 1 Remote Control Security Configurations cccceccceeeeeeeeeeeeeeeeeeeseeeeseeeeseneens 92 592 DPOVNCE EE 93 coo aro A E a a ee nee ee eee ee ee 97 Eege 109 PII e acess asec eens ec ant ones A S 109 5 8 6 NWAGIOO2Isi 115 5 9 EE 124 IIO MONO ana DI eaa E EEE E N 127 SHEET 137 5 12 TrOUDI SNOOTING cc ceccceeccececeeece een eeneeeseeeceeeeeeeeseeeseeeseueesueeseeeseeeseeeseueeaeeeaes 139 eee Fay DEUS EE 139 5 12 2 System REDOT eege 139 ORing Industrial Networking Corp 4 ORing 5 13 Command Line Interface Management ORing Industrial Networking Corp RGS P9000 Series User Manual RGS P9000 Series User Manual Getting Started 1 1 About RGS P9000 Series The RGS P9000_ series offers a comprehensive line of modular rack mount Ethernet switches optimized for railway applications The product line consists of the two models RGS P9000 and RGS PR9000 both come with 3 slots supporting up to 24 10 100 1000BaseT X and 1 slot supporting up to 4 10Gigabit Ethernet ports The robust RGS PR9000 and RGS P9000 switches are designed for power substation and rolling stock applications The RGS
32. Shaper Port Shaper Enable Rate Unit Excess Enable Rate Unit ao s kbps lr ois 500 Io ok Ouzcg kbp EO Controls whether the scheduler mode is Strict Priority or Scheduler Mode Weighted on this switch port Queue Shaper o Gaam Check to enable queue shaper for individual switch ports nable Configures the rate of each queue shaper The default value is Queue Shaper Rate 500 This value is restricted to 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the rate for each queue shaper The default value is Queues Shaper Unit 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Allows the queue to use excess bandwidth Excess Port Shaper Enable Check to enable port shaper for individual switch ports Configures the rate of each port shaper The default value is 500 Port Shaper Rate l l l _ This value is restricted to 100 to 1000000 when the Unit is kbps ORing Industrial Networking Corp 80 RGS P9000 Series User Manual and it is restricted to 1 to 3300 when the Unit is Mbps Configures the unit of measurement for each port shaper rate as Port Shaper Unit kbps or Mbps The default value is kbps Weighted QoS Egress Port Scheduler and Shapers Port 1 Scheduler Mode Queue Shaper Queue Scheduler Port Shaper Enable Rate Unit Excess Weight Percent Enable R
33. The MAC address of the switch Check this box to enable an automatic refresh of the page at regular Auto refresh intervals Updates system log entries starting from the current entry ID Flushes all system log entries Updates system log entries starting from the first available entry ID Updates system log entries starting from the last entry currently gt gt displayed gt gt Updates system log entries ending at the last available entry ID 5 10 5 Cable Diagnostics This page allows you to perform VeriPHY cable diagnostics Updates system log entries ending at the last entry currently lt lt displayed VeriPHY Cable Diagnostics Port Cable Status Par A LengthA ParB LengthB Pairt LengthC ParD Length D Press Start to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes ORing Industrial Networking Corp 134 RGS P9000 Series User Manual automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY diagnostics is only accurate for cables 7 140 meters long 10 and 100 Mbps ports will be disconnected while running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Port The port for which VeriPHY Cable Diagnostics is requested Cable Status Port
34. VLAN ORing Industrial Networking Corp 56 RGS P9000 Series User Manual VLAN Membership Configuration Start from VLAN D with 20 entries per page Port Members Dis Alps ae Se les air He e ee Un be default MMMIMMIMIMIMIM M1 Kl kl Delete VLAN ID F 1 VLAN Name Checkmarks indicate which ports are members of the entry Check or Port Members Add New VLAN 5 4 2 Port Configurations This page allows you to set up VLAN ports individually uncheck as needed to modify the entry Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Valid values for a VLAN ID are 1 through 4095 After clicking Save the new VLAN will be enabled on the selected switch stack but contains no port members A VLAN without any port members on any stack will be deleted when you click Save Click Delete to undo the addition of new VLANs Auto refresh C Ethertype for Custom S ports 0x ssas VLAN Port Configuration Port VLAN Mode ID lt gt SI ES wi Port Type Ingress Filtering Frame Type Tx Tag lt lt gt lt gt 1 2 E A 5 Sa 7 8 ed 10 11 12 Unaware Unaware Unaware eS ES LS LS Unaware Unaware RIR Unaware Unaware Unaware Unaware Unaware Unaware Unaware ZR ERR CDD ORing Industrial Networking Corp All Speci
35. and middle 3 2 Module Installation 3 2 1 RJ 45 Module The RGS P9000 series support maximum three RJ 45 modules giving you a total of 24 RJ 45 ports Follow the steps below for installation Step 1 Turn the switch power off Step 2 Insert the modules in Slot 1 2 and 3 respectively Step 3 Turn the switch power on 0 0 0 0 PLP OOO ZO D o i 2002 002 Zeie 9090 PPOHP OOO poppoo ooo0000 j oe ee a b Ab Ab ded io 3 2 2 SFP Module The RGS P9000 series support maximum three SFP modules giving you a total of 24 SFP ports Follow the steps below for installation Step 1 Turn the switch power off Step 2 Insert the modules in Slot 1 2 and 3 respectively Step 3 Turn the switch power on ORing Industrial Networking Corp 12 RGS P9000 Series User Manual 8 Sch 3 Mu D KC 2 RI z PPPP HOO PODNDNOO 0990000 EK 0 0 go PELE OOO 70 02 2002 PLO OD OOO 20 joo oio 0 0 0 Pppp O 0000000 NS RN ZS Se e E 3 2 3 10G SFP Module The RGS P9000 series support one 10G SFP module giving you a total of 4 10G ports Follow the steps below for installation ORing provides two 10G modules including SWM 02GP and SWM 04GP The module can be plugged into the 10 Gigabit Ethernet slot of the switch and connected to fiber optic networks Follow the steps below for installation Step 1 Turn the switch power off Step 2 Insert the modul
36. and the aggregation group Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address IF Address TCP UDP Port Number Source MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Calculates the destination port of the frame You can check this Address box to enable the destination MAC address or uncheck to disable By default Destination MAC Address is disabled IP Address Calculates the destination port of the frame You can check this box to enable the IP address or uncheck to disable By default IP Address is enabled TCP UDP Port Calculates the destination port of the frame You can check this Number box to enable the TCP UDP port number or uncheck to disable By default TCP UDP Port Number is enabled ORing Industrial Networking Corp 51 RGS P9000 Series User Manual Aggregation Group Configuration Port Members 10 11 12 13 3 Mi j be co de Group ID Normal 1 0000000000 OG OOOODOODOOD0OO OF OOO0DOODO0D0O 0 OF 0000000000 oF OOOUOUOED OCH OF OOOOO0OOODO OO OF 0000000000 Of 0000000000 OF 0000000000 e w e fe e fe fel e fel EN oi eje paje aja h e h eje peja fe fel p h OG 0000000000 OOOUDOUDOEDNOO je pja aje e eH OOOUDOUDOEDNOO e OOOUDODOENOO 0000000000 0000000000 fc OO90000
37. bits parity stop bits and flow control ee aes Steno i ele SE SS e Se loj x ee hl Fort Settings Bits per second uwo sl Data bits Beo Parity None sl Stop bits ooo H Flow control None sl Restore Defaults OF Cancel Apply Disconnected Auto detect Auto detect SCROLL caps NUM Capture Print echo a Step 5 The console login screen will appear Use the keyboard to enter the Username and ORing Industrial Networking Corp 142 Password same as the password for Web browsers then press Enter De co A o e RGS P9OO00 Command Line Interface Username Password CLI Management by Telnet You can can use TELNETio configure the switch The default values are IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps below to access console via Telnet RGS P9000 Series User Manual Step 1 Telnet to the IP address of the switch from the Run window by inputting commands or from the MS DOS prompt as below SS lx Type the name of a program Folder document or Internet resource and Windows will open it For you Open telnet 192 168 10 1 sl Cancel Browse Step 2 The Login screen will appear Use the keyboard to enter the Username and Password ORing Industrial Networking Corp ORing amp RGS P9000 Series User Manual same as the password for Web browser
38. for shared media Click to save changes Click to undo any changes made locally and revert to previously saved values 4 5 Fast Recovery Fast recovery mode can be set to connect multiple ports to one or more switches The RGS P9000 series with fast recovery mode will provide redundant links Fast recovery mode Supports 12 priorities Only the first priority will be the active port and the other ports with different priorities will be backup ports ORing Industrial Networking Corp 33 RGS P9000 Series User Manual Fast Recovery Mode barnsnssee E Active kennnnssn G Mot mel me Mot melded eae me Hot included amie Mot mc emia Hot included Apply Activates fast recovery mode Ports can be set to 12 priorities Only the port with the highest priority will be the active port 1st Priority is the highest Click to activate the configurations ORing Industrial Networking Corp 34 ORing amp RGS P9000 Series User Manual Management The switch can be controlled via a built in web server which supports Internet Explorer Internet Explorer 5 0 or above versions and other Web browsers such as Chrome Therefore you can manage and configure the switch easily and remotely You can also upgrade firmware via a web browser The Web management function not only reduces network bandwidth consumption but also enhances access speed and provides a user friendly viewing screen By default I
39. length is Password 8 to 32 and only ASCII characters from 33 to 126 are allowed ORing Industrial Networking Corp 71 RGS P9000 Series User Manual 5 5 4 SNMP Group Configurations This page allows you to configure SNMPv3 group table The entry index keys are Security Model and Security Name SNMPv3 Groups Configuration Delete Security Model Security Name Group Name public default_ro_grou private default_rw_grou public default ro grou private default_rw_grou default_user default_rw_grou Add new group Check to delete the entry It will be deleted during the next save Indicates the security model that this entry should belong to Possible security models included Security Model v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM A string identifying the security name that this entry should belong to Security Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 5 5 5 SNMP View Configurations This page allows you to configure SNMPv3 view table The entry index keys are View Name and OID Subtree SNMPv3 Views Configuration Delete ViewName View Type OID Subtree WW default view included Add new view ORing Industrial Networking Corp
40. of the port Refer to NAS Port State for more Port State details regarding each value The source MAC address carried in the most recently received TOT EN EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication The user name supplicant identity carried in the most recently received Response ldentity EAPOL frame for EAPOL based Last ID authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication 122 Ohingiidusteiemekingcem 8 aaa Industrial Networking Corp RGS P9000 Series User Manual This page provides detailed IEEE 802 1X statistics for a specific switch port using port based authentication For MAC based ports only selected backend server RADIUS Authentication Server statistics is showed Use the port drop down list to select which port details to be displayed NAS Statistics Port 2 Auto refresh L Port State ieee Force Authonzed Port State ly Disabled The port s current administrative state Refer to NAS Admin State for Admin State Port State EAPOL Counters Backend Server Counters more details regarding each value The current state of the port Refer to NAS Port State for more details regarding each value These supplicant frame counters are available for the following administrative states e Force Authorized e Force Unau
41. pony Guard Domni Enabled Role TCN CIST Normal Ports Configuration STP TEE Restricted Point to Port Enabled Path Cost Priority Admin Edge Auto Edge eo BPDU Guard oint E C CT D T O Edge ov d d O 2 LI Oo i E Auto v 3 O d d R 4 0 O R dl d d R es O Oo a O Auto v The switch port number to which the following settings will be applied STP Enabled Check to enable STP for the port Configures the path cost incurred by the port Auto will set the path cost according to the physical link speed by using the 802 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Configures the priority for ports having identical port costs See Priority Pen above A flag indicating whether the port is connected directly to edge OpenEdge setate devices or not no bridges attached Transiting to the forwarding flag state is faster for edge ports operEdge set to true than other ports AdminEdge Configures the operEdge flag to start as set or cleared the initial ORing Industrial Networking Corp 32 amp RGS P9000 Series User Manual E operEdge state when a portis initialized Check to enable the bridge to detect edges at the bridge port AutoEdge automatically
42. server number Click to navigate to detailed statistics of the server The IP address and UDP port number in lt IP Address gt lt UDP Port gt IP Address notation of the server ORing Industrial Networking Corp 111 amp RGS P9000 Series User Manual The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP communications are built and the RADIUS module is ready to accept access attempts Dead X seconds left access attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Server Status Overview Disabled Disabled Disabled Disabled Disabled The RADIUS server number Click to navigate to detailed statistics of the server The IP address and UDP port number in lt IP Address gt lt UDP Port gt IP Address notation of the server The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP commun
43. server request times out according to Hold Time the timeout specified on the Configuration gt Security AAA page the client is put on hold in Unauthorized state The hold timer does not count during an on going authentication The switch will ignore new frames coming from the client during the hold time The hold time can be set to a number between 10 and 1000000 seconds Port The port number for which the configuration below applies If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link is up and any client on the port will be allowed network access without authentication Admin State Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link is up and any client on the port will be disallowed network access Port based 802 1X In an 802 1X network environment the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames ORing Industrial Networking Corp 118 ORing amp RGS P9000 Series User Manual sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames
44. the security model that this entry should belong to Possible security models include NoAuth NoPriv no authentication and none privacy Sany ieva Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The value of security level cannot be modified if the entry already exists which means the value must be set correctly at the time of entry creation Indicates the authentication protocol that this entry should belong to Possible authentication protocols include None no authentication protocol MD5 an optional flag to indicate that this user is using MD5 Authentication authentication protocol Protocol SHA an optional flag to indicate that this user is using SHA authentication protocol The value of security level cannot be modified if the entry already exists which means the value must be set correctly at the time of entry creation A string identifying the authentication pass phrase For MD5 Authentication authentication protocol the allowed string length is 8 to 32 For SHA Password authentication protocol the allowed string length is 8 to 40 Only ASCII characters from 33 to 126 are allowed Indicates the privacy protocol that this entry should belong to Possible Ree privacy protocols include None no privacy protocol Protocol o DES an optional flag to indicate that this user is using DES authentication protocol Privacy A string identifying the privacy pass phrase The allowed string
45. wa D SNMP S tagge None 1 Tag_a D Traffic Prioritization L m LEE EM te Multicast 4 Unaware v d All w Specific 1 Untag_pvid Security 5 Unaware v oO All v Specific 1 Untag_pvid P Waming 6 Unaware Ke O All w Specific 1 Untag_pvid VLAN ID Settings When setting the management VLAN only the same VLAN ID port can be used to control the switch 9000ies VLAN Settings ORing Industrial Networking Corp 65 RGS P9000 Series User Manual Open all IP Configuration ES System Information Sa Front Panel E Basic Setting Configured Current DHCP Client Renew IP Address 192 168 10 2 192 168 10 2 Basic Setting Admin Password Auth Method IP Setting IPv6 Setting HTTPS SSH Modbus TCP Backup Restore Upgrade Firmware IP Mask 255 255 255 0 IP Router 0 0 0 0 po oo SNTP Server O iS EE EEE RP GR 5 4 3 Private VLAN The private VLAN membership configuration for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and private VLAN IDs can be identical A port must be a member of both a VLAN and a private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and private VLAN 1 A VL
46. 0 ARP RARP frames where the HLD is equal to Ethernet 1 must not match this entry 1 ARP RARP frames where the HLD is equal to Ethernet 1 must match this entry Any any value is allowed don t care Specifies whether frames will meet the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Any any value is allowed don t care ICMP Type Filter ICMP Type Value ICMP Code Filter ICMP Code Value Specifies the ICMP filter for the ACE Any no ICMP filter is specified ICMP filter status is don t care ICMP Type Filter Specific if you want to filter a specific ICMP filter with the ACE you can enter a specific ICMP value A field for entering an ICMP value appears When Specific is selected for the ICMP filter you can enter a ICMP Type Value specific ICMP value The allowed range is 0 to 255 Aframe matching the ACE will use this ICMP value Specifies the ICMP code filter for the ACE ICMP Code Filter l l Es l Any no ICMP code filter is specified ICMP code filter status is ORing Industrial Networking Corp 106 RGS P9000 Series User Manual don t care Specific if you want to filter a specific ICMP code filter with the ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears When
