User`s Manual
Contents
1. fo on BE WwW KJ e Jalglgld Hi H i FETE H hl Link Change Disable and enable port Only log it Only sent log to log server Shunt Down the Disable this port Port Reboot Device Disable and Enable P O E Power DDoS Prevention This page provides DDOS Prevention related configuration Switch could monitor the ingress packets and do some actions when DDOS attack happened on this port Configure these setting helps the prevention become more suitable DDOS Prevention Socket Number Filter Status Mode Sensibility Packet Type Low High 1 Enabled Normal w TCP B 80 80 Destination vi Running 2 Normal TCP vi 80 80 Destination gr E pare Blocking 1 minute 3 Normal TCP v 80 80 Destination Blocking 10 minute 4 Normal TCP S 20 so Destination M Reet wn the Port 5 Normal TCP v 80 80 Destination v 6 Normal 8 rc Boll Ilp peet Device 7 7 Normal TCP v 80 80 Destination vi 5 Normal TCP E 80 80 Destination vi vi 9 Normal TCP v 80 80 Destination vi 10 Normal TCP EI 80 80 Destination w a 11 Normal TCP v 80 80 Destination vi ORing Industrial Networking Corp 98 ORing IGPS 9084GP Series User s Manual Mode Enable Disable DDOS Prevention of the port In2. ccc ccccccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee es 92 5 1 9 2 IGMP Snooping VLAN Configuration mee 93 5 1 9 3 IGMP Snooping Status 94 5 1 9 4 IGMP Snooping Groups Information m 95 5 1 10 v i 95 5 1 10 1 Remote Control Security Configuration 95 5 1 10 2 Device Binding rrrrrrooonnnrrrrrrnrrrrrnnnnnnnnnnnrnrnnrrrrnrnnnrrrrnnnnnnnnnnnenennnssennnnnnne 96 SND Ge ene A EAEAN EAR 101 SN MA 113 5 1 10 5 RADIUS Overview rrrrrrnrrrannvrrrrrrsnnvrrrerrssnnrrrernrsnnrrrnrnrsnnnvrssrrennnrrnerssnnne 115 RADIUS Authentication ServerS innerrnreeeenneerreeei 115 RADIUS Accounting Servers rsneeeeeeeeneneneee 116 5 1 10 6 RADIUS DELHIS Le 117 51 107 SIN 4 amme eee eee aata aa 119 5 1 11 Ve 130 5 1 11 1 Fault Alarm ooooooooorrrrrrrrrrrrvrvrrrrrrrrrrrrsrnnnnnrrrrrrrnvensrrrsrssrsrrnnnnnnnnrnnsnnssssee 130 5 1 11 2 System Warning 1 anta aan ataman aka attain 130 5 1 12 Mid Bk bc enapeenemner ere reise aE EE eee E EEE EE E 133 5 1 12 1 MAC TE enke 133 51 122 Port Statistic srssi wi dicisesesienus choccdaciesharsaekerckandnsiusstak kata kotka mt kadaka 136 9 1125 PT MON Np 138 5 1 12 4 System Log Information 140 5 1125 Cable Diaqn0sics Lusvmss qsmsmmmmammsmrmumsmiumniqn 141 ORing Industrial Net
3. s JH Ag gg N ji hl Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port LACP Enabled Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot packet from a partner speak if spoken to ORing Industrial Networking Corp 38 IGPS 9084GP Series User s Manual Click to save changes Reset Click to undo any changes made locally and revert to previously Reset saved values 5 1 4 2 3 LACP System Status This page provides a status overview for all LACP instances LACP System Status auto refresh C Aaar ID Partmer Partner Last Local a3 System ID Key Changed Ports
4. OkRing Industrial Networkingcop og Industrial Networking Corp 99 IGPS 9084GP Series User s Manual Device Description This page provides Device Description related configuration Device Description Device Em Type ___ Location Address Description IP Camera M IP Phone Access Point om Om In amp W RJ oi nm KJ e 5 Indicates the type of device Possible types are No specification IP Camera IP Camera IP Phone IP Phone Device Type Access Point Access Point PO PC PLC PLC Network Video Recorder Network Video Recorder Location information of device this information could be used for Google Mapping Device description ORing Industrial Networking Corp 100 IGPS 9084GP Series User s Manual Stream Check This page provides Stream Check related configuration Stream Check Action Status Normal wo 0 om in amp W N e kb Me Mode Enable Disable stream monitor of the port Indicates the action when stream getting low Possible actions are Do nothing Log it Just log the event 5 1 10 3 ACL 5 1 10 3 1 Ports Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE ACL Ports Rate Limiter Port Copy see Shutdown Counter 1 1 5 Permit el Disabled
5. IGPS 9084GP Industrial Managed Ethernet Switch User s Manual Version 3 0 Feb 2013 www oring networking com ORing Industrial Networking Corp LZ Orina IGPS 9084GP Series User s Manual COPYRIGHT NOTICE Copyright 2010 ORing Industrial Networking Corp All rights reserved No part of this publication may be reproduced in any form without the prior written consent of ORing Industrial Networking Corp TRADEMARKS e Oring Sy is a registered trademark of ORing Industrial Networking Corp All other trademarks belong to their respective owners REGULATORY COMPLIANCE STATEMENT Product s associated with this publication complies comply with all applicable regulations Please refer to the Technical Specifications section for more details WARRANTY ORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date 5 years for most products ORing will repair or replace products found by ORing to be defective within this warranty period with shipment expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORing products that are misused abused improperly installed or damaged by accidents Please refer to the Technical Specifications section for the actual warranty period s of the
6. Disable No Ingress DSCP Classification DSCP 0 Classify if incoming or translated if enabled DSCP is 2 Classify 0 Selected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP ORing Industrial Networking Corp 79 IGPS 9084GP Series User s Manual Al Giassify all DSP Port Egress Rewriting can be one of Disable No Egress rewrite Enable Rewrite enabled without remapping Remap DP Unaware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation gt Egress Remap DP0 table Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation gt Egress Remap DPO table or from the DSCP Translation gt Egress Remap DP1 table 5 1 8 5 Port Policing This page allows you to configure the Policer settings for all switch ports QoS Ingress Port Policers Flow Control 500 kbps a kbps MP MMM ORing Industrial Networking Corp 80 IGPS 9084GP Series User s Manual The port number for which the configuration below applies Controls whether the policer is enabled on this switch port Controls the unit of measure for the policer rate as kbps M
7. IGPS 9084GP Series User s Manual Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Any Any value is allowed don t care ICMP Parameters ICMP Type Filter ICMP Type Value ICMP Code Filter ICMP Code Value Specify the ICMP filter for this ACE Any No ICMP filter is specified ICMP filter status is don t care Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field for entering an ICMP value appears When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value Specify the ICMP code filter for this ACE Any No ICMP code filter is specified ICMP code filter status is don t care Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value ORing Industrial Networking Corp 110
8. 1 Untag pvid ORing Industrial Networking Corp 64 ng IGPS 9084GP Series User s Manual VLAN Management Vlan ID Setting If user setting Management VLAN only same VLAN ID port can control switch 9000 Series VLAN Setting Open all IP Configuration gy System Information g Front Panel E Basic Setting Basic Setting Admin Password Auth Method IP Setting IPv6 Setting HTTPS S9 LLDP Modbus TCP Backup Restore Upgrade Firmware Configured Current DHCP Client F Renew IP Address eee 192 168 10 2 2 IP Mask KEAVA ESS Aai 5 NTP Server E E E E E E E ORing Industrial Networking Corp 65 IGPS 9084GP Series User s Manual 5 1 6 3 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANS Private VLAN Membership Configuration Port Members Delete PVLANID 1 2 3 4 5 6 7 8 9 101112 1 fe 8
9. Disconnected Auto detect Auto detect SCROLL CAPS NUM Capture Print echo Step 3 Select to use COM port number s Fermnial HyperTerminal a i i jol x File Edit View Call Transfer Help Ola amp CI xd i a termnial Enter details for the phone number that you want to dial Country region ETTA Area code ff Phone number E ns Connect using ER Cancel Disconnected Auto detect Auto detect SCROLL cars NUM Capture Print echo E ORing Industrial Networking Corp 153 IGPS 9084GP Series User s Manual Step 4 The COM port properties setting 115200 for Bits per second 8 for Data bits None for Parity 1 for Stop bits and none for Flow control BO er De ero i lol x oe 21x e Port Settings Bits per second 115200 v Data bits kv Parity Noe Stop bits px Flow control Nornes e Restore Defaults OK Cancel Apply Disconnected Auto detect Auto detect SCROLL CAPs NUM Capture Print echo E Step 5 The Console login screen will appear Use the keyboard to enter the Username and Password The same with the password for Web Browser then press Enter Cae as OB IGPS 9084GP Command Line Interface Username Password ah ORing Industrial Networking Corp 154 IGPS 9084GP Series User s Manual CLI Management by Telnet Users can use TELNET to configure the switches The default value is as be
