Industrial Management Ethernet Switch
Contents
1. b bjb bjb DJ DJ bjb bjb bjb Al Ad A E KIKK A IE 5 RiR S S S 18 Unaware Specific VLAN QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN ORing Industrial Networking Corp 67 ORing VLAN X tagged X tagged tagged 200 Packet BM 2900 RGPS 9084GP P User Manual BM 2900 VLAN Pi VLAN X TRUNK 200 VLAN TRUNK 200 Setting VLAN QinQ 200 9000 Series Port 1 VLAN Settings Open all ES Bm Bm Bm Bm S E ED P m a Open E ES P m e i D D D System Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy VLAN Sa VLAN Membership Ey Ports Mm Private VLAN SNMP Traffic Prioritization Multicast Security all System Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy VLAN ES VLAN Membership Sa Ports Private VLAN OR Bm Bm Bm OR VLAN ID Settings SNMP Traffic Prioritization Multicast Security Warning VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Port Members Delete VLAN ID VLAN Name Ser a AS eap eS o bh det O KM a a vA QinQ VL JE dE E JE E JE 1E O H Auto refresh Ethertype for Custom S ports 0x ssas VLAN Port Configur2. 2 5 6 14 ON SS 5 5 6 15 le TE 5 Nee 7 o OME SNOOP RT rt 7 5 7 2 VLAN Configurations of IGMP Snooping ssssssssssesssssssssrnrrsesrnnrrensrnnrersrnrrrenne 7 O49 IGMP SHOODING SIS creeinebt rumusibbubua arenen neneiia asanes Y es ER s 8 5 4 Groups Information of IGMP Snooping s sssssnnenennnnnnnnnnsnnnnnnnrnnsnrresrnrnennrrenene 0 Sed XN 0 5 8 1 Remote Control Security Configurations sn001nnneoeennnnonennenennnnnnnnsennenenne 0 582 DVC lr ell e ET 1 s E o ECT 0 DRAE AAA e 12 5 8 5 RADIUS Server ccccccccccecccseeeeeeccceseneeescceseeeeesccseneeesscceeeeeessocenseeesscaeenees 12 SS NASO OZ 17 MAINT ERE Tm 28 Dest CU Pium 28 5 9 2 System Waning eier ege 29 leise o Dia E 32 5 10 1 QIeNr T E 32 5 10 2 POR AIE O e T 35 5 10 3 z uleje 37 5 10 4 System LOG Information c cece cseeeeeeceeeeeeceeeeeecneueeeeaeeeeeesaaueeessaeeesesaeees 38 5 10 5 Cable AGIOS NOS geen 39 5 10 6 SEP NOTI O M TU Te 40 5 10 7 uio 41 ORing RGPS 9084GP P User Manual IPVO PINO die th c c 41 5 11 IC MEET 42 2n FOE ices E
3. 128 Priority AdminEdge Auto Edge v Restricted Role TCN Non Edge Y Y BPDU Guard Point to point Forced True v 4 lt gt Auto Auto Auto Auto Auto Auto Auto Auto Auto s A WWW WW WW oan Oh H P DW Mr A Priority AdminEdge Auto Edge lt gt 128 128 128 128 128 128 128 128 128 a a a a lt a a a a a Restricted Role TCN lt gt v Non Edge Y Non Edge Y Non Edge Y Non Edge Y Non Edge Y Non Edge Y Non Edge Y Non Edge Y Non Edge Y A WW WW WW WWW BPDU Guard Point to point lt gt Auto Auto Auto Auto Auto Auto Auto Auto Auto a a Pon Potmumber O O O Controls the path cost incurred by the port The Auto setting will set the Path Cost Value 1 200000000 Port Priority 0 240 Admin Edge path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports Valid values are in the range 1 to 200000000 Decide which port should be blocked by priority in the LAN The valid value is between 0 and 240 and must be a multiple of 16 Controls whether the operEdge flag should start as set or cleared ORing Industrial Networking Corp 23 ORing se
4. RGPS 9084GP P Industrial Managed Ethernet Switch User Manual Version 1 0 June 2015 www oring networking com ORing Industrial Networking Corp yA ORing cswwco User vanal COPYRIGHT NOTICE Copyright 2015 ORing Industrial Networking Corp All rights reserved No part of this publication may be reproduced in any form without the prior written consent of ORing Industrial Networking Corp TRADEMARKS OhRirng isa registered trademark of ORing Industrial Networking Corp All other trademarks belong to their respective owners REGULATORY COMPLIANCE STATEMENT Product s associated with this publication complies comply with all applicable regulations Please refer to the Technical Specifications section for more details WARRANTY ORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date 5 years for most products ORing will repair or replace products found by ORing to be defective within this warranty period with shipment expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORing products that are misused abused improperly installed or damaged by accidents Please refer to the Technical Specifications section for the actual warranty period s of the product s associated with this p
5. Save Reset Check to enable IPv6 auto configuration If the system cannot obtain the stateless address in time the configured IPv6 settings Auto Configuration will be used The router may delay responding to a router solicitation for a few seconds therefore the total time needed to complete auto configuration may be much longer Provides the IPv6 address of the switch IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field For example in Address fe80 215 c5ff fe03 4dc7 the symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address such as 192 1 2 34 Prefix Provides the IPv6 prefix of the switch The allowed range is 1 to ORing Industrial Networking Corp 35 ORing nopsowopP user Manual Provides the IPv6 address of the switch IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field For example in 1e80 215 c5ff fe03 4dc7 the symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 1192 1 2 34 Click to undo any changes made local
6. lt announceintv gt lt announceto gt lt syncintv gt lt delaymech gt lt minpdelayreqintv gt lt delayasymmetry gt lt ingressLatency gt LocalClock lt clockinst gt updatelshowlratio lt clockratio gt Filter lt clockinst gt lt def_delay_filt gt lt period gt lt dist gt Servo lt clockinst gt lt displaystates gt lt ap_enable gt lt ai_enable gt ad enable ap lt ai gt lt ad gt SlaveTableUnicast lt clockinst gt ForeignMasters lt clockinst gt lt port_list gt EgressLatency showlclear MasterTableUnicast lt clockinst gt ExtClockMode lt one_pps_mode gt lt ext_enable gt clockfreq lt vcxo_enable gt OnePpsAction lt one_pps_clear gt DebugMode lt clockinst gt lt debug_mode gt Wireless mode lt clockinst gt lt port_list gt enableldisable Wireless pre notification lt clockinst gt lt port_list gt Wireless delay lt clockinst gt lt port_list gt lt base_delay gt lt incr_delay gt NO ORing Industrial Networking Corp 1 ORing Loop Protect IPMC RGPS 9084GP P User Manual Configuration Port Action lt port_list gt shutdownlshut logllog Port Transmit lt port_list gt enableldisable Status lt port_list gt Port Mode lt port_list gt enableldisable Configuration igmp Mode 1gmp enableldisable Flooding igmp enableldisable Fault Vers
7. I 44 5 12 1 COMO a lo MP ee 44 5 12 2 A eege 46 es KC HRC UI SSO ON Gos EE 47 5 13 1 Factory Defaults T 47 5 13 2 SS e ea E 48 Command Line Interface Management e 49 ORing Industrial Networking Corp 5 ORing cswwch User vanal Getting Started 1 1 About the RGPS 9084GP P The RGPS 9084GP P is managed PoE Ethernet switch with eight Gigabit P S E ports and four Gigabit SFP ports The P S E ports can transmit electrical power up to 30 watts per port 240watts in total between 40 60 C and 120watts in total between 60 75 C along with data to remote devices over standard twisted pair cables The switch supports several Ethernet redundancy technologies such as O Ring recovery time 30ms over 250 units of connection and O Chain topologies as well as MSTP protocol RSTP STP compatible to protect mission critical applications from network interruptions or temporary malfunctions with fast recovery technology With a wide operating temperature from 40 C to 75 C the device can be managed centrally via ORing s proprietary Open Vision platform as well as via Web based interfaces Telnet and console CLI 1 2 Software Features B Supports O Ring recovery time 30ms over 250 units of connection and MSTP RSTP STP compatible for Ethernet Redundancy Open Ring support for other vendors ring technologies in open architecture O Chain allows for multiple redundant ne
8. devices and network security Device Binding Function State DDOS Alive Check Stream Check eer Active Status Active Status Active Status IP Address MAC Address 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Device i i i i 1 i oo oo yo Ojoj oa oa Description Indicates the device binding operation for each port Possible modes are disable Scan scans IP MAC automatically but no binding function Binding enables binding Under this mode any IP MAC that does not match the entry will not be allowed to access the network Shutdown shuts down the port No Link Alive Check Check to enable alive check When enabled switch will ping the Active device continually Indicates alive check status Possible statuses are disable Alive Check Got Reply receive ping reply from device meaning the device is still Status alive Lost Reply not receiving ping reply from device meaning the device might have been dead Stream Check Check to enable stream check When enabled the switch will detect ORing Industrial Networking Corp 1 the stream change getting low from the device Indicates stream check status Possible statuses are Stream Check disable Status Normal the stream is normal Low the stream is getting low DDoS Prevention Check to enable DDOS prevention When enabled the switch will Acton monitor the device against DDOS attacks Indicates DDO
9. lt policy gt Rate lt rate_limiter_list gt lt rate_unit gt lt rate gt Add lt ace_id gt lt ace_id_next gt port lt port_list gt policy policy policy bitmask tagged vid lt tag_prio gt dmac type etype etype lt smac gt ORing Industrial Networking Corp 5 ORing RGPS 9084GP P User Manual dmac arp sip dip smac arp opcode arp flags ip lt sip gt lt dip gt protocol lt ip_flags gt icmp sip lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt dip lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt permitldeny lt rate_limiter gt lt port_redirect gt mirror lt logging gt lt shutdown gt Lookup lt ace_id gt Status combinedlstaticlloop protectldhcplptplipmclcontlicts Port State lt port_list gt enableldisable Security Network DHCP Statistics clear Security Network AAA Configuration Timeout timeout Deadtime dead time RADIUS lt server_index gt enableldisable ip addr string secret lt server_port gt ACCT RADIUS lt server_index gt enableldisable ip addr string lt secret gt lt server_port gt Statistics lt server_index g
10. nopsowopP user Manual QCE Configuration Port Members 11 12 13 14 15 16 17 18 19 20 Key Parameters Action Parameters value PCP 2 DEI 0 SMAC Specific v ax 00 00 00 DMAC Type Id DNA ethernet v Class 3 bd DPL 1 iw E 2 AFS2 MAC Parameters Port Members Check to include the port in the QCL entry By default all ports are included Key Parameters Key configurations include Tag value of tag can be Any Untag or Tag VID valid value of VLAN ID can be any value from 1 to 4095 Any user can enter either a specific value or a range of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 8 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SMAC Source MAC Address can be 24 MS bits OUI or Any DMAC Type Destination MAC type can be unicast UC multicast MC broadcast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 ORing Industrial Networking Corp 3 ORing sso User vamal IPv6 Note all frame types are explained below Ethernet Valid Ethernet values can range from 0x600 to OxFFFF or Any but excluding Ox800 IPv4 and Ox86DD IPv6 The default value is Any LLC SSAP Address valid SSAP Source Service Access Point values can range from 0x00 to OxFF or Any The default value is Any DSAP Address valid DSAP De
11. 5 5 3 SNMP Community Configurations This page allows you to configure SNMPv3 community table The entry index key is Community SNMPv3 Communities Configuration Delete Community Source IP Source Mask public 0 0 0 0 Check to delete the entry It will be deleted during the next save Indicates the community access string to permit access to Community SNMPv3 agent The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed SowcelP Indicates the SNMP source address Source Mask Indicates the SNMP source address mask ORing Industrial Networking Corp 73 ORing sesso User vanal 5 5 4 SNMP User Configurations This page allows you to configure SNMPv3 user table The entry index keys are Engine ID and User Name SNMPv3 Users Configuration Security Authentication Authentication Privacy Privacy Level Protocol Password Protocol Password Fi 800007e5017f000001 default_user NoAuth NoPriv Delete Engine ID Check to delete the entry It will be deleted during the next save An octet string identifying the engine ID that this entry should belong to The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed The SNMPv3 architecture uses User based Security Model USM for message security and View based Access Control Model VACM for access control For the USM entry the usmUserEnginelD and usmUserName ar
12. o oo o woman CO Ul P UNE CEO kA EI COM Ob CO b e n o oi o uo o e Ei e IO o ES e Eil o Go EE o G co E o G o G o Go g o G o Goco Goco Gogo eB om o Gi o Do g ot o IO co D o D o Gio eoo omo o Gio n Global Counters Hae oe Neighbor entries Shows the time when the last entry was deleted or added were last changed at Total Neighbors Entries Added Total Neighbors Shows the number of new entries added since switch reboot Shows the number of new entries deleted since switch reboot Entries Deleted Total Neighbors Shows the number of LLDP frames dropped due to full entry table Entries Dropped Total Neighbors Shows the number of entries deleted due to expired time to live Entries Aged Out Local Counters The port that receives or transmits LLDP frames The number of LLDP frames transmitted on the port The number of LLDP frames received on the port ORing Industrial Networking Corp 4 ORing sso User vanal Rx Errors The number of received LLDP frames containing errors If a port receives an LLDP frame and the switch s internal table is full the LLDP frame will be counted and discarded This situation is known as too many neighbors in the LLDP standard LLDP Frames Discarded frames require a new entry in the table if Chassis ID or Remote Port ID is not included in the table Entries are removed from the table when a given port links down an LLDP shutdown frame is re
13. ARP frame must have ARP RARP opcode set to ARP RARP frame must have ARP RARP opcode set to RARP Other frame has unknown ARP RARP Opcode flag Specifies the available ARP RARP opcode OP flag for the ACE Any no ARP RARP OP flag is specified OP is don t care Request frame must have ARP Request or RARP Request OP flag set 1 dm A m ARP RARP Request Reply Reply frame must have ARP Reply or RARP Reply OP flag Specifies the sender IP filter for the ACE Any no sender IP filter is specified sender IP filter is don t care Sender Host sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the sender IP filter you Sender IP Address can enter a specific sender IP address in dotted decimal notation When Network is selected for the sender IP filter you can Sender IP Mask enter a specific sender IP mask in dotted decimal notation Target IP Filter Specifies the target IP filter for the specific ACE ORing Industrial Networking Corp 7 ORing sesso User vanal Any no target IP filter is specified target IP filter is don t care Host target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network target IP filter is
14. Edge Port BPDU Filtering Edge Port BPDU Guard Port Error Recovery Port Error Recovery Timeout Save Reset Protocol Version Select Spanning Tree type support STP RSTP MSTP Bridge Priority A value used to identify the root bridge The bridge with the lowest 0 61440 value has the highest priority and is selected as the root If the value changes you must reboot the switch The value must be a ORing Industrial Networking Corp 21 ORing sso User vanal BEEN multiple of 4096 according to the protocol standard rule Forwarding Delay The time of a port waits before changing from RSTP learning and Time 4 30 listening states to forwarding state The valid value is between 4 through 30 Max Age Time 6 40 The number of seconds a bridge waits without receiving opanning tree Protocol configuration messages before attempting a reconfiguration The valid value is between 6 through 40 Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information to Valid values are in the range 6 to 40 hops Transmit Hold Count The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Edge Port BPDU Control whether a port explicitly configured as Edge will
15. Security Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 5 5 6 SNMP View Configurations This page allows you to configure SNMPv3 view table The entry index keys are View Name and OID Subtree SNMPv3 Views Configuration Delete ViewName ViewType OID Subtree al default view included Add new view Check to delete the entry It will be deleted during the next save A string identifying the view name that this entry should belong to View Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates the view type that this entry should belong to Possible view types include Included an optional flag to indicate that this view subtree should be included View Type Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist another entry whose view type is Included and its OID subtree oversteps the Excluded entry The OID defining the root of the subtree to add to the named view OID Subtree l l l The allowed OID length is 1 to 128 The allowed string content is ORing Industrial Networking Corp 76 ORing sso User vanal NENNEN digital number or
16. aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group The Key value varies with the port ranging from 1 to 65535 Auto will set the key according to the physical link speed 10Mb 1 100Mb 2 1Gb 3 Specific allows you to enter a user defined value Ports with the same key value can join in the same aggregation group while ports with different keys Indicates LACP activity status Active will transmit LACP packets every second while Passive will wait for a LACP packet from a partner speak if spoken to ORing Industrial Networking Corp 53 ORing sweet Click to undo changes made locally and revert to previous values LACP System Status This page provides a status overview for all LACP instances LACP System Status Auto refresh L Refresh Open in new window Acar ID Partner Partner Last Local 39 System ID Key Changed Ports No ports enabled or no existing p Aggr ID The aggregation ID is associated with the aggregation instance For LLAG the ID is shown as isid aggr id and for GLAGs as aggr id Partner System ID System ID MAC address of the aggregation partner Partner Key When connecting the device to other manufactures devices you may need to configure LACP partner key Partner key is the operational key value assigned to the port associated with this link by the Partner Last Changed The time since this aggrega
17. m hexadecimal digits with a colon separating each field For Trap Destination example in fe80 215 c5ff fe03 4dc7 the symbol is a special IPv6 Address syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also uses a following legally IPv4 address For example 192 1 2 34 Trap Signifies that the SNMP entity acting in an agent role has Authentication received a protoco message that is not properly ORing Industrial Networking Corp 72 ORing sswch User vanal authenticated Possible modes include Enabled enable SNMP trap authentication failure Disabled disable SNMP trap authentication failure A Link up SNMP trap signifies that the SNMP entity acting in an agent role has a network interface becoming up A Link down SNMP Trap Link up and trap signifies that the SNMP entity acting in an agent role has a Link down Network Interface becoming down Possible modes include Enabled enable SNMP trap link up and link down mode Disabled disable SNMP trap link up and link down mode Indicates the SNMP trap inform mode Possible modes include Trap Inform Mode Enabled enable SNMP trap inform mode Disabled disable SNMP trap inform mode Trap Inform Configures the SNMP trap inform timeout The allowed range is 0 to Trap Inform Retry Configures the retry times for SNMP trap inform The allowed range Times is O to 255
18. DSCP EgressRemap lt dscp_list gt lt dpl_list gt lt dscp gt Storm Unicast enableldisable lt packet_rate gt Storm Multicast enableldisable lt packet_rate gt Storm Broadcast enableldisable lt packet_rate gt QCL Add lt qce_id gt lt qce_id_next gt lt port_list gt lt tag gt lt vid gt lt pcp gt lt dei gt lt smac gt lt dmac_type gt etype lt etype gt LLC lt DSAP gt lt SSAP gt lt control gt SNAP lt PID gt ipv4 lt protocol gt lt sip gt dscp lt fragment gt lt sport gt lt dport gt ipv6 lt protocol gt sip v6 lt dscp gt lt sport gt ORing Industrial Networking Corp 8 ORing sso lt dport gt class dp lt classified_dscp gt CL Delete qce id Q QCL Lookup lt qce_id gt QCL Status combinedlstaticlconftlicts QCL Refresh Mirror Configuration lt port_list gt Port port ldisable Mode lt port_list gt enableldisablelrxltx Dot1x Configuration lt port_list gt Mode enableldisable State lt port_list gt IGMP Configuration lt port_list gt Mode enableldisable State lt vid gt enableldisable Querier lt vid gt enableldisable Fastleave lt port_list gt enableldisable ORing Industrial Networking Corp 9 ORing sworn ACL Action lt port_list gt permitldeny lt rate_li
19. e A 2 7 A 8 C51 8 v FI 8 C51 8 v e A DSCP Maximum number of supported DSCP values is 64 and valid DSCP value ranges from 0 to 63 Configurable engress parameters include Remap DPO controls the remapping for frames with DP level 0 You can select the DSCP value from a selected menu to Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP can be translated to any of 0 63 DSCP values 2 Classify check to enable ingress classification C x minsindust a Newoikna ESI a Industrial Networking Corp 1 ORing nopsowopP user Manual which you want to remap DSCP value ranges from 0 to 63 Remap DP1 controls the remapping for frames with DP level 1 You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges from 0 to 63 5 6 12 DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value DSCP Classification QoS Class DPL DSCP QoS Class Actual QoS class DPL Actual Drop Precedence Level DSCP Select the classified DSCP value 0 63 5 6 13 QoS Control List This page allows you to edit or insert a single QoS control entry at a time A QCE consists of several parameters These parameters vary with the frame type you select ORing Industrial Networking Corp 2 ORing
20. it will be discarded When the port receives untagged frames an untagged frame obtains a tag based on PVID and is forwarded When the port receives tagged frames 1 if the tagged frame contains a TPID of 0x8100 it will be forwarded 2 if the TPID of tagged frame is not Ox88A8 ex 0O0x8100 it will be discarded ORing Industrial Networking Corp The TPID of a frame transmitted by S port will be set to 0x88A8 The TPID of a frame transmitted by o custom port will be set to a self customized value which can be set by the user via Ethertype for Custom S ports 62 ORing ewe Manal Below are the illustrations of different port types E VLAN 5 4 VID 5 TPID 8100 I VLAN QinQ VID 5 f TPID 8100 9000 Series VID 5 TPID 88A8 Packet Discarded VIDzPVID TPID 8100 No VLAN VID 8 TPID 8100 VID 8 TPID 8100 9000 Series VID 8 TPID 88A8 Packet Discarded ORing Industrial Networking Corp 63 RGPS 9084GP P User Manual No VLAN IB ew Em VLAN Packet Discarded 9000 Series VID 10 VID 10 TPID 88A8 TPID 88A8 Lo d VID 10 TPID 8100 C VLAN i VID 5 i TPID 8100 Pat 9000 Series VID 5 TPID 88A8 VID 5 TPID 8123 d S custom port is used for user defined TPID While Ethertype for Custom S ports is configured to 8123 outgoing packet will bring with TPID L 8123 tag ee th xt Packet Disc