47. 0000 GE KA 3 Indicates the ID of each aggregation group Normal means no aggregation Only one group ID is valid per port Port Members Lists each switch port for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group 5 3 3 LACP This page allows you to enable LACP functions to group ports together to form single virtual links thereby increasing the bandwidth between the switch and other LACP compatible devices LACP trunks are similar to static port trunks but they are more flexible because LACH is compliant with the IEEE 802 3ad standard Hence it is interoperable with equipment from other vendors that also comply with the standard You can change LACP port settings in this page ORing Industrial Networking Corp 52 RGS P9000 Series User Manual LACP Port Configuration Open in new window 1 E Auto O 3 d Auto 4 O Auto Indicates the ID of each aggregation group Normal indicates 7 there is no aggregation Only one group ID is valid per port LACP Enabled Lists each switch port for each group ID Check to include a port in an aggregation or clear the box to remove the port from the aggregation By default no ports belong to any aggregation
48. 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps ACL Control List This page allows you to configure ACE Access Control Entry An ACE consists of several parameters These parameters vary with the frame type you have selected First select the ingress port for the ACE and then the frame type Different parameter options are displayed according to the frame type you have selected A frame matching the ACE can be configured here ACE Configuration Ingress Port Foret wv IPyv4 Action hit Mise Disa Port Copy bled ze Frame Type Logging bled Shutdown Counter ORing Industrial Networking Corp 99 amp RGS P9000 Series User Manual Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this port number where n is the number of the Ingress Port switch port Policy n the ACE applies to this policy number where n can range from 1 to 8 Indicates the frame type of the ACE These frame types are mutually exclusive Any any frame can match the ACE Ethernet Type only Ethernet type frames can match the ACE The IEEE Frame TS 802 3 descripts the value of length types should be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP only ARP frames can match the ACE Notice the ARP frames will not match the ACE with Ethernet type IPv4 only IPv4 frames can match the
49. 3 14 15 16 17 1819 20 Instance Type No Clock Instances Present Add New PTP Clock Check this box and click Save to delete the clock instance Clock Instance Indicates the instance of a particular clock instance 0 3 Click on the clock instance number to edit the clock details Device Type Indicates the type of the clock instance There are five device types Ord Bound ordinary boundary clock P2p Transp peer to peer transparent clock E2e Transp end to end transparent clock Master Only master only Slave Only slave only Port List Set check mark for each port configured for this Clock Instance 2 Step Flag Static member defined by the system true if two step Sync events and Pdelay_Resp events are used Clock Identity Shows a unique clock identifier One Way lf true one way measurements are used This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay requests Protocol Transport protocol used by the PTP protocol engine Ethernet PTP over Ethernet multicast ip4multi PTP over IPv4 multicast ip4uni PTP over IPv4 unicast Note IPv4 unicast protocol only works in Master Only and Slave Only clocks For more information please refer to Device Type CGidktwtmcco 4z Industrial Networking Corp 138 amp RGS P9000 Series User Manual In a unicast Slave Only clock you also need to
50. 3 3 Redundant Power Inputs The RGS P9000 series support dual redundant power supplies Power Supply 1 PWR1 and Power Supply 2 PWR2 The connections for PWR1 and PWR2 are located on the terminal block Step 1 Remove the transparent cover designed for protection from the terminal block Step 2 Insert the negative positive wires into the V V terminals respectively Step 3 To keep the wres from pulling loose use a small flat blade screwdriver to tighten the wire clamp screws on the front of the terminal block connector Step 4 After wring is completed put the transparent cover back to the terminal block Power 2 Input Power 1 Input Fi d a d d POWER POWER FAIL RLY d Ge 1 Ee r Nal VIN Va W IN C DM Ku y L _ Gili EmihGhHD GHD Fall Chae Fall Goan i a ral 8 a Ground of Power 1 d Earth Ground Fault Relay Ground of Power 2 3 4 Connection 3 4 1 Cables 1000 100B ASE TX 10BASE T Pin Assignments The RGS P9000 series come with standard Ethernet ports According to the link type the switch uses CAT 3 4 5 5e UTP cables to connect to any other network devices PCs servers ORing Industrial Networking Corp 15 ORing amp RGS P9000 Series User Manual switches routers or hubs Please refer to the following table for cable specifications Cable Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 Cat 5 Cat 5e 100 ohm 1000BASE T UTP 100 m 328ft R
51. 4 address For example 192 1 2 34 Trap Indicates the SNMP entity is permitted to generate authentication failure traps Possible modes include Authentication Enabled enable SNMP trap authentication failure Failure Disabled disable SNMP trap authentication failure Indicates the SNMP trap link up and link down mode Possible Trap Link up and modes include Link down Enabled enable SNMP trap link up and link down mode Disabled disable SNMP trap link up and link down mode Indicates the SNMP trap inform mode Possible modes include Trap Inform Mode Enabled enable SNMP trap inform mode Disabled disable SNMP trap inform mode Trap Inform Configures the SNMP trap inform timeout The allowed range is O to Trap Inform Retry Configures the retry times for SNMP trap inform The allowed range ORing Industrial Networking Corp 69 RGS P9000 Series User Manual 5 5 2 SNMP Community Configurations This page allows you to configure SNMPv3 community table The entry index key is Community SNMPv3 Communities Configuration Delete Community Source IP Source Mask gt public 0 0 0 0 0 0 private 0 0 0 0 0 0 0 0 Add new community Check to delete the entry It will be deleted during the next save Indicates the community access string to permit access to SNMPv3 Community agent The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates the SNMP source address Indic
52. ACE Any no ARP RARP OP flag is specified OP is don t care Request Reply Request frame must have ARP Request or RARP Request OP flag set ORing Industrial Networking Corp 104 ORing amp RGS P9000 Series User Manual Ed Reply frame must have ARP Reply or RARP Reply OP flag Specifies the sender IP filter for the ACE Any no sender IP filter is specified sender IP filter is don t care Host sender IP filter is set to Host Specify the sender IP address in Sender IP Filter the SIP Address field that appears Network sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the sender IP filter you can Sender IP Address enter a specific sender IP address in dotted decimal notation When Network is selected for the sender IP filter you can enter a Sender IP Mask l specific sender IP mask in dotted decimal notation Specifies the target IP filter for the specific ACE Any no target IP filter is specified target IP filter is don t care Host target IP filter is set to Host Specify the target IP address in Target IP Filter the Target IP Address field that appears Network target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear When Host or Network is selected for the target IP f
53. ACE Notice the IPv4 frames will not match the ACE with Ethernet type Specifies the action to take when a frame matches the ACE Permit takes action when the frame matches the ACE Deny drops the frame matching the ACE Specifies the rate limiter in number of base units The allowed range is 1 to Rate Limiter 15 Disabled means the rate limiter operation is disabled Frames matching the ACE are copied to the port number specified here Port Copy The allowed range is the same as the switch port number range Disabled means the port copy operation is disabled Specifies the logging operation of the ACE The allowed values are been Enabled frames matching the ACE are stored in the system log Disabled frames matching the ACE are not logged Please note that system log memory capacity and logging rate Is limited Specifies the shutdown operation of the ACE The allowed values are Enabled if a frame matches the ACE the ingress port will be disabled Disabled port shutdown is disabled for the ACE Indicates the number of times the ACE matched by a frame ORing Industrial Networking Corp 100 RGS P9000 Series User Manual MAC Parameters i Specific we eum OO 00 00 00 00 0 lice Specific ze Hoa OO 00 00 00 00 0 SMAC Filter SM AC Value DMAC Filter DM AC Value ORing Industrial Networking Corp Only displayed when the frame type is Ethernet Type or ARP Specifies the source MAC filter for the AC
54. AN unaware port can only be a member of one VLAN but it can be a member of multiple private VLANs Private VLAN Membership Configuration Open in new window Port Members Delete PVLANID 123 4 5 6 7 8 9 101112 1 A row of check boxes for each port is displayed for each private VLAN ID You can check the box to include a port in a private Port Members l VLAN To remove or exclude the port from the private VLAN make sure the box is unchecked By default no ports are ORing Industrial Networking Corp 66 RGS P9000 Series User Manual Co members and all boxes are unchecked Click Add new Private LAN to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside Adding a New Static this range are not accepted and a warning message appears Entry Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new private VLANs Port Isolation Configuration Open in new window La J ger A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port Port Members When unchecked port isolation is disabled for that port By default port isolation is disabled
55. DIUS user can be used by anyone and only the MD5 Challenge method is supported 802 1X and MAC Based authentication configurations consist of two sections system and port wide ORing Industrial Networking Corp 116 RGS P9000 Series User Manual Network Access Server Configuration System Configuration Mode ET TESTEN a _ Reauthentication Period seconds EAPOL Timeout 3 seconds Aging Period seconds Hold Time seconds Admin State Port State Restart 1 Globally Disabled Reauthenticate Reinitialize 2 Globally Disabled Reauthenticate Reinitialize 3 Globally Disabled 4 5 MAC based Auth Globally Disabled Reauthenticate Remitialze Force Authorized Globally Disabled Reauthenticate Reinitialize a M Description Indicates if 802 1X and MAC based authentication is globally enabled or disabled on the switch If globally disabled all ports are allowed to forward frames If checked clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be Reauthenti used to detect if a new device is plugged into a switch port cation For MAC based ports reauthentication is only useful if the RADIUS server Enabled configuration has changed It does not involve communication between the switch and the client and therefore does not imply that a client is still present on a port see Age Period below Reauthenti Determines the period in seconds af
56. E Any no SMAC filter is specified SMAC filter status is don t care Specific if you want to filter a specific source MAC address with the ACE choose this value A field for entering an SMAC value appears When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is XX XX XX XX XX XX Frames matching the ACE will use this SMAC value Specifies the destination MAC filter for this ACE Any no DMAC filter is specified DMAC filter status is don t care MC frame must be multicast BC frame must be broadcast UC frame must be unicast Specific If you want to filter a specific destination MAC address with the ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is XX XX XX XX XX XX Frames matching the ACE will use this DMAC value 101 RGS P9000 Series User Manual VLAN Parameters VIR Se Specific ze VLAN ID Tag Priority Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter status is VLAN ID Filter don t care Specific if you want to filter a specific VLAN ID with the ACE choose this value A field for entering a VLAN ID number appears When Specific is selected for the VLAN ID filter you can enter a VLAN ID specific VLAN ID number The allowed range is 1 to 4095 Frames matching
57. E power DDoS Prevention This page provides DDOS Prevention configurations The switch can monitor ingress packets and perform actions when DDOS attack occurred on this port You can configure the setting to achieve maximum protection DDOS Prevention Socket Number Filter Status Mode Sensibility Packet Type Low 1 Enabled v Normal el TCP G 80 80 Destination v vi Running 2 Normal se TCP v 80 80 Destination e 7 r lt Blocking 1 minute 3 Normal se TCP k 80 80 Destination Blocking 10 minute Se Blocking vw v 4 _Normal Gi TCP 80 80 Destination 4 ciai Doni Tha Pit 5 Normal e TCP v 80 80 Destination 6 Normal TCP v 80 80 Destination v Reboot Device 7 Normal TCP v 80 80 Destination v 8 Normal e TCP j 80 80 Destination v 9 Normal e TCP O B 80 80 Destination k 10 Normal e TCP ki 80 80 Destination 11 Normal e TCP v 80 80 Destination vi Mode Enables or disables DDOS prevention of the port Sensibility Packet Type Indicates the level of DDOS detection Possible levels are Low low sensibility Normal normal sensibility Medium medium sensibility High high sensibility Indicates the tyoes of DDoS attack packets to be monitored Possible types are RX Total all ingress packets R
58. E5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for network ports Preparing for Web Management You can access the management page of the switch via the following default values IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin System Login 1 Launch the Internet Explorer 2 Type http and the IP address of the switch Press Enter e wm T lt boD j eg p 1 da 192 168 10 1 Dsc h MN SI Google i 3 Alogin screen appears 4 Type in the username and password The default username and password is admin 5 Click Enter or OK button the management Web page appears tt 2 Security gt o Enter Network Password Enter your password to connect to PC SWRD19 admin Lei Gm Remember my credentials Py L Logon failure unknown user name or bad password ORing Industrial Networking Corp 35 RGS P9000 Series User Manual After logging in you can see the information of the switch as below System Name 165 98126P Industrial 20 port managed Gigabit Ethernet switch with Description 8x10 100 1000Base T X ports and 12x100 1000Base x SFP socket Location Contact OID 1 3 6 1 4 1 25972 100 0 0 113 Hardware MAC Address HO0 le 94 2 45 75 System Date
59. J 45 UTP 100BASE TX Cat 5100 ohm UTP UTP 100 m 328 ft RJ 45 With 10 100 1000BASE T X cables pins 1 and 2 are used for transmitting data and pins 3 and 6 are used for receiving data 10 100 Base T X RJ 45 Pin Assignments Pin mumeor egen TD TD RD 1000 Base T RJ 45 Pin Assignments Pin numer been The RGS P9000 series support auto MDI MDI X operation You can use a cable to connect the switch to a PC The table below shows the 10BASE T 100BASE TX MDI and MDI X port pin outs ORing Industrial Networking Corp 16 amp RGS P9000 Series User Manual 10 100 Base T X MDI MDI X Pin Assignments M DI X port TD transmit RD receive TD transmit RD receive D 1000 Base T MDI MDI X Pin Assignments Seng rus Note and signs represent the polarity of the wires that make up each wre pair RS 232 console port wiring The RGS P9000 series can be managed via console ports using a RS 232 cable which can be found in the package You can connect the port to a PC via the RS 232 cable with a DB 9 female connector The DB 9 female connector of the RS 232 cable should be connected the PC while the other end of the cable RJ 45 connector should be connected to the console port of the switch PC pin out male assignment RS 232 with DB9 female connector DB9 to RJ 45 Pin 3 TD Pin 3 Pin 5 GD Pin 5 ORing Industrial Networking Corp 17 ORing amp RGS P9000 S
60. Link Up amp Link Down Apply Help Shows help file 5 10 Monitor and Diag 5 10 1 MAC Table The MAC address table can be configured on this page You can set timeouts for entries in the dynamic MAC table and configure the static MAC table here ORing Industrial Networking Corp 127 RGS P9000 Series User Manual MAC Address Table Configuration Aging Configuration Disable Automatic Aging i Age Time seconds MAC Table Learning Port Member 1 V 3 3 A per 8 9 Auto OG Go Go Gei o Gi Gi Disable OO OOoOOOOO Secure OOO0O0000 Static MAC Table Configuration Port Members Delete VLAN ID MAC Address 1 2 3 456 7 8 9 1011 12 oo 1F 94 98 89 89 M LILI TUTE UTIUTUI II Aging Configuration By default dynamic entries are removed from the MAC after 300 seconds This removal is called aging You can configure aging time by entering a value in the box of Age Time The allowed range is 10 to 1000000 seconds You can also disable the automatic aging of dynamic entries by checking Disable Automatic Aging MAC Table Learning If the learning mode for a given port is grayed out it means another module is in control of the mode and thus the user cannot change the configurations An example of such a module is MAC Based authentication under 802 1 X You can configure the port to dynamically learn the MAC address based upon the following settings MAC Table Learning Port Members Learning is done automatically a
61. MAC address limit TACACS VLAN 802 1Q to segregate and secure network traffic Security Features Radius centralized password management SNMPv3 encrypted authentication and access security Https SSH enhance network security Web and CLI authentication and authorization Authorization 15 levels IP source guard Hardware routing RIP and static routing RGS PR9000 only Hardware IEEE 1588v2 clock synchronization IEEE 802 1D Bridge auto MAC address learning aging and MAC address static Multiple Registration Protocol MRP MSTP RSTP STP compatible Redundant Ring O Ring with recovery time less than 30ms over 250 units TOS Diffserv supported Quality of Service 802 1p for real time traffic Software Features VLAN 802 1Q with VLAN tagging IGMP v2 v3 Snooping IP based bandwidth management Application based QoS management DOS DDOS auto prevention Port configuration status statistics monitoring security DHCP Server Client DHCP Relay Modbus TCP ORing Industrial Networking Corp 161 RGS P9000 Series User Manual DNS client proxy SMTP Client Modbus TCP O Ring Open Ring Network Redundancy O Chain MRP MSTP RSTP STP compatible LED indicators Green Indicates that the system operating in O Ring mode O Ring Indicator Rin 3 Ring Green Blinking Indicates that the Ring is broken Fault Indicator Fault Amber Indicate unexpected event occurred Reset To Default Running Indicator DEF Green