10. Gigabit Ethernet ports ACT LNK Green Blinking Data transmitted SFP ports LNK LNK Green Blinking Data transmitted ORing Industrial Networking Corp 11 IGPS 9084GP Series User s Manual 3 3 Top view Panel The bottom panel components of IGPS 9084GP Series are showed as below 1 Terminal block includes PWR1 PWR2 50 57V DC 2 Ground wire 24V Warning Device PWR 2 Fault PWR 1 ri 1A 24V V2 V2 V1 V1 DC 50 S7V O O 0 O O O 0 O O O 0 O O O 0 O O O O O O O 0 O Frame Ground 5 ow oO o eo 0 O O 0 O O O A O O O 9 O O 0 O ORing Industrial Networking Corp 12 IGPS 9084GP Series User s Manual Cables 4 1 Ethernet Cables The IGPS 9084GP switch had standard Ethernet ports According to the link type the switches use CAT 3 4 5 5e UTP cables to connect to any other network device PCs servers switches routers or hubs Please refer to the following table for cable specifications Cable Types and Specifications Cable Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 Cat 5 Cat 5e 100 ohm 1000BASE TX UTE UTP 100 m 328ft RJ 45 100BASE TX Cat 5100 ohm UTP UTP 100 m 328 ft RJ 45 4 1 1 1000 100BASE TX 10BASE T Pin Assignments With 1000 100BASE TX 10BASE T cable pins 1 and 2 are used for transmitting data and pins 3 and 6 are used for receiving data 10 100Base T X P S E RJ 45 port number Assignment 10 100 Bas
11. No ports enabled or no existing partners The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as agar id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last Changed The time since this aggregation changed Last Channged Shows which ports are a part of this aggregation for this switch stack The format is Switch ID Port Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C regular intervals ORing Industrial Networking Corp 39 IGPS 9084GP Series User s Manual 5 1 4 2 4 LACP Status This page provides a status overview for LACP status for all ports LACP Status Auto refresh CI Partner Partner System ID Port Port The switch port number Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled The key assigned to this port Only ports with the same key can aggregate together The Aggregation ID assigned to this aggregation group Partner System ID The partners System ID MAC address Partner Port The partners port number connected to this port Ref
12. PoE Mode ID E VLAN Membership gt vi O lt gt 7 vi lt gt l wl 1 lt gt 7 vi Ea Fo 1 C port v O Tagged Specific w 1 Tag al 2 Bi E Private VLAN 2 U 4 v Fi A EE a Ne 4 4 TT ta TTT 1 SNMP ENE BM Ne L ae Traffic Prioritization 3 Unaware v Fj All MI Specific si 1 Untag_pvid Multicast 4 Unaware i d All Y Specific 1 Untag_pvid W Security 5 Unaware v O All Specific 1 Untag_pvid M Warning 6 Unaware M 4 Untagged M Specific Untag_pvid Si Monitor and Diag 7 Unaware v O Untagged Specific Untag pvid vi Synchronization ff pa PoE 8 Unaware vi a Untagged Specific Untag pvid Factory Default 7 Unaware lt All MI jspeciic Y I Untag_pvid Y System Reboot 10 Unaware b l CI All i Specific M 1 Untag pvid 11 liinawara EI M All Tl cnarifir il 4l intan mod MA ORing Industrial Networking Corp 61 IGPS 9084GP Series User s Manual Switch A Switch B Switch C VLAN 10 Z 99090 Series 9000 Series i Seas SM VLAN Trunk SONA Tue VLAN 20 VLAN 20 10 20 10 20 Like this topology Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Switch setting as following Open all VLAN Membership Configuration gy System Information M Basic Setting DHCP ServeriRelay Start from VLAN with 20 entries per page E Port Setting
13. The number of frames received in error and the number of incomplete transmissions per port The number of frames discarded due to ingress or egress congestion The number of received frames filtered by the forwarding process Check this box to enable an automatic refresh of the page at regular Auto refresh L intervals 5 1 12 2 2 Detailed Statistics This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit Detailed Statistics Receive amp Transmit Total Detailed Port Statistics Port 1 Port 1 Auto refresh CI Receive Total Rx Packets Rx Octets Rx Unicast Rx Multicast Rx Broadcast Rx Pause Receive Size Counters Rx 64 Bytes Rx 65 127 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 5127 1023 Bytes Rx 1024 1526 Bytes Receive Error Counters Rx Drops Rx CRC Alignment Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered ORing Industrial Networking Corp 0 0 0 0 0 0 0 0 Transmit Total Tx Packets Tx Octets Tx Unicast Tx Multicast Tx Broadcast Tx Pause Transmit Size Counters Tx 64 Bytes Tx 65 127 Bytes Tx 128 255 Bytes Tx 256 511 Bytes Tx 512 1023 Bytes Tx 1024 1526 Bytes Tx 1527 Bytes Transmit Queue Counters D D OO O G OO
14. lt ad enable gt lt ap gt lt ai gt lt ad gt MasterTableUnicast lt clockinst gt ExtClockMode lt one_pps_mode gt lt ext_enable gt lt clockfreq gt lt vcxo enable gt Loop Protect Configuration Port Mode lt port_list gt enableldisable Port Action lt port_list gt shutdownlshut_logllog Port Transmit lt port_list gt enableldisable Status lt port_list gt ORing Industrial Networking Corp 167 IGPS 9084GP Series User s Manual Configuration igmp Mode igmp enableldisable Flooding igmp enableldisable Version igmp lt vid gt Fault Alarm PortLinkDown lt port list gt enableldisable Alarm PowerFailure pwrlipwr2lpwr3 enableldisable Event Configuration Syslog SystemStart enableldisable SMTP Port lt port_list gt disablellinkupllinkdownlboth DHCPServer Mode enableldisable Setup lt ip_start gt lt ip_end gt lt ip_mask gt lt 1p router gt lt ip_dns gt lt ip_tftp gt lt lease gt lt bootfile gt ORing Industrial Networking Corp 168 IGPS 9084GP Series User s Manual Chain Configuration 2ndUplinkPort lt port gt EdgePort 1stl2ndlnone RCS Mode enableldisable Add lt ip_addr gt lt port_list gt web onlweb off telnet onltelnet off snmp onlsnmp off Configuration FastReocvery Mode enableldisable Port lt port_list gt lt fr
15. lt port_redirect gt lt mirror gt lt logging gt lt shutdown gt Policy lt port list gt lt policy gt Add lt ace 1d gt lt ace 1d next gt port lt port list gt policy lt policy gt lt policy bitmask gt lt tagged gt lt vid gt lt tag prio gt lt dmac type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp flags gt ip lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt iemp code gt lt ip flags gt ORing Industrial Networki ng Corp 160 IGPS 9084GP Series User s Manual udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp flags gt permitldeny lt rate_limiter gt lt port_redirect gt lt mirror gt lt logging gt lt shutdown gt Lookup lt ace_id gt Status combinedlstaticlloop protectldhcplptplipmclconflicts Port State lt port list gt enableldisable Security Network DHCP Statistics clear Security Network AAA Configuration Timeout lt timeout gt Deadtime lt dead time gt RADIUS lt server index gt enableldisable lt 1p addr string gt lt secret gt lt server port gt ACCT RADIUS lt server index gt
16. Description Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 lt CS1 oa oa oa 1 2 3 5 Fj G 9 LD 4 AD 4 Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate 2 Classify 1 Translate DSCP at Ingress side can be translated to any of 0 63 DSCP ORing Industrial Networking Corp 86 IGPS 9084GP Series User s Manual rates gt 2 Classify Click to enable Classification at Ingress side There are the following configurable parameters for Egress side 1 Remap DPO Controls the remapping for frames with DP level 0 2 Remap DP1 Controls the remapping for frames with DP level 1 Select the DSCP value from select menu to which you want to 1 Remap DPO remap DSCP value ranges form 0 to 63 Select the DSCP value from select menu to which you want to 2 Remap DP1 remap DSCP value ranges form 0 to 63 5 1 8 12 DSCP Classification This page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value DSCP Classification QoS Class DPL DSCP 2 M Select the classified DSCP value 0 63 ORing Industrial Networking Corp 87 IGPS 9084GP Series User s Manual 5 1 8 13 QoS Control List This page allows to editlinsert a single QoS Control Entry at a time A ACE consists of several pa
17. Transmit Error Counters Tx Drops Tx Late Exc Coll 137 IGPS 9084GP Series User s Manual Rx and Tx Packets The number of received and transmitted good and bad packets The number of received and transmitted good and bad bytes Rx and Tx Octets Includes FCS but excludes framing bits The number of received and transmitted good and bad unicast Rx and Tx Unicast packets Rx and Tx The number of received and transmitted good and bad multicast Multicast packets Rx and Tx The number of received and transmitted good and bad broadcast Broadcast packets A count of the MAC Control frames received or transmitted on this Rx and Tx Pause KA port that have an opcode indicating a PAUSE operation The number of frames dropped due to lack of receive buffers or Rx Drops egress congestion Rx The number of frames received with CRC or alignment errors CRC Alignment Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port 5 1 12 3 Port Mirroring Configure port Mirroring on this page To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The traffic to be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a give
18. zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the QoS Class tag as shown below Otherwise the frame is classified to the default QoS class PCP value 01234567 QoS class 10234567 If the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a QoS class that is ORing Industrial Networking Corp 76 ORi DP level ORing Industrial Networking Corp IGPS 9084GP Series User s Manual mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default QoS class The classified QoS class can be overruled by a QCL entry Note If the default QoS class has been dynamically changed then the actual default QoS class is shown in parentheses after the configured default QoS class Controls the default Drop Precedence Level All frames are classified to a DP level If the port is VLAN aware and the frame is tagged then the frame is classified to a DP level that is equal to the DEI value in the tag Otherwise the frame is classified to the default DP level If the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default DP level The classified DP level can be overruled by a QCL e