21. that you want to connect to the O Ring and connect them to the switches in the ring Switch C amp D 2 In correspondence to the port connected to the ring configure an edge port for both of the connected switches in the chain by checking the box in the management page see 4 1 2 Configurations 3 Once the setting is completed one of the connections will act as the main path and the PER port other as the backup path Switch Switch A O Ring Switch D Switch B 77 Edge port 16 ORing Industrial Networking Corp ORing RGPS 9084GP P User Manual Redundancy Redundancy for minimized system downtime is one of the most important concerns for industrial networking devices Hence ORing has developed proprietary redundancy technologies including O Ring O Chain and Open Ring featuring faster recovery time than existing redundancy technologies widely used in commercial applications such as STP RSTP and MSTP ORing s proprietary redundancy technologies not only support different networking topologies but also assure the reliability of the network 4 1 O Ring 4 1 1 Introduction O Ring is ORing s proprietary redundant ring technology with recovery time of less than 30 milliseconds and up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block packets from traveling through any of the network s redundant loops In the event that one branch of the ring gets
22. 1 Power switch 2 Power socket ORing Industrial Networking Corp 9 ORing sso Manual Hardware Installation 3 1 Wall Mounting The switch comes with two rack mount kits to allow you to fasten the switch to a rack in any environments e d ole 2 65 6 50 185 25 15 90 Follow the following steps to install the switch to a rack Step 1 Install the mounting brackets to the left and right front sides of the switch using three screws provided with the switch Step 2 With front brackets orientated in front of the rack fasten the brackets to the rack using two more screws ORing Industrial Networking Corp 10 ORing essei vanal 3 2 Wiring WARNING Do not disconnect modules or wires unless power has been switched off or the area is known to be non hazardous The devices may only be connected to the supply voltage shown on the type plate ATTENTION AN 1 Be sure to disconnect the power cord before installing and or wiring your switches 2 Calculate the maximum possible current in each power wire and common wire Observe all electrical codes dictating the maximum current allowable for each wire size 3 Ifthe current goes above the maximum ratings the wiring could overheat causing serious damage to your equipment 4 Use separate paths to route wiring for power and devices If power wiring and device wiring paths must cross make sure the wires are perpendicular at the in
23. 5 4 SIE 58 5 4 1 VLAN Membership eeesseseeseeeeeeeene nennen nnne nnne nnn nnns 58 AL PON CORI ONS E 59 543 Private VLAN c 69 5 5 s E 71 5 5 1 SNMP System Configurations cccccccccsssseeeeeeseeseceeeeeeeeeeeeesseeeeeesessaeeeees 71 NI Ge TOD cr 72 5 5 38 SNMP Community Configurations cccccccccceeeseeeeeeeeeeeeeeeeeeeeeeeeeeeaaneeees 73 5 5 4 SNMP User Configurations ccccccccccccccseeeseeeeeeeeeeceeeeeeeeceeesseaeeeeesssaeeeess 74 5 5 5 SNMP Group Configurations cccccccccccccssesseeeeeeeeesceeeesaeeeeeeessaeseeeeessaaeeeees 75 59 05 06 SNMP View CONTIGUIATIONS ens tantu aoro gettin pu no eo tuer o Seege 76 5 5 7 SNMP Access Contguraions 77 5 6 Re det Leite RTT en 78 ef CN NEE n EG 0 E 78 ORing Industrial Networking Corp 3 ORing cesso User vanal 5 7 5 8 5 9 5 10 ORing Industrial Networking Corp 5 6 2 Port Clasettcaton nennen nennen nnne nnne nnn nnn nnns 78 569 Porn Ee Remaking NETTES 81 90547 FOTOD OO EE 81 Si POPOD EE 83 566 Queue POCIO RRNENRRRRER m 0 5 6 7 QoS Egress Port Scheduler and Shapers snonnnnnnnnnnennnennnnnnrnnnenrnrnennnrenene 0 5668 Porn Scheduler ETT TT 2 IOT FPO NPIN eae T E E UTE 0 5 6 10 DSCP Based Q0S iscsi gaa aieeaii aai aian rasie 0 5 6 11 DSCP TESI e 1 5 6 12 Bee Clas SINC allo WE 2 5 6 13 eos E MT
24. 6 5 Port Policing This page allows you to configure Policer settings for all switch ports QoS Ingress Port Policers Port Enabled Rate Unit Flow Control a UN n i a cn e DI 39 59 99 59 998 fe ek DEUS DI 9 ee ek 998 DON D SN m na The port number for which the configuration below applies Check to enable the policer for individual switch ports Pot Enable Configures the rate of each policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and is restricted to 1 to 3300 when the Unit is Mbps or kfps Configures the unit of measurement for each policer rate as tee ne sage ea If Flow Control is enabled and the port is in Flow Control Flow Control mode then pause frames are sent instead of being discarded ORing Industrial Networking Corp 83 5 6 6 Queue Policing This page allows you to configure Queue Policer settings for all switch ports QoS Ingress Queue Policers Queue Q Queue 1 Queue 7 Queue Queue 4 Queue gt Queue Queue 7 E Rate Unit Enable Enable Enable Enable Enable Enable Enable TPPEPEPD E soo kons SC Ej sde E soo ks D E sde SD E soo ks vO Port 0 The port number for which the configuration below applies Enable E Check to enable queue policer for individual switch ports EM m 599 m m EJ E31 EJ F1 E m 599 eek eek ee ee ee m 598 9 DRIED PS ee ee DI PS Configures the unit of measurement for eac
25. By convention this is the node s fully qualified domain name A domain name is a text string consisting of alphabets A Z a z System Name digits 0 9 and minus sign Space is not allowed to be part of the name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is O to 255 System Description Description of the device The physical location of the node e g telephone closet 3rd System Location floor The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed The textual identification of the contact person for this managed node together with information on how to contact this person System Contact The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed Provides the time zone offset from UTC GMT System Timezone ee The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 32 offset minutes ORing J sso Manual 5 1 2 Admin amp Password This page allows you to configure the system password required to access the web pages or log in from CLI System Password Username Old Password New Password Confirm New Password Old Password The existing password If this is incorrect you ca
26. Factory Defaults You can reset the configuration of the stack switch on this page Only the IP configuration is retained ORing Industrial Networking Corp 47 ORing sso User vanal Factory Defaults Are you sure you want to reset the configuration to Factory Defaults Yes Click to reset the configuration to factory defaults Me Click to return to the Port State page without resetting 5 13 2 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you have powered on the devices Warm Reset Are you sure you want to perform a Warm Restart Yes Click to reboot device Me Click to return to the Port State page without rebooting ORing Industrial Networking Corp 48 ORing RGPS 9084GP P User Manual Command Line Interface Management Besides Web based management the switch also supports CLI management You can use console or telnet to manage the switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DB9 F cable Follow the steps below to access the console via RS 232 serial cable Step 1 On Windows desktop click on Start gt Programs gt Accessories gt Communications Hyper Terminal Le Accessibility im Communications a HyperTerminal Le Network Time Protocol i Network and Dial up Connections Sys
27. JE IE JE PULL vLAN20 vl TITEL JE JC JL C CC CJ Ed D D Open all Auto refresh L System Information Front Panel Ethertype for Custom S ports 0x ss4s Basic Setting DHCP Server Relay VLAN Port Configuration Port Setting Redundancy Port VLAN VLAN Ingress Filtering Frame Type Mode Sa VLAN Membership Ey Ports WW Private VLAN SNMP Traffic Prioritization L Multicast Unaware SRREROG Specific Tag all Specific v Tag al v Specific Untag pvid H RR 2 2 2 32 3 B E Security Unaware ss Unaware Monitor and Diag Synchronization PoE Factory Default Unaware System Reboot Unaware lt Unaware Specific Untag pvid Lt Specific Untag_pvid Unaware Specific v Untag pvid Lt Unaware Specific v Untag pvid H Specific Untag pvid Specific Specific Untag_pvid bd v v v L1 D DJ EJ EJ DJ P3 P3 EI Uf 31 DJ v v Untag pvid v v Unaware Specific Untag_pvid ORing Industrial Networking Corp 66 ORing wwe Manel VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings Open all VLAN Membership Configura
28. MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the clients MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string in the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will fram
29. Prioritization 3 Unaware v L All Specific 1 Untag pvid Multicast 4 Unaware v v Specific wi 1 Untag pvid fll Security 5 Unaware v L1 v Specific wl 1 Untag pvid me ee 6 Unaware v d Untagged Specific 10 Untag pvid M S 7 Unaware v Fj Untagged e Specific 20 Untag pvid W Synchronization 8 Un E 0 m E d 2 r cific RI 30 U t id FT naware ntagge pecific 0 Untag pvi Ey Factory Default 9 Unaware a pecific Untag_pvid System Reboot 10 Unaware K O All SI Specific 1 Untag pvid vj 11 lInaw ara vw F1 All wv iGnarific wi 1 lintan nvid w ORing Industrial Networking Corp 65 ORing ewe VLAN 1Q Trunk Mode Switch A Switch B Switch C VLAN 10 9000 Series 9000 Series 9000 Series VLAN Trunk VLAN Trunk SE 10 20 VLAN 20 VLAN 20 Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings Open all VLAN Membership Configuration gy System Information Basic Setting DHCP Server Relay Start from VLAN 1 with 20 entries per page Port Setting X Redundancy VLAN Ey VLAN Membership Ey Ports WW Private VLAN SNMP Traffic Prioritization Add New VLAN Multicast Security i D D Port Members Delete VLAN ID VLAN Name W s Ae We S ah ue abe ad Lo ds m Ns er Aynan 71 71 A n D default AL VLAN10 BE E IE
30. Sensibility lt port_list gt Port DDOS Packet lt port_list gt Port DDOS High lt port_list gt lt socket_number gt Port DDOS Filter lt port_list gt sourceldestination Port DDOS Action lt port_list gt do nothinglblock 1 minlblock 10 minslblocklshutdownl only loglreboot device Port DDOS Status lt port_list gt Port Alive Mode lt port_list gt enableldisable Port Alive Action lt port_list gt do nothingllink changelshutdownlonly loglreboot devic e Port Alias lt port_list gt lt ip_addr gt Port DeviceType lt port_list gt unknownlip_camlip_phonelaplpcipleinvr ORing Industrial Networking Corp 15 ORing RGPS 9084GP P User Manual Port Location lt port_list gt device location MRP Port Description lt port_list gt lt device_description gt Modbus Parameter MRP LNKNRmax value Status Mode enableldisable ORing Industrial Networking Corp 16 Technical Specifications Physical Ports 8 10 100 1000 Base T X Ports in RJ45 f 40 60 C provided total 240watts maximum 60 75 C provided total 120watts Auto MDI MDIX with P S E maximum Technology IEEE 802 3 for 10BaseT IEEE 802 3u for 100Base TX and 100Base FX IEEE 802 3z for 1000Base X IEEE 802 3ab for 1000Base T IEEE 802 3x for Flow control IEEE 802 3ad for LACP Link Aggregation Control Protocol IEEE 802 1D for STP Spanning Tree Protocol IEEE 802 1p fo
31. Server following administrative states Counters e 802 1X MAC based Auth ORing Industrial Networking Corp 27 ORing ewe Manal Backend Server Counters Direction IEEE Name Description Port based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Port based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Port and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Port and MAC based aruis oe x times that ge i s switch receives a failure message This Auth Failures dotixAuthBackendAuthFails indicates that the supplicant client has not authenticated to the backend server Port based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are Responses dotixAuthBackendResponses not counted MAC
32. Service It is a method to achieve efficient bandwidth utilization between individual applications or protocols ORing Industrial Networking Corp 78 ORing sweet QoS Ingress Port Classification Port QoS class DP level PCP DEI Tag Class DSCP Based x aile ae III as als ais als ollelelleilelelelelelteileleit ll ae b aile ae aile ae als ane ile amp elsa e s eisliel s s s e ATE TE aile E aile ae aile E TIE EE ATE 4 px RE aile ae TEE PEL TEE LESE Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled rowan a Ln P D N e DI 99 590 el 998 15990 998 590 98 590 9 DR The port number for which the configuration below applies Controls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of O zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 01234567 QoS class 10234567 If the port is VLAN aware the frame is tagged and Tag Class is QoS Class enabled then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default QoS class The classified
33. This page allows you to change the configurations of current MSTI bridge instance priority MSTP Instance Port Instance Priority Path Cost 0 240 1 200000000 0 Auto o Priority must be a multiple of 16 Description The bridge instance CIST is the default instance which is always active The port number which you want to configure ORing Industrial Networking Corp 28 ORing Priority 0 240 Path 1 200000000 RGPS 9084GP P User Manual Decides the priority of ports to be blocked in the LAN The valid value is between 0 and 240 and must be a multiple of 16 The path cost incurred by the port The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Apply Click to apply the configurations 4 5 Fast Recovery Fast recovery mode can be set to connect multiple ports to one or more switches The device with fast recovery mode will provide redundant links Fast recovery mode supports 12 priorities Only the first priority will be the active port and the other ports with different priorities will be backup ports Fast Recovery Mode I Hot included AIFA Hot included Port 04 Apply Active Activate fast recovery mode Ports can be set to 12 priorities Only the port with the highest priority will be the active port 1st
34. VLANs Port Isolation Configuration Open in new window Port Number 1 2 3 4 5 6 8 9 1011 12 LIEIEJEJEI EI EI EJ EJ EJ m C w rem A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port Port Members l EE When unchecked port isolation is disabled for that port By default port isolation is disabled for all ports ORing Industrial Networking Corp 70 ORing cswwco User vanal 5 5 SNMP 5 5 1 SNMP System Configurations SNMP System Configuration Mode Enabled Version SNMP v2c Mea public Write Community Engine ID e Dmehim O Indicates existing SNMP mode Possible modes include Enabled enable SNMP mode Disabled disable SNMP mode Indicates the supported SNMP version Possible versions include SNMP v1 supports SNMP version 1 SNMP v2c supports SNMP version 2c SNMP v3 supports SNMP version 3 Version Indicates the read community string to permit access to SNMP agent The allowed string length is O to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be Read Community associated with SNMPv3 community table Indicates the write community string to permit access to SNMP agent The allowed string length is O to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 an
35. and configure current LLDP port settings LLDP Configuration LL DP Parameters LLDP Port Configuration HE c T 1 Disabled 2 Disabled 3 Disabled v 4 Disabled v oets the transmit interval which is the interval between regular Tx Interval E transmissions of LLDP advertisements The switch port number to which the following settings will be applied 2 Disabled Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP information from its neighbors will be analyzed ORing Industrial Networking Corp 39 ORing sso User vanal Tx only the switch will drop LLDP information received from its neighbors but will send out LLDP information Disabled the switch will not send out LLDP information and will drop LLDP information received from its neighbors Enabled the switch will send out LLDP information and will analyze LLDP information received from its neighbors Neighbors This page provides a status overview for all LLDP neighbors The following table contains information for each port on which an LLDP neighbor is detected The columns include the following information Auto refresh L Local Port Chassis ID Remote Port ID System Name Port Description System Capabilities Management Address Port 8 00 1E 94 12 45 78 IGS 9812GP Bridge 192 168 10 14 IPv4 Local Port The port that you use to transmits and receives LLDP frames The identifica
36. authorized by the RADIUS server X Auth Y Unauth the port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate schedules a reauthentication whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized Reinitialize forces a reinitialization of the clients on the port and hence a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress 25 ORing NAS Status This page provides an overview of the current NAS port states RGPS 9084GP P User Manual Network Access Server Switch Status Auto refresh U Refresh Admin State Port State Last Source Last ID Cn un G3 RJ e Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled The switch port
37. by exchanging PoE information using the LLDP protocol If no LLDP information is available for the port the port will reserve power using the Class mode In this mode the maximum power fields will gray out In all of the abovementioned modes if a port uses more power than the reserved power for the port the port will be shut down Power Management There are two modes available when configuring when to shut Mode down the port Actual Consumption the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power of that port The ports are shut down according to port priority If two ports have the same priority the port with the highest port number is shut down Reserved Power the ports are shut down when total reserved power exceeds the amount of power that the power supply can deliver The port power will not be turned on if the power device requests more power than available from the power supply Primary and Backup Some switches support two PoE power supplies One is used as Power Source primary power source and one as a backup If the switch does not support backup power supply only the primary power supply settings will be shown If the primary power source fails the backup power source will take over To determine the amount of power allowed for the power device you must confi
38. checkbox to activate the function Once the box is checked you will be able to input information in each column ORing Industrial Networking Corp 44 ORing esso User Manual DHCP Server Configuration Enabled Start IP Address 192 160 10 100 End IP Address 132 168 10 200 Subnet Mask 755 255 255 0 Router 192 1568 10 254 DNS 192 168 10 254 EAEE S400 TFIP Server O0 0 Boot File Name Save Reset Mabel 0 Description 0 Enabled Check to enable the DHCP Server function If enabled the switch eso erent Start IP Address The beginning of the dynamic IP address range The lowest IP address in the range is considered the start IP address For example if the range is from 192 168 1 100 to 192 168 1 200 192 168 1 100 will be the start IP address End IP Address The end of the dynamic IP address range The highest IP address in the range is considered the end IP address For example if the range is from 192 168 1 100 to 192 168 1 200 192 168 1 200 will be the end IP address SubnetMask The subnet mask for the dynamic IP assign range The gateway of your network DNS The DNS IP of your network The length of time that the client may use the IP address it has been Lease Time sec EE assigned The time is measured in seconds The IP address of the FTFP where you put the configuration file or TFTP Server where you want to restore the switch to previous settings The boot file is used by the cli
39. disconnected from the rest of the network the protocol automatically readjusts the ring so that the part of the network that was disconnected can reestablish contact with the rest of the network The O Ring redundant ring technology can protect mission critical applications from network interruptions or temporary malfunction with its fast recover technology IES 3080 KH trana 4 1 2 Configurations O Ring supports two ring topologies Coupling Ring and Dual Homing You can configure the settings in the interface below ORing Industrial Networking Corp 17 ORing RGPS 9084GP P User Manual O Ring Configuration Mite ets Disable This switch is Mot a Ring Master 1st Ring Port LinkDown PAnR nE aa Port 2 LinkDown E Coupling Ring Coupling Port LinkDown lal Dual Homing Homing Port LinkDown Redundant Ring Check to enable O Ring topology Ring Master Only one ring master is allowed in a ring However if more than one switch are set to enable Ring Master the switch with the lowest MAC address will be the active ring master and the others will be backup masters at Ring Port The primary port when the switch is ring master 2nd Ring Port The backup port when the switch is ring master Coupling Ring Coupling Port Dual Homing Check to enable Coupling Ring Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches It is a goo
40. enable an automatic refresh of the page at regular Auto refresh intervals Clear Click to clear the counters for all ports 5 3 4 Loop Protection This feature prevents loop attack When receiving loop packets the port will be disabled automatically preventing the loop attack from affecting other network devices ORing Industrial Networking Corp 56 ORing RGPS 9084GP P User Manual Configuration General Settings Global Configuration SEI Rfeleisf ivegclegtstfl Sable Y Transmission Time ei seconds Shutdown Time seconds Enable Loop Protection Activate loop protection functions as a whole Transmission Time The interval between each loop protection PDU sent on each port The valid value is 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid value is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Port Configuration Port Enable Tx Mode wt lt gt Shutdown Port able aw Shutdown Port Enable ze Shutdown Enable Enable Label Description Enable Activate loop protection functions as a whole Configures the action to take when a loop is detected Valid values include Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is act
41. enabling False means P2P disabling Transiting to forwarding state is faster for point to point LANs than for shared media Admin Edge Specify whether this port is an edge port or a nonedge port An edge port is not connected to any other bridge Only edge ports and point to point links can rapidly transition to forwarding state To configure the port as an edge port set the port to True Admin Non STP The port includes the STP mathematic calculation True is not including STP mathematic calculation false is including the STP mathematic calculation Apply Click to apply the configurations ORing Industrial Networking Corp 27 ORing ssh user vanal Instance Setting This page allows you to change the configurations of current MSTI bridge instance MSTP Instance Setting Priority Instance State VLANs 0 61440 Priority must be a multiple of 4096 Apply instance Set the instance from 1 to 15 State 0 Enables or disables the instance The VLAN which is mapped to the MSTI A VLAN can only be mapped to one MSTI An unused MSTI will be left empty ex without any mapped VLANs Priority 0 61440 A value used to identify the root bridge The bridge with the lowest value has the highest priority and is selected as the root If the value changes you must reboot the switch The value must be a multiple of 4096 according to the protocol standard Apply Click to apply the configurations Port Priority