62. Manual 8 port Gigabit fiber module with SWM 08GP 8x100 1000Base X and SFP socket 7 S i 4 port Gigabit fiber module with STE 4x1000Base FX SC fiber ports Gigabit fiber module 4 port Gigabit fiber module with SWM 04GF MM SS ST 4x1000Base FX ST fiber ports 4 port Gigabit fiber module with SWM 04GF MM SS LC 4x1000Base FX LC fiber ports 4 port fiber module with 4x100Base FX SC SWM 04F X MM SS SC Fiber ports 4 port fiber module with 4x100Base FX ST Fast Ethernet SWM O4FX MMISS ST 1 ber ports Fiber module 4 port fiber module with 6x100Base FX LC fiber ports SWM 04F X MM SS LC PPPP POO PLLDO99 OOODOOO System indication LEDs PWR PWR1 PWR2 R M Ring Fault DEF Port status LEDs LINK SPD FD X port number Console port Buttons Rest LED Mode Press Reset for 3 seconds to reset and 5 seconds to return to gt Em factory default To change port LED mode press the Mode bution RJ 45 SFP module slots 6 10G SFP module solot on ORing Industrial Networking Corp 9 ORing amp RGS P9000 Series User Manual 2 1 2 LED Green On System power on Blinking Upgrading firmware Ring enabled Green Blinking Ring structure is broken Fan amer on rors pover tiura or pont wanetonn pe oreen On J ger e foren Jon Jans On Ethernet coneston runingat 1000M0ps on ethernet comecion runing at 107 00Mbps PWR 2 2 Rear Panel On the rear panel of the switch sits two panel module slots and one termi
63. S lt priv_password gt User Changekey lt engineid gt lt user_name gt lt auth_password gt lt priv_password gt Group Add lt security_model gt lt security_name gt lt group_name gt Group Delete lt index gt Group Lookup lt index gt View Add lt view_name gt includedlexcluded lt oid_subtree gt View Delete lt index gt View Lookup lt index gt Access Add lt group_name gt lt security_model gt lt security_level gt lt read_view_name gt lt write_view_name gt Access Delete lt index gt Access Lookup lt index gt Firmware Load lt ip_addr_string gt lt file_name gt Configuration lt clockinst gt PortState lt clockinst gt lt port_list gt enableldisablelinternal ClockCreate lt clockinst gt lt devtype gt lt twostep gt lt protocol gt lt oneway gt lt clockid gt lt tag_enable gt lt vid gt lt prio gt ORing Industrial Networking Corp 155 RGS P9000 Series User Manual ClockDelete lt clockinst gt lt devtype gt DefaultDS lt clockinst gt lt priority1 gt lt priority2 gt lt domain gt CurrentDS lt clockinst gt ParentDS lt clockinst gt Timingproperties lt clockinst gt lt utcoffset gt lt valid gt lt leap59 gt lt leap61 gt lt timetrac gt lt freqtrac gt lt ptptimescale gt lt timesource gt PTP PortDataSet lt clockinst gt lt port_list gt lt announc
64. STP fe d Backup Path Sw Fi Fi Fi d DW l o SwitchB Main Path Fd ri Switch A O Ring O Chain When connecting multiple O Rings to meet your expansion demand you can create an O Chain topology through the following steps 1 Select two switches from the chain Switch A amp B that you want to connect to the O Ring and connect them to the swiches in the ring Switch C amp D 2 In correspondence to the ports connected to the ring configure an edge port for both of the connected switches in the chain by checking the box in the management page see 4 1 2 Configurations 3 Once the setting is completed one of the connections will act as the main path and the ohter as the back up path aN port PPRT seg ecleeecg j CI Switch C SwitchA Switch D Switch B d Be Edge port kd e 2 e KH eg ORing Industrial Networking Corp 20 RGS P9000 Series User Manual Redundancy Redundancy for minimized system downtime is one of the most important concerns for industrial networking devices Hence ORing has developed proprietary redundancy technologies including O Ring and Open Ring featuring faster recovery time than existing redundancy technologies widely used in commercial applications such as STP RSTP and MSTP ORing s proprietary redundancy technologies not only support different networking topologies but also assure the reliability of the network 4 1 O Ring 4 1 1 Int
65. Specific is selected for the ICMP code filter you can enter a ICMP Code Value specific ICMP code value The allowed range is O to 255 A frame matching the ACE will use this ICMP code value TCP Parameters Source Port Filter Specific Source Port No Dest Port Filter Specific Dest Port No UDP Parameters TCP FIN TCP SYN Sec wae acim Specific TCP RST Source Port No oo TCP PSH Dest Port Filter Dooa TER 80 65535 TCP URG Specifies the TCP UDP source filter for the ACE Any no TCP UDP source filter is specified TCP UDP source filter status is don t care Specific if you want to filter a specific TCP UDP source filter with the TCP UDP Source Fii ACE you can enter a specific TCP UDP source value A field for ilter entering a TCP UDP source value appears Range if you want to filter a specific TCP UDP source range filter with the ACE you can enter a specific TCP UDP source range A field for entering a TCP UDP source value appears When Specific is selected for the TCP UDP source filter you can TCP UDP Source enter a specific TCP UDP source value The allowed range is 0 to No 65535 A frame matching the ACE will use this TCP UDP source value When Range is selected for the TCP UDP source filter you can enter TCP UDP Source a specific TCP UDP source range value The allowed range is 0 to Range 65535 A frame matching the ACE will use this TCP UDP source ORing Industrial Netwo
66. System resets to default configuration Supervisor Login Indicator RMT Green System is accessed remotely Link Act LK ACT Speed SPD Duplex FDX Remote RMT green LED indicator x 4 Mode select Button MODE Link Act LK ACT Speed SPD Duplex FDX Remote RMT mode select Smart LED Display system button Port 1 28 Link AH LK ACT LED show Green x 28 Fault contact Relay Relay output to carry capacity of 1A at 24VDC Power Dual 24 48VDC 20 72VDC power inputs at terminal EE 100 370VDC power inputs at block terminal block Physical Characteristic 440 W x 325 D x 44 H mm 17 32x 12 8x 1 73 inches Environ mental Storage Temperature 40 to 85 C 40 to 185 F Without 10G SFP module 40 to 70 C 40 to 158 F Operating Tem perature f With 10G SFP module 20 to 60 C 4 to 140 F Operating Humidity 5 to 95 Non condensing Regulatory approvals Power Auto mation IEC 61850 3 pending IEEE 1613 pending FCC Part 15 CISPR EN55022 class A EN50155 EN50121 3 2 EN55011 EN50121 4 MS EN61000 4 2 ESD EN61000 4 3 RS EN61000 4 4 EFT E EN61000 4 5 Surge EN61000 4 6 CS EN61000 4 8 EN61000 4 11 Warranty 5 years ORing Industrial Networking Corp 162
67. The port that you use to transmits and receives LLDP frames The identification number of the neighbor sending out the LLDP Chassis ID frames Remote Port ID The identification of the neighbor port System Name The name advertised by the neighbor Port Description The description of the port advertised by the neighbor Description of the neighbor s capabilities The capabilities include 1 Other Repeater Bridge WLAN Access Point Router System Capabilities Telephone DOCSIS Cable Device Station Only Oo ON DOF W PD Reserved When a capability is enabled a will be displayed If the ORing Industrial Networking Corp 42 RGS P9000 Series User Manual i Capability is disabled a will be displayed Management The neighbor s address which can be used to help network Address management This may contain the neighbor s IP address Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refre sh intervals Port Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters will apply settings to the whole switch stack while local counters will apply settings to specified switches Auto refresh L Global Counters Neighbor entries were last changed at 1970 01 01 04 03 03 0000 26 sec ago Total Neighbors Entries Added Total Neighbors Entries Deleted Total Neighbors Entries Dro
68. This allows operEdge to be derived from whether BPD Us are received on the port or not When enabled the port will not be selected as root port for CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an alternate port after the root port BEE has been selected If set soanning trees will lose connectivity It can be set by a network administrator to prevent bridges outside a core region of the network from influencing the active spanning tree topology because those bridges are not under the full control of the administrator This feature is also known as Root Guard When enabled the port will not propagate received topology change notifications and topology changes to other ports If set it will cause temporary disconnection after changes in an active Spanning trees topology as a result of persistent incorrectly learned station location information It is set by a network Restricted TCN W administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently Configures whether the port connects to a point to point LAN rather than a shared medium This can be configured Point2Point automatically or set to true or false manually Transiting to forwarding state is faster for point to point LANs than
69. US packets of unknown types that were received from the server on the accounting port The number of RADIUS packets that were received from Packets Dropped radiusAccClientExtPacketsDropped the server on the accounting port and dropped for some other reason The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or received a response radiusAccClientExtPendingRequests This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Responses radiusAccClientExtResponses Malformed Responses Bad Authenticators radiusAcctClientExtBadAuthenticators Unknown Types _ radiusAccClientExtUnknownTypes Packet Counters Requests radiusAccClientExtRequests Retransmissions radiusAccClientExtRetransmissions Pending Requests Timeouts radiusAccClientExtTimeouts ORing Industrial Networking Corp 114 bi RGS P9000 Series User Manual This section contains information about the state of the serve
70. X Unicast unicast ingress packets RX Multicast multicast ingress packets RX Broadcast broadcast ingress packets TCP TCP ingress packets UDP UDP ingress packets Socket Number If packet type is UDP or TCP please specify the socket number ORing Industrial Networking Corp 95 RGS P9000 Series User Manual here The socket number can be a range from low to high If the socket number is only one please fill the same number in the low and high fields If packet type is UDP or TCP please choose the socket direction De stination Source Blocking 10 minute blocks the forwarding for 10 minutes and log the event Blocking blocks and logs the event Shunt Down the Port shuts down the port No Link and logs the Only Log it simply logs the event Reboot Device if PoE is supported the device can be rebooted The event will be logged Indicates the DDOS prevention status Possible statuses are disables DDOS prevention Analyzing analyzes packet throughput for initialization Running analysis completes and ready for next move Attacked DDOS attacks occur Device Description This page allows you to configure device description settings Device Description Device Location Address _ Description IP Camera IP Phone Access Point PC PLC Aa Network Video Recorder BSS SSS SES ORing Industrial Networking Corp 96 am
71. ag Otherwise the frame is classified to the default DP level The classified DP level can be overruled by a QCL entry Controls the default PCP value All frames are classified to a PCP value PCP If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value Controls the default DEI value All frames are classified to a DEI value lf the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Tag Class Click on the mode to configure the mode and or mapping Note this setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default QoS class and DP level DSCP Based Click to enable DSCP Based QoS Ingress Port Classification 5 6 3 Port Tag Remaking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports ORing Industrial Networking Corp 76 RGS P9000 Series User Manual QoS Egress Port Tag Remarking 1 Classified Classified Classified Classified Classified Classified Classified Classified Classified Classified Classified
72. al users SNMP Trap Configuration Trap Mode Disabled Trap Version SNMP v1 w Trap Community public Trap Destination Address Trap Destination IPv6 Address Trap Authentication Failure Trap Link up and Link down Trap Inform Mode nabled Trap Inform Timeout seconds Trap Inform Retry Times ORing Industrial Networking Corp 68 RGS P9000 Series User Manual Ka ORing Indicates existing SNMP trap mode Possible modes include Trap Mode Enabled enable SNMP trap mode Disabled disable SNMP trap mode Indicates the supported SNMP trap version Possible versions include Trap Version SNMP v1 supports SNMP trap version 1 SNMP v2c supports SNMP trap version 2c SNMP v3 supports SNMP trap version 3 Indicates the community access string when sending SNMP trap Trap Community packets The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed Trap Destination a Indicates the SNMP trap destination address Address Provides the trap destination IPv6 address of this switch IPv6 address consists of 128 bits represented as eight groups of four SE hexadecimal digits wth a colon separating each field For Trap Destination example in fe80 215 c5ff fe03 4dc7 the symbol is a special IPv6 Address syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following legally IPv
73. and then press Enter c Telnet 192 168 10 1 RGS P9000 Command Line Interface Username Password Commander Groups ORing Industrial Networking Corp 144 RGS P9000 Series User Manual co P System settings and reset options IP configuration and Ping Port management MAG address table Uirtual LAN Private ULAH Security management Spanning Tree Protocol Link Aggregation Link Aggregation Control Protocol Link Layer Discovery Protocol Power Over Ethernet Quality of Service Port mirroring Load Save of configuration via TFTP Download of Firmware via TFIP TEEEIS88 Precision Time Protocol Loop Protection MLD IGMHP Snooping Fault Alarm Configuration Event Selection DHCP Server Configuration Ring Configuration Chain Configuration Remote Control Security Fast Recovery Configuration SFP Monitor Configuration Device Binding Configuration MRP Configuration Modebus TCP Configuration Fastrecovery SFP DeviceBinding MRF Modbus System Configuration all lt port_list gt System gt Timezone Timezone lt offse gt Log e aa id gt alllinfolwarninglerror clear Configuration DHCP enableldisable ORing Industrial Networking Corp 145 RGS P9000 Series User Manual Setup lt ip_addr gt lt ip_mask gt lt ip_router gt lt vid gt Ping lt ip_addr_string gt lt ping_length gt SNTP lt ip_addr_string gt Configuration lt port_list g
74. ant Since the server has not failed because the X seconds have not expired the same server will be contacted when the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate a Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Single 802 1 X variant Single 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames ORing Industrial Networking Corp 119 ORing amp RGS P9000 Series User Manual are used in the communications between the supplicant and the switch If more than one supplicant are connected to a port the one that comes first when the port s link is connected will be the first one considered If that supplicant does not provide valid credentials within a certain amount of time the chance will be given to another supplicant Once a supplicant is successfully authenticated only that supp
75. arate paths to route wiring for power and devices If power wiring and device wiring paths must cross make sure the wires are perpendicular at the intersection point Do not run signal or communications wiring and power wiring through the same wire conduit To avoid interference wires with different signal characteristics should be routed separately You can use the type of signal transmitted through a wre to determine which wires should be kept separate The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together You should separate input wiring from output wiring It is advised to label the wring to all devices in the system ORing Industrial Networking Corp 14 ORing amp RGS P9000 Series User Manual 3 3 1 Grounding Grounding and wire routing help limit the effects of noise due to electromagnetic interference EMI Run the ground connection from the ground screws to the grounding surface prior to connecting devices 3 3 2 Fault Relay The relay contact of the terminal block connector is used to detect user configured events The switch provides fail open and fail close options for you to form relay circuits based on your needs If you want the relay device to start operating at power failure attach the two wires to COM and fail close to form a close circuit vice versa The relay contact of the 2 pin terminal block connector will respond to user configured events according to the wring 3
76. at regular Auto refresh intervals STP Bridge Configurations STP Bridge Configuration Basic Settings Protocol Version Forward Delay Max Age Maximum Hop Count Transmit Hold Count 6 The version of the STP protocol Valid values include STP RSTP The delay used by STP bridges to transit root and designated Forward Delay ports to forwarding used in STP compatible mode The range of valid values is 4 to 30 seconds The maximum time the information transmitted by the root bridge is considered valid The range of valid values is 6 to 40 seconds and Max Age must be lt FwdDelay 1 2 ORing Industrial Networking Corp 27 amp RGS P9000 Series User Manual This defines the initial value of remaining hops for MSTI information generated at the boundary of an MSTI region It Maximum Hop Count defines how many bridges a root bridge can distribute its BP DU information to The range of valid values is 4 to 30 seconds and MaxAge must be lt FwdDelay 1 2 The number of BPDUs a bridge port can send per second When Transmit Hold Count exceeded transmission of the next BPDU will be delayed The range of valid values is 1 to 10 BPDUs per second Click to save changes Click to undo any changes made locally and revert to previously saved values 4 4 2 MSTP Since the recovery time of STP and RSTP takes seconds which are unacceptable in some industrial applications MSTP was developed The technology supports
77. ate Unit ok J OI B AO 17 oekizl Clang kt oke Clan i Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Check to enable queue shaper for individual switch ports Configures the rate of each queue shaper The default value is Queue Shaper Rate 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the rate of each queue shaper The default value is Queues Shaper Unit EE 500 This value is restricted to 100 to 1000000 when the Unit is ORing Industrial Networking Corp 81 amp RGS P9000 Series User Manual kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Allows the queue to use excess bandwidth Excess Configures the weight of each queue The default value is 17 Queue Scheduler This value is restricted to 1 to 100 This parameter is only shown if Weight Scheduler Mode is set to Weighted Queue Scheduler Shows the weight of the queue in percentage This parameter is Percent only shown if Scheduler Mode is set to Weighted Port Shaper Enable Check to enable port shaper for individual switch ports Configures the rate of each port shaper The default value is 500 Port Shaper Rate This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the unit of measurement fo