19. IGPS 9084GP Series User s Manual TCP Parameters Source Port Filter Specific Source Port No Dest Port Filter Specific Dest Port No TCP FIN TCP SYN TCP RST TCP PSH TCP ACK TCP URG UDP Parameters Source Port Filter Source Port No Dest Port Filter Dest Port Range BO 465535 ny 7 ae 7 7 AAS TCP UDP Source Filter TCP UDP Source No TCP UDP Source Range TCP UDP Destination Filter ORing Industrial Networking Corp Specify the TCP UDP source filter for this ACE Any No TCP UDP source filter is specified TCP UDP source filter status is don t care Specific If you want to filter a specific TCP UDP source filter with this ACE you can enter a specific TCP UDP source value A field for entering a TCP UDP source value appears Range If you want to filter a specific TCP UDP source range filter with this ACE you can enter a specific TCP UDP source range value A field for entering a TCP UDP source value appears When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value Specify the TCP UDP destination filter for this ACE Any No TCP UDP dest
20. Parameter MRP TSTshortT lt value gt ORing Industrial Networking Corp 170 IGPS 9084GP Series User s Manual Parameter MRP TSTdefaultT lt value gt Parameter MRP TSTNRmax lt value gt Parameter MRP LNKdownT lt value gt Parameter MRP LNKupT lt value gt Parameter MRP LNKNRmax lt value gt Modbus Status Mode enableldisable ORing Industrial Networking Corp 171 Technical Specifications SATUD Physical Ports 10 100 1000Base T X with P S E Ports in RJ45 Auto MDI MDIX Technology IEEE 802 3 for 10Base T IEEE 802 3u for 100Base TX and 100Base FX IEEE 802 3ab for 1000Base T IEEE 802 z for 1000Base X IEEE 802 3x for Flow control IEEE 802 3ad for LACP Link Aggregation Control Protocol Ethernet Standards IEEE 802 1p for COS Class of Service IEEE 802 10 for VLAN Tagging IEEE 802 1w for RSTP Rapid Spanning Tree Protocol IEEE 802 15 for MSTP Multiple Spanning Tree Protocol IEEE 802 1x for Authentication IEEE 802 1AB for LLDP Link Layer Discovery Protocol IEEE 802 3at PoE specification up to 30 Watts per port for P S E Switching latency 7 us Switching bandwidth 24Gbps Switch Properties Max Number of Available VLANs 256 IGMP multicast groups 128 for each VLAN Port rate limiting User Define Device Binding security feature Enable disable ports MAC based port security Port based network access control 802 1x Security Features VLAN 802 1Q t
21. Remote Control Security Fast Recoveryv Configuration SFP Monitor Configuration Device Binding Configuration MRP Gonf igurat ion Modebus TCP Configuration A Timezone Timezone offset 90909000 Log se alllinfolwarninglerror clear ORing Industrial Networking Corp 156 Fastrecovery SFF PeviceBindingy IGPS 9084GP Series User s Manual DHCP enableldisable Setup lt ip_addr gt lt ip mask gt lt ip_router gt lt vid gt Ping lt ip_addr_string gt lt ping length gt T SNTP lt ip_addr_string gt Port Mode lt port_list gt autol10hdxl10fdx 100hdxl100fdx 1000fdxlsfp_auto_ams i SFP lt port list gt MAC Dump lt mac_max gt lt mac addr gt lt vid gt Statistics lt port_list gt Flush Learning lt port_list gt autoldisablelsecure ORing Industrial Networking Corp 157 IGPS 9084GP Series User s Manual VLAN EtypeCustomS port lt etype gt Name Lookup lt name gt Status lt port_list gt combinedlstaticlnaslmstplalllconflicts PortType lt port list gt unawarelc portls portls custom port Private VLAN hotte por is enableabley Security Switch Switch security setting Network Network security setting AAA Authentication Authorization and Accounting setting ORing Industrial Networking Corp 158 IGPS 9084GP Series User s Manual Password lt password gt Auth Authentication Secure Shell Hypert
22. Secure 8 0 00000000 Port Members 5 67 8 9 101112 00 1E 94 98 89 81 FFF AEE Aging Configuration By default dynamic entries are removed from the MAC after 300 seconds This removal is also called aging ORing Industrial Networking Corp 133 IGPS 9084GP Series User s Manual Configure aging time by entering a value here in seconds for example Age ime seconds The allowed range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking m Disable automatic aging MAG Table Learning If the learning mode for a given port is grayed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Each port can do learning based upon the following settings MAC Table Learning Disable Learning is done automatically as soon as a frame with unknown SMAC is received Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The maximum of 64 entries is for the w
23. The default value is Disabled Please note that the System Log memory size and logging rate is limited Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled Counts the number of frames that match this ACE 5 1 10 3 2 Rate Limiters Configure the rate limiter for the ACL of the switch ACL Rate Limiter Configuration Rate LimiterID Rate pps 1 2 3 4 5 6 7 8 9 10 11 12 1 hl ORing Industrial Networking Corp 102 IGPS 9084GP Series User s Manual Rate Limiter ID The rate limiter ID for the settings contained in the same row The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps 5 1 10 3 3 ACL Control List Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type that you selected A frame that hits this ACE matches the configuration that is defined here ACE Configuration Ingress Port Action Frame Type Rate Limiter Port Copy Loggi
24. The period in seconds for which a port will be kept disabled in the event of a loop is detected and the port action shuts down the port Valid values are 0 to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart Port Configuration Port Enable i Tx Mode lt gt Bl S EE Enable Shutdown Port vi Enable Shutdown Port Y Enable Shutdown Port Enable_ Shutdown Port Wl Enable Shutdown Port W Enable The switch port number of the port Controls whether loop protection is enabled on this switch port Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log ORing Industrial Networking Corp 42 IGPS 9084GP Series User s Manual Tx Mode Controls whether the port is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s 5 1 5 Redundancy 5 1 5 1 MRP MRP Media Redundancy Protocol Ring IEC 62439 of up to 50 devices typically transforms back to a line structure within 80 ms adjustable to max 200 ms 500 ms MRP Enable E Manager W React on Link Change ist Ring Port Port7 LinkDown and Ring Port Port 8 vi Forwarding Enable 00090000 Enabling the MRP function Manager MRP Master every on
25. Trap Destination Address Trap Destination IPv6 Address Trap Authentication Failure Trap Link up and Link down Trap Inform Mode Trap Inform Timeout seconds Trap Inform Retry Times Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Indicates the SNMP trap supported version Possible versions are ORing Industrial Networking Corp 68 ORi IGPS 9084GP Series User s Manual SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 Indicates the community access string when send SNMP trap packet Trap Community The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 Trap Destination Indicates the SNMP trap destination address Address Trap Destination IPv6 Address Provide the trap destination IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four a hexadecimal digits with a colon separates each field For example Trap Destination te80 215 c5ff fte03 4dc7 The symbol is a special syntax that can IPv6 Address be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 T I
26. Working Host Version currently Show the Querier status is ACTIVE or IDLE V1 Reports l The number of Received V1 Reports Receive V2 Reports l The number of Received V2 Reports Receive V3 Reports The number of Received V3 Reports Receive V The number of Received V2 Leave efresk Click to refresh the page immediately Clears all Statistics counters Check this box to enable an automatic refresh of the page at regular intervals Switch Port number Indicate whether specific port is a router port or not ORing Industrial Networking Corp 94 IGPS 9084GP Series User s Manual 5 1 9 4 IGMP Snooping Groups Information Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group IGMP Snooping Group Information Auto refresh CI Start from VLAN 1 and group address 224 0 0 0 with 20 entries per page Port Members VLAN ID Groups 1 2345678910 11i 12 13 14 15 16 17 18 19 20 No more entries VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group 5 1 10 Security 5 1 10 1 Remote Control Security Configuration Remote Control Security allows you limit the remote access of management interface When enabled the request of client which is not in the allow list will be rejected Remote Control Security Configuration Web Telnet SNMP Port Port number of re
27. administrative states e Force Authorized e Force Unauthorized e 802 1X EAPOL Counters Direction IEEE Name Description The number of valid EAPOL frames of any Total dot1xAuthEapolFramesRx type that have been received by the switch The number of valid EAP Resp ID frames that have been received by the switch The number of valid EAPOL response frames Responses dotixAuthEapolRespFramesRx other than Resp ID frames that have been received by the switch The number of EAPOL Start frames that have been received by the switch The number of valid EAPOL logoff frames that have been received by the switch The number of EAPOL frames that have Invalid Type dotixAuthInvalidEapolFramesRx been received by the switch in which the frame type is not recognized The number of EAPOL frames that have Invalid Length dotixAuthEapLengthErrorFramesRx been received by the switch in which the Packet Body Length field is invalid The number of EAPOL frames of any type that have been transmitted by the switch The number of EAP initial request frames that have been transmitted by the switch The number of valid EAP Request frames Requests dotixAuthEapolRegFramesTx other than initial reguest frames that have been transmitted by the switch Response ID dotixAuthEapolRespIdFramesRx EAPOL Counters Start dotixAuthEapolStartFramesRx Logoff dotixAuthEapolLogoffFramesRx Total dotixAuthEapolFramesTx Request ID dotixAuthEapolRealdFramesTx Backend Ser