42. for tagged frames Enabled Use mapped versions of PCP and DEI for tagged Tag Class frames Click on the mode to configure the mode and or mapping Note this setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default QoS class and DP level DSCP Based Click to enable DSCP Based QoS Ingress Port Classification ORing Industrial Networking Corp 80 ORing RGPS 9084GP P User Manual 5 6 3 Port Tag Remaking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports QoS Egress Port Tag Remarking 1 Classified 2 Classified 3 Classified Classified Classified Classified Classified Classified Classified Classified Classified Classified The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Shows the tag remarking mode for this port Classified use classified PCP DEI values Default use default PCP DEI values Mapped use mapped versions of QoS class and DP level 5 6 4 Port DSCP This page allows you to configure basic QoS Port DSCP settings for all switch ports QoS Port DSCP Configuration Ingress Egress Hr O Translate d d d O O O RW O d d d O ORing Industrial Networking Corp lt gt B Disable Disable _ i ify Disable Rewrite wj Disable bul Disable hl Disabl
43. mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the source IP filter you can SIP Address s enter a specific SIP address in dotted decimal notation When Network is selected for the source IP filter you can enter a Specifies the destination IP filter for the ACE Any no destination IP filter is specified destination IP filter is don t care Host destination IP filter is set to Host Specify the destination IP address in the DIP Address field that appears Network destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear When Host or Network is selected for the destination IP filter you DIP Address 7 can enter a specific DIP address in dotted decimal notation When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation ORing Industrial Networking Corp ON ORing sso Manual ARP Parameters ARP RARP Other ze ARP SMAC Match Request Reply Request ze RARP SMAC Match Sender IP Filter Network IP Ethernet Length euE 192 168 1 1 IP 1 w 1 w x Sender IP Mask 255 255 255 0 Ethernet Target IP Filter Network Taroet ID Addrecse 192 168 1 254 Target IP Mask 299 223 239 0 Specifies the available ARP RARP opcode OP flag for the ACE Any no ARP RARP OP flag is specified OP is don t care
44. number Click to navigate to detailed 802 1X statistics of each port The port s current administrative state Refer to NAS Admin Admin State l l State for more details regarding each value The current state of the port Refer to NAS Port State for more Port State details regarding each value The source MAC address carried in the most recently received Lasi SOUCO EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based Last ID authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication This page provides detailed IEEE 802 1X statistics for a specific switch port using port based authentication For MAC based ports only selected backend server RADIUS Authentication Server statistics is showed Use the port drop down list to select which port details to be displayed ORing Industrial Networking Corp 26 ORing sso Manual NAS Statistics Port 2 Admin State The port s current administrative state Refer to NAS Admin State for more details regarding each value Port State The current state of the port Refer to NAS Port State for more details regarding each value These supplicant frame counters are available for the following administrative states
45. of the entry Active Querier version Active Host version Shows the Querier status as ACTIVE or IDLE The number of transmitted Querier The number of received V1 reports The number of received V2 reports The number of received V3 reports The number of received V2 leave packets Click to refresh the page immediately Clear all statistics counters Check to enable an automatic refresh of the page at regular intervals Switch port number Indicates whether a specific port is a router port or not 5 7 5 Groups Information of IGMP Snooping Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group IGMP Snooping Group Information Start from VLAN and group address with entries per page Port Members VLAN ID Groups 123456789 10111213 14 15 16 17 18 19 20 Mo more entries 5 8 Security 5 8 1 Remote Control Security Configurations Remote Control Security allows you to limit the remote access to the management interface When enabled requests of the client which is not in the allow list will be rejected Remote Control Security Configuration Mode Delete Port Web Telnet SNMP IP E ORing cesswco User vanal Check to enable management via a Telnet interface Check to enable management via a SNMP interface Check to delete entries 5 8 2 Device Binding This page provides device binding configurations Device binding is a powerful way to monitor
46. pW RX Power pW 2 DER sl EN UR ewe Warning Temperature B5 PC 0 100 Event Alarm Syslog ORing Industrial Networking Corp 40 ORing eswwceose Manual 5 10 7 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues ICMP Ping IP Address M 0 0 0 Ping Size After you press Start five ICMP packets will be transmitted and the sequence number and roundtrip time will be displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp seq 0 time Oms 64 bytes from 10 10 132 20 icmp seg 1 time Oms 64 bytes from 10 10 132 20 icmp seq 2 time Oms 64 bytes from 10 10 132 20 icmp seq 3 time Oms 64 bytes from 10 10 132 20 icmp seq 4 time Oms Sent 5 packets received 5 OK 0 bad You can configure the following properties of the issued ICMP packets IP Address The destination IP Address The payload size of the ICMP packet Values range from 8 to 1400 bytes IPv6 Ping IPv6 Ping IPv6 Address Ping Size ORing Industrial Networking Corp 4 ORing PING6 server 192 168 10 1 sendto sendto sendto sendto sendto RGPS 9084GP P User Manual Sent 5 packets received 0 OK 0 bad 5 11 Synchronization MAC based Authentication This page allows you to configure and examine current P
47. set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear When Host or Network is selected for the target IP filter you Target IP Address can enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter Target IP Mask e a specific target IP mask in dotted decimal notation Specifies whether frames will meet the action according to their sender hardware address field SHA settings ARP SMAC Match 0 ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Any any value is allowed don t care opecifies whether frames will meet the action according to their target hardware address field THA settings RARP SMAC Match 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any any value is allowed don t care opecifies whether frames will meet the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must not match IP Ethernet Length this entry 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed don t care opecifies whether f
48. statistics for all switch ports Port Statistics Overview Auto refresh C Port Packets Bytes Errors Drops Filtered Receive Transmit Receive Transmit Receive Transmit Receive Transmit Receive 117980 86946125 911 790 6259918088 0 0 IW 0 0 0 68732984 68732987 4057477714 4957477932 240710409 0 IW 0 0 0 0 0 0 0 0 68732985 68732987 4957477883 4957477932 25204638 0 D 0 0 IW cooooouoeocoaoou cOoocooooooooo cOoocoooooaoooo cooooooooooco 0 0 0 0 i 0 0 0 0 0 0 0 0 0 0 0 0 0 0 U The switch port number to which the following settings will be applied Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port ORing Industrial Networking Corp 35 RGPS 9084GP P User Manual The number of frames received in error and the number of incomplete transmissions per port The number of frames discarded due to ingress or egress congestion The number of received frames filtered by the forwarding process Auto refresh Check to enable an automatic refresh of the page at regular intervals Detailed Statistics This page provides detailed traffic statistics for a specific switch port Use the port drop down list to decide the details of which switch port to be displayed The displayed counters include the total number for receive and transmit the size for receive and transmit and the errors for receive and transmit Detailed Statistics Total Receiv
49. the port are obeyed and Current Tx indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last auto negotiation You can check the Configured column to use flow control This setting is related to the setting of Configured Link Speed You can enter the maximum frame size allowed for the Maximum Frame Size switch port in this column including FCS The allowed range is 1518 bytes to 9600 bytes Configures port transmit collision behavior Discard Excessive Discard frame after a certain amount of collisions Collision Mode default Restart Restart backoff algorithm after a certain amount of collisions Click to undo any changes made locally and revert to teen oo s Click to refresh the page Any changes made locally eee ORing Industrial Networking Corp 50 ORing sso User vanal 5 3 2 Port Alias This page provides alias IP address configuration Some devices might have more than one IP addresses You could specify other IP addresses here Port Alias Port Alias 5 3 3 Port Trunk A port trunk is a group of ports that have been grouped together to function as one logical path This method provides an economical way for you to increase the bandwidth between the switch and another networking device In addition it is useful when a single physical link between the devices is insufficient to handle the traffic load This page allows you to configur
50. the server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left accounting attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Authentication and Accounting Server Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server drop down list to switch between the backend servers to show related details ORing Industrial Networking Corp 15 ORing RGPS 9084GP P User Manual RADIUS Authentication Statistics for Server 1 Auto refresh Receive Packets Access Accepts Access Rejects Access Challenges Malformed Access Responses Bad Authenticators Unknown Types Packets Droppe Transmit Packets Access Requests Access Retransmissions Pending Requests Timeouts Other Info IP Address State Round Trip Time 0 0 0 0 1812 Disabled 0 ms e Omen O RADIUS authentication server packet counters There are seven receive and four transmit counters Direction Access Accepts radiusAuthClientExtAccessAccepts Access Rejects Access Challenges Malformed Access radiusAuthClientExtMalformedAccessResponses Res
51. the user is allowed access to the network These backend RADIUS servers are configured on the authentication configuration page MAC based authentication allows for authentication of more than one user on the same port and does not require the users to have special 802 1 X software installed on their system The switch uses the users MAC addresses to authenticate against the backend server As intruders can create counterfeit MAC addresses MAC based authentication is less secure than 802 1X authentication Overview of 802 1X Port Based Authentication In an 802 1X network environment the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible as it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch does not need to know which authentication method the supplicant and the auth
52. to 255 Frames matching the ACE will use this IP protocol value Specifies the time to live settings for the ACE Zero IPv4 frames with a time to live value greater than zero must not be able to match this entry Non zero IPv4 frames with a time to live field greater than zero must be able to match this entry Any any value is allowed don t care ORing Industrial Networking Corp 5 ORing sso User vanal opecifies the fragment offset settings for the ACE This includes settings of More Fragments MF bit and Fragment Offset FRAG OFFSET for an IPv4 frame No IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry IP Fragment Any any value is allowed don t care Specifies the options flag settings for the ACE No IPv4 frames whose options flag is set must not be able to match IP Option this entry Yes IPv4 frames whose options flag is set must be able to match this entry Any any value is allowed don t care opecifies the source IP filter for this ACE Any no source IP filter is specified Source IP filter is don t care Host source IP filter is set to Host Specify the source IP address in the SIP Address field that appears Network source IP filter is set to Network Specify the source IP address and source IP
53. value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN fields allow the user to select the starting point in the MAC table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC table match In addition the two input fields will upon clicking Refresh assume the value of the first displayed entry allows for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When it reaches the end the text no more entries is shown in the displayed table Use the lt lt button to start over ORing Industrial Networking Corp 34 ORi ng RGPS 9084GP P User Manual MAC Address Table Start from VLAN and MAC address 00 00 00 00 00 0 with entries per page Port Members VLAN MAC Address CPU 1 2 3 4 5 6 7 8 9 1011 12 Static 00 1E 94 98 89 89 v Static 00 1E 84 FF FF FF wi Static 01 80 C2 4A 44 06 wi wi wi wi wi wi VW wi wi wi wi Static 33 33 FF A8 0A 01 wi Static 33 33 FE FF FF FF wi Static FF FF FF FF FF FF wi wi wi wi wi v v v v wi wi v 5 10 2 Port Statistics Traffic Overview This page provides an overview of general traffic
54. you click Save Click Delete to undo the addition of new VLANs ORing Industrial Networking Corp 58 ORing RGPS 9084GP P User Manual 5 4 2 Port Configurations This page allows you to set up VLAN ports individually Auto refresh Ethertype for Custom S ports OXissss VLAN Port Configuration Port VLAN Port Type Ingress Filtering Frame Type Mode P Vi b E E E E KIK BE E E E KIK 4 Unaware Untag pvid Unaware Untag pvid Unaware Untag pvid Unaware Unaware Wi Unaware untag pvid Untag pvid Untag pvid Unaware Unaware k Unaware Untag_pvid Untag_pvid 1 3 3 4 J D 7 8 o Untag pvid H e Unaware 11 Unaware Unaware Leg oe This field specifies the Ethertype used for custom S ports This untag pvid Untag_pvid S is a global setting for all custom S ports Custom Ethertype enables you to change the Ethertype value on a port to any value to support network devices that do not use the standard Ethertype for customer 0x8100 Ethertype field value on 802 1Q tagged or S Ports 802 1p tagged frames When Port Type is to S custom port the EtherType also known as TPID of all frames received on the port is changed to the specified value By default the EtherType is set to 0x88a8 IEEE 802 1ad The switch port number to which the following settings will be applied Port can be one of the following types Unaware Customer C port
55. 1 support backup unit DBU 01 RS 232 Serial Console Port LED indicators Power indicator PWR Ring Master Indicator R M O Ring Indicator Ring Green Indicate system operated in O Ring mode Blinking to indicate Ring is broken PoE indicator Blue PoE LED x 8 10 100 1000Base T X RJ45 port Green for port Link Act indicator Dual color LED for speed indicator Green 1000Mbps Amber 100Mbps Off light 10Mbps 100 1000Base X SFP port indicator Green for port Link Act Power Green Power indicator Green Indicate system operated in O Ring Master mode AC 100 240V AC 50 60Hz 260Watts PoE output included Present Power Input Power Consumption Type Overload current protection Physical Characteristic 19 inches rack mountable 443 7 W x230 D x44 H mm 17 47 x 9 1 x 1 73inch 3730 g Enclosure Dimension W x D x H Weight g Environmental Storage Temperature 40 to 85 C 40 to 185 F 5 to 95 Non condensing Regulatory approvals EN61000 4 2 ESD EN61000 4 3 RS EN61000 4 4 EFT EN61000 4 5 Surge EN61000 4 6 CS EN61000 4 8 EN61000 4 11 Shock IEC60068 2 27 Free Fall IEC60068 2 32 Vibration IEC60068 2 6 Warranty 5 years ORing Industrial Networking Corp 1
56. 1 and switch C and D from ring 2 Decide which port on each switch to be used as the coupling port and then link them together for example port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D Then enable Coupling Ring option by checking the checkbox on the management page and select the coupling ring in correspond dance to the connected port For more information on port setting please refer to 4 1 2 Configurations Once the setting is completed one of the connections will act as the main path while the other will act as the backup path Main Pathe O Ring O Rings i c Backup Pathe Switch Ae Switch Ce Dual Homing If you want to connect your ring topology to a RSTP network environment you can use dual homing Choose two switches Switch A amp B from the ring for connecting to the switches in the RSTP network core switches The connection of one of the switches Switch A or B will act as the primary path while the other will act as the backup path that is activated when the primary path connection fails ORing Industrial Networking Corp 15 RGPS 9084GP P User Manual ORing e F RSTP Backup 7 PT DH j Main pathe i Switch A ce Switch B L z O Chain When connecting multiple O Rings to meet your expansion demand you can create an O Chain topology through the following steps 1 Select two switches from the chain Switch A amp B
57. 5 10 5 Cable Diagnostics This page allows you to perform VeriPHY cable diagnostics Updates system log entries ending at the last entry currently lt lt displayed VeriPHY Cable Diagnostics Start Cable Status Port PairA LengthA PairB LengthB Pairc LengthC PairD Length D 1 ORing Industrial Networking Corp 39 ORing swwco User vanal Press Start to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY diagnostics is only accurate for cables 7 140 meters long 10 and 100 Mbps ports will be disconnected while running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Pot The port for which VeriPHY Cable Diagnostics is requested Cable Status Port port number Pair the status of the cable pair Length the length in meters of the cable pair 5 10 6 SFP Monitor SFP modules with DDM Digital Diagnostic Monitoring function can measure the temperature of the apparatus helping you monitor the status of connection and detect errors immediately You can manage and set up event alarms through DDM Web interface SFP Monitor Auto refresh L Port No Temperature C Vcc V TXBias mA TX Power
58. 6 on each switch ORing Industrial Networking Corp 5 ORing essei vanal Combined Auto refresh F Resolve Conflict QoS Control List Status Action User QCE Frame Type Port Class DPL DSCP Conflict No entries User 00 Indicates the QCL user QCE Indicates the index of QCE Indicates the type of frame to look for incoming frames Possible frame types are Any the QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF are Frame Type allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 the QCE will match only IPV4 frames IPv6 the QCE will match only IPV6 frames Indicates the list of ports configured with the QCE Pot Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required to add a QCE Confie may not be available In that case it shows conflict status as Yes otherwise it is always No Pl
59. 8 ft RJ 45 100BASE TX Cat 5 100 ohm UTP UTP 100 m 328 ft RJ 45 1000BASE TX Cat 5 Cat 5e 100 ohm UTP UTP 100 m 828ft RJ 45 With 10 100 1000Base T X cables pins 1 and 2 are used for transmitting data and pins 3 and 6 are used for receiving data 10 100Base T X P S E RJ 45 Pin Assignments Pinner reien 08 RR e REWPaEPWERM 1000Base T P S E RJ 45 Pin Assignments PnMmter enen BI DB with PoE Power input BI DD BI DD BI DC The series also supports auto MDI MDI X operation You can use a cable to connect the switch to a PC The tables below show the MDI and MDI X port pin outs ORing Industrial Networking Corp 12 ORing sesso User vanal 10 100Base T X MDI MDI X Pin Assignments TD transmit RD receive TD transmit RD receive RD receive TD transmit BENT RD receive TD transmit 08 oWwhes 0 Mhe 1000Base T MDI MDI X Pin Assignments Pme w s g e BI DB BI DA BI DD BI DC BI DD BI DC Note and signs represent the polarity of the wires that make up each wire pair BI DC BI DD 3 3 2 Console port The device can be managed via console ports using a RJ 45 cable You can connect the port to a PC using an Ethernet cable to perform management functions 3 3 3 SFP The switch comes with SFP ports that can connect to other devices using SFP modules The SFP modules are hot swappable input output devices th
60. Add lt engineid gt user name MDSISHA lt auth_password gt DES priv password User Changekey lt engineid gt user name auth password priv password Group Add security model security name group name Group Delete index Group Lookup lt index gt View Add view name includedlexcluded oid subtree View Delete index View Lookup lt index gt Access Add group name security model security level read view name write view name Access Delete index Access Lookup index Firmware Load ip addr string file name ORing Industrial Networking Corp 11 ORing sso PTP Configuration lt clockinst gt PortState lt clockinst gt port list enableldisablelinternal ClockCreate lt clockinst gt devtype lt twostep gt lt protocol gt lt oneway gt lt clockid gt lt tag_enable gt lt vid gt lt prio gt ClockDelete lt clockinst gt devtype DefaultDS lt clockinst gt lt priority1 gt lt priority2 gt lt domain gt CurrentDS lt clockinst gt ParentDS lt clockinst gt Timingproperties lt clockinst gt lt utcoffset gt lt valid gt leap59 lt leap61 gt lt timetrac gt lt freqtrac gt lt ptptimescale gt lt timesource gt PTP PortDataSet lt clockinst gt lt port_list gt
61. Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Hold Time Configuration Security AAA page the client is put on hold in Unauthorized state The hold timer does not count during an on going authentication The switch will ignore new frames coming from the client during the hold time The hold time can be set to a number between 10 and 1000000 seconds Pot The port number for which the configuration below applies If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized Admin State In this mode the switch will send one EAPOL Success frame when the port link is up and any client on the port will be allowed network access without authentication Force Unauthorized ORing Industrial Networking Corp 21 ORing ORing Industrial Networking Corp RGPS 9084GP P User Manual In this mode the switch will send one EAPOL Failure frame when the port link is up and any client on the port will be disallowed network access Port based 802 1X In an 802 1X network environment the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and
62. Change Faster mode Enabling this function will cause MRP topology to Advanced mode converge more rapidly This function only can be set in MRP manager switch 1st Ring Port Chooses the port which connects to the MRP ring 2 d Ring Port Chooses the port which connects to the MRP ring ORing Industrial Networking Corp 20 ORing sso Manual 4 4 STP RSTP MSTP 4 4 1 STP RSTP STP Spanning Tree Protocol and its advanced versions RSTP Rapid Spanning Tree Protocol and MSTP Multiple Spanning Tree Protocol are designed to prevent network loops and provide network redundancy Network loops occur frequently in large networks as when two or more paths run to the same destination broadcast packets may get in to an infinite loop and hence causing congestion in the network STP can identify the best path to the destination and block all other paths The blocked links will stay connected but inactive When the best path fails the blocked links will be activated Compared to STP which recovers a link in 30 to 50 seconds RSTP can shorten the time to 5 to 6 seconds In other words RSTP provides faster spanning tree convergence after a topology changes The switch supports STP and will auto detect the connected device running on STP or RSTP protocols RSTP Bridge Setting SIP Bridge Configuration Basic Settings Protocol Version riage Priory Forward Delay Max Age Maximum Hop Count Transmit Hold Count Advanced Settings