78. ates the SNMP source address mask 5 5 3 SNMP User Configurations This page allows you to configure SNMPv3 user table The entry index keys are Engine ID and User Name SNMPv3 Users Configuration User Security Authentication Authentication Privacy Privacy Name Level Protocol Password Protocol Password F 800007e5017f000001 default_user NoAuth NoPriv None None None None Check to delete the entry It will be deleted during the next save An octet string identifying the engine ID that this entry should belong to Delete Engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed The SNMPv3 architecture uses User based Security Model USM for message security and View based Access Control Model VACM for access control For the USM entry the usmUserEnginelD and usmUserName are the entry keys In a simple agent ORing Industrial Networking Corp 70 amp RGS P9000 Series User Manual usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system engine ID then it is local user otherwise it s remote user A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates
79. ay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Keep Agent Option The number of packets whose relay agent information is Drop Agent Option The number of packets dropped when received messages 5 3 Port Setting Port Setting allows you to manage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This page shows current port configurations Ports can also be configured here ORing Industrial Networking Corp 49 Port Configuration Link Speed Flow Control Maximum Power Current Configured Current Rx Current Tx Configured Frame Size Control Oo 1 down x x S 2 down x x S 3 down x x S 4 Goen x x S 5 Down x x S 6 Down x x S 7 icf x x S 8 down x x S o down x x S 10 enn x x S 11 e Down x x E 12 down x x S 13 Down x x BW 4 E pawn Atel wi v M aannl RGS P9000 Series User Manual The switch port number to which the following settings will be applied The current link state is shown by different colors Green indicates the link is up and red means the link is down Current Link Speed Indicates the current link speed of the port The drop down list provides available link speed options for a given switch port Configured Link So Auto selects the highest speed supported by the link partner ee P Disabled disables switch port configuration lt gt configures all por
80. canatenctonctaaicennsanidanekenesennsnnncheinceunsecanseuamanncannsemenccanbaad 15 33 3 Redundant OWE IMU EE 15 3 4 OMIM SCH OM E 15 SZ SN WE ee 15 S a E 18 Se orc OERO ln Meee ere teeter ere ten er annette tert ee ett et ae eee eee eee ene 18 BEE 21 4 1 INO DE 21 4 1 1 Introduction eennannnnnnnnennennennenennnnnrsnnsnnnrrenrrnnrsrrsnrnrrrnrrerrsrrnnrnnrnnrrnrrnrrnren nnne 21 Ake CONIO E 21 4 2 Ee 23 Se Hatt e Tele BE 23 4 2 2 Configurations senennnennneneaennnnennnernnnrrsnrrrnrrrrrnnrrsnrnnrrsnrrnrrnnrrnrrenernrrnnrene 23 4 3 l a EE P EE E E ET EEE E EEE E ET 24 e att e el ee EE 24 ORing Industrial Networking Corp 2 ORing RGS P9000 Series User Manual 4 3 2 ele 18 T L 24 4 4 STER TERMS TP ea 25 aA OTR RoPe E 25 SE ER OR GE 28 E DC E e NEE ER 4 5 FSR CONV SY act tech ri tdeirteiracbavaucbans netic tosetnaindecie dine Meet edodindied nde diet ote aieanandenndmauducanenes 33 Manage METE oss tsetse nceye a e AE E AR EEEE S 35 5 1 BaSe GUN EE 36 5 1 1 System Jntiormaton cece ccc ceceeeceeeceeeceeeseeeeeeeeseeeseeeseeeeeeeseeseeeeseeeaeeeseeess 36 512 AMIN amp FP ASSWONG sercar E aR 37 Seis AUN AE le LE 38 DE td Late EE 38 SLS PYS CIN E 39 en DN RN 40 E OO WEE 41 AS BR 41 EN WE elef E E 44 5 1 10 Backup Restore Confguratons 45 51 11 Firmware ele 2 gt penne eee cee ne ee on oon aero 45 5 2 Dat e E 45 Sal Basie CUN eee E E EEE 46 522 Dynami Client St EE 46 S2 o Ce OE ee ene ee ee ee e
81. cates the selected SSH mode The modes include Enabled enable SSH Disabled disable SSH Click to save changes Click to undo any changes made locally and revert to previously saved values 5 1 8 LLDP LLDP Configurations This page allows you to examine and configure LLDP port settings LLDP Configuration LLDP Parameters Disabled Disabled Disabled ze Port The switch port number to which the following settings will be ORing Industrial Networking Corp 41 amp RGS P9000 Series User Manual Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP information from its neighbors will be analyzed Tx only the switch will drop LLDP information received from its neighbors but will send out LLDP information Disabled the switch will not send out LLDP information and will drop LLDP information received from its neighbors Enabled the switch will send out LLDP information and will analyze LLDP information received from its neighbors LLDP Neighbor Information This page provides a status overview for all LLDP neighbors The following table contains information for each port on which an LLDP neighbor is detected The columns include the following information Auto refresh O Local Port Chassis ID Remote Port ID System Name Port Description System Capabilities Management Address Port 8 00 1E 94 12 45 78 IGS 9812GP Bridge 192 168 10 14 IPv4 Local Port
82. ces method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string in the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients do npt need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RA
83. configure which master clocks to request Announce and Sync messages from For more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note Packets are only tagged if the port is configured for vlan tagging i e Port Type Unaware and PortVLAN mode None and the port is member of the VLAN VLAN identifiers used for tagging the PTP frames Priority code point values used for PTP frames 5 12 Troubleshooting 5 12 1 Factory Defaults You can reset the configuration of the stack switch on this page Only the IP configuration is retained Factory Defaults Are you sure you want to reset the configuration to Factory Defaults Yes Click to reset the configuration to factory defaults we Click to return to the Port State page without resetting 5 12 2 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you have powered on the devices ORing Industrial Networking Corp 139 ORing amp RGS P9000 Series User Manual Warm Reset Are you sure you want to perform a Warm Restart Yes Click to reboot device we Click to return to the Port State page without rebooting 5 13 Command Line Interface Management Besides Web based management the RGS P9000 series also support CLI management You can use console or telnet to manage the switch by CLI CLI Management by RS 232 Serial Console 115200 8 none
84. d as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 1192 1 2 34 Prete Provides the IPv6 prefix of the switch The allowed range is 1 to 128 Provides the IPv6 address of the switch IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field For example in fe80 215 c5ff fe03 4dc7 the symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 1192 1 2 34 Click to save changes Click to undo any changes made locally and revert to previously saved values 5 1 6 HTTPS You can configure HT TPS settings in the following page HTTPS Configuration Mode I eege S Indicates the selected HITPS mode When the current connection is HT TPS disabling HTTPS will automatically redirect web browser to an HI TP connection The modes include ORing Industrial Networking Corp 40 amp RGS P9000 Series User Manual Enabled enable HTTPS Disabled disable HI TPS Click to save changes Click to undo any changes made locally and revert to previously saved values 5 1 7 SSH You can configure SSH settings in the following page SSH Configuration Indi
85. easing the hardware resources required to add the QCL entry by pressing Resolve Conflict button 5 7 Multicast 5 7 1 IGMP Snooping This page provides IGMP Snooping related configurations IGMP Snooping Configuration Global Configuration Snooping Enabled Fi Unregistered IPMCv4 Flooding Enabled Port Related Configuration Port Router Port Fast Leave bi ee ek ek b jbjb bjb bjb Snooping Enabled Check to enable global IGMP snooping Unregistered IPM Cv4Flooding Check to enable unregistered IPMC traffic flooding enabled Specifies which ports act as router ports A router portis a port on the Ethernet switch that leads towards the Layer 3 multicast device or Router Port IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Check to enable fast leave on the port ORing Industrial Networking Corp 89 ORing TS RGS P9000 Series User Manual 5 7 2 VLAN Configurations of IGMP Snooping Each page shows up to 99 entries from the VLAN table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input field allows the user to select the starting point in the VLAN Table Clicking the Refresh button will update the displayed table star
86. econd or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note frames sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is configured on the IP setup page storm Control Configuration Frame Type Status Rate pps Unicast Multicast Broadcast ORing Industrial Networking Corp 74 amp RGS P9000 Series User Manual The settings in a particular row apply to the frame type listed here Frame Type unicast multicast or broadcast Enable or disable the storm control status for the given frame eT The rate unit is packet per second pps configure the rate as 1K me 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps 5 6 2 Port Classification QoS is an acronym for Quality of Service It is a method to achieve efficient bandwidth utilization between individual applications or protocols QoS Ingress Port Classification Port QoSclass DPlevel PCP DEI Tag Class DSCP Based ov ow S 1 o sel Disabled CT 2 Disabled O 3 o sel Disabled CT 4 Disabled CT 5 o sel Disabled CT 6 Disabled d 7 Disabled o 5 Disabled CT o Disabled CT 10 Disabled d 11 Disabled Oo 12 Disabled o 12 n zi n Insel Insel nieahled m Port The port number for which the configuration b
87. ed The switch port number to which the following settings will be applied Click on the port number to configure the shapers Shows disabled or actual queue shaper rate e g 800 Mbps Shows disabled or actual port shaper rate e g 800 Mbps 5 6 10 DSCP Based QoS This page allows you to configure basic QoS DSCP based QoS Ingress Classification settings for all switches DSCP Based QoS Ingress Classification DSCP Trust QoS Class DPL S 0 BE E 1 S 2 A S 4 Oo s S DSCP Maximum number of supported DSCP values is 64 Check to trust a specific DSCP value Only frames with trusted DSCP values are mapped to a specific QoS class and drop precedence level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any number from 0 7 Drop Precedence Level 0 1 ORing Industrial Networking Corp 83 RGS P9000 Series User Manual 5 6 11 DSCP Translation This page allows you to configure basic QoS DSCP translation settings for all switches DSCP translation can be done in Ingress or Egress DSCP Translation Ingress Egress Translate Classify Remap DPO Remap DP1 j lt gt BE Q BE DSCP A Y A VW Q BE O BE Hi VIR 4 4 li II II mo co st a x ss 4 amp om amp t ra K AA AIA Oy un Ga ha A A A AA AIA i i 4 C51 CS1 CO CS1 4 on CS1 bee S o
88. ed access to the network These backend RADIUS servers are configured on the authentication configuration page MAC based authentication allows for authentication of more than one user on the same port and does not require the users to have special 802 1X software installed on their system The switch uses the users MAC addresses to authenticate against the backend server As intruders can create counterfeit MAC addresses MAC based authentication is less secure than 802 1X authentication Overview of 802 1X Port Based Authentication In an 802 1X network environment the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible as it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch does not need to know which authentication method the supplicant and the authentication server are u
89. ee 10 100 1000Base T slots to enable different modular combinations based on your needs The series include the following models Models Description RGS P9000 LV IEC 61850 3 support pending Layer 2 low voltage pow er input RGS P9000 HV_US IEC 61850 3 support pending Layer 2 high voltage pow er input US pow er cord RGS P9000 IEC 61850 3 support pending Layer 2 high voltage pow er input EU RGS P9000 HV_EU pow er cord RGS PR9000 LV IEC 61850 3 support pending Layer 3 low voltage pow er input RGS PR9000 HV_US IEC 61850 3 support pending Layer 3 high voltage pow er input US pow er cord RGS PR9000 RGS PR9000 HV_EU IEC 61850 3 support pending Layer 3 high voltage pow er input EU pow er cord ORing provides two 10G modules and four Gigabit Ethernet modules to meet your demand for high speed For applications requiring long distance data transmission ORing also provides several fiber transceivers to meet your needs Please refer to the following table for available modules A All modules are not hot swappable Be sure to turn off power before changing modules otherwise the system will not detect newly inserted modules SWM 02GP 2 port 10G SFP module with 2x1000 10 SFP socket 10Gigabit 4 port 10G SFP module with 4x1000 10 SFP ports SEH 8 port Gigabit Ethernet switch module with Gigabit Ethernet ORing Industrial Networking Corp 8 SWM 04GP amp RGS P9000 Series User
90. ee 46 SEENEN 47 5 3 POM CUNO a a saaccaaacs aetantenssasesaccce lt coarcteastocdeeecese actesaarose 49 5 31 ad 10 0 0196 eee ee 49 Die Ce et Do 51 S AA P none eee eee ee ee ee ee ee ee eee 51 5 3 4 Loop Gourd WEE 55 5 4 VEAN ME 56 5 4 1 VLAN Memberen 56 DA POTON Hee E or AS cfd Vico D 66 5 5 SC soecesscaancasasgecoasneseesaseiscesse cece E E 67 5 5 1 SNMP System Configurations ccccccccccccescecseeeeeeeeeeeeseeeseeeeseeeesseeesseeeseeeess 67 5 5 2 SNMP Community Confguraions 70 5 5 3 SNMP User EIERE gegegegegegegggegegegegeg ege geed eEeegegeregien 70 ORing Industrial Networking Corp 3 ORing RGS P9000 Series User Manual 5 5 4 SNMP Group CGonfguratons 72 D399 SNMP Vew I e 72 5 5 6 SNMP Access Configurations ccccceccceseeceeeeeeceeeeceseeceseueesseeesseeesseeeseeeess 73 5 6 Tratti Sid ei E NOM WEE 74 5 6 1 Storm O70 011 0 PERE 74 502 GT EE 75 269 FORE lag OMe ee 76 DOA POTD OP E 77 209 POM IPONCING BEE 78 Sono 0 e e eee a ne nn i cer 79 5 6 7 QoS Egress Port Scheduler and Shapers n nnannannennennnnnoennnnsrenrrnrrenrenrennnne 79 DOG Ge ae UNCC agree stectemteetento eric A A E 82 ON SIVA MING E 82 56 10 BS Ee Ane eee enn ene ee eee eee eer eee ee 83 op ory DOP Ee 84 5 6 12 DSChRClaseteatnon 84 56139 OS COMMON LIS aneian iiia Ten aaa 85 5 6 14 QoS CGounters ccccccccceececeeeece cece eeeseeeeseeeeseeeeseeesseeesseeeeseeeeseessgeeeseeesseeeeas 87 e e E e E e ER te EeEe
91. eintv gt lt announceto gt lt syncintv gt lt delaymech gt lt minpdelayreqintv gt lt delayasymmetry gt lt ingressLatency gt LocalClock lt clockinst gt updatelshowlratio lt clockratio gt Filter lt clockinst gt lt def_delay_filt gt lt period gt lt dist gt Servo lt clockinst gt lt displaystates gt lt ap_enable gt lt ai_enable gt lt ad_enable gt lt ap gt lt ai gt lt ad gt Slave Table Unicast lt clockinst gt UniConfig lt clockinst gt lt index gt lt duration gt Master Table Unicast lt clockinst gt ExtClockMode lt one_pps_mode gt lt ext_enable gt lt clockfreq gt lt vcxo_enable gt Wireless delay lt clockinst gt lt port_list gt lt base_delay gt lt incr_delay gt Loop Protect Configuration Mode enableldisable Transmit lt transmit time gt Shutdown lt shutdown time gt ORing Industrial Networking Corp 156 Fault RGS P9000 Series User Manual Port Configuration lt port_list gt Port Mode lt port_list gt enableldisable Port Action lt port_list gt shutdownlshut_logllog Port Transmit lt port_list gt enableldisable Status lt port_list gt Alarm PortLinkDown lt port_list gt enableldisable Event ORing Industrial Networking Alarm PowerFailure pwr lpwr2lpwr3 enableldisable SMTP Ring TopologyChange enableldisable
92. elow applies Controls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is QoS Class classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 0123456 7 QoS class 10234567 lf the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a QoS class that is mapped from the PCP ORing Industrial Networking Corp 75 amp RGS P9000 Series User Manual and DEI value in the tag Otherwise the frame is classified to the default QoS class The classified QoS class can be overruled by a QCL entry Note if the default QoS class has been dynamically changed then the actual default QoS class is shown in parentheses after the configured default QoS class Controls the default Drop Precedence Level All frames are classified to a DP level If the port is VLAN aware and the frame is tagged then the frame is classified to a DP level that is equal to the DEI value in the tag Otherwise BEIEN the frame is classified to the default DP level If the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a DP level that is mapped from the PCP and DEI value in the t
93. ement client for which the configuration below applies Authentication Method can be set to one of the following values Authentication None authentication is disabled and login is not possible Method Local local user database on the switch is used for authentication Radius a remote RADIUS server is used for authentication Check to enable fallback to local authentication If none of the configured authentication servers are active the local user database is used for authentication This is only possible if Authentication Method is set to a value other than none or local Click to undo any changes made locally and revert to previously saved values 5 1 4 IP Settings You can configure IP information of the switch in this page IP Configuration Configured Current DHCP Client LI d ID Address 192 168 10 1 192 168 10 1 IP Mask 292 222 2 0 299 299 292 0 IP Router 0 0 0 0 0 0 VLAN ID 1 DNS Server 0 0 0 0 0 0 ORing Industrial Networking Corp 38 RGS P9000 Series User Manual Enable the DHCP client by checking this box If DHCP fails or the DHCP Client configured IP address is zero DHCP will retry If DHCP retry fails DHCP will stop trying and the configured IP settings will be used Assigns the IP address of the network in use If DHCP client function is enabled you do not need to assign the IP address IP Address The network DHCP server will assign the IP address to the switch and it will be displayed in
94. emporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Round Reply Access Challenge and the Access Request that matched it from the RADIUS Trip radiusAuthClientExtRoundTripTime authentication server The granularity of this measurement is 100 ms A value of Time 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Statistics for Server 1 Receive Packets Transmit Packets Responses Requests Malformed Responses Retransmissions Bad Authenticators Pending Requests Unknown Types Timeouts Packets Dropped Other Info IP Address 0 0 0 0 1813 State Disabled Round Trip Time 0 ms tase Soer O RADIUS accounting server packet counters There are five receive and four transmit counters Direction RFC4670 Name Description The number of RADIUS packets valid or invalid received from the server The number of malformed RADIUS packets received from the server Malformed packets include packets radiusAccClientExtMalformedResponses with an invalid length Bad authenticators or or unknown types are not included as malformed access responses The number of RADIUS packets containing invalid authenticators received from the server The number of RADI
95. en assigned to the connected device DHCP Client List MAC Address Pp Address _ Add as Static No Select Type MAC Address IP Address Surplus Lease Delete Select Clear All ORing Industrial Networking Corp 46 RGS P9000 Series User Manual 5 2 4 Relay Agent DHCP relay is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain You can configure the function in this page DHCP Relay Configuration Relay Mode Disabled ze Relay Server 0 0 0 0 Relay Information Mode PJR AOE Ziel Replace zw Relay Mode Indicates the existing DHCP relay mode The modes include Enabled activate DHCP relay When DHCP relay is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations Disabled disable DHCP relay Relay Server Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain Relay Information Mode Indicates the existing DHCP relay information mode The format of DHCP option 82 circuit ID format is vlan_id module_idj port_no The first four characters represent the VLAN ID and the fifth and sixth characters are the module ID In stand alone devices t
96. entication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take ORing Industrial Networking Corp 121 RGS P9000 Series User Manual effect Reauthenticate schedules a reauthentication whenever the quiet period of EAPOL based authentication authentication reauthentication will be attempted immediately the port runs out For MAC based The button only has effect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized Reinitialize forces a reinitialization of the clients on the port and hence a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress NAS Status This page provides an overview of the current NAS port states Network Access Server Switch Status Auto refresh L Tou u w HE Admin State Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Port State Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Last Source Last ID The switch port number Click to navigate to detailed 802 1X Statistics of each port The port s current administrative state Refer to NAS Admin Admin State l l State for more details regarding each value The current state
97. entication server The IP address or hostname of the RADIUS authentication server IP IP Address address is expressed in dotted decimal notation The UDP port to use on the RADIUS authentication server If the port is set to 0 zero the default port 1812 is used on the RADIUS authentication server The secret up to 29 characters long shared between the RADIUS authentication server and the switch stack ORing Industrial Networking Corp 110 RGS P9000 Series User Manual RADIUS Accounting Server Configuration Enabled _ IP Address LI P P d O The RADIUS accounting server number for which the configuration below EE Enabled Check to enable the RADIUS Check to enable the RADIUS accounting server 0 server The IP address or hostname of the RADIUS accounting server IP IP Address address is expressed in dotted decimal notation The UDP port to use on the RADIUS accounting server If the port is set to 0 zero the default port 1813 is used on the RADIUS accounting server The secret up to 29 characters long shared between the RADIUS accounting server and the switch stack Authentication and Accounting Server Status Overview This page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page RADIUS Authentication Server Status Overview Auto refresh L IP Address Status Disabled Disabled Disabled Disabled Disabled The RADIUS
98. eries User Manual DB Male Shield DB Female Signal Ground Received Line signa Daeg a op e Ring Indicator bi DCE Ready g DTE Ready F 4 Transmitted Data eg oa Clear to Send 7 Clear to Send Transmitted Data 2 Received Data 5 i ee eT eee fi Request to Send DTE Ready 4 Request to Send E 6 5 1 ween S S Received Line Mona Detect a DCE Ready agnal Ground Ring Indicator t Received by DTE Device t j Received by DCE Device e he DIE Device Oi Transmitted from DCE Device 3 4 2 SFP The switch comes with fiber optical ports that can connect to other devices using SFP modules The fiber optical ports are in multi or single mode with LC connectors Please remember that the TX port of Switch A should be connected to the RX port of Switch B switch A switch B v a gt amp f SS lt Fiber 3 4 3 O Ring O Chain O Ring You can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps 1 Connect each switch to form a daisy chain using an Ethernet cable 2 Set one of the connected switches to be the master and make sure the port setting of each connected switch on the management page corresponds to the physical ports connected For infomration about the port setting please refer to 4 1 2 Configurations 3 Connect the last switch to the first switch to form a ring topology ORing Industrial Networking Corp 18 OR
99. es in Slot 4 Step 3 Turn the switch power on 7 H du ga Mu VG 2 n RI Se EK PEEP LOO PONDND0N OOOO 000 kefe 0 0 0 0 2 00 00 09 PPPP POO LL0000 09909000 1 The 10G slot can only accommodate a 10G module therefore do not insert non 10Gigabit modules in the 10G slot or insert the 10G module in other slots 2 Removing and installing an Ethernet module can shorten its useful life Do not remove and insert the modules more often than is absolutely necessary ORing Industrial Networking Corp 13 ORing RGS P9000 Series User Manual 3 2 4 Power Module The RGS P9000 series support maximum two power modules Follow the steps below for installation Step 1 Turn the switch power off Step 2 Insert the modules in Power 1 and 2 slots respectively Step 3 Turn the switch power on 3 3 Wiring 2 WARNING Do not disconnect modules or wires unless power has been switched off or the area is known to be non hazardous The devices may only be connected to the supply voltage shown on the type plate ATTENTION 1 Be sure to disconnect the power cord before installing and or wring your switches Calculate the maximum possible current in each power wire and common wire Observe all electrical codes dictating the maximum current allowable for each wre size If the current goes above the maximum ratings the wiring could overheat Causing serious damage to your equipment Use sep
100. evices and will enable a back up link in 80ms adjustable to max 200ms 500ms 4 3 2 Configurations MRP Enable E Manager W React on Link Change ist Ring Port Port LinkDown 2nd Ring Port Pot 8 amp 8 Forwarding Enables the MRP function Manager Every MRP topology needs a MRP manager One MRP topology can only have a Manager If two or more switches are set to be Manager the MRP topology will fail React on Link Change Faster mode Enabling this function will cause MRP topology to Advanced mode converge more rapidly This function only can be set in MRP manager switch 17 Ring Port Chooses the port which connects to the MRP ring SE Ring Port Chooses the port which connects to the MRP ring ORing Industrial Networking Corp 24 RGS P9000 Series User Manual 4 4 STP RSTP MSTP 4 4 1 STP RSTP STP Spanning Tree Protocol and its advanced versions RSIP Rapid Spanning Tree Protocol and MSTP Multiple Spanning Tree Protocol are designed to prevent network loops and provide network redundancy Network loops occur frequently in large networks as when two or more paths run to the same destination broadcast packets may get in to an infinite loop and hence causing congestion in the network STP can identify the best path to the destination and block all other paths The blocked links will stay connected but inactive When the best path fails the blocked links will be activated Compared to STP which recovers a
101. f Ports Mm Private VLAN SNMP Traffic Prioritization Multicast Security Open all D D E D SRRERROG H D m ge e gp ge a ge E B DD D D EP System Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy VLAN VLAN Membership e DW Private VLAN SNMP Traffic Prioritization Multicast Security Warning Monitor and Diag Synchronization PoE Factory Default System Reboot VLAN Membership Configuration Start from VLAN ao with 2o entries per page Delete VLAN ID VLAN Name BEER Add New VLAN Auto refresh L 1 2 3 Port Members Ethertype for Custom S ports 0X ssas VLAN Port Configuration Ingress Filtering Frame Type Port VLAN Mode Specific None 4 gt 678 9 101112 E E E E Untag_pvic Unaware Specific lt lt lt h ix leiere 4 Unaware JI Specific 5 Unaware Specific v Untag_pvid v Untag_pvid Unaware Specific 41 Specific Unaware Specific 6 7 Unaware 8 9 Unaware Specific L Untag_pvid v v Untag_pvid v Untag_pvid Untag_pvid v v Untag_pvid 10 Unaware Specific 11 Unaware Specific OOOOOOOOOOGO EES 12 Unawa
102. fic All Specific Untag_pvid All AEA Specific WI Untag_pvid Untag_pvid All Specific Untag_pvid All Specific All Specific Untag _pvid Si Uptag Dud All All Specific CH L Specific v l Untag_pvid CH Untag_pvid All Specific Untag_pvid All Specific 1 Untag_pvid All Specific Untag_pvid All 6 1S IK Specific Untag_pvid ORing amp RGS P9000 Series User Manual Ethertype for SCH This field specifies the Ether type used for custom S ports This is a global customer setting for all custom S ports S Ports Port The switch port number to which the following settings will be applied Port can be one of the following types Unaware Customer C port porn Service S port Custom Service S custom port If port type is Unaware all frames are classified to the port VLAN ID and tags are not removed Enable ingress filtering on a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the aie ingress port is not a member of the classified VLAN of the frame the meine frame will be discarded By default ingress filtering is disabled no c
103. for all ports 5 5 SNMP 5 5 1 SNMP System Configurations SNMP System Configuration Mode Enabled 7 Enabled e Version SNMP v2c wi v2c Read Community vm Write Community private S Engine ID ORing Industrial Networking Corp 67 RGS P9000 Series User Manual Version Read Community Write Community Indicates existing SNMP mode Possible modes include Enabled enable SNMP mode Disabled disable SNMP mode Indicates the supported SNMP version Possible versions include SNMP v1 supports SNMP version 1 SNMP v2c supports SNMP version 2c SNMP v3 supports SNMP version 3 Indicates the read community string to permit access to SNMP agent The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated wth SNMPv3 community table Indicates the write community string to permit access to SNMP agent The allowed string length is O to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated wth SNMPv3 community table Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original loc
104. ge provides device binding configurations Device binding is a powerful way to monitor devices and network security Device Binding Function State Alive Check Stream Check eise ZS Active Status Active Status Active Status IP Address MAC Address DDOS Device 1 Scan w 0 0 0 0 00 00 00 00 2 Binding ei O o d 0 0 0 0 00 00 00 00 3 Shutdown 0 0 0 0 00 00 00 00 ci B 0 0 0 0 00 00 00 00 5 v 0 0 0 0 Q00 00 00 00 Indicates the device binding operation for each port Possible modes are disable Scan scans IP MAC automatically but no binding function Binding enables binding Under this mode any IP MAC that does not match the entry will not be allowed to access the network Shutdown shuts down the port No Link Alive Check Check to enable alive check When enabled switch will ping the Active device continually Indicates alive check status Possible statuses are disable Alive Check Got Reply receive ping reply from device meaning the device is still Status alive Lost Reply not receiving ping reply from device meaning the device might have been dead Stream Check Check to enable stream check When enabled the switch will detect the stream change getting low from the device Indicates stream check status Possible statuses are Stream Check disable Status Normal the stream is normal Low the stream is getting low DDoS Prevention Chec
105. group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group Key The Key value varies with the port ranging from 1 to 65535 Auto will set the key according to the physical link speed 10Mb 1 100Mb 2 1Gb 3 Specific allows you to enter a user defined value Ports wth the same key value can join in the same aggregation group while ports with different keys cannot Indicates LACP activity status Active will transmit LACP packets every second while Passive will wait for a LACP packet from a partner speak if spoken to Click to undo any changes made locally and revert to previously saved values LACP System Status This page provides a status overview for all LACP instances LACP System Status Auto refresh LI Refres Partner Partner Last Local System ID Key Changed Ports No ports enabled or no existing partners Open in new window Aggr ID ORing Industrial Networking Corp 53 amp RGS P9000 Series User Manual Aggr ID The aggregation ID is associated with the aggregation instance For LLAG the ID is shown as isid aggr id and for GLAGs as aggr id Partner System ID System ID MAC address of the aggregation partner Partner Key The key assigned by the partner to the aggregation ID Last Changed The time since this aggregation changed Last Channged Indicates which ports belong to the aggregation of the switch stack The format is Switch ID Port
106. he module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108 means the DHCP message received form VLAN ID 3 switch ID 1 and port No 8 The option 82 remote ID value equals to the switch MAC address The modes include ORing Industrial Networking Corp 47 RGS P9000 Series User Manual Enabled activate DHCP relay information When DHCP relay information is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client It only works when DHCP relay mode is enabled Disabled disable DHCP relay information Relay Information Policy Indicates the policies to be enforced when receiving DHCP relay information When DHCP relay information mode is enabled if the agent receives a DHCP message that already contains relay agent information it will enforce the policy The Replace option is invalid when relay information mode is disabled The policies includes Replace replace the original relay information wen a DHCP message containing the information is received Keep keep the original relay information wen a DHCP message containing the information is received Drop drop the package when a DHCP message containing the information is received The relay statistics shows the information of relayed packet of the switch Auto refresh
107. heck mark Determines whether the port accepts all frames or only tagged untagged frames This parameter affects VLAN ingress processing If the port only Frame Type accepts tagged frames untagged frames received on the port will be discarded By default the field is set to All The allowed values are None or Specific This parameter affects VLAN ingress and egress processing lf None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag_pvid Port VLAN when this mode is used Mode If Specific the default value is selected a port VLAN ID can be configured see below Untagged frames received on the port are classified to the port VLAN ID If VLAN awareness is disabled all frames received on the port are classified to the port VLAN ID If the classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID a VLAN tag with the classified VLAN ID will be inserted in the frame Configures the VLAN identifier for the port The allowed range of the Port VLAN ID values is 1 through 4095 The default value is 1 The port must be a member of the same VLAN as the port VLAN ID Determines egress tagging of a port Untag_pvid all VLANs except the Tx Tag configured PVID will be tagged Tag_all all VLANs are tagged Untag_all all VLANs are untagged ORing Industrial
108. henticated to the backend server Port and MAC based Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server Port based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted that attempts to for the following Description dotixAuthLastEapolFrameSource The MAC address of the last supplicant client The VLAN ID on which the last frame from the last supplicant clent was received The protocol version number carried in the most Version dotixAuthLastEapolFrameVersionrecently received EAPOL frame MAC based Not applicable 302 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable 5 9 Alerts 5 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the ORing Industrial Networking Corp 124 RGS P9000 Series User Manual electric relay will signal at the same time Port Link Down Br
109. hentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1 X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients do not need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port security Limit Control functionality The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized the port is in Force Authorized or a single supplicant mode and the supplicant is authorized Unauthorized the port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth the port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Two buttons are available for each row The buttons are only enabled when auth
110. hows up to 999 entries from the MAC table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table Each page shows up to 999 entries from the MAC table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries ORing Industrial Networking Corp 129 RGS P9000 Series User Manual from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN fields allow the user to select the starting point in the MAC table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC table match In addition the two input fields will upon clicking Refresh assume the value of the first displayed entry allows for continuous refresh with the same start address The gt gt will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When it reaches the end the text no more entries is shown in the displayed table Use the lt lt button to start over MAC Address Table Auto refresh C Start from VLAN 1 and MAC address 00 00 00 00 00 0