28. f Redundancy E VLAN f VLAN Membership Ports Private VLAN SNMP Traffic Prioritization Add New VLAN a i Multicast fm Security Open all Auto refresh L gm System Information E Front Panel Ethertype for Custom ports 0Xlss4s E Basic Setting ER aoea VLAN Port Configuration a M Port Setting fi Redundancy Port VLAN VLAN Ingress Filtering Frame Type Mode ID B VLAN Sd p C pen Tes E a Soo ME unas pie Al Specie il i Untag at eel Specific vi Untag pvid vi AL Specific 1 Untag pvid vi Al Specifici 1 Untag_pvid v v Specific l DE Untag pvid v cl BT i untaa pvid i Port Members Delete VLANID VLAN Name Private VLAN m i SNMP Traffic Prioritization s au Multicast Unaware a fi Monitor and Diag 7 Synchronization mare E I PoE naware Ej Factory Default pa System Reboot 10 Unaware 11 Unaware 1 Unaware vi 241402 ce a ORing Industrial Networking Corp 62 IGPS 9084GP Series User s Manual VLAN Hybrid mode If user want setting Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Switch setting as following Open all EE E a li li o a B amp System Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy mg Ports Private VLAN cil e H e SNMP T
29. priority gt SFP Isyslo g enableldisable temp lt temperature gt DeviceBinding ing gt Mode enableldisable ORing Industrial Networking Corp 169 IGPS 9084GP Series User s Manual Port Mode lt port_list gt disablelscanlbindingishutdown Port DDOS Mode lt port_list gt enableldisable Port DDOS Sensibility lt port_list gt lowlnormallmediumlhigh Port DDOS Packet lt port_list gt rx_totallrx_unicastlrx_multicastlrx_broadcastltcpludp Port DDOS Low lt port list gt lt socket_number gt Port DDOS High lt port_list gt lt socket_number gt Port DDOS Filter lt port_list gt sourceldestination Port DDOS Action lt port_list gt do nothinglblock 1 minlblock 10 minslblocklshutdownlonly loglreboot device Port DDOS Status lt port_list gt Port Alive Mode lt port_list gt enableldisable Port Alive Action lt port_list gt do nothingllink changelshutdownlonly logireboot device Port Alias lt port list gt lt ip_addr gt Port DeviceType lt port list gt unknownlip camlip phonelaplpelplclnvr Port Location lt port_list gt lt device location gt Port Description lt port list gt lt device_description gt MRP Mode enableldisable Manager enableldisable React enableldisable IstRingPort lt mrp_port gt 2ndRingPort lt mrp port gt Parameter MRP_TOPchgT lt value gt Parameter MRP_TOPNRmax lt value gt
30. the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table Clicking the Refresh button will update the displayed table starting from that or the next closest VLAN Table match gt gt The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table a Use the button to start over ISMP Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page Delete VLANID Snooping Enabled IGMP Querier E 1 Add New IGMP VLAN Dalei Check to delete the entry The designated entry will be deleted during elete the next save VLAN ID The VLAN ID of the entry IGMP Snooping Enable the per VLAN IGMP Snooping Up to 32 VLANs can be Enable selected for IGMP Snooping IGMP Querier Enable the IGMP Querier in the VLAN ORing Industrial Networking Corp 93 IGPS 9084GP Series User s Manual 5 1 9 3 IGMP Snooping Status This page provides IGMP Snooping status Auto refresh IGMP Snooping Status Statistics VLAN Querier Host Querier Queries Queries V1 Reports V2 Reports V3 Reports V2 Leaves ID Version Version Status Transmitted Received Received Received Received Received j va DISABLE Router Port Port Status 1 ja Mm LN EB ll KJ
31. time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 132 20 icmp_seq 3 time Oms 64 bytes from 10 10 132 20 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad You can configure the following properties of the issued ICMP packets IP Address The destination IP Address The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes 5 1 12 8 IPv6 Ping IPv6 Ping IPv6 Address Ping Size PING6 server 192 168 10 1 sendto sendto sendto sendto sendto Sent 5 packets received 0 OK 0 bad ORing Industrial Networking Corp 143 IGPS 9084GP Series User s Manual 5 1 13 Synchronization PTP Overview of MAC Based Authentication This page allows the user to configure and inspect the current PTP clock settings PTP External Clock Mode PTP External Clock Mode tee Disable External Enable VCXO Enable Clock Frequency One_pps_mode This Selection box will allow you to select the One_pps mode configuration The following values are possible 1 Output Enable the 1 pps clock output 2 Input Enable the 1 pps clock input 3 Disable Disable the 1 pps clock in out put External Enable This Selection box will allow you to configure the External Clock output The following values are possible 1 True Enable the external clock output 2 False Disable the external clock output VCXO Enable This Selection box will allow you to configure the External
32. 3300 when the Unit is Mbps Controls the unit of measure for the port shaper rate as kbps or Port Shaper Unit Mbps The default value is kbps 5 1 8 8 Port Schedulet This page provides an overview of QoS Egress Port Schedulers for all switch ports QoS Egress Port Schedulers Weight 01 Q2 093 04 Q3 Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Mm in amp Ga KJ i ORing Industrial Networking Corp 84 IGPS 9084GP Series User s Manual 5 1 8 9 Port Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports QoS Egress Port Shapers Shapers The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Shows the scheduling mode for this port Shows the weight for this queue and port Pov on ELil disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled Q4 disabled disabled disabled disabled disabled disabled 05 disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled di
33. DHCP Dynamic Client List No Select Type MAC Address IP Address Surplus Lease Select Clear All Add to static Table 5 1 3 3 DHCP Client List You can assign the specific IP address which is in the assigned dynamic IP range to the specific port When the device is connecting to the port and asks for dynamic IP assigning the system will assign the IP address that has been assigned before in the connected device DHCP Client List MAC Address IP Address _Add as Static No Select Type MAC Address IP Address Surplus Lease Select Clear All 5 1 3 4 DHCP Relay Agent DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain 5 1 3 4 1 Relay DHCP Relay Configuration Relay Mode Disabled Relay Server 0 0 0 0 I Relay Information Mode Enabled FI SPU SM Replace The following table describes the labels in this screen Relay Mode Indicates the DHCP relay mode operation Possible modes are ORing Industrial Networking Corp 31 ORi Relay Server Relay Information Mode Relay Information Policy IGPS 9084GP Series User s Manual Enabled Enable DHCP relay mode operation When DHCP relay mode operation is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain And the DHCP broadcast message won t be flooded for
34. IPv6 default value is Any SSAP Address Valid SSAP Source Service Access Point can vary from 0x00 to OxFF or Any the default value is Any DSAP Address Valid DSAP Destination Service Access Point can vary from 0x00 to OxFF or Any the default value is Any 3 LLC Control Valid Control field can vary from 0x00 to OxFF or Any the default value is Any PID Valid PID a k a ethernet type can have value within ana 0x00 0xFFFF or Any default value is Any Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y Z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero 5 IPv4 DSCP Diffserv Code Point value DSCP It can be a specific Pv value range of values or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment lpv4 frame fragmented option yes nolany Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Protocol IP protocol number 0 255 TCP or UDP or Any 6 IPv6 Source IP IPv6 source address a b c d or Any 32 LS bits DSCP D
35. In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay reguests Protocol Transport protocol used by the PTP protocol engine ethernet PTP over Ethernet multicast ip4multi PTP over IPv4 multicast ip4uni PTP over IPv4 unicast Note IPv4 unicast protocol only works in Master only and Slave OkRing Industrial NetworkingCcop 48 Industrial Networking Corp 145 IGPS 9084GP Series User s Manual only clocks See parameter Device Type In a unicast Slave only clock you also need configure which master clocks to request Announce and Sync messages from See Unicast Slave Configuration VLAN Tag Enable Enables the VLAN tagging for the PTP frames Note Packets are only tagged if the port is configured for vlan tagging i e Port Type Unaware and PortVLAN mode None and the port is member of the VLAN VLAN Identifier used for tagging the PTP frames Priority Code Point value used for PTP frames 5 1 14 PoE 5 1 14 1 Configuration PoE is an acronym for Power Over Ethernet Power Over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply Open all Power Over Ethernet Configuration B System Info