63. Force Authorized Force Unauthorized EAPOL Counters Direction IEEE Name Description The number of valid EAPOL frames of an Total dot 1xAuthEapolFramesRx type that have been received by the sachs The number of valid EAP Resp ID frames that EAPO L Cou nters Response ID dotixAuthEapolRespIdFramesRx have been received by the switch The number of valid EAPOL response frames Responses dotixAuthEapolRespFramesRx other than Resp ID frames that have been received by the switch The number of EAPOL Start frames that have been received by the switch The number of valid EAPOL logoff frames that have been received by the switch The number of EAPOL frames that have Invalid Type dotixAuthInvalidEapolFramesRx been received by the switch in which the frame type is not recognized The number of EAPOL frames that have Invalid Length dotixAuthEapLengthErrorFramesRx been received by the switch in which the Packet Body Length field is invalid The number of EAPOL frames of an z Total dotixAuthEapolFramesTx that have been transmitted by DE The number of EAP initial request frames that have been transmitted by the switch The number of valid EAP Request frames Requests dotixAuthEapolReqFramesTx other than initial request frames that have been transmitted by the switch Start dotixAuthEapolStartFramesRx Logoff dotixAuthEapolLogoffFramesRx Request ID dotixAuthEapolReqIdFramesTx These backend RADIUS frame counters are available for the Backend
64. HCP Relay DHCP relay is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain You can configure the function in this page DHCP Relay Configuration Relay Mode Disabled Relay Server 0 0 0 0 Relay Information Mode Disabled Relay Information Policy Save sci Replace Keep Indicates the existing DHCP relay mode The modes include Enabled activate DHCP relay When DHCP relay is enabled the agent forwards and transfers DHCP messages between the clients Relay Mode Relay Server Relay Information Mode and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations Disabled disable DHCP relay Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain Indicates the existing DHCP relay information mode The format of DHCP option 82 circuit ID format is vlan id module id port nol The first four characters represent the VLAN ID and the fifth and sixth characters are the module ID In stand alone devices the module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108 means the DHCP message received form VLAN ID 3 switch ID 1 and port No 8 T
65. I port configuration options are displayed MSTP Bridge Setting MSTP Enable Force Version Configuration Name Revision Level 0 65535 Priority 0 61440 Max Age Time 6 40 Hello Time 1 10 Forward Delay Time 4 30 Max Hops 1 40 s s clalsle S SEL S Priority must be a multiple of 4096 2 Forward Delay Time 1 should be greater than or equal to the Max Age The Max Age should greater than or equal to 2 Hello Time 1 Apply ORing Industrial Networking Corp 25 ORing essei vanal MSTP Enable Enables or disables MSTP function Force Version Forces a VLAN bridge that supports RSTP to operate in an oT P compatible manner Configuration Name The name which identifies the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configurations in order to share spanning trees for MSTIs intra region The name should not exceed 32 characters Revision Level Revision of the MSTI configuration named above This must be Priority 0 61440 A value used to identify the root bridge The bridge with the lowest value has the highest priority and is selected as the root If the value changes you must reboot the switch The value must be a multiple of 4096 according to the protocol standard rule Max Age Time 6 40 The number of seconds a bridge waits without receiving Spanning tree Protocol configuration messages before attempting a reconfigu
66. IUS Authentication Server Configuration Enabled IP Address The RADIUS authentication server number for which the configuration below applies Enabled Check to enable the RADIUS authentication server The IP address or hostname of the RADIUS authentication server IP IP Address address is expressed in dotted decimal notation The UDP port to use on the RADIUS authentication server If the port is set to O zero the default port 1812 is used on the RADIUS authentication server Enabled Secret L L 1813 O O 1813 L 1813 L DG The RADIUS accounting server number for which the configuration below applies ORing Industrial Networking Corp 13 RGPS 9084GP P User Manual Check to enable the RADIUS accounting server The IP address or hostname of the RADIUS accounting server IP address is expressed in dotted decimal notation The UDP port to use on the RADIUS accounting server If the port is set to O zero the default port 1813 is used on the RADIUS accounting server The secret up to 29 characters long shared between the RADIUS accounting server and the switch stack Authentication and Accounting Server Status Overview This page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page RADIUS Authentication Server Status Overview Auto refresh IP Address Status Disabled Disabled Disabled Disabled Dis
67. IUS packets valid or invalid received from the server The number of malformed RADIUS packets received from the server Malformed packets include packets radiusAccClientExtMalformedResponses with an invalid length Bad authenticators or or unknown types are not included as malformed access responses The number of RADIUS packets containing invalid authenticators received from the server The number of RADIUS packets of unknown types that were received from the server on the accounting port The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest RFC4670 Name Round Trip Time radiusAccClientExtRo
68. Ji w 11 12 1 k ORing Industrial Networking Corp 1 ORing sso User vanal Rate Limiter ID The rate limiter ID for the settings contained in the same row The rate unit is packet per second pps which can be configured as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps ACL Control List This page allows you to configure ACE Access Control Entry An ACE consists of several parameters These parameters vary with the frame type you have selected First select the ingress port for the ACE and then the frame type Different parameter options are displayed according to the frame type you have selected A frame matching the ACE can be configured here ACE Configuration Ingress Port Action Frame Type f Rate Limiter Port Copy Logging Shutdown Counter ue nem Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this port number where n is the number of Ingress Port the switch port Policy n the ACE applies to this policy number where n can range from 1 to 8 Indicates the frame type of the ACE These frame types are mutually exclusive Any any frame can match the ACE Ethernet Type only Ethernet type frames can match the ACE The Frame Type l IEEE 802 3 descripts the value of length types should be greater than or equal to 1536 decima
69. OMSONS EE 13 OO 13 3 3 4 Ring Topology EE 14 Se TU E e Y eT 17 4 1 ell Wc 17 SEN Ee ee Tel ee EE 17 4 1 2 CGonfguraions nennen nennen nnne nnne nnn nnns anna nnns 17 4 2 Quoc 19 82 OOU IO ee E nnn eee tete eee tuuc ma Ete 19 Ae e ele de o side rente haces E sente ui boss talea ges 19 4 3 yi Pes 20 SS Gu MOUCHO RU 20 A302 e inte e len EE 20 4 4 STR R TRM FE e 21 AA LPR OTP ee E EEA gr iE REE mA MTP E gr Mie RSE AA GST E SERA eRe ORing Industrial Networking Corp 2 ORing cesso User vanal 4 5 xccialecolg n 21 Management ee 30 5 1 sciiePe ligeq 32 SEE S0 nM nre duco RR 32 Sues AMME PAS WO ME 33 SES AUNG CA NIE a a 33 DA IP Settings sses e 34 Osteo APVO dee UR 35 SEE MEE UN TREE 36 E GE tapers 38 Sid ets cam BD deeg 39 DLI e TO P a 42 5 1 10 Backup Restore Confguraions 44 Sk oum UE 44 5 2 Bis l i PSG CP NRI 44 35 SN E 44 SP PL NEN Uc ene E TET 46 E SUO I dA d 46 5 2 4 DHOP Relay n 47 5 3 PO OCUN E 49 SSA ein ONTO EE 49 E GN Gei 8 ERT 51 539 EM Ree Mee e EE 56
70. Option The number of packets dropped when received messages contain relay agent information 5 3 Port Setting Port Setting allows you to manage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This page shows current port configurations Ports can also be configured here Port Configuration Speed Flow Control Maximum Power Current Configured Current Rx Current Tx Configured Frame Size Control Down Down Down 100fdx Down lGfdx iGfdx Down Disabled bul Disabled k Disabled v 1 2 3 4 5 5 7 g 9 e Down I HI Down SKK KKK KK AK KK A SKK KKK KK KK OM A beh ek ee 98 ee IUE I Ka Down ORing Industrial Networking Corp 49 ORing sso User vanal The switch port number to which the following settings will be applied The current link state is shown by different colors Link Green indicates the link is up and red means the link is down The drop down list provides available link speed options for a given switch port Auto selects the highest speed supported by the link Configured Link Speed partner Disabled disables switch port configuration configures all ports When Auto is selected for the speed the flow control will be negotiated to the capacity advertised by the link partner When a fixed speed setting is selected that is what is used Current Rx indicates whether pause frames on Flew Conti
71. Priority is the highest Click to activate the configurations ORing Industrial Networking Corp 29 ORing nopsowopP user manual Management The switch can be controlled via a built in web server which supports Internet Explorer Internet Explorer 5 0 or above versions and other Web browsers such as Chrome Therefore you can manage and configure the switch easily and remotely You can also upgrade firmware via a web browser The Web management function not only reduces network bandwidth consumption but also enhances access speed and provides a user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for network ports Preparing for Web Management You can access the management page of the switch via the following default values IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin System Login 1 Launch the Internet Explorer 2 Type http and the IP address of the switch Press Enter Fa Se geom e IOR 192 168 10 1 P gt X l Google EAT Maps Play YouTube News Gmail Documents Calendar More A login screen appears 4 Type in the username and password The default username and password is admin 5 Click Enter or OK button the management Web page appears ORing I
72. QoS class can be overruled by a QCL entry Note if the default QoS class has been dynamically changed then the actual default QoS class is shown in parentheses after the configured default QoS class ORing Industrial Networking Corp 79 ORing sesso User vanal Controls the default Drop Precedence Level All frames are classified to a DP level If the port is VLAN aware and the frame is tagged then the frame is classified to a DP level that is equal to the DEI value in the tag Otherwise the frame is classified to the default DP level eevee If the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default DP level The classified DP level can be overruled by a QCL entry Controls the default PCP value All frames are classified to a PCP value PCP If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value Controls the default DEI value All frames are classified to a DEI value If the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level
73. S prevention status Possible statuses are disable DDoS Prevention Analyzing analyzes packet throughput for initialization Status Running analysis completes and ready for next move Attacked DDOS attacks occur Device IP Address Specifies IP address of the device Device MAC Specifies MAC address of the device Address Advanced Configurations Alias IP Address This page provides Alias IP Address configuration Some devices might have more than one IP addresses You could specify the other IP address here Alias IP Address Alias IP Address Aa iW RJ LR zl C Ln Specifies alias IP address Keep 0 0 0 0 if the device does not have Alias IP Address an alias IP address ORing Industrial Networking Corp 2 ORing sso User Manual Alive Check You can use ping commands to check port link status If port link fails you can set actions from the drop down list Alive Check Action Status n Link Change Only Log it Shunt Down the Port Reboot Device A ae a B C Link Change Disables or enables the port Only log it Simply sends logs to the log server Shunt Down the Port Reboot Device Disables or enables PoE power DDoS Prevention This page provides DDOS Prevention configurations The switch can monitor ingress packets Disables the port and perform actions when DDOS attack occurred on this port You can configure the setting to achieve maximum protection DDOS Pr
74. Service S port Custom Service Port type di S custom port C port each frame is assigned to the VLAN indicated in the ORing Industrial Networking Corp 59 ORing Ingress Filtering Frame Type Port VLAN Mode ORing Industrial Networking Corp RGPS 9084GP P User Manual VLAN tag and the tag is removed S port the EtherType of all received frames is changed to 0x88a8 to indicate that double tagged frames are being forwarded across the switch The switch will pass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag other than the EtherType field S custom port the EtherType of all received frames is changed to value set in the Ethertype for Custom S ports field to indicate that double tagged frames are being forwarded across the switch The switch will pass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag other than the EtherType field Unaware all frames are classified to the Port VLAN ID and tags are not removed Enable ingress filtering on a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame will be discarded By default ingress filtering is disabled no check mark Determines whether the port accepts all frames or only t
75. TP clock settings PTP External Clock Mode PTP External Clock Mode eee Disable External Enable VCXO Enable Clock Frequency One pps mode External Enable VCXO Enable The box allows you to select One pps mode configurations The following values are possible Output enable the 1 pps clock output Input enable the 1 pps clock input Disable disable the 1 pps clock in out put The box allows you to configure external clock output The following values are possible True enable external clock output False disable external clock output The box allows you to configure the external VCXO rate adjustment The following values are possible True enable external VCXO rate adjustment False disable external VCXO rate adjustment ORing Industrial Networking Corp 42 ORing sweet Clock Frequency The box allows you to set clock frequency The range of values is 1 25000000 1 25MHz PTP Clock Configurations PTP Clock Configuration Port List Deleg C Device 533456789 101112 13 1415 16 17 18 19 20 Instance Type No Clock Instances Present Add New PTP Clock Check this box and click Save to delete the clock instance Clock Instance Indicates the instance of a particular clock instance 0 3 Click on the clock instance number to edit the clock details Device Type Indicates the type of the clock instance There are five device types Ord Bound ordinary boundary clock P2p Transp peer to peer tr
76. The default value is 500 ORing sso User vanal _ This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the unit of measurement for each port shaper rate as Port Shaper Unit l kbps or Mbps The default value is kbps Weighted QoS Egress Port Scheduler and Shapers Port 1 Scheduler Mode Queue Shaper Queue Scheduler Port Shaper Enable Rate Unit Excess Weight Percent Enable Rate Unit Controls whether the scheduler mode is Strict Priority or Scheduler Mode Weighted on this switch port Queue Shaper EE Sep Check to enable queue shaper for individual switch ports nable Configures the rate of each queue shaper The default value is Queue Shaper Rate 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of each queue shaper The default value is ORing Industrial Networking Corp 1 ORing sso User vanal _ 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Allows the queue to use excess bandwidth Excess Configures the weight of each queue The default value is 17 Queue Scheduler Weight This value is restricted to 1 to 100 This parameter is only shown if Scheduler Mode is set to Weighted Queue Scheduler Shows the weigh
77. abled The RADIUS server number Click to navigate to detailed statistics of the server The IP address and UDP port number in IP Address gt lt UDP Port IP Address notation of the server The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP communications are built and the RADIUS module is ready to accept access attempts Dead X seconds left access attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires The number of seconds left before this occurs is displayed in CGlightisiiewiness Industrial Networking Corp 14 ORing sso User vanal parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Server Status Overview Status Disabled Disabled Disabled Disabled Disabled The RADIUS server number Click to navigate to detailed statistics of the server The IP address and UDP port number in IP Address gt lt UDP IP Address l Port gt notation of the server The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready
78. ackets If packet type is UDP or TCP please specify the socket number here The socket number can be a range from low to Socket Number high If the socket number is only one please fill the same number in the low and high fields If packet type is UDP or TCP please choose the socket direction Destination Source Indicates the action to take when DDOS attacks occur Possible actions are no action Blocking 1 minute blocks the forwarding for 1 minute and log the event Blocking 10 minute blocks the forwarding for 10 minutes and log the event Blocking blocks and logs the event Shunt Down the Port shuts down the port No Link and logs the event Only Log it simply logs the event Reboot Device if PoE is supported the device can be rebooted The event will be logged Indicates the DDOS prevention status Possible statuses are disables DDOS prevention Analyzing analyzes packet throughput for initialization C x minsindust AP RGINOIKINS S amp Industrial Networking Corp 4 ORing nopsowopP user manual Running analysis completes and ready for next move Attacked DDOS attacks occur Device Description This page allows you to configure device description settings Device Description Device Location Address Description IP Camera IP Phone Access Point 4 lt 4 D DJ C Dm P W M 4 Indicates device types Possible types are no specification Device Type IP Ca
79. agged untagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port will be discarded By default the field is set to All The allowed values are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag pvid when this mode is used If Specific the default value is selected a port VLAN ID can be configured see below Untagged frames received on the port are classified to the port VLAN ID If VLAN awareness is disabled all frames received on the port are classified to the 60 ORing Port VLAN ID RGPS 9084GP P User Manual port VLAN ID Introduction of Port Types Below is a detailed description of each port type including Unaware C port S port and o custom port port VLAN ID If the classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID a VLAN tag with the classified VLAN ID will be inserted in the frame Configures the VLAN identifier for the port The allowed range of the values is 1 through 4095 The default value is 1 Note The port must be a member of the same VLAN as the Determines egress tagging of a port Untag pvid all VLANs except the configured PVID wil
80. al Configuration all lt port_list gt Timezone lt offset gt Log lt log_id gt alllinfolwarninglerror clear DHCP enableldisable Setup lt ip_addr gt ip mask lt ip_router gt lt vid gt Restore Default keep_ip Ping lt ip_addr_string gt lt ping_length gt SNTP lt ip_addr_string gt Configuration lt port_list gt upldown Mode lt port_list gt autol LOhdxl1Ofdxl 1OOhdxl 100fdx 1000fdxlsfp auto ams Flow Control lt port_list gt enableldisable VeriPHY lt port_list gt SFP lt port_list gt MAC Configuration lt port_list gt Add lt mac_addr gt lt port_list gt lt vid gt Delete lt mac_addr gt lt vid gt ORing Industrial Networking Corp 2 ORing swa Lookup mac addr lt vid gt Agetime age time Learning lt port_list gt autoldisablelsecure Dump mac max mac addr lt vid gt Statistics lt port_list gt VLAN PortType lt port_list gt unawarelc portls portls custom port Status lt port_list gt combinedlstaticlnaslmstplalllconflicts Private VLAN Configuration lt port_list gt Add lt pvlan_id gt lt port_list gt Delete lt pvlan_id gt Lookup lt pvlan_id gt Isolate lt port_list gt enableldisable Security Switch Switch security setting ORing Industrial Networking Corp 3 ORing RGPS 9084GP P User Manual Network Network sec
81. alid RADIUS user can be used by anyone and only the MD5 Challenge method is supported 802 1X and MAC Based authentication configurations consist of two sections system and port wide ORing Industrial Networking Corp 19 ORing kso Manual Network Access Server Configuration System Configuration Mode Disabled Reauthentication Enabled Reauthentication Period 3600 seconds EAPOL Timeout seconds Aging Period seconds Hold Time seconds Port Configuration Port State Restart Admin State Force Authorized Globally Disabled Reauthenticate Reinitialize Globally Disabled Reauthenticate Reinitialize Globally Disabled Reauthenticate Reinitialize 1 sen 2 Globally Disabled Reauthenticate Reinitialize 4 MAC based Auth 5 v Force Authorized D i Indicates if 802 1X and MAC based authentication is globally enabled or disabled on the switch If globally disabled all ports are allowed to forward frames If checked clients are reauthenticated after the interval specified Globally Disabled Reauthenticate Reinitialize by the Heauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is E plugged into a switch port Reauthentication For MAC based ports reauthentication is only useful if the Enabled RADIUS server configuration has changed It does not involve communication between the switch and the client and theref
82. ansparent clock E2e Transp end to end transparent clock Master Only master only Slave Only slave only Port List Set check mark for each port configured for this Clock Instance 2 Step Flag Static member defined by the system true if two step Sync events and Pdelay_Resp events are used Clock Identity Shows a unique clock identifier One Way If true one way measurements are used This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay requests Protocol Transport protocol used by the PTP protocol engine Ethernet PTP over Ethernet multicast ip multi PTP over IPv4 multicast ip4uni PTP over IPv4 unicast Note IPv4 unicast protocol only works in Master Only and Slave Mettet i Industrial Networking Corp 43 ORing nopsowopP usor manual Only clocks For more information please refer to Device Type In a unicast Slave Only clock you also need to configure which master clocks to request Announce and Sync messages from For more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note packets are only tagged if the port is configured for VLAN tagging i e Port Type Unaware and PortVLAN mode None and the port is member of the VLAN VLAN identifiers used for tagging the PTP frames Priority code point values us