111. ication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left accounting attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time Gighktistiumcnco 4a Industrial Networking Corp 112 RGS P9000 Series User Manual expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server Is enabled Authentication and Accounting Server Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server drop down list to switch between the backend servers to show related details RADIUS Authentication Statistics for Server 1 Server 1 Auto refresh CI Refresh Receive Packets Access Accepts Access Rejects Access Challenges Malformed Access Responses Bad Authenticators Unknown Types Packets Droppe Clear Transmit Packets Access Requests Access Retransmissions Pending Requests Timeouts Other Info IP Address State Round Trip Time 0 0 0 0 1812 Disabled O ms RADIUS authentication server packet counters There are seven receive and four transmit counters Direction Access Accepts Access Rejects Access Challenges Malformed Access Responses Bad Authenticators Packet Unknown Types Cou
112. ide the details of which switch port to be displayed The displayed counters include the total number for receive and transmit the size for receive and transmit and the errors for receive and transmit Detailed Statistics Total Receive amp Transmit Detailed Port Statistics Port 1 Auto refresh Receive Total Rx Packets Rx Octets Rx Unicast Rx Multicast Rx Broadcast Rx Pause Receive Size Counters Rx 64 Bytes Rx 65 127 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 512 1023 Bytes Rx 1024 1526 Bytes Rx 1527 By Receive Queue Counters Recetve Error Counters Rx CRC Alignment Rx Undersize Rx Oversize R Fragments Rx Jabber Rx Filtered ORing Industrial Networking Corp Transmit Total Tx Packets Tx Octets Tx Unicast Tx Multicast Tx Broadcast Tx Pause Transmit Size Counters Tx 64 Bytes Tx 65 127 Bytes Tx 126 255 Bytes Tx 256 511 Bytes Tx 5127 1023 Bytes Tx 1024 1526 Bytes Tx 1527 Bytes Transmit Queue Counters Transmit Error Counters Tx Drops Tx Late Exc Coll 131 amp RGS P9000 Series User Manual Rx and Tx Packets The number of received and transmitted good and bad packets The number of received and transmitted good and bad bytes Rx and Tx Octets including FCS except framing bits The number of received and transmitted good and bad unicast Rx and Tx Unicast packets Rx and Tx The number of received and transmitted good and bad multicast Multicast packets Rx and Tx The n
113. ilter you can Target IP Address 8 enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter a Target IP Mask specific target IP mask in dotted decimal notation Specifies whether frames will meet the action according to their sender hardware address field SHA settings ARP SMAC Match 0 ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Any any value is allowed don t care Specifies whether frames will meet the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any any value is allowed don t care RARP SM AC Match Specifies whether frames will meet the action according to their IP Ethernet ARP RARP hardware address length HLN and protocol address Length length PLN settings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and ORing Industrial Networking Corp 105 amp RGS P9000 Series User Manual the PLN is equal to IPv4 0x04 must not match this entry 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed don t care Specifies whether frames will meet the action according to their ARP RARP hardware address space HRD settings
114. ing amp RGS P9000 Series User Manual O Ring Coupling Ring If you already have two O Ring topologies and would like to connect the rings you can form them into a couping ring All you need to do is select two switches from each ring to be connected for example switch A and B from Ring 1 and switch C and D from Ring 2 Decide which port on each switch to be used as the coupling port and then link them together for example port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D Then enable Coupling Ring on the management page and select the coupling ring in correspondance to the connected port For more inforamtion on port setting please refer to 4 1 2 Configurations Once the setting is completed one of the connections will act as the main path while the other will act as the backup path Main Path O Ring Switch A Switch C D Phe une mm gg st a eT eee rrr tr EA Dual Homing If you want to connect your ring topology to a RSTP network environment you can use dual homing Choose two switches Switch A amp B from the ring for connecting to the switches in the RSTP network backbone switches The connection of one of the switches Switch A or B will act as the primary path while the other will act as the backup path that is activated when the primary path connection fails ORing Industrial Networking Corp 19 RGS P9000 Series User Manual E control Center d R
115. ion gt Non certified release v Port Edge lt port_list gt enableldisable Status lt msti gt lt port_list gt Msti Priority lt msti gt lt priority gt ORing Industrial Networking Corp 150 RGS P9000 Series User Manual Msti Port Priority lt msti gt lt port_list gt lt priority gt Configuration Aggr Add lt port_list gt lt aggr_id gt Delete lt aggr_id gt Lookup lt agegr_id gt Mode smacldmacliplport enableldisable LACP Configuration lt port_list gt Mode lt port_list gt enableldisable Role lt port_list gt activelpassive Status lt port_list gt Statistics lt port_list gt clear Key lt port_list gt lt key gt Configuration lt port_list gt Statistics lt port_list gt clear Mode lt port_list gt enableldisable Info lt port_list gt PoE ORing Industrial Networking Corp 151 QoS RGS P9000 Series User Manual l Configuration lt port_list gt Mode lt port_list gt disabledlpoelpoe Priority lt port_list gt lowlhighlIcritical Momt mode class_conlclass_reslal_conlal_resllldp_resllldp_con Maximum_Power lt port_list gt lt port_power gt Primary_Supply lt supply_power gt IDSCP Map lt dscp_list gt lt class gt lt dpl gt DSCP Translation lt dscp_list gt lt trans_dscp gt DSCP Trust lt dscp_list gt enableldisable DSCP Cla
116. iter_list gt lt packet_rate gt Add lt ace_id gt lt ace_id_next gt switch port lt port gt policy lt policy gt lt vid gt lt tag_prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt Gp lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Delete lt ace_id gt Lookup lt ace_id gt Mirror Configuration lt port_list gt Port lt port gt ldisable Mode lt port_list gt enableldisablelrxltx Save lt ip_server gt lt file_name gt Load lt ip_server gt lt file_name gt check Load lt ip_addr_string gt lt file_name gt Trap Inform Retry Times lt retries gt Trap Probe Security Engine ID enableldisable Trap Security Engine ID lt engineid gt ORing Industrial Networking Corp 154 RGS P9000 Series User Manual Trap Security Name lt security_name gt User Add lt engineid gt lt user_name gt MDS5ISHA lt auth_password gt DE
117. k to enable DDOS prevention When enabled the switch will Acton monitor the device against DDOS attacks DDoS Prevention Indicates DDOS prevention status Possible statuses are ORing Industrial Networking Corp 93 amp RGS P9000 Series User Manual disable Analyzing analyzes packet throughput for initialization Running analysis completes and ready for next move Attacked DDOS attacks occur Device IP Address Specifies IP address of the device Device MAC Specifies MAC address of the device Address Advanced Configurations Alias IP Address This page provides Alias IP Address configuration Some devices might have more than one IP addresses You could specify the other IP address here Alias IP Address Alias IP Address 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 i d om mn P W N specifies alias IP address Keep 0 0 0 0 if the device does not have Alias IP Address an alias IP address Alive Check You can use ping commands to check port link status If port link fails you can set actions from the drop down list Alive Check Status Link Change wm Only Log it Se Shunt Down the Port Reboot Device On Ou P WN ra ORing Industrial Networking Corp 94 Shunt Down the Port Disables the port RGS P9000 Series User Manual Link Change Disables or enables the port Only log it Simply sends logs to the log server Reboot Device Disables or enables Po
118. licant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant MAC address once successfully authenticated b Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Multi 802 1 X variant Multi 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Multi 802 1X one or more supplicants can be authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1 X it is not possible to use the multicast BPDU MAC address as the destination MAC address for EAPOL frames sent from the switch to the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the swtch sends EAPOL Request Identi
119. link in 30 to 50 seconds RSTP can shorten the time to 5 to 6 seconds STP Bridge Status This page shows the status for all STP bridge instance STP Bridges Auto refresh L Bridge ID Topology Topology Port Cost Flag Change Last 0 00 00 17E 94 FE FE AF 80 00 00 1E1944 FFFF FF ven The bridge instance You can also link to the STP detailed bridge status Bridge ID The bridge ID of this bridge instance Root ID The bridge ID of the currently selected root bridge Root Port The switch port currently assigned the root port role Root path cost For a root bridge this is zero For other bridges it is Root Cost the sum of port path costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for the bridge instance Topology The time since last Topology Change occurred Change Last Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at regular Auto refresh intervals ORing Industrial Networking Corp 25 RGS P9000 Series User Manual STP Port Status This page displays the STP port status for the currently selected switch STP Port Status Auto refresh L Port CIST Role CIST State Uptime Non STP Forwardin Non ST Forwardin Non ST Forwardin Non Forwarding Non ST Forwardin Non Forwardin Non ST Forwardin Non STP Forwardin Non ST Forwardin Non StTI Forwardin Non 5ST Forwardin Non
120. lt stats_id gt History Add lt history_id gt lt data_source gt lt interval gt lt buckets gt History Lookup lt history_id gt Alarm Add lt alarm_id gt lt interval gt lt alarm_variable gt absoluteldelta lt rising_threshold gt lt nsing_event_index gt lt falling_threshold gt lt falling_event_index gt risinglfallinglboth Alarm Delete lt alarm_id gt _ Alarm Lookup lt alarm_id gt Security Network IPsec Port Security Status Network Access Server IEEE 802 1 X NAS ACL Access Control List _ DHCP Dynamic Host Configuration Protocol Security Network Psec Switch lt port_list gt Port lt port_list gt Security Network NAS Configuration lt port_list gt NA Mode enableldisable State lt port_list gt autolauthorizedlunauthorizedlmacbased ORing Industrial Networking Corp 148 RGS P9000 Series User Manual Reauthentication enableldisable ReauthPeriod lt reauth_period gt Statistics lt port_list gt clearleapollradius Security Network ACL Confi guration lt port_list gt Action lt port_list gt permitldeny lt rate_limiter gt lt port_redirect gt lt murror gt lt logging gt lt shutdown gt Policy lt port_list gt lt policy gt Add lt ace_id gt lt ace_id_next gt port lt port_list gt policy lt policy gt lt policy_bitmask gt lt tagged gt lt vid gt lt tag_prio gt
121. me to live value greater than zero must PTE not be able to match this entry Non zero IPv4 frames with a time to live field greater than zero must be able to match this entry Any any value is allowed don t care Specifies the fragment offset settings for the ACE This includes settings of More Fragments MF bit and Fragment Offset FRAG OFFSET for an IPv4 frame Ee No IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any any value is allowed don t care Specifies the options flag settings for the ACE No IPv4 frames whose options flag is set must not be able to match IP Option this entry Yes IPv4 frames whose options flag is set must be able to match this entry Any any value is allowed don t care Specifies the source IP filter for this ACE Any no source IP filter is specified Source IP filter is don t care Host source IP filter is set to Host Specify the source IP address in the SIP Address field that appears Network source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear Gidgktiwtimcco 44 Industrial Networking Corp 103 RGS P9000 Series User Manual When Host or Network is selected for the source IP filter you can SIP Address 8 l l
122. multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning tree instances known as MSTIs to form individual MST regions Each switch is assigned to an MST region Hence each MST region consists of one or more MSTP switches with the same VLANs at least one MST instance and the same MST region name Therefore switches can use different paths in the network to effectively balance loads Port Settings This page allows you to examine and change the configurations of current MSTI ports A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before MSTI port configuration options are displayed This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global ORing Industrial Networking Corp 28 RGS P9000 Series User Manual MSTI Port Configuration MSTI Normal Ports Configuration Port Path Cost Priority The switch port number of the corresponding STP CIST and MSTI port Configures the path cost incurred by the port Auto will set the path cost according to the physical link speed by using the 802 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwardi
123. nal block The terminal block includes two power pairs for redundant power supply aa ON CM Note RLY COM Relay Common contact RLY NO Relay Normal Open contact RLY NC Relay Normal Close contact POWER1 CHASSIS POWER RLY RLY GND GND GND NO NC 1 Power module slots 2 Terminal block ORing Industrial Networking Corp 10 RGS P9000 Series User Manual Hardware Installation 3 1 Rack mount Installation The switch comes with two rack mount kits to allow you to fasten the switch to a rack in any environments AS D Follow the following steps to install the switch to a rack Step 1 Install left and right front mounting brackets to the switch using 4 M3 screws on each side provided with switch Step 2 With front brackets orientated in front of the rack nest front and rear brackets together Fasten together using remaining M4 screws into counter sunk holes Step 3 Fasten the front mounting bracket to the front of the rack Note You can install the brackets on both sides at back of the device and mount it to the rack with the rear panel facing outward if the space for front panel cabling is limited Remember ORing Industrial Networking Corp 11 RGS P9000 Series User Manual when installing the brackets on the front sides use the four screw holes at the top and bottom When installing the brackets on the back sides use the four screw holes at the top
124. nce numbers value for the ACE 0 TCP frames where the SYN field is set must not be able to match TCP SYN this entry 1 TCP frames where the SYN field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP PSH push function value for the ACE 0 TCP frames where the PSH field is set must not be able to match TCP PSH this entry 1 TCP frames where the PSH field is set must be able to match this entry ORing Industrial Networking Corp 108 amp RGS P9000 Series User Manual Ed Any any value is allowed don t care Specifies the TCP ACK acknowledgment field significant value for the ACE 0 TCP frames where the ACK field is set must not be able to match TCP ACK this entry 1 TCP frames where the ACK field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP URG urgent pointer field significant value for the ACE 0 TCP frames where the URG field is set must not be able to match TCP URG this entry 1 TCP frames where the URG field is set must be able to match this entry Any any value is allowed don t care 5 8 4 AAA Common Server Configurations This page allows you to configure authentication servers Authentication Server Configuration Common Server Configuration Timeout seconds Dead Time seconds The timeout which can be set to a number between 3 and 3600 seconds is the maxim
125. nd the others will be backup masters TE Ring Port The primary ring port ond Ring Port The backup ring port Coupling Ring Check to enable Coupling Ring Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A coupling ring needs four switches to build an active and a backup link Links formed by the coupling ports will run in active oackup mode Dual Homing Check to enable Dual Homing When Dual Homing is enabled the ring wll be connected to normal switches through two RSTP links ex backbone Switch The two links work in active backup mode and connect each ring to the normal switches in RSTP mode Apply Click to apply the configurations Due to heavy computing loading setting one switch as ring master and coupling ring at the same time is not recommended ORing Industrial Networking Corp 22 RGS P9000 Series User Manual 4 2 O Chain 4 2 1 Introduction O Chain is ORing s revolutionary network redundancy technology which enhances network redundancy for any backbone networks providing ease of use and maximum fault recovery swiftness flexibility compatibility and cost effectiveness in a set of network redundancy topologies The self healing Ethernet technology designed for distributed and complex industrial networks enables the network to recover in les
126. ng ports in favor of higher path cost ports The range of valid values is 1 to 200000000 a Configures the priority for ports having identical port costs See Priority hove above Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 29 Mapping RGS P9000 Series User Manual This page allows you to examine and change the configurations of current STP MSTI bridge instance MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance MSTI Mapping MSTI VLANs Mapped Configuration Identification Configuration Name 00 1e 94 ff ff ff Configuration Revision Oe RN MST The name which identifies the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the Configuration Name VLAN to MSTI mapping configurations in order to share spanning trees for MSTIs intra region The name should not exceed 32 characters Configuration Revision of the MSTI configuration named above This must be Revision an integer between 0 and 65535 The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped The list of VLANs mapped to the MSTI The VLANs must be VLANS Mapped l separated with commas and or space A VLAN can only be ORing Industrial Networking Corp
127. nters Packets Dropped Access Requests Access Retransmissions Pending Requests Timeouts ORing Industrial Networking Corp RFC4668 Name radiusAuthClientExtAccessAccepts radiusAuthClientExtAccessRejects radiusAuthClientExtAccessChallenges radiusAuthClientExtMalformedAccessResponses radiusAuthClientExtBadAuthenticators radiusAuthClientExtUnknownTypes radiusAuthClientExtP acketsDropped radiusAuthClientExtAccessRequests radiusAuthClientExtAccessRetransmissions radiusAuthClientExtP endingRequests radiusAuthClientExtTimeouts Description The number of RADIUS Access Accept packets valid or invalid received from the server The number of RADIUS Access Reject packets valid or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authentication