36. Support SNMP v1 v2c v3 8 RMON 8 802 1Q VLAN Network Management Support ACL TACACS and 802 1x User Authentication for security Supports 9 6K Bytes Jumbo Frame Multiple notification for warning of unexpected event Web based Telnet Console CLI and Windows utility Open Vision configuration Support LLDP Protocol Rigid IP 30 housing design DIN Rail and wall mounting enabled 3 Hardware Features Redundant DC power inputs Operating Temperature 40 to 70 C Storage Temperature 40 to 85 C Operating Humidity 5 to 95 non condensing Casing IP 30 8x 10 100 1000Base T X P S E 4 x 100 1000Base X SFP Console Port Dimensions 96 4 W x 105 5 D x 154 H mm 3 8 x 4 15 x 6 06 inch ORing Industrial Networking Corp IGPS 9084GP Series User s Manual Hardware Installation 2 1 Installing Switch on DIN Rail Each switch has a DIN Rail kit on rear panel The DIN Rail kit helps switch to fix on the DIN Rail It is easy to install the switch on the DIN Rail 2 1 1 Mount IGPS 9084GP on DIN Rail GC 7 ji Maal IL on 0 0 I a DIN Rail Size ORing Industrial Networking Corp IGPS 9084GP Series User s Manual 2 2 Wall Mounting Installation Each switch has another installation method for users to fix the switch A wall mount panel can be found in the package The following steps show how to mount the switch on the wall Wall Mounting size ORi
37. VCXO rate adjustment The following values are possible 1 True Enable the external VCXO rate adjustment 2 False Disable the external VCXO rate adjustment Clock Frequency This will allow to set the Clock Frequency The possible range of values are 1 25000000 1 25MHz ORing Industrial Networking Corp 144 IGPS 9084GP Series User s Manual PTP Clock Configuration PTP Ciock Configuration Port List Delete CO Device 34567891011 12 13 14 15 16 17 18 19 20 Instance Type Mo Clock Instances Present Check this box and click on Save to delete the clock instance Clock Instance Indicates the Instance of a particular Clock Instance 0 3 Click on the Clock Instance number to edit the Clock details Device Type Indicates the Type of the Clock Instance There are five Device Types 1 Ord Bound clock s Device Type is Ordinary Boundary Clock 2 P2p Transp clock s Device Type is Peer to Peer Transparent Clock 3 E2e Transp clock s Device Type is End to End Transparent Clock 4 Master Only clock s Device Type is Master Only 5 Slave Only clock s Device Type is Slave Only Port List Set check mark for each port configured for this Clock Instance 2 Step Flag Static member defined by the system true if two step Sync events and Pdelay Resp events are used Clock Identity It shows unique clock identifier One Way If true one way measurements are used This parameter applies only to a slave
38. VIGWS ins center eaniinnsiconhdsiieansicntnanabdstioanvecnsnannbintioncienteannidsamnienteaneiiae 73 5 1 7 6 SNMP Accesses iiiiieeemteeeeeeenenennneeeeeeennnnennneeeeeeeneeea 74 2 16 TN NG 75 5 1 8 1 Stom COMLOL eager adage aada aaa taa kraad Jaala aaa 75 5 1 8 2 Port Classifcation meeeeenree 76 ORing Industrial Networking Corp 3 Orina IGPS 9084GP Series User s Manual 5 1 8 3 Port Tag Remaking rrrrrrrrrrrrrrnrrrrrrrrrrrrrrrrrrrrrnrrrrrrrrrrrrrnrrnrrnnrrrrrsrnrsrsssnnnns 78 5184 Por DSCP ieccicsiccensisssssurssdncennsasonsssaadunvenssdanwssondocsahssduesvasadonsabsaunrssaasinensraaksnatee 79 S169 FRP NN 155 145445000050 4547 4974 er er er asu 80 5 1 8 6 Queue POIIGIMG a nan Reet Rt Ti at te nee rt a annae aaa matata aaa aa alia 81 5 1 8 7 QoS Egress Port Scheduler and Shapers 82 5 1 8 8 Port Schedulet iimeeeeeenenennneeeeeeennneennneeeeeeeeneeea 84 5100 POPE TM aatal aa 85 51 06 10 DSEP Based QOS skin 85 del DSP TAS EIN hr 86 5 1 8 12 DSCP Classification 87 5 1 8 13 QoS Control List rorrrrrrnnrrnrnrrosnvrrrnrronnvrrrerrrsnnvrrnrnnnnnvrrnrnrsnnvrrnrnrnnnnrnesnnn 88 5 1 8 14 QoS Counters ieennnasvanaenateennnaanvaeeenadevunaatsvaeeteadenunantt eee avesta 90 5 1 8 15 QCL SBS see 91 EMNE MEE A a AAE 92 5 1 9 1 IGMP SNOOpiN
39. VLAN identifier for the port The allowed values are from 1 through 4095 The default value is 1 Note The port must be a member of the same VLAN as the Port VLAN ID Determines egress tagging of a port Untag_pvid All VLANs except the configured PVID will be tagged Tag_all All VLANs are tagged Untag all All VLANs are untagged 37 Orina IGPS 9084GP Series User s Manual How is Unaware C Port S Port S Customer Port Port can be one of the following types Unaware C port S port and S custom port Ss Ingress action Egress action Unaware The function of Unaware can be used for 802 1QinQ double tag S custom port When the port received untagged frames an untagged frame obtain a tag based on PVID and is forwarded When the port received tagged frames 1 if the tagged frame with TPID 0x8100 it become a double tag frame and is forwarded 2 if the TPID of tagged frame is not 0x8100 ex 0x88A8 it will be discarded When the port received untagged frames an untagged frame obtain a tag based on PVID and is forwarded When the port received tagged frames 1 if an tagged frame with TPID 0x8100 itis forwarded 2 if the TPID of tagged frame is not 0x8100 ex 0x88A8 it will be discarded When the port received untagged frames an untagged frame obtain a tag based on PVID and is forwarded When the port received tagged frames 1 if an tagged frame wit
40. a device switch or hub for instance that will provide power in a PoE connection And support wide operating temperature from 40 C to 70 C IGPS 9084GP can also be managed centralized and convenient by Open Vision Except the Web based interface Telnet and console CLI configuration Therefore the switch is one of the most reliable choice for highly managed and Fiber Ethernet application 1 2 Software Features HW Support O Ring recovery time lt 30ms over 250 units of connection and MSTP RSTP STP compatible for Ethernet Redundancy Open Ring support the other vendor s ring technology in open architecture O Chain allow multiple redundant network rings Support standard IEG 62439 2 MRP Media Redundancy Protocol function 8 port P S E fully compliant with IEEE802 3at standard provide up to 30 Watts per port Support PoE scheduled configuration and PoE auto ping check function Support IEEE 1588v2 clock synchronization Support IPV6 new internet protocol version Support Modbus TCP protocol Support IEEE 802 3az Energy Efficient Ethernet technology Provided HTTPS SSH protocol to enhance network security Support SMTP client Support IP based bandwidth management Support application based QoS management Support Device Binding security function ORing Industrial Networking Corp 6 ORi 1 IGPS 9084GP Series User s Manual Support DOS DDOS auto prevention IGMP v2 v3 IGMP snooping support for filtering multicast traffic
41. connection Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HT TPS mode operation Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 24 IGPS 9084GP Series User s Manual 5 1 2 7 SSH SSH Configuration Disabled 7 Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Click to save changes Click to undo any changes made locally and revert to previously ese saved values 5 1 2 8 LLDP LLDP Configuration This page allows the user to inspect and configure the current LLDP port settings LLDP Configuration LLDP Parameters Tx Interval seconds Disabled Disabled ORing Industrial Networking Corp 25 IGPS 9084GP Series User s Manual The switch port number of the logical LLDP port Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors LLDP Neighbor Information This page provides a status overv
42. in milliseconds between the most recent Access Round Reply Access Challenge and the Access Request that matched it from the RADIUS Trip radiusAuthClientExtRoundTripTime authentication server The granularity of this measurement is 100 ms A value of Time 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Statistics for Server 1 Receive Packets Transmit Packets Responses Requests Malformed Responses Retransmissions Bad Authenticators Pending Requests Unknown Types Timeouts Packets Droppe Other Info IP Address 0 0 0 0 1813 State Disabled Round Trip Time O ms ae 7 AAK RADIUS accounting server packet counter There are five receive and four transmit counters Direction RFC4670 Name Description The number of RADIUS packets valid or invalid received from the server The number of malformed RADIUS packets received from the server Malformed packets include packets Responses radiusAccClientExtResponses radiusAccClientExtMalformedResponses with an invalid length Bad authenticators or or unknown types are not included as malformed access responses The number of RADIUS packets containing invalid authenticators received from the server The number of RADIUS packets of unknown types that Pac ket Cou nte rs Unknown Types radiusAccClientExtUnknownTypes were received from the server on the accounting port The number of RADIUS packets that were received from Packets
43. length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY 1s complete Port The port where you are requesting VeriPHY Cable Diagnostics Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair 5 1 12 6 SFP Monitor DDM function can pass SFP module which supports DDM function measure the temperature of the apparatus And manage and set up event alarm module through DDM WEB ORing Industrial Networking Corp 141 IGPS 9084GP Series User s Manual SFP Monitor Auto refresh L Port No Temperature C Vcc V TX Bias mA TX Power pw Woo JET ld KJ Warning Temperature 85 ec o 100 Event Alarm Syslog 5 1 12 7 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues ICMP Ping IP Address Ping Size After you press Start 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp seq 0 time Oms ORing Industrial Networking Corp 142 IGPS 9084GP Series User s Manual 64 bytes from 10 10 132 20 icmp_seq 1