83. arded mm em em em em em em em em d ORing Industrial Networking Corp 64 ORing essere Manal Examples of VLAN Settings VLAN Access Mode Switch A Switch B Switch C VLAN 10 9000 Series 9000 Series ond Sedes EE ZP VLAN Trunk VLAN Trunk VLAN 20 VLAN 20 10 20 10 20 Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the switch settings Open all VLAN Membership Configuration Eg System Information Front Panel E Mm Basic Setting Mm DHCP Server Relay Start from VLAN with entries per page gn em e D D Port Setting Redundancy VLAN Ey VLAN Membership ga Ports Private VLAN SNMP Traffic Prioritization Multicast for port 1 VLAN trunk setting Port Members Delete VLAN ID H VLAN Name 17345 6 7 8 9 1011 12 vaiva va va va vajva vaivajvavalva Hn H D D D Security Warning Monitor and Diag Synchronization for port ZS port 8 VLAN Access PoE FEES PRERPRPRRR ER gy VLAN Membership le gt v d lt gt MI lt gt 1 lt gt v i So 1 C port v L Tagged Specific v 1 Tag all v Private VLAN 2 m o All Sal IN S r Unt dili D SNMP beak Mc uo So peo Traffic
84. asterisk 5 5 7 SNMP Access Configurations This page allows you to configure SNMPv3 access table The entry index keys are Group Name Security Model and Security Level SNMPv3 Accesses Configuration Delete Group Name Security Model Security Level Read View Name Write View Name d default_ro_group any NoAuth NoPriv default view e C default rw group any NoA uth NoPriv default view e default view Check to delete the entry It will be deleted during the next save A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates the security model that this entry should belong to Possible security models include any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Model Indicates the security model that this entry should belong to Possible security models include Security Level NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this Read View Name request may request the current values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed The name of the MIB view defining the MIB objects for which this Write View Name re
85. at can be plugged into the SFP ports to connect the switch with the fiber optic network Remember that the TX port of Switch A should be connected to the RX port of Switch B ORing Industrial Networking Corp 13 ORing cswwco User vanal Switch A owitch B 1 Insert clean dust plugs into the SFPs after the cables are extracted from them 2 Clean the optic surfaces of the fiber cables before you plug them back into the optical bores of another SFP module 3 Avoid getting dust and other contaminants into the optical bores of your SFP modules in cases of malfunction 3 3 4 Ring Topology O Ring You can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps 1 Connect each switch to form a daisy chain using an Ethernet cable 2 Set one of the connected switches to be the master and make sure the port setting of each connected switch on the management page corresponds to the physical ports connected For information about the port setting please refer to 4 1 2 Configurations 3 Connect the last switch to the first switch to form a ring topology ORing Industrial Networking Corp 14 ORing swwco User vanal Coupling Ring If you already have two O Ring topologies and would like to connect the rings you can form them into a coupling ring All you need to do is select two switches from each ring to be connected for example switch A and B from Ring
86. ated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expired the same server will be contacted when the next backend 22 ORing ORing Industrial Networking Corp RGPS 9084GP P User Manual authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate a Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Single 802 1X variant Single 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communications between the supplicant and the switch If more than one supplicant are connected to a port the one that comes first when the port s link is connected will be the first one considered If that supplicant does not provide valid credentials wit
87. ation Port VLAN Mode ID Port Type Ingress Filtering Frame Type Specific v 1 Unaware None pecinc m Untag pvid 4 Unaware v All w Specific 5 Unaware All M Specific v _1 Untag_pvid 6 Unaware M All Specific 1 Untag_pvid When setting the management VLAN only the same VLAN ID port can be used to control the switch ORing Industrial Networking Corp 68 ORing ewe Manel 9000series VLAN Settings Open all IP Configuration Ey System Information Ey Front Panel E Basic Setting Basic Setting Admin Password Auth Method Configured Current DHCP Client Renew IP Address 192 168 10 2 192 168 10 2 IP Mask 200 200 2000 200 200 2000 IP Router IP Setting IPv6 Setting n el E ERES HTTPS DURE SSH LLDP Modbus TCP Backup Restore Upgrade Firmware d ES E E MAP E EH ES E EH EU EN 5 4 3 Private VLAN The private VLAN membership configuration for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and private VLAN IDs can be identical A port must be a member of b
88. auses the port to disable itself upon receiving valid BPDU s Contrary to the similar bridge setting the port Edge status does not effect this setting Point to Point Controls whether the port connects to a point to point LAN rather than to a shared medium This can be automatically determined or forced either true or false Transition to the forwarding state is faster for point to point LANs than for shared media Apply Click to apply the configurations 4 4 2 MSTP Since the recovery time of STP and RSTP takes seconds which is unacceptable in industrial applications MSTP was developed The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning tree instances known as MSTIs to form individual MST regions Each switch is assigned to an MST region Hence each MST region consists of one or more MSTP switches with the same VLANSs at least one MST instance and the same MST region name Therefore switches can use ORing Industrial Networking Corp 24 ORing RGPS 9084GP P User Manual different paths in the network to effectively balance loads Bridge Settings This page allows you to examine and change the configurations of current MSTI ports A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before MST
89. authentication servers Authentication Server Configuration Common Server Configuration Timeout seconds Dead Time seconds The timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this time frame we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by Timeout design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead The dead time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request Dead Time This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the dead time to a value greater than 0 zero will enable this feature but only if more than one server has been configured ORing Industrial Networking Corp 12 ORing RGPS 9084GP P User Manual 5 8 5 RADIUS Authentication and Accounting Server Configurations The table has one row for each RADIUS authentication server and a number of columns which are RAD
90. based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted Access Challenges dotixAuthBackendAccessChallenges Other Requests dotixAuthBackendOtherRequestsToSupplicant Auth Successes dotixAuthBackendAuthSuccesses Information about the last supplicant client that attempts to authenticate This information is available for the following administrative states 802 1X MAC based Auth Last Last Supplicant Client Info IFFE Name Description dotixAuthLastEapolFrameSource The MAC address of the last supplicant client Info The VLAN ID on which the last frame from the last supplicant client was received 802 1X based The protocol version number carried in the most Version dotixAuthLastEapolFrameVersionrecently received EAPOL frame MAC based Not applicable 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable Supplicant Client 5 9 Warning 5 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the electric relay will signal at the same time ORing Industrial Networking Corp 28 ORing nopsowopP usor Manual Port Link Down Broken Port Active GA Fault Alarm Power Failure PWR 1 PWR 2 iQ o
91. before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS Trip radiusAuthClientExtRoundTripTime authentication server The granularity of this measurement is 100 ms A value of Time ORing Industrial Networking Corp 0 ms indicates that there hasn t been round trip communication with the server yet 16 ORing RGPS 9084GP P User Manual RADIUS Accounting Statistics for Server 1 Receive Packets Responses Malformed Responses Bad Authenticators Unknown Types Packets Dropped Transmit Packets Requests Retransmissions Pending Requests Timeouts Other Info IP Address State Round Trip Time 0 0 0 0 1813 Disabled ms RADIUS accounting server packet counters There are five receive and four transmit counters Direction Responses Malformed Responses Bad Authenticators Unknown Types Packet Counters Packets Dropped Requests Retransmissions Pending Requests Timeouts radiusAccClientExtResponses radiusAcctClientExtBadAuthenticators radiusAccClientExtUnknownTypes radiusAccClientExtPacketsDropped radiusAccClientExtRequests radiusAccClientExtRetransmissions radiusAccClientExtPendingRequests radiusAccClientExtTimeouts RFC4670 Name Description The number of RAD
92. bled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled The switch port number to which the following settings will be ro pi Mode T Shows disabled or actual queue shaper rate e g 800 Mops fan EE EECH 5 6 10 DSCP Based QoS This page allows you to configure basic QoS DSCP based QoS Ingress Classification settings for all switches DSCP Based QoS Ingress Classification DSCP Trust Oo8 Class DPL C 0 BE O 1 S 2 O S 1 S s S DSCP Maximum number of supported DSCP values is 64 Check to trust a specific DSCP value Only frames with trusted DSCP values are mapped to a specific QoS class and drop precedence level Frames with untrusted DSCP values are ORing sweet DF treated as a non IP frame QoS Class QoS class value can be any number from 0 7 DPL Drop Precedence Level 0 1 5 6 11 DSCP Translation This page allows you to configure basic QoS DSCP translation settings for all switches DSCP translation can be done in Ingress or Egress DSCP Translation Ingress Egress Translate Classify Remap DPO Remap DP1 DSCP 0 BE S o i A i z i A 2
93. c oh HG L LI LI LI d LI d C 5 9 2 System Warning SYSLOG Setting The SYSLOG is a protocol that transmits event notifications across networks For more details please refer to RFC 3164 The BSD SYSLOG Protocol System Log Configuration Server Mode Disabled Server Address Server Mode Indicates existing server mode When the mode operation is enabled the syslog message will be sent to syslog server The syslog protocol is based on UDP communications and received on UDP port 514 and the syslog server will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible modes are Enabled enable server mode Disabled disable server mode ORing Industrial Networking Corp 29 ORing ewe Manel SYSLOG Server Indicates the IPv4 host address of syslog server If the switch provides IP Address DNS functions it also can be a host name SMTP Setting SMTP Simple Mail Transfer Protocol is a protocol for transmitting e mails across the Internet For more information please refer to RFC 821 Simple Mail Transfer Protocol SMTP Setting E mail Alert SMTP Server Address Sender E mail Address Mail Subject Authentication Recipient E mail Address 1 Po Recipient E mail Address 2 Po Recipient E mail Address 3 Po Recipi
94. ceived or when the entry ages out Each LLDP frame can contain multiple pieces of information TLVs Discarded known as TLVs Type Length Value If a TLV is malformed it will be counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Each LLDP frame contains information about how long the LLDP information is valid age out time If no new LLDP frame is Org Discarded The number of organizationally TLVs received Age Outs received during the age out time the LLDP information will be removed and the value of the age out counter will be incremented Refresh Click to refresh the page immediately 5 Click to clear the local counters All counters including global ear counters are cleared upon reboot Check to enable an automatic refresh of the page at regular Auto refresh intervals 5 1 10 NTP Network Time Protocol NTP is a networking protocol for clock synchronization between computer systems over packet switched variable latency data networks ORing Industrial Networking Corp 42 ORing eswwceose Manual NTP Configuration Mode Disabled Server 1 Server 2 Server 3 Server 4 Server 5 Time 00 38 15 T Enabled enable NTP Disabled disable NTP i E If NTP synchronization completed this field will show Date Time Date Time nfo 5 1 11 Modbus TCP Modbus TCP uses TCP IP and Et
95. d SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be Write Community associated with SNMPv3 community table Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users ORing Industrial Networking Corp 71 ORing ksswceo User Manual 5 5 2 SNMP Trap SNMP Trap Configuration Trap Mode Trap Version Trap Community public Trap Destination Address Trap Destination IPv6 Address Trap Authentication Failure Trap Link up and Link down Enabled v Trap Inform Mode Trap Inform Timeout seconds Trap Inform Retry Times Indicates existing SNMP trap mode Possible modes include Trap Mode Enabled enable SNMP trap mode Disabled disable SNMP trap mode Indicates the supported SNMP trap version Possible versions include Trap Version SNMP v1 supports SNMP trap version 1 SNMP v2c supports SNMP trap version 2c SNMP v3 supports SNMP trap version 3 Indicates the community access string when sending SNMP trap Trap Community packets The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed Trap Destination Indicates the SNMP trap destination address Address Provides the trap destination of this switch in IPv6 address IPv6 address consists of 128 bits represented as eight groups of four
96. d method for connecting two rings Ports for connecting multiple rings A coupling ring needs four switches to build an active and a backup link Links formed by the coupling ports will run in active backup mode Check to enable Dual Homing When Dual Homing is enabled the ring will be connected to normal switches through two RSTP links ex backbone Switch The two links work in active backup mode and connect each ring to the normal switches in RSTP mode Apply Click to apply the configurations Note due to heavy loading setting one switch as ring master and coupling ring at the same time is not recommended ORing Industrial Networking Corp 18 ORing cswwco User vanal 4 2 O Chain 4 2 1 Introduction O Chain is ORing s revolutionary network redundancy technology which enhances network redundancy for any backbone networks providing ease of use and maximum fault recovery swiftness flexibility compatibility and cost effectiveness in a set of network redundancy topologies The self healing Ethernet technology designed for distributed and complex industrial networks enables the network to recover in less than 10ms for up to 250 switches if at any time a segment of the chain fails O Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the most robust network topologies It can create multiple redundant networks beyond the limitations of current redundant r
97. e the aggregation hash mode and the aggregation group Configurations Aggregation Mode Configuration Hash code Contributors Source MAC Address Destination MAC Address IP Address TCP UDP Port Number Source MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Calculates the destination port of the frame You can check this Address box to enable the destination MAC address or uncheck to disable By default Destination MAC Address is disabled IP Address Calculates the destination port of the frame You can check this ORing Industrial Networking Corp 51 ORing sweet box to enable the IP address or uncheck to disable By default IP Address is enabled TCP UDP Port Calculates the destination port of the frame You can check this Number box to enable the TCP UDP port number or uncheck to disable By default TCP UDP Port Number is enabled Aggregation Group Configuration Port Members 6 7 8 n ki Group ID Normal OOOOOOCL OOOOOOCLE OOOOOOCLR OOOOOOCL OOOOO0OO e OOOO 00D O00900 00900000S 000909000 OOOOO0OO OOOO 00 Indicates the ID of each aggregation group Normal means no aggregation Only one group ID is valid per port Port Members Lists each switch port for each group ID Select a radio button to include a port in an aggregatio
98. e amp Transmit Detailed Port Statistics Port 1 Auto refresh L Receive Total Transmit Total Rx Packets Tx Packets R Octets Tx Octets Rx Unicast Tx Unicast Rx Multicast Tx Multicast Rx Broadcast O0 Tx Broadcast Rx Pause 0 Tx Pause Receive Sire Counters Transmit Size Counters Rx 65 127 Bytes Tx 65 127 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 512 1023 Bytes Rx 1024 1526 Bytes Receive Queue Counters Recetve Error Counters Transmit Error Counters Rx CRC Alignment 0 TxLate Exc Coll Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered ORing Industrial Networking Corp 36 ORing ssh User vanal Rx and Tx Packets The number of received and transmitted good and bad packets The number of received and transmitted good and bad bytes Rx and Tx Octets l l including FCS except framing bits The number of received and transmitted good and bad unicast Rx and Tx Unicast packets Rx and Tx The number of received and transmitted good and bad multicast Multicast packets Rx and Tx The number of received and transmitted good and bad broadcast Broadcast packets The number of MAC Control frames received or transmitted on this Rx and Tx Pause 2 port that have an opcode indicating a PAUSE operation Rx The number of frames received with CRC or alignment errors The number of frames dropped due to insufficient receive buffer or Rx Drops egress congestion CRC Alignme
99. e ID Circuit ID Remote ID Q 0 0 Q 0 Q 0 0 Client Statistics Transmit Transmit Receive Receive Replace Keep Drop to Client Error from Client Agent Option Agent Option Agent Option Agent Option 0 0 Label Description Transmit to Sever The number of packets relayed from the client to the server Transmit Error The number of packets with errors when being sent to clients Receive from Server The number of packets received from the server Receive Missing Agent The number of packets received without agent information Option Receive Missing The number of packets received with Circuit ID Circuit ID Receive Missing The number of packets received with the Remote ID option Remote ID missing Receive Bad Circuit ID The number of packets whose Circuit ID do not match the ORing Industrial Networking Corp 48 ORing sesso User vamal Receive Bad Remote ID The number of packets whose Remote ID do not match the known Remote ID Transmit to Client The number of packets relayed from the server to the client The number of packets with errors when being sent to servers Receive from Client The number of packets received from the server Receive Agent Option The number of received packets containing relay agent information Replace Agent Option The number of packets replaced when received messages contain relay agent information Keep Agent Option The number of packets whose relay agent information is retained Drop Agent
100. e the entry keys In a simple agent usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system engine ID then it is local user otherwise it s remote user A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates the security model that this entry should belong to Possible security models include NoAuth NoPriv no authentication and none privacy Auth NoPriv Authentication and no privacy Security Level Auth Priv Authentication and privacy The value of security level cannot be modified if the entry already exists which means the value must be set correctly at the time of entry creation Authentication Indicates the authentication protocol that this entry should Protocol belong to Possible authentication protocols include ORing Industrial Networking Corp 74 ORing sso User vanal None no authentication protocol MD5 an optional flag to indicate that this user is using MD5 authentication protocol SHA an optional flag to indicate that this user is using SHA authentication protocol The value of security level cannot be modified if the entry already exists which means the value must be set correctly at the time of ent
101. e ww w Disable v Disable d Disable v Disable Disable hl Disable Vv ORing sesso User vanal Shows the list of ports for which you can configure DSCP Ingress and Egress settings In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress 1 Translate 2 Classify 1 Translate Check to enable ingress translation Classification has 4 different values Disable no Ingress DSCP classification DSCP20 classify if incoming or translated if enabled DSCP l is 0 ipd Selected classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific DSCP All classify all DSCP Port egress rewriting can be one of the following options Disable no Egress rewrite Enable rewrite enabled without remapping Remap DP Unaware DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation gt Egress Remap DPO table Remap DP Aware DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation gt Egress Remap DPO table or from the DSCP Translation gt Egress Remap DP1 table ORing Industrial Networking Corp 82 ORing sso Manual 5
102. ease note that conflict can be resolved by releasing the hardware resources required to add the QCL entry by pressing Resolve Conflict button ORing Industrial Networking Corp 6 ORing cswwco User vanal 5 Multicast 5 7 1 IGMP Snooping This page provides IGMP Snooping related configurations IGMP Snooping Configuration Global Configuration Snooping Enabled F Unregistered IPMCv4 Flooding Enabled Port Related Configuration Port Router Port Fast Leave bey 99 OI o PS bey ek I SN Snooping Enabled Check to enable global IGMP snooping Unregistered IPMCv4Flooding Check to enable unregistered IPMC traffic flooding enabled Specifies which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or Router Port IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Check to enable fast leave on the port 5 7 2 VLAN Configurations of IGMP Snooping Each page shows up to 99 entries from the VLAN table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input field allows the user to select the starting point in the VLAN Table Clicking the Refresh button wi