128. ociated with this publication DISCLAIMER Information in this publication is intended to be accurate ORing shall not be responsible for its use or infringements on third parties as a result of its use There may occasionally be unintentional errors on this publication ORing reserves the right to revise the contents of this publication without notice CONTACT INFORMATION ORing Industrial Networking Corp 3F NO 542 2 JnongJheng Rd Sindian District New Taipei City 231 Taiwan R O C Tel 886 2 2218 1066 Fax 886 2 2218 1014 Website www oring networking com Technical Support E mail Support oring networking com Sales Contact E mail sales oring networking com Headquarters sales oring networking com cn China ORing Industrial Networking Corp 1 ORing amp RGS P9000 Series User Manual Table of Content GSMA Sta O E 6 1 1 About RGS P9000 Geries 6 1 2 Software Features cccccecccceeccceececeeceeeeseeeeseeeeseeeeseueeseueeseeeseueessueessueesaneesaeeesaes 6 1 3 Hardware Specifications cccccccsecccecccseeeceececeeeeseeeseeeeseueeseueeseeeseeeessaeessaeensaes 7 Hardware OvervieW See REENEN ENER nnmnnn nnmnnn 8 2 1 Front Panel 8 Schalke ENEE 8 NEE E RE 10 2 2 FAS AG De 10 Hardware VE e E 11 3 1 aC OME a e LEE 11 3 2 Module Jnstallaton 12 ee AAO eil VE 12 3 2 2 SPP Module ken 12 es WGS ee 13 324 POWer ee E 14 3 3 lr lee D 14 331 Grounding EE 15 DOL F AER AY ran cunsannumara cess
129. oken Port Active KA Fault Alarm Power Failure 2 3 4 5 6 7 8 9 a CIPWR 1 LIPWR 2 KA KA bee ek ek ek ek o je 5 9 2 System Warning SYSLOG Setting The SYSLOG is a protocol that transmits event notifications across networks For more details please refer to RFC 3164 The BSD SYSLOG Protocol System Log Configuration Server Mode Disabled k Server Address Server Mode Indicates existing server mode When the mode operation is enabled the syslog message will be sent to syslog server The syslog protocol is based on UDP communications and received on UDP port 514 and the syslog server will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible modes are Enabled enable server mode Disabled disable server mode SYSLOG Server Indicates the IPv4 host address of syslog server If the switch provides IP Address DNS functions it also can be a host name ORing Industrial Networking Corp 125 RGS P9000 Series User Manual SMTP Setting SMTP Simple Mail Transfer Protocol is a protocol for transmitting e mails across the Internet For more information please refer to RFC 821 Simple Mail Transfer Protocol SMTP Setting E mail Alert SMTP Server Address Sender E mail Address Mail Subject W authentication Reci
130. on file is in XML format Configuration Save Save configuration Configuration Upload 5 1 11 Firmware Update This page allows you to update the firmware of the switch Firmware Update 5 2 DHCP Server The switch provides DHCP server functions By enabling DHCP the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients ORing Industrial Networking Corp 45 RGS P9000 Series User Manual 5 2 1 Basic Settings This page allows you to set up DHCP settings for the switch You can check the Enabled checkbox to activate the function Once the box is checked you will be able to input information in each column DHCP Server Configuration Enabled Start IP Address 1927 168 10 100 End IP Address 1927 168 10 200 Subnet Mask 209 200 200 0 Router 197 168 10 254 DNS 1927 168 10 254 Lease Time sec TFTP Server Boot File Name 5 2 2 Dynamic Client List When DHCP server functions are activated the switch will collect DHCP client information and display in the following table DHCP Dynamic Client List No Select Type MAC Address IP Address Surplus Lease Select Clear All Add to static Table 5 2 3 Client List You can assign a specific IP address within the dynamic IP range to a specific port When a device is connected to the port and requests for dynamic IP assigning the switch will assign the IP address that has previously be
131. ont Panel Ethertype for Custom S ports yess Basic Setting DW DHCP ServeriRelay VLAN Port Configuration Mm Port Setting MM Redundancy amp VLAN Ingress Filtering Frame Type Port VLAN Mode Sa VLAN Membership Sa Ports Specific DW Private VLAN E SNMP Specific vani MMP vian20 MMO 0 1 Tag_all 1 Tag_all Traffic Prioritization lt WW Multicast Unaware M Security Unaware Specific Specific CH Specific M Monitor and Diag Unaware fm Synchronization Mm PoE Unaware Specific Sa Factory Default Unaware Sa System Reboot Unaware Specific Specific Unaware Specific OOOOOOOOOMOO AAAA Unaware Specific ORing Industrial Networking Corp 1 Untag_pvid 1 Untag_pvid v 1 Untag_pvid Specific 1 Untag_pvid 1 Untag_pvid 1 Untag_pvid 1 Untag_pvid v 1 Untag_pvid 1 Untag_pvid VLAN Hybrid Mode Port 1 VLAN Hybrid mode RGS P9000 Series User Manual untagged 10 Tagged 10 20 Below are the switch settings Open all D P D EN System Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy
132. or IDLE The number of transmitted Querier The number of received V1 reports The number of received V2 reports The number of received V3 reports The number of received V2 leave packets Click to refresh the page immediately Clear all statistics counters Check to enable an automatic refresh of the page at regular intervals Switch port number Indicates whether a specific port is a router port or not 5 7 4 Groups Information of IGMP Snooping Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group ORing Industrial Networking Corp 91 RGS P9000 Series User Manual ISMP Snooping Group Information Start from VLAN and group address with entries per page Port Members VLAN ID Groups 1234567891011 12 1314151617 18 19 20 re entries eg The group aaressof te group aspas 5 8 Security 5 8 1 Remote Control Security Configurations Remote Control Security allows you to limit the remote access to the management interface When enabled requests of the client which is not in the allow list will be rejected Remote Control Security Configuration Mode Port Web Telnet SNMP IP E Port Port number of the remote client IP Address IP address of the remote client 0 0 0 0 means any IP am check enable management via a SNMP interlace ORing Industrial Networking Corp 92 RGS P9000 Series User Manual 5 8 2 Device Binding This pa
133. p RGS P9000 Series User Manual Indicates device types Possible types are no specification IP Device Type Camera IP Phone Access Point PC PLC and Network Video Recorder Indicates location information of the device The information can be Location Address used for Google Mapping Device descriptions Stream Check This page allows you to configure stream check settings Stream Check Mode Action Status Enabled Normal 4 i 4 MM a Ou DJ Oh D P DM eH le 4 4 4 4 4174 Enables or disables stream monitoring of the port Modes Indicates the action to take when the stream gets low Possible actions are NO action Log it simply logs the event 5 8 3 ACL Ports This page allows you to configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE ORing Industrial Networking Corp 97 RGS P9000 Series User Manual ACL Ports Configuration Policy Port ID ink GT 4 4 lt 4 D Jm E w N H 4 vd H 4 Action Rate Limiter ID Shutdown Port Copy Logging Counter 108498 Disabled sel Disabled o 68732984 0 Disabled Disabled 0 68732984 Disabled 0 Disabled Disabled Disabled o Port The switch port number to which the following settings will be applied Policy ID Rate Limiter ID Port Copy Logging
134. pient E mail Address 1 Po Recipient E mail Address 3 Po Recipient E mail Address 3 Po Recipient E mail Address 4 Po Recipient E mail Address 5 Po Recipient E mail Address 6 Po Enables or disables transmission of system warnings by e mail Sender E mail SMTP server IP address Address Mail Subject Subject of the mail Authentication m Username the authentication username m Password the authentication password Confirm Password re enter password Recipient E mail The recipient s e mail address A mail allows for 6 recipients Address Apply Click to activate the Click to activate the configurations Event Selection SYSLOG and SMTP are two warning methods supported by the system Check the corresponding box to enable the system event warning method you want Please note that the checkbox cannot be checked when SYSLOG or SMTP is disabled ORing Industrial Networking Corp 126 Gran eo RGS P9000 Series User Manual System Warning Event Selection System Events SYSLOG SMIP System Start Power Status SNMP Authentication Failure Redundant Ring Topology Change SYSLOG 1 Link Up and Link Down ze Link Down Disabled Disabled Disabled Disabled Disabled Disabled 4 4 lt 4 4 Vd 1 A 3 A vi 6 Fi H g 4 4 4 4 Label System Cold Start Power Status SNMP Authentication Failure O Ring Topology Change m Disable P E ort Event m Link Up SYSLOG SMTP event E Link Down WR
135. port Source TCP UDP port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Action Class QoS class 0 7 or Default Parameters Valid Drop Precedence Level value can be 0 1 or Default Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE 5 6 14 QoS Counters This page provides the statistics of individual queues for all switch ports Queuing Counters Auto refresh L 1 g 0 g 0 g 0 0 0 g 0 0 g 0 0 0 g 2 g 0 LU g 0 LU g 0 0 0 g 0 LU L 0 g 3 0 0 0 0 0 LU 0 0 0 g L g 0 0 g 0 4 0 g 0 g 0 LU 0 g 0 g L g 0 0 g 0 J g g LU g 0 LU g 0 g 0 g g LU L g g D g 0 g 0 0 0 g 0 g 0 0 g 0 0 0 g 7 386 0 0 g 0 0 g 0 g 0 0 g 0 0 QO 495 H 1307 0 0 g 0 0 g 0 g 0 0 g 0 g D 2326 g 0 g 0 g 0 LU g 0 g 0 0 g 0 L g ORing Industrial Networking Corp 87 amp RGS P9000 Series User Manual The switch port number to which the following settings will be applied on There are 8 QoS queues per port QO is the lowest priority The number of received and transmitted packets per queue 5 6 15 QCL Status This page shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of
136. port and dropped for some other reason The number of RADIUS Access Request packets sent to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up Aretry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout 113 RGS P9000 Series User Manual This section contains information about the state of the server and the latest round trip time RFC4668 Name Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has t
137. port number Pair the status of the cable pair Length the length in meters of the cable pair 5 10 6 SFP Monitor SFP modules wth DDM Digital Diagnostic Monitoring function can measure the temperature of the apparatus helping you monitor the status of connection and detect errors immediately You can manage and set up event alarms through DDM Web interface SFP Monitor Auto refresh L Port No Temperature C Vcc V TX Bias mA TX Power pW RX Power pw 5 iD 0 0 Gor P L Eh Warning Temperature 85 c o 100 Event Alarm LJSyslog 5 10 7 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues ORing Industrial Networking Corp 135 RGS P9000 Series User Manual ICMP Ping IP Address After you press Start five ICMP packets will be transmitted and the sequence number and roundtrip time will be displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time Oms 64 bytes from 10 10 132 20 icmp _seq 1 time Oms 64 bytes from 10 10 132 20 icmp_seq 2 time Oms 64 bytes from 10 10 132 20 icmp_seq 3 time Oms 64 bytes from 10 10 132 20 icmp _seq 4 time Oms Sent 5 packets received 5 OK 0 bad You can configure the following properties of the issued ICMP packets IP Address The destination IP Address
138. pped Total Neighbors Entries Aged Out LLDP Statistics Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TLVs Discarded TLVs Unrecognized Org Discarded Age Outs m kA CH CH O O CH CH CH e t e B v Bil en Il en Wi e e CO E CO CH CH IER CH o G o G o OO OO en eo IER e ER e E oG CO OOOO OO OO CO OOO OO OO OO CO Cl o le H o Eil e D e ege Ee Ch E CH IER CH TE eee DE DOONAN a n Global Counters Neighbor entries Were lastchandedal Shows the time when the last entry was deleted or added Total Neighbors Entries Added Total Neighbors Entries Deleted Total Neighbors Entries Dropped Total Neighbors Entries Aged Out Shows the number of new entries added since switch reboot Shows the number of new entries deleted since switch reboot Shows the number of LLDP frames dropped due to full entry table Shows the number of entries deleted due to expired time to live ORing Industrial Networking Corp 43 ORing amp RGS P9000 Series User Manual Local Counters Local Port The port that receives or transmits LLDP frames The number of LLDP frames transmitted on the port The number of LLDP frames received on the port The number of received LLDP frames containing errors If a port receives an LLDP frame and the switch s internal table is full the LLDP frame will be counted and discarded This situation is Known as too many neighbors in the LLDP standard LLDP Frames
139. r and the latest round trip time RFC4670 Name Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet d radiusAccClientExtRoundTripTime 5 8 6 NAS 802 1x This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allow
140. r each port shaper rate as Port Shaper Unit kbps or Mbps The default value is kbps 5 6 8 Port Scheduled This page provides an overview of QoS Egress Port Schedulers for all switch ports QoS Egress Port Schedulers Weight Q0 Q1 Q2 Q3 Q4 Q5 Strict Priority Strict Priority Strict Priority Strict Priority a k S z Strict Priority 7 s S S S Strict Priority S S 3 S Mode in E to Poe CO The switch port number to which the following settings will be applied Click on the port number to configure the schedulers Mod Shows the scheduling mode for this port on Shows the weight for this queue and port 5 6 9 Port Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports ORing Industrial Networking Corp 82 Oring QoS Egress Port Shapers Shapers RGS P9000 Series User Manual Oh to hae disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled Ak disabled disabled disabled disabled disabled disabled OS disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled Of disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabl
141. re ORing Industrial Networking Corp Specific Untag_pvid Untag_pvid v v E v Untag_pvid 64 RGS P9000 Series User Manual VLAN QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN BM 2900 BM 2900 VLAN X VLAN Pi VLAN X TRUNK 200 VLAN TRUNK 200 P2 gt tagged 200 i gge Setting VLAN tagged X 3 QINQ 200 9000 Series Port 1 VLAN Settings Open all VLAN Membership Configuration Sa System Information W Basic Setting 2 i feel M DHCP Server Relay Start from VLAN 1 with 20 entries per page D Port Setting MM Redundancy E VLAN Sa VLAN Membership Sa Ports WW Private VLAN SNMP Traffic Prioritization Multicast Security Port Members Delete VLAN ID VLAN Name Lga Ss eS 7 ak a ae ZE Qing KI III Open all Auto refresh L Sa System Information Sa Front Panel Ethertype for Custom S ports 0x ssas Basic Setting DHCP ServeriRelay VLAN Port Configuration Port Setting Redundancy Port VLAN Ingress Filtering Frame Type E Ar Mode ID SS VLAN Membership v v Si Ports 1 Unaware v F All v Specific 200 Untag_all e WW Private VLAN WE S o T d IN a il IT i
142. rking Corp 107 ORing amp RGS P9000 Series User Manual Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination filter is specified TCP UDP destination filter status is don t care Specific if you want to filter a specific TCP UDP destination filter TCP UDP with the ACE you can enter a specific TCP UDP destination value A Destination Filter field for entering a TCP UDP destination value appears Range if you want to filter a specific range TCP UDP destination filter wth the ACE you can enter a specific TCP UDP destination range A field for entering a TCP UDP destination value appears When Specific is selected for the TCP UDP destination filter you TCP UDP a can enter a specific TCP UDP destination value The allowed range Destination is O to 65535 A frame matching the ACE will use this TCP UDP destination value Number When Range is selected for the TCP UDP destination filter you can TCP UDP enter a specific TCP UDP destination range value The allowed Destination Range range is O to 65535 A frame matching the ACE will use this TCP UDP destination value Specifies the TCP FIN no more data from sender value for the ACE 0 TCP frames where the FIN field is set must not be able to match TCP FIN this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP SYN synchronize seque
143. roduction O Ring is ORing s proprietary redundant ring technology with recovery time of less than 30 milliseconds in fulkduplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block packets from traveling through any of the network s redundant loops In the event that one branch of the ring gets disconnected from the rest of the network the protocol automatically readjusts the ring so that the part of the network that was disconnected can reestablish contact with the rest of the network The O Ring redundant ring technology can protect mission critical applications from network interruptions or temporary malfunction with its fast recover technology H O Ring Backup Path 4 1 2 Configurations O Ring supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below ORing Industrial Networking Corp 21 RGS P9000 Series User Manual This switch is Not a Ring Master LinkDown Ri eee Fort LinkDown E Coupling Ring Coupling Port LinkDown E Dual Homing Homing Port LinkDown Redundant Ring Check to enable O Ring topology Only one ring master is allowed in a ring However if more than one switch are set to enable Ring Master the switch with Ring Master the lowest MAC address will be the active ring master a
144. rp RGS P9000 Series User Manual Supports HT TPS SSH protocols to enhance network security Supports SMTP client Supports IP based bandwidth management Supports application based QoS management Supports Device Binding security function Supports DOS DDOS auto prevention Supports IGMP v2 v3 IGMP snooping support to filter multicast traffic Supports SNMP v1 v2c v3 amp RMON amp 802 1Q VLAN network management Supports ACL TACACS and 802 1x user authentication for security Supports 10K Bytes Jumbo Frame Supports multiple notifications for incidents Supports management via Web based interfaces Telnet Console CLI and Windows utility Open Vision Supports LLDP Protocol Supports Layer 3 RGS PR9000 only 3 Hardware Specifications Modular design Supports IEEE 1588v2 clock synchronization Redundant power inputs 19 inch rack mountable design Compliant with IEC 61850 3 and IEEE 1613 Houses 3 x 10 100 1000Base T X RJ 45 modules for up to 24 ports Houses 3 x 100 1000Base X SFP modules for up to 24 ports Houses 1 x 10G SFP module for up to 4 ports Operating temperature 40 to 70 C 20 to 60 C when using 10G SFP module Storage temperature 40 to 85 C Operating humidity 5 to 95 non condensing Dimensions 440 W x 325 D x 44 H mm amp RGS P9000 Series User Manual Hardware Overview 2 1 Front Panel 2 1 1 Ports and Connectors The RGS P9000 series switches provide one 10 Gigabit module slot and thr