44. of the RADIUS Authentication Server IP IP Address address is expressed in dotted decimal notation The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server 5 1 10 4 3 RADIUS Accounting Server Configuration RADIUS Accounting Server Configuration IP Address ORing Industrial Networking Corp 114 IGPS 9084GP Series User s Manual The RADIUS Accounting Server number for which the configuration below applies address is expressed in dotted decimal notation The UDP port to use on the RADIUS Accounting Server If the portis set to 0 zero the default port 1813 is used on the RADIUS Accounting Server The secret up to 29 characters long shared between the RADIUS E 5 1 10 5 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the Authentication configuration page RADIUS Authentication Servers RADIUS Authentication Server Status Overview Auto refresh L IP Address Disabled Disabled Disabled Disabled Disabled The RADIUS server number Click to navigate to detailed statistics for this server The IP address and UDP port number in lt IP Address gt lt UDP Port gt IP Address notation of this server The current status of the server This field takes one of the following values Disabled The server is disabled Not Ready The s
45. provide DNS lookup Assign the subnet mask of the IP address If DHCP client function is enabling you do not need to assign the subnet mask Assign the network gateway for the switch The default gateway IP Router is 192 168 10 254 Provide the managed VLAN ID The allowed range is 1 through VLAN ID 4095 Provide the IP address of the DNS Server in dotted decimal DNS Server notation Click to save changes Assign the IP address that the network is using If DHCP client function is enabling you do not need to assign the IP address IP Address The network DHCP server will assign the IP address for the switch and it will be display in this column The default IP is 192 168 10 1 ORing Industrial Networking Corp 22 IGPS 9084GP Series User s Manual Click to undo any changes made locally and revert to previously Lese saved values 5 1 2 5 IPV6 Setting Configure the switch managed IPv6 information on this page IPv6 Configuration Configured Current Auto C Configuration 192 0 2 1 Address 192 0 2 1 Link Local Address feg0 21e 94ff fe01 6735 Prefix 96 96 Router Save Reset Enable IPv6 auto configuration by checking this box If system cannot obtain the stateless address in time the configured IPv6 Auto Configuration settings will be used The router may delay responding to a router solicitation for a few seconds the total time needed to complete auto configuration can b
46. server If the server does not reply within this time frame we will consider it to be dead and continue with the next enabled server if any Timeout RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of egual length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new Oeti reguests to a server that has failed to respond to a previous reguest This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this ORing Industrial Networking Corp 113 IGPS 9084GP Series User s Manual feature but only if more than one server has been configured 5 1 10 4 2 RADIUS Authentication Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns which are RADIUS Authentication Server Configuration Enabled IP Address D Secret The RADIUS Authentication Server number for which the configuration below applies Enabled Enable the RADIUS Authentication Server by checking this box The IP address or hostname
47. smaller rings to avoid effecting all switches when network topology change It is a good application for connecting two Rings Coupling Port Link to Coupling Port of the switch in another ring Coupling Ring need four switch to build an active and a backup link Set a port as coupling port The coupled four ports of four switches will be run at active backup mode Dual Homing Mark to enable Dual Homing By selecting Dual Homing mode Ring will be connected to normal switches through two RSTP links ex backbone Switch The two links work as active backup mode and connect each Ring to the normal switches in RSTP mode Apply Click Apply to set the configurations Note We don t suggest you to set one switch as a Ring Master and a Coupling Ring at the same time due to heavy load ORing Industrial Networking Corp 44 IGPS 9084GP Series User s Manual 5 1 5 3 O Chain O Chain is the revolutionary network redundancy technology that provides the add on network redundancy topology for any backbone network providing ease of use while maximizing fault recovery swiftness flexibility compatibility and cost effectiveness in one set of network redundancy topologies O Chain allows multiple redundant network rings of different redundancy protocols to join and function together as a larger and more robust compound network topology i e the creation of multiple redundant networks beyond the limitations of current redundant ring t
48. the network through a standard web browser such as Microsoft Internet Explorer The Web Based Management function supports Internet Explorer 5 0 or later Itis based on Java Applets with an aim to reduce network bandwidth consumption enhance access speed and present an easy viewing screen Note By default IE5 0 or later version does not allow Java Applets to open sockets You need to explicitly modify the browser setting in order to enable Java Applets to use network ports Preparing for Web Management The default value is as below IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin System Login 1 Launch the Internet Explorer 2 Type hitp and the IP address of the switch Press Enter ORing Industrial Networking Corp 17 IGPS 9084GP Series User s Manual Obl N Tok TA Calendar More og The login screen appears Key in the username and password The default username and password is admin 5 Click Enter or OK button then the main interface of the Web based management appears Enter Network Password Enter your password to connect to PC SWRDI9 Domain ORING Remember my credentials Legon failure unknown user name or bad password su dl ei Login screen Main Interface System Name IGP5 9084GP Industrial 12 port managed Gigabit PoE Ethernet switch with Description 8x1
49. the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Indicates the SNMP supported version Possible versions are ORing Industrial Networking Corp 67 Read Community Write Community IGPS 9084GP Series User s Manual SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the community string will associated with SNMPv3 communities table Indicates the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the community string will associated with SNMPv3 communities table Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users SNMP Trap Configuration Trap Mode VEE Trap Version SNMP vi DI sabled SS Pea oT a s Trap Community
50. the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch If more than one supplicant is connected to a port the one that comes first when the port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Securi
51. the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Son Side Authorized The port is in Force Authorized or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are author
52. using Priority The Priority shows the port s priority configured by the user The Port Status shows the port s status The status can be one of the following values PoE not available No PoE chip found PoE not supported for the port PoE turned OFF PoE disabled PoE is disabled by user PoE turned OFF Power budget exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can deliver and port s with the lowest priority is are powered down No PD detected No PD detected for the port PoE turned OFF PD overload The PD has requested or used more power than the port can deliver and is powered down ORing Industrial Networking Corp 149 IGPS 9084GP Series User s Manual PoE turned OFF PD is off Invalid PD PD detected but is not working correctly 5 1 15 Factory Defaults You can reset the configuration of the stack switch on this page Only the IP configuration is retained Factory Defaults Are you sure you want to reset the configuration to Factory Defaults Yes No Yes Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the Jo configuration 5 1 16 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you had powered on the devices Warm Reset Are you sure you want to perform a Warm Restart ORing Indu
53. 0 100 1000Base T X P 5 E ports and 4x100 1000Base X SFP socket Location Contact OID 1 3 6 1 4 1 25972 100 0 5 114 Hardware MAC Address 00 le 94 11 55 656 System Date 19 0 01 01700 50 51 00 00 System Uptime Od 00 50 51 Kernel Version v9 00 Software Version v1 00 Software Date 2013 05 28117 30 51 08 00 Auto refresh I Enable Location Alert Main interface ORing Industrial Networking Corp 18 IGPS 9084GP Series User s Manual 5 1 2 Basic Setting 5 1 2 1 System Information The switch system information is provided here system Information Configuration System Name IGPS 9084GP System Description Industrial 12 port managed Gi System Location System Contact System Timezone Offset minutes o System Information interface An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Z a z System Name digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System The device Description Description The physical location of this node e g telephone closet 3rd System Location floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 The textu