103. ed for PTP frames 5 12 PoE 5 12 1 Configurations PoE Power Over Ethernet is a technology that transmits electrical power to remote devices over standard Ethernet cables It can provide power for IP telephones wireless LAN access points and other equipment in places where power supply is difficult or expensive deploy Power Over Ethernet Configuration IL Ris miizit ani ud Class Q Allocation Q LLDP MED Power Management Mode Actual Consumption Reserved Power PoE Power Supply Configuration Primary Power Supply W 240 PoE Port Configuration PoE Mode Priority Maximum Power W E lt gt wl lt gt v ES r Low ORing Industrial Networking Corp 44 ORing sesso User vanal Reserved Power There are three modes available when configuring the reserved determined by power of each port or power devices Allocation users can allocate the amount of power that each port reserves The allocated reserved power for each port power device is specified in the Maximum Power field Class each port automatically determines how much power to reserve according to the class the connected power device belongs to and then reserves the power accordingly Four different port classes are available including 4 7 15 4 and 30 Watts In this mode the maximum power field will gray out LLDP MED this mode is similar to the Class mode except that each port determines the amount power it wants to reserve
104. elow to access console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inputting commands or from the MS DOS prompt as below SS 0 25 Type the name of a program Folder document or Internet resource and Windows will open it For you Open telnet 192 168 10 1 ll Cancel Browse Step 2 The Login screen will appear Use the keyboard to enter the Username and Password same as the password for Web browser and then press Enter RGPS 9084GP P User Manual RGPS5 9 7H84GP P Command Line Interface Username Password Commander Groups s E System settings and reset options IP configuration and Ping Port management MAC address table Uirtual LAN Private ULAH Security management Spanning Tree Protocol Link Aggregation Link Aggregation Control Protocol Link Layer Discovery Protocol Power Over Ethernet Quality of Service Port mirroring Load Save of configuration via TFIP Download of firmware via TFIP TEEFEIS88 Precision Time Protocol Loop Protection IPLE EE V Snooping Fault Alarm Configuration Event Selection DHCP Server Configuration Ring Configuration Chain Configuration Remote Control Security Fast Recovery Configuration SFP Monitor Configuration Device Binding Configuration MRP Configuration Modebus TCP Configuration Fastrecovery SFF DeviceBinding MRF Modbus ORing Industrial Networking Corp 1 ORing sw van
105. ent E mail Address 4 Po Recipient E mail Address 5 Po Recipient E mail Address 6 Po E mail Alarm Enables or disables transmission of system warnings by e mail Sender E mail SMTP server IP address Address Mail Subject Subject of the mail Authentication B Username the authentication username B Password the authentication password B Confirm Password re enter password Recipient E mail The recipient s e mail address A mail allows for 6 recipients Address Apply Click to activate the configurations ORing Industrial Networking Corp 30 ORing sso Manual Event Selection SYSLOG and SMTP are two warning methods supported by the system Check the corresponding box to enable the system event warning method you want Please note that the checkbox cannot be checked when SYSLOG or SMTP is disabled System Warning Event Selection System Events SYSLOG SMTP System Start Power Status SNMP Authentication Failure Redundant Ring Topology Change SYSLOG Link Up and Link Down Disabled Link Up led Link Down yt x x x Disablec v led Disa v Disabled Disabled v Disabled v led v Disabled Disabled Disabled Disa D 0 ee IW bk EB E Disable Link Up SYSLOG SMTP event Link Down Link Up amp Link Down Apply Click to activate the configurations ORing Industrial Networking Corp 31 Port Event ORing esses 9 10 Monitor and Diag 5 10 1 MAC Table The MAC address tab
106. entication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never be authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL otart frame from the supplicant Since the server has not failed because the X seconds have not expired the same server will be contacted when the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should ORing Industrial Networking Corp 18 ORing cesso User vamal be smaller than the supplicant s EAPOL Start frame retransmission rate Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best
107. ents to identify the boot image Enter Boot File Name l l the boot file name you receive Apply Click to apply the configurations ORing Industrial Networking Corp 45 ORing RGPS 9084GP P User Manual 5 2 2 Dynamic Client List When DHCP server functions are activated the switch will collect DHCP client information and display in the following table You can assign the specific IP address which is in the assigned dynamic IP range to the specific port When the device is connecting to the port and asks for dynamic IP assigning the system will assign the IP address that has been assigned before in the connected device DHCP Dynamic Client List No Select Type MAC Address IP Address Surplus Lease select Clear All Add to static Table Delete MAC Address Displays the MAC address of a given host IP Address Displays the IP address that the client obtains from the DHCP server Surplus Lease The Remaining time for a corresponding IP address lease 5 2 3 Static Client List You can manually add clients to your DHCP server that obtain the same IP address each time they start up by entering the MAC address and IP address of the client in the page and add it as a Static client DHCP Client List MAG Address IP Address Add as Static No Select Type MAC Address IP Address Surplus Lease Delete Select Clear All ORing Industrial Networking Corp 46 ORing RGPS 9084GP P User Manual 5 2 4 D
108. er for the ACE SMAC Filter Any no SMAC filter is specified SMAC filter status is don t care Specific if you want to filter a specific source MAC address with the ACE choose this value A field for entering an SMAC value appears SMAC Value When Specific is selected for the SMAC filter you can enter a ORing Industrial Networking Corp 3 ORing sso User vanal specific source MAC address The legal format is XX XX XX XX XX XX Frames matching the ACE will use this SMAC value Specifies the destination MAC filter for this ACE Any no DMAC filter is specified DMAC filter status is don t care MC frame must be multicast BC frame must be broadcast DMAC Filter UC frame must be unicast Specific If you want to filter a specific destination MAC address with the ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is DMAC Value XX XX XX XX XX XX Frames matching the ACE will use this DMAC value VLAN Parameters ORK ad Specific ze VLAN ID Tag Priority Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter status is VLAN ID Filter don t care Specific if you want to filter a specific VLAN ID with the ACE choose this value A field for entering a VLAN ID number appears When Specific is selected for the VLAN ID filter y
109. es from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require 24 ORing Port State ORing Industrial Networking Corp RGPS 9084GP P User Manual individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients do not need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port security Limit Control functionality The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized the port is in Force Authorized or a single supplicant mode and the supplicant is authorized Unauthorized the port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully
110. evention Socket Number Sensibility Packet Type SES High Filter Action Status 1 Enabled v Normal se TCP v 80 80 Destination Running 2 Normal e TCP v 80 80 Destination Blocking 1 minute 3 Normal TCP v 80 80 Destination Blocking 10 minute 4 Normal TCP v 80 80 Destination v on ANM the Port ME 5 Normal e TCP v 80 80 Destination i 6 Normal v TCP v 80 80 Destination Reboot Device 7 Normal e TCP v 80 80 Destination e 8 Normal e TCP k 80 80 Destination ei V 9 Normal ze TCP v 80 80 Destination v B 10 Normal e TCP 80 80 Destination ei v 11 Normal TCP a 80 80 Destination v ORing Industrial Networking Corp 3 ORing sso User vanal Mode Enables or disables DDOS prevention of the port Indicates the level of DDOS detection Possible levels are Low low sensibility Sensibility Normal normal sensibility Medium medium sensibility High high sensibility Indicates the types of DDoS attack packets to be monitored Possible types are RX Total all ingress packets RX Unicast unicast ingress packets Packet Type RX Multicast multicast ingress packets RX Broadcast broadcast ingress packets TCP TCP ingress packets UDP UDP ingress p
111. gure the ORing Industrial Networking Corp 45 ORing sesso User vanal amount of power the primary and backup power sources can deliver Valid values are in the range 0 to 2000 watts The logical port number for this row Ports that are not PoE capable are grayed out and thus unable to be configured PoE Mode A drop down list for selecting PoE operations The modes include Disabled disable PoE PoE enable PoE IEEE 802 3af Class 4 PDs limited to 15 4W PoE enable PoE IEEE 802 3at Class 4 PDs limited to 30W Priority Indicates port priority There are three levels of power priority Low High and Critical The priority is used when remote devices require more power than the power supply can deliver The port with the lowest priority will be turn off and power will be supplied to the port with the highest port number Maximum Power Indicates the maximum power in watts that can be delivered to a remote device the maximum allowed value is 30 W 5 12 2 Status This page allows you to examine the current status for all PoE ports Power Over Ethernet Status Auto refresh LI Local Power Power Current PD class Port Requested Allocated Priority Port Status lc No PD detected Mo PD detected Mo PD detected Mo PD detected No PD detected Mo PD detected Mo PD detected Mo PD detected PoE nat available PoE not available PoE nat available PoE not available Local Port The switch port number to which the f
112. h the ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears When Specific is selected for the ICMP code filter you can ICMP Code Value enter a specific ICMP code value The allowed range is O to 255 A frame matching the ACE will use this ICMP code value ORing Industrial Networking Corp 9 ORing J sso Manual TCP Parameters Source Port Filter Source Port No pn Dest Port Filter Specific Dest Port No SO UDP Parameters TCP FIN TCP SYN Sige eee Specific se TCP RST Source Port No TCP PSH Dest Port Filter TCP ACK Any v Dest Port Ran za St Po ge 80 65535 TCP URG Specifies the TCP UDP source filter for the ACE Any no TCP UDP source filter is specified TCP UDP source filter status is don t care Specific if you want to filter a specific TCP UDP source filter with the TCP UDP Source Sp ACE you can enter a specific TCP UDP source value A field for ilter entering a TCP UDP source value appears Range if you want to filter a specific TCP UDP source range filter with the ACE you can enter a specific TCP UDP source range A field for entering a TCP UDP source value appears When Specific is selected for the TCP UDP source filter you can TCP UDP Source enter a specific TCP UDP source value The allowed range is O to No 65535 A frame matching the ACE will use this TCP UDP source value When Range is selected for the TCP UDP source fi
113. h queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is Configures the rate of each queue policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled enabled 5 6 7 QoS Egress Port Scheduler and Shapers This page allows you to configure Scheduler and Shapers for a specific port Strict Priority QoS Egress Port Scheduler and Shapers Port 1 Queue Shaper Port Shaper Enable Rate Unit Excess Enable Rate Unit ao s kbps zl a1l S Controls whether the scheduler mode is Strict Priority or Scheduler Mode Weighted on this switch port Queue Shaper m Enabl Check to enable queue shaper for individual switch ports nable Configures the rate of each queue shaper The default value is Queue Shaper Rate 500 This value is restricted to 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the rate for each queue shaper The default value is Queues Shaper Unit 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Allows the queue to use excess bandwidth Check to enable port shaper for individual switch ports Configures the rate of each port shaper
114. he option 82 remote ID value equals to the switch MAC address The modes include ORing Industrial Networking Corp 47 ORing eswwceos Manual Enabled activate DHCP relay information When DHCP relay information is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client It only works when DHCP relay mode is enabled Disabled disable DHCP relay information Relay Information Indicates the policies to be enforced when receiving DHCP relay Policy information When DHCP relay information mode is enabled if the agent receives a DHCP message that already contains relay agent information it will enforce the policy The Replace option is invalid when relay information mode is disabled The policies includes Replace replace the original relay information when a DHCP message containing the information is received Keep keep the original relay information when a DHCP message containing the information is received Drop drop the package when a DHCP message containing the information is received The relay statistics shows the information of relayed packets of the switch Auto refresh Refresh Clear DHCP Relay Statistics Server Statistics Transmit Transmit Receive Receive Missing Receive Missing Receive Missing Receive Bad Receive Bad to Server Error from Server Agent Option Circuit ID Remot
115. hernet to carry the data of the Modbus message structure between compatible devices The protocol is commonly used in SCADA systems for communications between a human machine interface HMI and programmable logic controllers This page enables you to enable and disable Modbus TCP support of the switch MODBUS Configuration cave Reset Mode Shows the existing status of the Modbus TCP function ORing Industrial Networking Corp 43 5 1 12 Backup Restore Configurations You can save switch configurations as a file or load a previously stored configuration file to the device to restore to old settings The configuration file is in XML format You can click Save configuration to save existing settings as a file and store in your local PC Configuration Save Save configuration Choose the configuration file from a drive and click Upload The file will be loaded to the device Configuration Upload 5 1 13 Update Firmware This page allows you to update the firmware of the switch Simply choose the firmware file you want to use and click Upload The file will be loaded to the device Firmware Update 5 2 DHCP Server The switch provides DHCP server functions By enabling DHCP the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients 5 2 1 Settings This page allows you to set up DHCP settings for the switch You can check the Enabled
116. hin a certain amount of time the chance will be given to another supplicant Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated b Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Multi 802 1X variant Multi 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Multi 802 1X one or more supplicants can be authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module 23 ORing ORing Industrial Networking Corp RGPS 9084GP P User Manual In Multi 802 1X it is not possible to use the multicast BPDU MAC address as the destination MAC address for EAPOL frames sent from the switch to the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s
117. ing Corp 37 ORing ssh User vanal Wack ter the number of minutes to add during Daylight Saving Time ee Range 1 to 1440 5 1 7 HTTPS You can configure the HTTPS mode in the following page HTTPS Configuration Indicates the selected HTTPS mode When the current connection is HTTPS disabling HTTPS will automatically redirect web browser to an HTTP connection The modes include Enabled enable HTTPS Disabled disable HTTPS en oo Click to undo any changes made locally and revert to previously saved values 5 1 8 SSH SSH Secure Shell is a cryptographic network protocol intended for secure data transmission and remote access by creating a secure channel between two networked PCs You can configure the SSH mode in the following page SSH Configuration Disabled Mlode c ve Reset ORing Industrial Networking Corp 38 ORing ssh User vanal Indicates the selected SSH mode The modes include Enabled enable SSH Disabled disable SSH Click to save changes Click to undo any changes made locally and revert to previously saved values 5 1 9 LLDP Configurations LLDP Link Layer Discovery Protocol provides a method for networked devices to receive and or transmit their information to other connected devices on the network that are also using the protocols and to store the information that is learned about other devices This page allows you to examine
118. ing technologies Edae Port Edae Port O Chain Edqe Port Edqe Port O Chain 4 2 2 Configurations O Chain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Other switches beside them just need to have O Chain enabled O Chain Uplink Port Edge Port State Apply ORing Industrial Networking Corp 19 ORing ssh User vanal Enable Check to enable O Chain function 1st Ring Port The first port connecting to the ring The second port connecting to the ring Edge Port An O Chain topology must begin with edge ports The ports with a smaller switch MAC address will serve as the backup link and RM LED will light up 4 3 MRP 4 3 1 Introduction MRP Media Redundancy Protocol is an industry standard for high availability Ethernet networks MRP allowing Ethernet switches in ring configuration to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 devices and will enable a back up link in 80ms adjustable to max 200ms 500ms 4 3 2 Configurations MRP Enable E Manager W React on Link Change ist Ring Port Port er LinkDown 2nd Ring Port Port 8 v Forwarding Enable Enables the MRP function Manager Every MRP topology needs a MRP manager One MRP topology can only have a Manager If two or more switches are set to be Manager the MRP topology will fail React on Link
119. ion igmp lt vid gt Alarm PortLinkDown lt port_list gt enableldisable Event Alarm PowerFailure pwrllpwr2lpwr3 enableldisable Syslog SystemStart enableldisable Syslog PowerStatus enableldisable Syslog SnmpAuthenticationFailure enableldisable Syslog RingTopologyChange enableldisable Syslog Port lt port_list gt disablellinkupllinkdownlboth ORing Industrial Networking Corp 13 ORing sworn SMTP SystemStart enableldisable SMTP PowerStatus enableldisable SMTP SnmpAuthenticationFailure enableldisable SMTP RingTopologyChange enableldisable SMTP Port lt port_list gt disablellinkupllinkdownlboth DHCPServer Mode enableldisable Setup lt ip_start gt lt ip_end gt lt ip_mask gt lt ip_router gt lt ip_dns gt lt ip_tftp gt lt lease gt lt bootfile gt Ring Mode enableldisable Dualhoming Port lt port gt Chain RCS Mode enableldisable Add lt ip_addr gt lt port_list gt web onlweb off telnet onltelnet off snmp onlsnmp off ORing Industrial Networking Corp 14 ORing sworn FastHeocvery Mode enableldisable Port lt port_list gt fr priority SFP syslog enableldisable temp temperature Info DeviceBinding Mode enableldisable Port Mode lt port_list gt disablelscanlbindinglshutdown Port DDOS Mode lt port_list gt enableldisable Port DDOS
120. ively generating loop protection PDUs or only passively look for looped PDUs ORing Industrial Networking Corp 57 ORing RGPS 9084GP P User Manual 5 4 VLAN 5 4 1 VLAN Membership A VLAN is a group of end devices with a common set of requirements independent of physical location With the same attributes as a physical LAN VLANs enable you to group end devices even if they are not located physically on the same LAN segment By splitting up a network into sets of VLANs assigning ports to individual VLANs and defining criteria for VLAN membership for workstations connected to those ports traffic for the same VLAN can be sent between switches VLAN Membership Configuration Start from VLAN with entries per page Port Members Delete VLAN ID VI AN Name 17 345656 7 890 10111 default MMMIMMMMMM MH Kei Add New VLAN Check to delete the entry It will be deleted during the next Delete save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Checkmarks indicate which ports are members of the entry Port Members l Check or uncheck as needed to modify the entry Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Valid values for a VLAN ID are 1 through 4095 After clicking Save the new VLAN will be enabled on the Add New VLAN selected switch stack but contains no port members A VLAN without any port members on any stack will be deleted when
121. l equal to 0600 hexadecimal ARP only ARP frames can match the ACE Notice the ARP frames will not match the ACE with Ethernet type ORing Industrial Networking Corp 2 ORing sso User vanal IPv4 only IPv4 frames can match the ACE Notice the IPv4 frames ses EM Specifies the action to take when a frame matches the ACE Permit takes action when the frame matches the ACE Deny drops the frame matching the ACE opecifies the rate limiter in number of base units The allowed range Rate Limiter m DEM is 1 to 15 Disabled means the rate limiter operation is disabled Frames matching the ACE are copied to the port number specified Port Copy here The allowed range is the same as the switch port number range Disabled means the port copy operation is disabled opecifies the logging operation of the ACE The allowed values are Enabled frames matching the ACE are stored in the system log Logging Disabled frames matching the ACE are not logged Please note that system log memory capacity and logging rate is limited Specifies the shutdown operation of the ACE The allowed values are Enabled if a frame matches the ACE the ingress port will be disabled Disabled port shutdown is disabled for the ACE MAC Parameters hiwsicA Specific v T TATE 00 00 00 D0 00 0 DMAC Filter MY LITE OO 00 00 00 00 0 Only displayed when the frame type is Ethernet Type or ARP Specifies the source MAC filt
122. l be tagged Tag all all VLANs are tagged Untag all all VLANs are untagged EM Ingress action Egress action Unaware The function of Unaware can be used for 802 1QinQ double tag When frames an untagged frame obtains a tag based on PVID and is forwarded the port receives untagged When the port receives tagged frames 1 if the tagged frame contains a TPID of 0x8100 it will become a double tag frame and will be forwarded 2 if the TPID of tagged frame is not 0x8100 Ox88A8 it discarded When ex wil be the port receives untagged frames an untagged frame obtains a tag based on PVID and is forwarded When the port receives tagged frames 1 if the tagged frame contains a TPID of 0x8100 it will be forwarded 2 if the TPID of tagged frame is not 0x8100 0x88A8 it discarded ex wil be ORing Industrial Networking Corp The TPID of a frame transmitted by Unaware port wil be set to 0x8100 The final status of the frame after egressing will also be affected by the Egress Rule The TPID of a frame transmitted by C port will be set to 0x8100 61 ORing S custom port RGPS 9084GP P User Manual When the port receives untagged frames an untagged frame obtains a tag based on PVID and is forwarded When the port receives tagged frames 1 if the tagged frame contains a TPID of 0x8100 it will be forwarded 2 if the TPID of tagged frame is not Ox88A8 ex 0O0x8100