145. s soon as a frame with unknown SMAC is received ORing Industrial Networking Corp 128 RGS P9000 Series User Manual Only static MAC entries are learned all other frames are dropped Note make sure the link used for managing the switch is added to the static Mac table before changing to secure learning mode otherwse the management link will be lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configurations The static entries in the MAC table are shown in this table The static MAC table can contain up to 64 entries The entries are for the whole stack not for individual switches The MAC table is sorted first by VLAN ID and then by MAC address Static MAC Table Configuration Port Members Delete VLAN ID MAC Address 12345 6 8 1011 13 Fi 1 oo 1E 94 98 89 89 kl III 1 oo 00 00 00 00 00 TO OOOOOOOOOO oo 00 00 00 00 00 TOO OOOOOOOOO Add new static entry Check to delete an entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Checkmarks indicate which ports are members of the entry Port Members Check or uncheck to modify the entry Click to add a new entry to the static MAC table You can specify Adding New Static e the VLAN ID MAC address and port members for the new entry ntry Click Save to save the changes MAC Table Each page s
146. s than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment of the chain fails O Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the most robust network topology It can create multiple redundant networks beyond the limitations of current redundant ring technologies Edge Port O Chain Edge Port Edge Port Edge Port O Chain 4 2 2 Configurations O Chain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Other switches beside them just need to have O Chain enabled O Chain enable Uplink Port Edge Port State EEE MS TE and SSES SS ORing Industrial Networking Corp 23 amp RGS P9000 Series User Manual Enable Check to enable O Chain function Ring Port The first port connecting to the ring j 2 4 Ring Port The second port connecting to the ring Edge Port An O Chain topology must begin with edge ports The ports with a smaller switch MAC address will serve as the backup link and RM LED will light up 4 3 MRP 4 3 1 Introduction MRP Media Redundancy Protocol is an industry standard for high availability Ethernet networks MRP allows Ethernet switches in a ring to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 d
147. sing or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards tt ORing Industrial Networking Corp 115 ORing amp RGS P9000 Series User Manual When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout Is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames ata rate faster than X seconds it will never be authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expired the same server will be contacted when the next backend authentication server requests from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practi
148. ssification Mode lt dscp_list gt enableldisable DSCP Classification Map lt class_list gt lt dpl_list gt lt dscp gt Storm Multicast enableldisable lt packet_rate gt QCL Add lt qce_id gt lt qce_id_next gt lt port_list gt lt tag gt lt vid gt lt pcp gt lt dei gt lt smac gt lt dmac_type gt etype lt etype gt LLC lt DSAP gt lt SSAP gt lt control gt SNAP lt PID gt ipv4 lt protocol gt lt sip gt lt dscp gt lt fragment gt lt sport gt lt dport gt ipv6 lt protocol gt lt sip_v6 gt lt dscp gt lt sport gt lt dport gt lt class gt lt dp gt lt classified_dscp gt QCL Delete lt qce_id gt QCL Lookup lt qce_id gt QCL Status combined staticlconflicts QCL Refresh ORing Industrial Networking Corp 152 bai RGS P9000 Series User Manual Mirror l Configuration lt port_list gt Port lt port gt ldisable Mode lt port_list gt enableldisablelrxltx Configuration lt port_list gt Mode enableldisable State lt port_list gt macbasedlautolauthorizedlunauthorized Configuration lt port_list gt Action lt port_list gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Policy lt port_list gt lt policy gt ORing Industrial Networking Corp 153 RGS P9000 Series User Manual Rate lt rate_lim
149. t upldo wn Mode lt port_list gt autol Ohdxl1 Ofdxl100hdx 1 OOfdx 1000fdxlsfp_auto_ams MAC VLAN Configuration lt port_list gt tx_tag lt port_list gt untag_pvidluntag_allltag_all PortType lt port_list gt unawarelc portls portls custom port EtypeCustomSport lt etype gt ORing Industrial Networking Corp 146 RGS P9000 Series User Manual Forbidden Lookup lt vid gt name lt name gt Lookup lt vid gt name lt name gt combinedIstaticlnaslal Name Add lt name gt lt vid gt Name Lookup lt name gt Status lt port_list gt combinedIstaticlnaslmstplalllconflicts Private VLAN Security Switch Switch security setting Secu Network Network security setting AAA Authentication Authorization and Accounting setting Security Switch Password lt password gt Auth Authentication SSH Secure Shell HTTPS Hypertext Transfer Protocol over Secure Socket Layer RMON Remote Network Monitoring Security Switch Authentication Configuration curity switch auth Method consoleltelnetlsshlweb nonellocallradius enableldisable ORing Industrial Networking Corp 147 o RGS P9000 Series User Manual Security Switch SSH Mode enableldisable Security Switch HTTPS Mode enableldisable Security Switch RMON any 3 Statistics Add lt stats_id gt lt data_source gt Statistics Delete lt stats_1d gt Statistics Lookup
150. ter which a connected client must be cation re authenticated This is only active if the Reauthentication Enabled Period checkbox is checked Valid range of the value is 1 to 3600 seconds Determines the time for retransmission of Request Identity EAPOL frames EAPOL Timeout Valid range of the value is 1 to 65535 seconds This has no effect for MAC based ports This setting applies to the following modes i e modes using the Port Age Period Security functionality to secure MAC addresses ORing Industrial Networking Corp 117 amp RGS P9000 Series User Manual M AC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds For ports in MAC based Auth mode reauthentication does not cause direct communications between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry This setting applies to the following modes Le modes using the Port Security functionality to secure MAC addresses M AC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS
151. the ACE will use this VLAN ID value Specifies the tag priority for the ACE Aframe matching the ACE will use this tag priority The allowed number range is 0 to 7 Any means that no tag priority is specified tag priority is don t care IP Parameters IP Protocol Filter IP Protocol Value EN IP TTL IP Fragment IP Option SIP Filter Network ze SIP Address SIP Mask DIP Filter Network ze DIP Address Specifies the IP protocol filter for the ACE Any no IP protocol filter is specified don t care IP Protocol Filter Specific if you want to filter a specific IP protocol filter wth the ACE choose this value A field for entering an IP protocol filter appears ICMP selects ICMP to filter IPv4 ICMP protocol frames Extra fields ORing Industrial Networking Corp 102 ORing amp RGS P9000 Series User Manual for defining ICMP parameters will appear For more details of these fields please refer to the help file UDP selects UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear For more details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields please refer to the help file pts Esser IP Protocol Value to 255 Frames matching the ACE will use this IP protocol value Specifies the time to live settings for the ACE Zero IPv4 frames with a ti
152. this column The default IP is 192 168 10 1 Assigns the subnet mask of the IP address If DHCP client function is enabled you do not need to assign the subnet mask Assigns the network gateway for the switch The default gateway IP Router is 192 168 10 254 Provides the managed VLAN ID The allowed range is 1 through VLAN ID 4095 Provides the IP address of the DNS server in dotted decimal notation Click to undo any changes made locally and revert to previously saved values 5 1 5 IPv6 Settings You can configure IPv6 information of the switch on the following page IPv6 Configuration Configured Current Auto Configuration 192 0 2 1 Address 192 0 2 1 Link Local Address feS0 212 94ff fe01 6735 Prefix 96 Router Save Reset Check to enable IPv6 auto configuration If the system cannot Auto Configuration obtain the stateless address in time the configured IPv6 settings will be used The router may delay responding to a router ORing Industrial Networking Corp 39 amp RGS P9000 Series User Manual solicitation for a few seconds therefore the total time needed to complete auto configuration may be much longer Provides the IPv6 address of the switch IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field For example in fe80 21 5 c5ff fe03 4dc7 the symbol is a special syntax that Address can be use
153. thorized e 802 1X Direction Total Response ID Responses Start Logoff Invalid Type Invalid Length Total Request ID Requests ORing Industrial Networking Corp EAPOL Counters IEEE Name dotixAuthEapolFramesRx dotixAuthEapolRespIdFramesRx dotixAuthEapolRespFramesRx dotixAuthEapolStartFramesRx dotixAuthEapolLogoffframesRx dotixAuthInvalidEapolFramesRx Description The number of valid EAPOL frames of any type that have been received by the switch The number of valid EAP Resp ID frames that have been received by the switch The number of valid EAPOL response frames other than Resp ID frames that have been received by the switch The number of EAPOL Start frames that have been received by the switch The number of valid EAPOL logoff frames that have been received by the switch The number of EAPOL frames that have been received by the switch in which the frame type is not recognized The number of EAPOL frames that have dotixAuthEapLenathErrorFramesRx been received by the switch in which the dotixAuthEapolFramestTx dotixAuthEapolReqIidFramesTx dotixAuthEapolReqFramesTx following administrative states Packet Body Length field is invalid The number of EAPOL frames of any type that have been transmitted by the switch The number of EAP initial request frames that have been transmitted by the switch The number of valid EAP Request frames other than initial request frames that have
154. ting from that or the next closest VLAN Table match The gt gt will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over ISMP Snooping VLAN Configuration Start from VLAN with entries per page Delete VLANID Snooping Enabled IGMP Querier Dei Check to delete the entry The designated entry will be deleted during elete the next save VLAN ID The VLAN ID of the entry IGMP Snooping Check to enable IGMP snooping for individual VLAN Up to 32 Enable VLANs can be selected IGMP Querier Check to enable the IGMP Querier in the VLAN 5 7 3 IGMP Snooping Status This page provides IGMP snooping status ORing Industrial Networking Corp 90 ORing RGS P9000 Series User Manual Auto refresh L IGMP Snooping Status Statistics VLAN Querier Host ID Version Version Querier Status Queries Queries Transmitted Received V1 Reports V2 Reports V3 Reports V2 Leaves Received Received Received Received 1 Ve v3 Router Port Port Status 1 E Label VLAN ID Querier Version Host Version Querier Status Querier Receive V1 Reports Receive V2 Reports Receive V3 Reports Receive V2 Leave Receive Clear Auto refre sh DISABLE 0 LU g 0 g 0 The VLAN ID of the entry Active Querier version Active Host version Shows the Querier status as ACTIVE
155. to 32 and only ASCII characters from 33 to 126 are allowed Indicates the security model that this entry should belong to Possible security models include Security Model any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 ORing Industrial Networking Corp 73 amp RGS P9000 Series User Manual v2c Reserved for SNMPv2c usm User based Security Model USM Indicates the security model that this entry should belong to Possible security models include Security Level NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this Read View Name request may request the current values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed The name of the MIB view defining the MIB objects for which this Write View Name request may potentially SET new values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 5 6 Traffic Prioritization 5 6 1 Storm Control There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The rate is 2 n where n is equal to or less than 15 or No Limit The unit of the rate can be either pps packets per s
156. trial Networking Corp 78 RGS P9000 Series User Manual The port number for which the configuration below applies Check to enable the policer for individual switch ports 5 6 6 Queue Policing This page allows you to configure Queue Policer settings for all switch ports QoS Ingress Queue Policers Queue 0 Queue l Queue 72 Queue 3 Queve4 Queues Queue Queue 7 E Rate Unit Enable Enable Enable Enable Enable Enable Enable H _500 kbps_ E Hl 500 kbps_ C H _500 kbps_ E E _ 500 kbps C M 500kbps E Pot The port number for which the configuration below applies Enable E Check to enable queue policer for individual switch ports Configures the rate of each queue policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled beh eek o be eek ek ne eek ek be ee ek m eek o beh eek N Configures the unit of measurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled 5 6 QoS Egress Port Scheduler and Shapers This page allows you to configure Scheduler and Shapers for a specific port ORing Industrial Networking Corp 79 ORing TS RGS P9000 Series User Manual Strict Priority QoS Egress Port Scheduler and Shapers Port 1 Queue
157. ts When Auto is selected for the speed the flow control will be negotiated to the capacity advertised by the link partner When a fixed speed setting is selected that is what is used Current Rx indicates whether pause frames on the port are Flow Control obeyed and Current Tx indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last auto negotiation You can check the Configured column to use flow control This setting is related to the setting of Configured Link Speed You can enter the maximum frame size allowed for the switch port in this column including FCS The allowed range is 1518 bytes to 9600 bytes Power Control Shows the current power consumption of each port in percentage ORing Industrial Networking Corp 50 amp RGS P9000 Series User Manual The Configured column allows you to change power saving parameters for each port Disabled all power savings functions are disabled ActiPHY link down and power savings enabled PerfectReach link up and power savings enabled Enabled both link up and link down power savings enabled Total Power Usage Total power consumption of the board measured in percentage Click to undo any changes made locally and revert to previously saved values Click to refresh the page Any changes made locally will be undone 5 3 2 Port Trunk This page allows you to configure the aggregation hash mode
158. ty frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is ORing Industrial Networking Corp 120 Port State RGS P9000 Series User Manual snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string in the following form XX XX XX XX XX XX that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based aut
159. um time to wait for a reply from a server If the server does not reply within this time frame we will consider it to be dead and continue with the next enabled server if any Timeout RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to ORing Industrial Networking Corp 109 amp RGS P9000 Series User Manual E be queried up to 3 times before it is considered to be dead The dead time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server ead that has failed to respond to a previous request This will stop the switch from ead Time continually trying to contact a server that it has already determined as dead Setting the dead time to a value greater than 0 zero will enable this feature but only if more than one server has been configured 5 8 5 RADIUS Authentication and Accounting Server Configurations The table has one row for each RADIUS authentication server and a number of columns which are RADIUS Authentication Server Configuration Enabled IP Address The RADIUS authentication server number for which the configuration below applies Enabled Check to enable the RADIUS auth
160. umber of received and transmitted good and bad broadcast Broadcast packets The number of MAC Control frames received or transmitted on this Rx and Tx Pause port that have an opcode indicating a PAUSE operation The number of frames dropped due to insufficient receive buffer or Rx Drops egress congestion Rx The number of frames received with CRC or alignment errors CRC Alignment 1 Short frames are frames smaller than 64 bytes 2 Long frames are frames longer than the maximum frame length configured for this por 5 10 3 Port Mirroring You can configure port mirroring on this page To solve network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The traffic to be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also Known as egress or destination mirroring Port to mirror is also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled option disables mirroring ORing Industrial Networking Corp 132 RGS P9000 Series User Manual Mirror Configuration Div fvitv ldr Disabled se _ Mode bo Disabled Disabled i iD D JO A amp OM Disabled Disabled Disabled Disabled Disabled
161. which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible as it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch does not need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it wll never be authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplic
162. wnlip_camlip_phonelaplpclplcin vr Port Location lt port_list gt lt device_location gt Port Description lt port_list gt lt device_description gt Configuration ORing Industrial Networking Corp 159 Modbus ORing Industrial Networking Corp RGS P9000 Series User Manual Mode enableldisable Manager enableldisable Mode enableldisable 160 RGS P9000 Series User Manual Technical Specifications ORing Switch Models Physical Ports Slot Number 4 up to 3 slots for 8x1G ports and 1 slot for 4x10G port Technology 802 3 for 10Base T 802 3u for 100Base T X and 100Base F X 802 3ab for 1000 Base T 802 z for 1000 Base X 802 3ae for 10Giga bit Ethernet 802 3x for Flow control Ethernet Standards 802 3ad for LACP Link Aggregation Control Protocol 802 1p for COS Class of Service 802 1Q for VLAN Tagging 802 1w for RSTP Rapid Spanning Tree Protocol 802 1s for MSTP Multiple Spanning Tree Protocol 802 1x for Authentication 802 1AB for LLDP Link Layer Discovery Protocol Switching latency 7 us Switching bandwidth 128Gbps Switch Properties Max Number of Available VLANs 256 IGMP multicast groups 128 for each VLAN Port rate limiting User Define Device Binding security feature Enable disable ports MAC based port security Port based network access control 802 1x Single 802 1x and Multiple 802 1x MAC based authentication QoS assignment Guest VLAN
Download Pdf Manuals
Related Search