54. 10 66 Alive Check me The ID gt 1 of the system log entry The level of the system log entry The following level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels The time of the system log entry The MAG Address of this switch Check this box to enable an automatic refresh of the page at regular Auto refresh L intervals Updates the system log entries starting from the current entry ID Clear Flushes all system log entries Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently displayed Updates the system log entries starting from the last entry currently displayed Updates the system log entries ending at the last available entry ID ORing Industrial Networking Corp 140 IGPS 9084GP Series User s Manual 5 1 12 5 Cable Diagnostics This page is used for running the VeriPHY Cable Diagnostics VeriPHY Cable Diagnostics Cable Status Length A PairB LengthB PairC LengthC PairD Length D Press to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables of
55. 821 Simple Mail Transfer Protocol SMTP Setting E mail Alert Disable SMTP Server Address Sender E mail Address Mail Subject M Authentication Recipient E mail Address 1 Recipient E mail Address 2 Recipient E mail Address 3 Recipient E mail Address 4 Recipient E mail Address 5 Recipient E mail Address 6 System Warning SMTP Setting interface The following table describes the labels in this screen E mail Alarm Enable Disable transmission system warning events by e mail Sender E mail The SMTP server IP address Address Mail Subject The Subject of the mail Authentication m Username the authentication username m Password the authentication password ORing Industrial Networking Corp 131 IGPS 9084GP Series User s Manual ee Confirm Password re enter password Recipient E mail The recipient s E mail address It supports 6 recipients for a Address mail Click Apply to activate the configurations Show help file 5 1 11 2 3 Event Selection SYSLOG and SMTP are the two warning methods that supported by the system Check the corresponding box to enable system event warning method you wish to choose Please note that the checkbox cannot be checked when SYSLOG or SMTP is disabled system Warning Event Selection System Events SYSLOG SMIP System Start Power Stat
56. 9 e e 9 9 9 el el e 4 A row of check boxes for each port is displayed for each private VLAN ID To include a port in a Private VLAN check the box To Port Members remove or exclude the port from the Private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Add New Private VLAN Click to add a new private VLAN ID An empty row is added to the table and the private l I VLAN can be configured as needed The allowed range for a Adding a New Static Ei private VLAN ID is the same as the switch port number range ntry Any values outside this range are not accepted and a warning message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save ORing Industrial Networking Corp 66 IGPS 9084GP Series User s Manual The button can be used to undo the addition of new Private VLANs Port Isolation Configuration Open in new window ae Joson A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port Port Members KAA When unchecked port isolation is disabled for that port By default port isolation is disabled for all ports 5 1 7 SNMP 5 1 7 1 SNMP System SNMP System Configuration Mode Enabled Version SNMP vic Tne ka public Tie private Engine ID Indicates
57. AN can only be VLANS Mapped mapped to one MSTI An unused MSTI should just be left empty l e not having any VLANs mapped to it ORing Industrial Networking Corp 47 IGPS 9084GP Series User s Manual Click to save changes Click to undo any changes made locally and revert to previously saved values MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well MS TI Configuration MSTI Priority Configuration aa AST The bridge instance The CIST is the default instance which is always active Controls the bridge priority Lower numerical values have better Priority priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Click to save changes Click to undo any changes made locally and revert to previously LESE saved values ORing Industrial Networking Corp 48 IGPS 9084GP Series User s Manual CIST Ports This page allows the user to inspect the current STP CIST port configurations and possibly change them as well This page contains settings for physical and aggregated ports The aggregation settings are stack global STP CIST Ports Configuration CIST Aggregated Ports Configuration Port a Path Cost Priority Admin Edge Auto Edge PAE BPDU Guard aa Enabled Role TCN point to l O Edge Forced True M
58. C Frame must be broadcast DMAC Filter UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is DMAC Value XX XX XX XX XX XX A frame that hits this ACE matches this DMAC value VLAN Parameters VLAN ID Filter VLAN ID Tag Priority JE AKA Specify the VLAN ID filter for this ACE Any No VLAN ID filter is specified VLAN ID filter status is VLAN ID Filter don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears ORing Industrial Networking Corp 105 IGPS 9084GP Series User s Manual When Specific is selected for the VLAN ID filter you can enter a VLAN ID specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 The Tag Priority value Any means that no tag priority is specified tag priority is don t care IP Parameters IP Protocol Filter IP Protocol Value 6 IP TIL Non zera IP Fragment IP Option SIP Filter Network W SIP Address SIP Mask DIP Filter DIP Address DIP Mask
59. Check to delete the entry It will be deleted during the next save private default rw group Indicates the security model that this entry should belong to Possible Security Model security models are ORing Industrial Networking Corp 12 IGPS 9084GP Series User s Manual v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM A string identifying the security name that this entry should belong to Security Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 5 1 7 5 SNMP Views Configure SNMPv3 views table on this page The entry index keys are View Name and OID Subtree SNMPv3 Views Configuration Delete View Name View Type OID Subtree F default view included Check to delete the entry It will be deleted during the next save A string identifying the view name that this entry should belong to View Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the view type that this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included View Type excluded An optional flag to i
60. Dropped radiusAccClientExtPacketsDropped the server on the accounting port and dropped for some other reason The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or received a response radiusAccClientExtPendingRequests This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Reguest as well as a timeout Responses Bad Authenticators radiusAcctClientExtBadAuthenticators Requests radiusAccClientExtRequests Retransmissions radiusAccClientExtRetransmissions Pending Requests Timeouts radiusAccClientExtTimeouts ORing Industrial Networking Corp 118 IGPS 9084GP Series User s Manual This section contains information about the state of the server and the latest RFC4670 Name Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and Other Info running eae Re
61. ID option did not match known Remote ID ORing Industrial Networking Corp 33 IGPS 9084GP Series User s Manual Chent Statistics Transmit Transmit Receive Receive Replace Keep Drop to Client Error from Client Agent Option Agent Option Agent Option Agent Option The following table describes the labels in this screen Transmit to Client The number of relayed packets from server to client Transmit Error The number of packets that resulted in error while being sent to servers Receive Agent Option The number of received packets with relay agent information option Replace Agent Option The number of packets which were replaced with relay agent information option Keep Agent Option The number of packets whose relay agent information was retained Drop Agent Option The number of packets that were dropped which were received with relay agent information 5 1 4 Port Setting 5 1 4 1 Port Control This page displays current port configurations Ports can also be configured here Port Configuration Link Speed Flow Control Maximum Power Current Configured Current Rx CurrentTx Configured Frame Size Control Disabled Disabled Disabled Disabled 600 Disabled 10 Disabled 00 Disabled 00 Disabled Down Down Down Down 100fdx Down 16fdx 1Gfdx Down EEE EE vm m amp ld M eH f k o Down el H Down SSG 9 e AS 4451 4154 Eee e E e KA
62. MP Traffic Prioritization Multicast Security E warning M Monitor and Diag M Synchronization E PoE Configuration Status ga Factory Default E System Reboot Local JE Power Power Current Port Requested Allocated Used o w o w No PD detected o w o w No PD detected o w o w No PD detected o w o w No PD detected o w o w No PD detected o w o w No PD detected o w o w V No PD detected 0 w o w No PD detected PoE not available PoE not available PoE not available PoE not available Priority Port Status ri Oo O SI 6 vi B Wh i O ORing Industrial Networking Corp 148 ORi IGPS 9084GP Series User s Manual Label Local Port PD Class Description Each PD is classified according to a class that defines the This is the logical port number for this row maximum power the PD will use The PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W Power Requested The Power Requested shows the requested amount of power the PD wants to be reserved Power Allocated The Power Allocated shows the amount of power the switch has allocated for the PD Power Used The Power Used shows how much power the PD currently is using Current Used The Power Used shows how much current the PD currently is