123. le can be configured on this page You can set timeouts for entries in the dynamic MAC table and configure the static MAC table here MAC Address Table Configuration Aging Configuration Disable Automatic Aging il Age Time 300 seconds MAC Table Learning Port Members Add new static entry Aging Configuration By default dynamic entries are removed from the MAC after 300 seconds This removal is called aging You can configure aging time by entering a value in the box below in seconds for example Age Time seconds The allowed range is 10 to 1000000 seconds You can disable the automatic aging of dynamic entries by checking Disable Automatic Aging MAC Table Learning If the learning mode for a given port is grayed out it means another module is in control of the ORing Industrial Networking Corp 22 ORINA ewe Manal mode and thus the user cannot change the configurations An example of such a module is MAC Based authentication under 802 1 X You can configure the port to dynamically learn the MAC address based upon the following settings MAC Table Learning Port Members Disable C Learning is done automatically as soon as a frame with unknown SMAC is received Only static MAC entries are learned all other frames are dropped Note make sure the link used for managing the switch is added to the static Mac table before changing to secure learning mode otherwise the management link will be l
124. ll update the displayed table starting from that or the next closest VLAN ORing Industrial Networking Corp 7 ORing RGPS 9084GP P User Manual Table match The gt gt will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over ISMP Snooping VLAN Configuration Start from VLAN with entries per page Delete VLANID Snooping Enabled IGMP Querier 1 Add New IGMP VLAN Deist Check to delete the entry The designated entry will be deleted during elete the next save VLAN ID The VLAN ID of the entry IGMP Snooping Check to enable IGMP snooping for individual VLAN Up to 32 Enable VLANs can be selected IGMP Querier Check to enable the IGMP Querier in the VLAN 5 7 3 IGMP ORing Industrial Networking Corp 8 5 7 4 Snooping Status This page provides IGMP snooping status Auto refresh IGMP Snooping Status Statistics VLAN Querier Host Querier Queries Queries V1 Reports V2 Reports V3Reports W2 Leaves ID Version Version Status Transmitted Received Received Received Received Received 1 v3 v3 DISABLE 0 0 0 0 0 0 Router Port Port Status 1 zs Label VLAN ID Querier Version Host Version Querier Status Querier Receive V1 Reports Receive V2 Reports Receive V3 Reports Receive V2 Leave Receive Clear Auto refresh Description The VLAN ID
125. lter you can enter TCP UDP Source a specific TCP UDP source range value The allowed range is O to Range 65535 A frame matching the ACE will use this TCP UDP source value Specifies the TCP UDP destination filter for the ACE Any no TCP UDP destination filter is specified TCP UDP destination filter status is don t care TCP UDP Specific if you want to filter a specific TCP UDP destination filter Destination Filter with the ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears Range if you want to filter a specific range TCP UDP destination ORing Industrial Networking Corp 10 ORing sso User vanal filter with the ACE you can enter a specific TCP UDP destination range A field for entering a TCP UDP destination value appears When Specific is selected for the TCP UDP destination filter you TCP UDP can enter a specific TCP UDP destination value The allowed range Destination is 0 to 65535 A frame matching the ACE will use this TCP UDP destination value Number When Range is selected for the TCP UDP destination filter you can TCP UDP enter a specific TCP UDP destination range value The allowed Destination Range range is 0 to 65535 A frame matching the ACE will use this TCP UDP destination value opecifies the TCP FIN no more data from sender value for the ACE 0 TCP frames where the FIN field is set must not be able
126. ly and revert to previously saved values 5 1 6 Daylight Saving Time Time Zone Configuration Time Zone Configuration Time Zone None Acronym a 0 16 characters Lists various Time Zones world wide Select appropriate Time Time Zone l Zone from the drop down and click Save to set User can set the acronym of the time zone This is a User Acronym configurable acronym to identify the time zone Range Up to 16 alpha numeric characters and can contain or Daylight Saving Time Configuration This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure the Daylight ORing Industrial Networking Corp 36 ORing ewe Manel Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Start Time Settings Start Time settings Week Day Month Hours Minutes 0 Wook Setctine staring wesknumber Moms setctine sing months Hous Select the starting hour Select the starting minute End Time Settings End Time settings Week Day Month Hours Minutes 0 Offset Settings Offset settings i 1 1440 Minutes ORing Industrial Network
127. mensions 443 7 W x 230 D x 44 H mm ORing Industrial Networking Corp ORing cswwco User vanal Hardware Overview 2 1 Front Panel 2 1 1 Ports and Connectors The device comes with the following ports and connectors on the front panel 4 x 100 1000Base X ports Copper ports 8 x 10 100 1000Base T X ports IEEE802 3at PoE support Console port 1 x console port 1 x reset button Press the button for 3 seconds to reset and 5 seconds Reset button to return to factory default RGPS 9084GP P Full Gigabit Ether 1 Reset button 7 LNK ACT indicator for Ethernet LAN ports 2 Console port 8 Speed indicator for Ethernet LAN ports 3 Power indicator 9 PoE output indicator 4 Ring status indicator 10 SFP port 5 R M status indicator 11 LNK ACT indicator for SFP ports 6 Ethernet LAN ports l LED RM X Green Jon Device is operating as a ring master Ring is enabled and device is running in Ring mode Green Blinking Ring structure is broken 10 100 1000Base T X RJ45 port Green On Portis runs at 1000Mbps Speed Amber On Port is runs at 100Mbps ORing Industrial Networking Corp 8 ORing RGPS 9084GP P User Manual Link Act Port is connected PoE X Blue Jon Power is supplied over Ethernet cable SFP port Link Act Green Port is connected 2 2 Rear Panel On the rear panel of the switch sits one power module The input voltage is 100V 240V 50 60Hz AC 100 240V 50 60 HZ
128. mera IP Phone Access Point PC PLC and Network Video Recorder Indicates location information of the device The information can Location Address l be used for Google Mapping ORing Industrial Networking Corp 5 Stream Check This page allows you to configure stream check settings Stream Check Action Status Enabled Log it Normal hal LA D o JO Ln 4 LJ N m e O EN 8 B Enables or disables stream monitoring of the port Mode Indicates the action to take when the stream gets low Possible actions are no action Log it simply logs the event 5 8 3 ACL Ports This page allows you to configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE ACL Ports Configuration Port Rn Action ae cs Port Cop Logging Shutdown Counter 1 Permit ze Disabled se Disabled si Disabled Disabled ze 108498 2 Disabled sw Disabled Disabled se Disabled ze 3 Permit ze Disabled se Disabled Disabled se Disabled se 68732984 4 Permit ze Disabled se Disabled si Disabled Disabled ze 5 Disabled se Disabled Disabled Disabled ze 0 6 1 Permit sw Disabled se Disabled Disabled se Disabled se 68732984 7 Li Permit Disabled sw Disabled Disabled se Disabled 0 8 1 Disabled wi Disabled Disabled Di
129. miter gt port copy logging lt shutdown gt Policy lt port_list gt lt policy gt Rate lt rate_limiter_list gt lt packet_rate gt Add lt ace_id gt lt ace_id_next gt switch port lt port gt policy lt policy gt lt vid gt lt tag_prio gt dmac type etype etype smac lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt ip lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp sip lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt dip lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp flags permitldeny lt rate_limiter gt lt port_copy gt logging lt shutdown gt Delete lt ace_id gt Lookup lt ace_id gt Mirror Port port ldisable Mode lt port_list gt enableldisablelrxltx Save ip server file name Configuration lt port_list gt Config Load lt ip_server gt lt file_name gt check ORing Industrial Networking Corp 10 ORing swa Firmware Load ip addr string file name Engine ID lt engineid gt Community Add community lt ip_addr gt ip mask Community Delete index Community Lookup lt index gt User
130. n or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group LACP LACP Link Aggregation Control Protocol trunks are similar to static port trunks but they are more flexible because LACP is compliant with the IEEE 802 3ad standard Hence it is interoperable with equipment from other vendors that also comply with the standard This page allows you to enable LACP functions to group ports together to form single virtual links and change associated settings thereby increasing the bandwidth between the switch and other LACP compatible devices ORing Industrial Networking Corp 52 ORing RGPS 9084GP P User Manual LACP Port Configuration Open in new window LACP Enabled m oH LI P d LI LI LI d LI LI P n ra x z z ee le AS x z z la ee i 3 O EIEEE EEEE AU E 4 J gt S E 4 c m 4 4 4 4 BI i I j leo leo 4 4 4 c m m LACP Enabled Indicates the ID of each aggregation group Normal indicates there is no aggregation Only one group ID is valid per port Lists each switch port for each group ID Check to include a port in an aggregation or clear the box to remove the port from the aggregation By default no ports belong to any
131. ndustrial Networking Corp 30 ORing RGPS 9084GP P User Manual Windows Security Enter Network Password Enter your password to connect to PC SWRD19 C Gomm ORING Remember my credentials es Logon failure unknown user name or bad password After logging in you can see the information of the switch as below System Name Description Location Contact OID Hardware MAC Address System Date System Uptime Kernel Version Software Version Software Date Auto refresh RGPS S80840GP P Industrial 12 port rack mount managed Gigabit PoE Ethernet switch with amp x10 100 1000Base T X P S E and 4x1000Base x SFP socket power supply included 1 3 6 1 4 1 25972 100 0 5 226 HI 1e 94 1 90 3F 1970 01 01 00 01 06400 00 Od 00 01 06 v9 30 v1 00 2015 03 11T17 53 38 4 08 00 Enable Location Alert On the left hand side of the management interface shows links to various settings You can click on the links to access the configuration pages of different functions ORing Industrial Networking Corp ORing cswwco User vanal 5 1 Basic Settings Basic Settings allow you to configure the basic functions of the switch 5 1 1 System Information This page shows the general information of the switch system Information Configuration System Name RGPS 9084GP P EB uiua Industrial 12 port rack mount r System Location System Contact An administratively assigned name for the managed node
132. nnot set the new eme den New Password The new system password The allowed string length is O to 31 Ill o RE Confirm New Re type the new password Password Click to save changes 5 1 3 Authentication This page allows you to configure how a user is authenticated when he she logs into the switch via one of the management interfaces Authentication Method Configuration Client Authentication Method Fallback console telnet local ssh local web eg Save Reset ORing Industrial Networking Corp 33 ORing nopsowopP user manual The management client for which the configuration below applies Authentication Method can be set to one of the following values mE None authentication is disabled and login is not possible Authentication Method Local local user database on the switch is used for authentication Radius a remote RADIUS server is used for authentication Check to enable fallback to local authentication If none of the configured authentication servers are active the local user database is used for authentication This is only possible if Authentication Method is set to a value other than none or local Click to undo any changes made locally and revert to previously saved values 5 1 4 IP Settings This page allows you to configure IP information for the switch You can configure the settings of the device operating in host or router m
133. nt 1 Short frames are frames smaller than 64 bytes 2 Long frames are frames longer than the maximum frame length configured for this port 5 10 3 Port Mirroring You can configure port mirroring on this page To solve network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The traffic to be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Port to mirror is also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled option disables mirroring ORing Industrial Networking Corp 37 ORing ssh User vanal Mirror Configuration degt Disabled se Disabled ze Disabled ze Disabled ze Disabled ze Disabled Disabled Disabled The switch port number to which the following settings will be applied Port Drop down list for selecting a mirror mode Rx only only frames received on this port are mirrored to the mirror port Frames transmitted are not mirrored Tx only only frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled neither transmitted nor recived frames are mirrored Enabled both received and t
134. ode IP Configuration Configured Current DHCP Client New IP Address 192 168 10 1 192 168 10 1 IP Mask 299 299 22 0 299 292 233 0 IP Router 0 0 0 0 VLAN ID 1 DNS Server 0 0 0 0 Enable the DHCP client by checking this box If DHCP fails or the DHCP Client configured IP address is zero DHCP will retry If DHCP retry fails DHCP will stop trying and the configured IP settings will be used Assigns the IP address of the network in use If DHCP client function is enabled you do not need to assign the IP address IP Address l The network DHCP server will assign the IP address to the switch and it will be displayed in this column The default IP is ORing Industrial Networking Corp 34 RGPS 9084GP P User Manual Assigns the subnet mask of the IP address If DHCP client function is enabled you do not need to assign the subnet mask Assigns the network gateway for the switch The default gateway IP Router is 192 168 10 254 Provides the managed VLAN ID The allowed range is 1 through VLAN ID A095 Provides the IP address of the DNS server in dotted decimal DNS Server l notation Click to undo any changes made locally and revert to previously saved values 5 1 5 IPv6 Settings You can configure IPv6 information of the switch on the following page IPv6 Configuration Configured Current Auto Configuration 192 0 2 1 Address 192 0 2 1 Link Local Address fe80 21e a4ff fe01 6735 Prefix 96 Router
135. ollowing settings will be applied PD Class Each power device is classified according to the class that defines ORing Industrial Networking Corp 46 ORing sso User vamal the maximum power consumed by the PD This setting includes five classes Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested Shows the amount of power requested by the power device Power Allocated Shows the amount of power the switch has allocated for the power device shows how much power the power device currently is using Current Used Shows how much current the PD currently is using Shows the port s priority configured by the user Shows the port s status The status can be one of the following values PoE not available no PoE chip found PoE turned OFF PoE is disabled by user PoE turned OFF power budget is exceeded The total requested or used power by the power devices exceeds the maximum power the power supply can deliver and port s with the lowest priority will be powered down No PD detected no power devices detected on the port PoE turned OFF power devices overload The power devices have requested or used more power than the port can deliver and the port is powered down PoE turned OFF the power device is turned off Invalid PD the power device is detected but is not working correctly 5 13 Troubleshooting 5 13 1
136. ore does not imply that a client is still present on a port see Age Period below Determines the period in seconds after which a connected client Reauthentication must be re authenticated This is only active if the Period Reauthentication Enabled checkbox is checked Valid range of the value is 1 to 3600 seconds Determines the time for retransmission of Request Identity EAPOL frames EAPOL Timeout ORing Industrial Networking Corp 20 ORing sso User vanal Valid range of the value is 1 to 65535 seconds This has no effect for MAC based ports This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and Age Period free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds For ports in MAC based Auth mode reauthentication does not cause direct communications between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC
137. ost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configurations The static entries in the MAC table are shown in this table The static MAC table can contain up to 64 entries The entries are for the whole stack not for individual switches The MAC table is sorted first by VLAN ID and then by MAC address Static MAC Table Configuration Port Members Delete VLAN ID MAC Address 1 2 3 45656 8 9 1011 12 00 1E 94 98 89 89 F PILI OOO DU m 00 00 00 00 00 00 O0 0 0 0 0 0 0 0 0 0 ET E Delete 00 00 00 00 00 00 O E E1 E1 EJ E E1 EJ E E EJ M Add new static entry ORing Industrial Networking Corp 33 ORing ssh User vanal Checkmarks indicate which ports are members of the entry Port Members Check or uncheck to modify the entry Click to add a new entry to the static MAC table You can specify Adding New Static E the VLAN ID MAC address and port members for the new entry ntry Click Save to save the changes MAC Table Each page shows up to 999 entries from the MAC table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table Each page shows up to 999 entries from the MAC table with a default
138. oth a VLAN and a private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple private VLANs Private VLAN Membership Configuration Open in new window Port Members Delete PVLANID 1 2 34 5 6 7 8 9 10 Check to delete the entry It will be deleted during the next ORing Industrial Networking Corp 69 ORing ssh User vanal ee LLL Private VLAN ID Indicates the ID of this particular private VLAN MAC Address The MAC address for the entry A row of check boxes for each port is displayed for each private VLAN ID You can check the box to include a port in a Port Members private VLAN To remove or exclude the port from the private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Click Add New Private WLAN to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any Adding a New Static values outside this range are not accepted and a warning Entry message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The private VLAN is enabled when you click Save The Delete button can be used to undo the addition of new private
139. ou can enter a VLAN ID specific VLAN ID number The allowed range is 1 to 4095 Frames mme matching the ACE will use this VLAN ID value Specifies the tag priority for the ACE A frame matching the ACE will Tag Priority use this tag priority The allowed number range is 0 to 7 Any means that no tag priority is specified tag priority is don t care ORing Industrial Networking Corp 4 ORing kso Manual IP Parameters IP Protocol Filter IP Protocol Value 6 IP TTL Non zero IP Fragment IP Option SIP Filter Network SIP Address 0 0 0 0 SIP Mask 0 0 0 0 DIP Filter Network DIP Address 0 0 0 0 DIP Mask 0 0 0 0 facet Deme S Specifies the IP protocol filter for the ACE Any no IP protocol filter is specified don t care Specific if you want to filter a specific IP protocol filter with the ACE choose this value A field for entering an IP protocol filter appears ICMP selects ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear For more details of these IP Protocol Filter fields please refer to the help file UDP selects UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear For more details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields please refer to the help file
140. pecific ORing Industrial Networking Corp 4 ORing sweet value or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Action Parameters Class QoS class 0 7 or Default Valid Drop Precedence Level value can be 0 1 or Default Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE 5 6 14 QoS Counters This page provides the statistics of individual queues for all switch ports Queuing Counters Auta refresh L 1 0 A 0 g 0 0 0 g 0 0 0 0 0 0 0 0 2 g LU g 0 0 LU g LU 0 g 0 LU LU 3 0 g LU g LU 0 g LU 0 g LU LU g g LU g 0 LU g 0 LU 0 g LU g LU S g g LU g 0 LU g g LU 0 g LU g LU o g 0 g 0 0 0 g 0 0 g 0 0 0 LU 7 586 A 0 g 0 0 0 g 0 0 0 0 0 0 0 495 8 1307 LU 0 LU LU 0 g 0 0 2326 g 0 g LU g LU LU 0 g LU 0 g LU g LU Port The switch port number to which the following settings will be applied There are 8 QoS queues per port QO is the lowest priority The number of received and transmitted packets per queue 5 6 15 QCL Status This page shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 25
141. ponses Bad Authenticators Packet Counters Unknown Types radiusAuthClientExtUnknownTypes Packets Dropped radiusAuthClientExtPacketsDropped Access Requests radiusAuthClientExtAccessRequests Access Retransmissions Pending Requests radiusAuthClientExtPendingRequests Timeouts radiusAuthClientExtAccessRejects radiusAuthClientExtAccessChallenges radiusAuthClientExtBadAuthenticators radiusAuthClientExtAccessRetransmissions radiusAuthClientExtTimeouts RFC4668 Name Description The number of RADIUS Access Accept packets valid or invalid received from the server The number of RADIUS Access Reject packets valid or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS Access Req
142. practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the clients MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string in the following form xx xx xx xxox xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients do npt need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a v
143. quest may potentially SET new values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed ORing Industrial Networking Corp TI ORing cesso User vanal 5 6 Traffic Prioritization 5 6 1 Storm Control There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The rate is 2 n where n is equal to or less than 15 or No Limit The unit of the rate can be either pps packets per second or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note frames sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is configured on the IP setup page storm Control Configuration Frame Type Status Rate pps Unicast Multicast Broadcast The settings in a particular row apply to the frame type listed here Frame Type unicast multicast or broadcast Enable or disable the storm control status for the given frame type The rate unit is packet per second pps configure the rate as 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps 5 6 2 Port Classification QoS is an acronym for Quality of
144. r COS Class of Service IEEE 802 1Q for VLAN Tagging IEEE 802 1w for RSTP Rapid Spanning Tree Protocol IEEE 802 1x for Authentication IEEE 802 1AB for LLDP Link Layer Discovery Protocol IEEE 802 3at PoE specification Wwwqmws 8 T Switching latency 7 us Switching bandwidth 24Gbps Max Number of Available VLANs 4095 VLAN ID Range VID 1 to 4094 IGMP multicast groups 128 for each VLAN Port rate limiting User Define Ethernet Standards Switch Properties Device Binding security feature Enable disable ports MAC based port security Port based network access control 802 1x Security Features VLAN 802 1Q to segregate and secure network traffic Radius centralized password management SNMPv3 encrypted authentication and access security Https SSH enhance network security STP RSTP MSTP IEEE 802 1D w s Redundant Ring O Ring with recovery time less than 30ms over 250 units TOS Diffserv supported Quality of Service 802 1p for real time traffic VLAN 802 1Q with VLAN tagging IGMP Snooping IP based bandwidth management Software Features DUM Application based QoS management DOS DDOS auto prevention Port configuration status statistics monitoring security DHCP Server Client Relay SMTP Client Modbus TCP NTP server O Ring Open Ring O Chain Fast Recovery MRP MSTP RSTP STP compatible Network Redundancy ORing ssh User vanal RS 232 in RJ45 connector with console cable 115200bps 8 N
145. rames will meet the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 must not match this entry 1 ARP RARP frames where the HLD is equal to Ethernet 1 ORing Industrial Networking Corp 8 ORing sso User vamal must match this entry Any any value is allowed don t care opecifies whether frames will meet the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Any any value is allowed don t care ICMP Parameters ICMP Type Filter ICMP Type Value ICMP Code Filter ICMP Code Value Specifies the ICMP filter for the ACE Any no ICMP filter is specified ICMP filter status is don t care ICMP Type Filter p Specific if you want to filter a specific ICMP filter with the ACE you can enter a specific ICMP value A field for entering an ICMP value appears When Specific is selected for the ICMP filter you can enter a ICMP Type Value specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value opecifies the ICMP code filter for the ACE Any no ICMP code filter is specified ICMP code filter status is don t care ICMP Code Filter Specific if you want to filter a specific ICMP code filter wit
146. ransmitted frames are mirrored to the mirror port Note for a given port a frame is only transmitted once Therefore you cannot mirror Tx frames to the mirror port In this case mode for the selected mirror port is limited to Disabled or Rx nly 5 10 4 System Log Information This page provides switch system log information In 4 UJ RJ oe wo DJ Cn e 0 System Log Information The total number of entries is 1 for the given level Start from ID with entries per page ID Level Message Info 1970 01 01 00 01 09 0000 Port 1 Device 192 168 10 66 Alve Check ORing Industrial Networking Corp 38 ORing sso User vanal Description 1D The ID gt 1 of the system log entry The level of the system log entry The following level types are supported Info provides general information Warning provides warning for abnormal operation Error provides error message All enables all levels The time of the system log entry The MAC address of the switch Check this box to enable an automatic refresh of the page at regular Auto refresh intervals Updates system log entries starting from the current entry ID Flushes all system log entries Updates system log entries starting from the first available entry ID Updates system log entries starting from the last entry currently gt gt displayed Updates system log entries ending at the last available entry ID
147. ration The valid value is between 6 through 40 Hello Time 1 10 The time interval a switch sends out the BPDU packet to check RSTP current status The time is measured in seconds and the valid value is between 1 through 10 Forwarding Delay The time of a port waits before changing from RSTP learning and Time 4 30 listening states to forwarding state The valid value is between 4 through 30 Max Hops 1 40 An additional parameter for those specified for RSTP A single value applies to all STP within an MST region the CIST and all MSTIs for which the bridge is the regional root Apply Click to apply the configurations ORing Industrial Networking Corp 26 ORing cesso User vanal Bridge Port MSTP Bridge Port piece Admin Admin Admin 0 Auto P2P Edge Non Stp priority must be a multiple of 16 Apply Priority 0 240 Description PortNo The number of port you want to configure Priority 0 240 Decide which port should be blocked by priority in the LAN The Path The path cost incurred by the port The path cost is used when 1 200000000 establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Admin P2P Configures whether the port connects to a point to point LAN rather than a shared medium This can be configured automatically or set to true or false manually True means P2P
148. ry creation A string identifying the authentication pass phrase For MD5 Authentication authentication protocol the allowed string length is 8 to 32 For Password SHA authentication protocol the allowed string length is 8 to 40 Only ASCII characters from 33 to 126 are allowed Indicates the privacy protocol that this entry should belong to Possible privacy protocols include Privacy Protocol None no privacy protocol DES an optional flag to indicate that this user is using DES authentication protocol A string identifying the privacy pass phrase The allowed string Privacy Password length is 8 to 32 and only ASCII characters from 33 to 126 are allowed 5 5 5 SNMP Group Configurations This page allows you to configure SNMPv3 group table The entry index keys are Security Model and Security Name SNMPv3 Groups Configuration Delete Security Model Security Name Group Name public default ro grou private default rw grou public default ro grou private default rw grou default user default rw grou Check to delete the entry It will be deleted during the next save Security Model Indicates the security model that this entry should belong to Possible ORing Industrial Networking Corp 75 ORing ssh User vanal security models included v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM A string identifying the security name that this entry should belong to
149. sabled ORing sso User vanal Pot The switch port number to which the following settings will be applied Select to apply a policy to the port The allowed values are 1 to 8 Policy ID The default value is 1 Select to Permit to permit or Deny to deny forwarding The default value is Permit Select a rate limiter for the port The allowed values are Disabled or Rate Limiter ID numbers from 1 to 15 The default value is Disabled Select which port frames are copied to The allowed values are Port Copy 7 mM Disabled or a specific port number The default value is Disabled Specifies the logging operation of the port The allowed values are Enabled frames received on the port are stored in the system log Logging Disabled frames received on the port are not logged The default value is Disabled Please note that system log memory capacity and logging rate is limited Specifies the shutdown operation of this port The allowed values are Enabled if a frame is received on the port the port will be disabled Disabled port shut down is disabled The default value is Disabled Counts the number of frames that match this ACE Rate Limiters This page allows you to configure the rate limiter for the ACL of the switch ACL Rate Limiter Configuration Rate Limiter ID Rate pps LJ RJ LE LA 4 WD co s oF Lun 47474474 474747474 m e e elel e e 10
150. sso User vanal The initial operEdge state when a port is initialized Auto Edge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influence the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Guard Restrcted TCN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently BPDU Guard If enabled c
151. stination Service Access Point values can range from 0x00 to OxFF or Any The default value is Any Control Valid Control valid values can range from 0x00 to OxFF or Any The default value is Any SNAP PID valid PID a k a ethernet type values can range from 0x00 to OxFFFF or Any The default value is Any Protocol IP Protocol Number 0 255 TCP or UDP or Any Source IP specific Source IP address in value mask format IPv4 or Any IP and mask are in the format of x y z w where x y Z and w are decimal numbers between 0 and 255 When the mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment lov4 frame fragmented options include yes no and any Sport Source TCP UDP Port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP Port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Protocol IP protocol number 0 255 TCP or UDP or Any source IP IPv6 source address a b c d or Any 32 LS bits IPv6 DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 oport Source TCP UDP port 0 65535 or Any s
152. t ORing Industrial Networking Corp 6 ORing sso STP Version lt stp_version gt Non certified release v Port P2P lt port_list gt enableldisablelauto Port RestrictedRole lt port_list gt enableldisable Port RestrictedTcn lt port_list gt enableldisable Port Edge lt port_list gt enableldisable Port bpduGuard lt port_list gt enableldisable Port AutoEdge lt port_list gt enableldisable Port Mcheck port list Msti Port Configuration msti lt port_list gt Mon Port Cost lt msti gt lt port_list gt lt path_cost gt Msti Port Priority lt msti gt lt port_list gt lt priority gt Configuration Add port list lt aggr_id gt Port Statistics lt port_list gt Port Mode lt port_list gt enableldisable Delete aggr id Lookup aggr id Mode smacldmacliplport enableldisable ORing Industrial Networking Corp 7 ORing RGPS 9084GP P User Manual Mode lt port_list gt enableldisable Configuration lt port_list gt Key lt port_list gt lt key gt Role lt port_list gt activelpassive Status lt port_list gt Statistics lt port_list gt clear LLDP Configuration lt port_list gt Mode lt port_list gt enableldisable Statistics lt port_list gt clear Info lt port_list gt QoS DSCP Classification Map lt class_list gt lt dpl_list gt dscp
153. t of the queue in percentage This parameter is Percent only shown if Scheduler Mode is set to Weighted Port Shaper Enable Check to enable port shaper for individual switch ports Configures the rate of each port shaper The default value is 500 Port Shaper Rate This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the unit of measurement for each port shaper rate as Port Shaper Unit l kbps or Mbps The default value is kbps 5 6 8 Port Scheduler This page provides an overview of QoS Egress Port Schedulers for all switch ports QoS Egress Port Schedulers Weight Q1 Q2 Q3 O4 Qo Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority The switch port number to which the following settings will be ch Ln amp GI BI re applied Click on the port number to configure the schedulers Mode Shows the scheduling mode for this port on Shows the weight for this queue and port ORing Industrial Networking Corp 2 5 6 9 Port Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports QoS Egress Port Shapers Shapers 04 Q3 ch Un P C f e disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disa
154. tem Tools id Le HyperTerminal CH Acrobat Reader 5 0 Address Book J Calculator E Command Prompt CR NetTime A7 Notepad wy Paint ES Windows Explorer Em Accessories CY WordPad 25 Network Associates gt d if Startup d b ue gt amp e ecu ORing Industrial Networking Corp 49 Step 2 Input a name for the new connection Step 3 Select a COM port in the drop down list i Connect To Step 4 A pop up window that indicates COM port properties appears including bits per second data bits parity stop bits and flow control EBrmunial Hwng zd ritiro e x E puces m sl COM Properties Port Settings Bits per second 115200 sl Data bits E Parity None Stop bits fi Flow control None Restore Defaults OF Cancel Apply Disconnected Auto detect Auto detect SCROLL cars INUM Capture Print echo a Step 5 The console login screen will appear Use the keyboard to enter the Username and Password same as the password for Web browsers then press Enter RGPS 98846P P Command Line Interface Username Password S aia 00 10 30 ANSIN 1152008 N SCROLL CAPS wom 5B FIED CLI Management by Telnet You can can use TELNETto configure the switch The default values are IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps b
155. tersection point 5 Do not run signal or communications wiring and power wiring through the same wire conduit To avoid interference wires with different signal characteristics should be routed separately 6 Youcan use the type of signal transmitted through a wire to determine which wires should be kept separate The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together 7 You should separate input wiring from output wiring 8 It is advised to label the wiring to all devices in the system 3 2 1 Grounding Grounding and wire routing help limit the effects of noise due to electromagnetic interference EMI Run the ground connection from the ground screw to the grounding surface prior to connecting devices 3 2 2 AC Power Connection For power supply simply insert the AC power cable to the power connector at the back of the switch and turn on the power switch The input voltage is 100V 240V 50 60Hz 3 3 Connection 3 3 1 Cables 10 100BASE T X amp 1000BASE T Pin Assignments The device provides standard Ethernet ports According to the link type the switch uses CAT 3 4 5 5e UTP cables to connect to any other network devices PCs servers switches routers or hubs Please refer to the following table for cable specifications ORing Industrial Networking Corp 11 ORing sesso User vanal Cable Types and Specifications 10BASE T Cat 3 4 5 100 ohm UTP 100 m 32
156. the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible as it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch does not need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never be authentic
157. tion System Information Basic Setting DHCP Server Relay Start from VLAN 1 with 20 entries per page Port Setting Redundancy Port Members VLAN Delete VLAN ID VLAN Name SP d de 353 6 7 WK 322 F Ey VLAN Membership default MMMMMMMIMIMI n Kl ki Ey Ports IE Private VLAN SNMP Traffic Prioritization Add New VLAN Multicast Security D ED AIPPDIE gn EPERE Open all Auto refresh L gy System Information Front Panel Ethertype for Custom S ports 0X ssas E Basic Setting m ind VLAN Port Configuration WW Port Setting Mi Redundancy VLAN gy VLAN Membership gy Ports Private VLAN SNMP Traffic Prioritization Multicast Security Warning Monitor and Diag Synchronization Hot Factory Default System Reboot Port VLAN Port Port Type Ingress Filtering Frame Type Mode ID Tx Tag lt All Specific Untag all e iN Untag_pvid Specific Specific Specific Specific Unaware lt Untag pvid v Untag pvid Untag pvid Untag pvid Untag pvid CH Unaware Unaware Unaware Unaware Specific x xxx Specific f H Untag pvid v Untag pvid v Untag pvid Untag pvid Untag pvid Unaware Specific v Specific Specific Unaware Unaware Unaware
158. tion is changed Local Ports Indicates which ports belong to the aggregation of the switch stack The format is Switch ID Port Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refresh intervals ORing Industrial Networking Corp 54 ORing J sso LACP Port Status This page provides an overview of the LACP status for all ports LACP Status Auto refresh L Open in new window Acar ID Partner Partner zi alin System ID Port Yes means LACP is enabled and the port link is up No means LACP is not enabled or the port link is down Backup means the port cannot join in the aggregation group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated Reresn Oekmreeenmepemmedady Check to enable an automatic refresh of the page at regular Auto refresh intervals ORing Industrial Networking Corp 55 ORing RGPS 9084GP P User Manual LACP Port Statistics This page provides an overview of the LACP statistics for all ports LACP Statistics Auto refresh L ed LACP LACP Discarded Transmitted Received Unknown Illegal g oO 0 0 0 0 0 CDOOOOOOOOOOO oo Pon Sven O The number of unknown or illegal LACP frames discarded at each port Refresh Click to refresh the page immediately Check to
159. tion number of the neighbor sending out the LLDP Chassis ID frames Remote Port ID The identification of the neighbor port Port Description The description of the port advertised by the neighbor System Name The name advertised by the neighbor Description of the neighbor s capabilities The capabilities include 1 Other Repeater Bridge WLAN Access Point System Capabilities SE Telephone DOCSIS Cable Device Station Only 2 3 4 5 6 7 8 9 Reserved When a capability is enabled a will be displayed If the capability is disabled a will be displayed Management The neighbors address which can be used to help network Address management This may contain the neighbor s IP address Click to refresh the page immediately ORing Industrial Networking Corp 40 ORing ssh User vanal Check to enable an automatic refresh of the page at regular Auto refresh intervals Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters will apply settings to the whole switch stack while local counters will apply settings to specified switches Auto refresh Global Counters Neighbor entries were last changed at 1970 01 01 04 03 03 0000 26 sec ago 1 Total Neighbors Entries Aged Out LLDP Statistics Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TLVs Discarded TLVs Unrecognized Org Discarded Age Outs
160. to match TCP FIN this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP SYN synchronize sequence numbers value for the ACE 0 TCP frames where the SYN field is set must not be able to match TCP SYN this entry 1 TCP frames where the SYN field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP PSH push function value for the ACE 0 TCP frames where the PSH field is set must not be able to match copper this entry 1 TCP frames where the PSH field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP ACK acknowledgment field significant value for the ACE 0 TCP frames where the ACK field is set must not be able to match TCP ACK this entry 1 TCP frames where the ACK field is set must be able to match this entry Any any value is allowed don t care Oning industiai Neiwoikna S 4 4x Industrial Networking Corp 11 ORing sso User vanal opecifies the TCP URG urgent pointer field significant value for the ACE 0 TCP frames where the URG field is set must not be able to match TCP URG this entry 1 TCP frames where the URG field is set must be able to match this entry Any any value is allowed don t care 5 8 4 AAA Common Server Configurations This page allows you to configure
161. transmit Filtering and receive BPDUs Edge Port BPDU Control whether a port explicitly configured as Edge will disable Guard itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery The time to pass before a port in the error disabled state can be Timeout enabled Valid values are between 30 and 86400 seconds 24 hours NOTE the calculation of the MAX Age Hello Time and Forward Delay Time is as follows 2 x Forward Delay Time value 1 gt Max Age value gt 2 x Hello Time value 1 The following pages show the information of the root bridge including its port status ORing Industrial Networking Corp 22 ORing RGPS 9084GP P User Manual STP Detailed Bridge Status Auto refresh Bridge ID Root ID Root Cost Root Port Regional Root Internal Root Cost Topology Flag STP CIST Port Configuration STP Enabled E Auto CIST Aggregated Port Configuration Path Cost Refresh SIP Bridge Status Bridge Instance CIST 32768 00 1E 94 FF FF FF 32768 00 1E 94 FF FF FF 32 68 00 1E 94 FF FF FF Steady Usus Ee nge Cou nt 0
162. twork rings Supports standard IEC 62439 2 MRP Media Redundancy Protocol function Supports IEEE 802 3at PoE standard 30Watts per port Supports PoE scheduled configuration and PoE alive check Supports IEEE 1588v2 clock synchronization Supports IPv6 new Internet protocol version Supports Modbus TCP protocol Supports IEEE 802 3az Energy Efficient Ethernet technology Supports SMTP client Supports IP based bandwidth management Supports application based QoS management Supports Device Binding for higher security Supports DOS DDOS auto prevention Supports IGMP v2 v3 IGMP snooping support for filtering multicast traffic Supports SNMP v1 v2c v3 amp RMON amp 802 1Q VLAN network management Supports ACL TACACS and 802 1x user authentication Supports 9 6K bytes Jumbo Frame Supports multiple types of warning notifications ORing Industrial Networking Corp 6 1 ORing esso User vamal Supports management via Web based interfaces Telnet console CLI and Windows utility Open Vision configuration Supports LLDP protocol Hardware Specifications 8 x 10 100 1000Base T X Ethernet ports with PoE AT function 4 x 100 1000Base X SFP ports 1 x Console port Rigid IP 30 housing design Rack mount supported Compatible with backup unit device DBU 01 for quick configuration backup restore Operating temperature 40 to 75 C Storage temperature 40 to 85 C Operating humidity 5 to 95 non condensing Casing IP 30 Di
163. ublication DISCLAIMER Information in this publication is intended to be accurate ORing shall not be responsible for its use or infringements on third parties as a result of its use There may occasionally be unintentional errors on this publication ORing reserves the right to revise the contents of this publication without notice CONTACT INFORMATION ORing Industrial Networking Corp 3F NO 542 2 Jhongjheng Rd Sindian District New Taipei City 231 Taiwan R O C Tel 886 2 2218 1066 Fax 886 2 2218 1014 Website www oring networking com Technical Support E mail support oring networking com Sales Contact E mail sales oring networking com Headquarters sales oring networking com cn China ORing Industrial Networking Corp 1 ORing cesso User vamal Table of Content GOTT SII CG Rt 6 1 1 About th HOGPS 9084 OPEP E 6 1 2 OV iS FEITES sates va cece cece e dama MINIME EU 6 1 3 Hardware SIC CHICANO E 7 Hardware Overview 11 eee eese EEN RR EEN RREENREEENRE EEN RRE EEN anna annnm nna 8 2 1 PONPON TT EE 8 2 1 1 POMS and e ee 8 C PCM NS q 8 2 2 Real METUS UU 9 Hardware Installation e M 9 3 1 Wall Mounting NR ERIT 10 3 2 AV ICING EE 11 3 2 1 EE ET e Te De E 11 3 2 2 AC Power Connection ssssssesssssseeeee ener nnn nnns 11 3 9 KEREN c E 11 SE e WE ele er E c E 11 99 C
164. uest packets sent to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up Aretry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time RFC4668 Name Round Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left
165. undTripTime 5 8 6 NAS 802 1x round trip time Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents ORing Industrial Networking Corp 17 ORing sso User vanal unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether
166. urity setting Security Switch gek Authentication Authorization and Accounting setting Password password Auth Authentication SSH Secure Shell HTTPS Hypertext Transfer Protocol over Secure Socket Layer RMON Remote Network Monitoring Security Switch Authentication Configuration Method consoleltelnetlsshlweb nonellocallradius enableldisable Security Switch SSH Configuration Mode enableldisable Security Switch HTTPS Configuration Mode enableldisable Security Switch RMON Statistics Add stats 1d data source statistics Delete stats 1d Statistics Lookup lt stats_id gt History Add history id data source interval buckets History Delete history id History Lookup lt history_id gt Alarm Add alarm 1d interval alarm variable absoluteldelta rising threshold rising event index i lt falling_threshold gt lt falling_event_index gt ORing Industrial Networking Corp 4 ORing sweet risinglfallinglboth Alarm Delete alarm 1d Alarm Lookup lt alarm_id gt Security Network Security Network Psec Switch lt port_list gt Port lt port_list gt Security Network NAS Security Network ACL Action lt port_list gt permitldeny lt rate_limiter gt lt port_redirect gt lt mirror gt lt logging gt lt shutdown gt gt Policy lt port_list gt
Download Pdf Manuals
Related Search