63. None None authentication protocol ORing Industrial Networking Corp 71 IGPS 9084GP Series User s Manual MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already exists That means must first ensure that the value is set correctly A string identifying the authentication pass phrase For MD5 Authentication authentication protocol the allowed string length is 8 to 32 For SHA Password authentication protocol the allowed string length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 Indicates the privacy protocol that this entry should belong to Possible privacy protocols are Privacy Protocol None None privacy protocol DES An optional flag to indicate that this user using DES authentication protocol A string identifying the privacy pass phrase The allowed string length Privacy Password is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 5 1 7 4 SNMP Groups Configure SNMPv3 groups table on this page The entry index keys are Security Model and Security Name SNMPv3 Groups Configuration Delete Security Model Security Name Group Name public default ro group private default rw group public default ro group default user default rw group Add new group Save
64. RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the Authentication configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch
65. RAKK KKK H kJ Down ORing Industrial Networking Corp 34 ORi IGPS 9084GP Series User s Manual This is the logical port number for this row The current link state is displayed graphically Green indicates the Link link is up and red that it is down Current Link Speed Provides the current link speed of the port Select any available link speed for the given switch port Auto Speed selects the highest speed that is compatible with a Configured Link link partner Speed Disabled disables the switch port operation lt gt configuration all port When Auto Speed is selected for a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port Flow Control are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed including FCS The allowed range is 1518 bytes to 9600 bytes The Usage column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters per port Power Control Disabled All power savings mechanisms disabled ActiPHY Lin
66. S lt priv password gt User Delete lt index gt User Changekey lt engineid gt lt user name gt lt auth password gt lt priv password gt Group Add lt security model gt lt security name gt lt group name gt Access Add lt group name gt lt security model gt lt security level gt lt read view name gt lt write view name gt Access Delete lt index gt Access Lookup lt index gt Firmware vare gt Load lt ip addr string gt lt file name gt Configuration lt clockinst gt PortState lt clockinst gt lt port list gt enableldisablelinternal ClockCreate lt clockinst gt lt devtype gt lt twostep gt lt protocol gt lt oneway gt lt clockid gt lt tag enable gt lt vid gt lt prio gt ClockDelete lt clockinst gt lt devtype gt ORing Industrial Networking Corp 166 IGPS 9084GP Series User s Manual Timingproperties lt clockinst gt lt utcoffset gt lt valid gt lt leap59 gt lt leap61 gt PTP PortDataSet lt clockinst gt lt port_list gt lt announceintv gt lt announceto gt lt syncintv gt lt delaymech gt lt minpdelayreqintv gt lt delayasymmetry gt lt ingressLatency gt LocalClock lt clockinst gt updatelshowlratio lt clockratio gt Filter lt clockinst gt lt def delay filt gt lt period gt lt dist gt Servo lt clockinst gt lt displaystates gt lt ap enable gt lt ai enable gt
67. Scheduler and Shapers Port 1 Queue Shaper Enable Rate Unit Excess Q0 Port Shaper Enable Rate Unit 611599 kbps YI a D OG go I 1 OG 0 E 10 MG o oO Controls whether the scheduler mode is Strict Priority or Scheduler Mode Weighted on this switch port Queue Shaper Controls whether the queue shaper is enabled for this queue on Enable this switch port Controls the rate for the queue shaper The default value is 500 Queue Shaper Rate This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queues Shaper Unit Controls the rate for the queue shaper The default value is 500 ORing Industrial Networking Corp 82 IGPS 9084GP Series User s Manual This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queue Shaper Controls whether the queue is allowed to use excess bandwidth Excess Port Shaper Enable Gontrols whether the port shaper is enabled for this switch port Controls the rate for the port shaper The default value is 500 Port Shaper Rate This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Weighted Poti amp QoS Egress Port Scheduler and Sha
68. Specify the IP protocol filter for this ACE Any No IP protocol filter is specified don t care Specific If you want to filter a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears ICMP Select ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explained IP Protocol Filter later in this help file UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file When Specific is selected for the IP protocol value you can enter a IP Protocol Value specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IP protocol value ORing Industrial Networking Corp 106 ORing IGPS 9084GP Series User s Manual Specify the Time to Live settings for this ACE zero IPv4 frames with a Time to Live field greater than zero must not ETTE be able to match this entry non zero IPv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offse
69. VLAN Mode Port VLAN ID ORing Industrial Networking Corp IGPS 9084GP Series User s Manual Enable ingress filtering on a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded By default ingress filtering is disabled no checkmark Determines whether the port accepts all frames or only tagged untagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All Configures the Port VLAN Mode The allowed values are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag_pvid when this mode is used If Specific the default value is selected a Port VLAN ID can be configured see below Untagged frames received on the port are classified to the Port VLAN ID If VLAN awareness is disabled all frames received on the port are classified to the Port VLAN ID If the classified VLAN ID of a frame transmitted on the port is different from the Port VLAN ID a VLAN tag with the classified VLAN ID is inserted in the frame Configures the
70. ady The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet d radiusAccClientExtRoundTripTime 5 1 10 7 NAS 802 1x This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by reguiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Authentication configuration page MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X s
71. ake ORing Industrial Networking Corp 147 IGPS 9084GP Series User s Manual over For being able to determine the amount of power the PD may use it must be defined what amount of power the primary and backup power sources can deliver Valid values are in the range 0 to 2000 Watts This is the logical port number for this row Ports that are not PoE capable are grayed out and thus impossible to configure PoE for PoE Mode The PoE Mode represents the PoE operating mode for the port Disabled PoE disabled for the port PoE Enables PoE IEEE 802 3af Class 4 PDs limited to 15 4W PoE Enables PoE IEEE 802 3at Class 4 PDs limited to 30W Priority The Priority represents the ports priority There are three levels of power priority named Low High and Critical The priority is used in the case where the remote devices requires more power than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number Maximum Power The Maximum Power value contains a numerical value that indicates the maximum power in watts that can be delivered to a remote device The maximum allowed value is 30 W 5 1 14 2 Status This page allows the user to inspect the current status for all PoE ports Open all Power Over Ethernet Status 8 System Information kinda Auto refresh Basic Setting DHCP Server Relay Port Setting Redundancy VLAN SN
72. al identification of the contact person for this managed node together with information on how to contact this person System Contact The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 Provide the time zone offset relative to UTC GMT System Timezone The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Click to save changes ORing Industrial Networking Corp 19 offset minutes IGPS 9084GP Series User s Manual Click to undo any changes made locally and revert to previously saved values 5 1 2 2 Admin amp Password This page allows you to configure the system password required to access the web pages or log in from CLI system Password Username Old Password New Password Confirm New Password Old Password Enter the current system password If this is incorrect the new password will not be set Confirm password Re type the new password Save Glick to save changes New Password The system password The allowed string length is 0 to 31 and the allowed content is the ASCII characters from 32 to 126 ORing Industrial Networking Corp 20 IGPS 9084GP Series User s Manual 5 1 2 3 Auth Method This page allows you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces Authentication Method Configuration Authentication Method Fallba
73. ately Check this box to enable an automatic refresh of the page at Auto refresh L regular intervals Port Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole stack switch while local counters refer to counters for the currently selected switch Auto refresh Global Counters Neighbor entries were last changed at 1970 01 01 04 03 03 0000 26 sec ago Total Neighbors Entries Added Total Neighbors Entries Deleted Total Neighbors Entries Dropped Total Neighbors Entries Aged Out LLDP Statistics Local Counters Local Port TxFrames RxFrames Rx Errors Frames Discarded TLVs Discarded TLVs Unrecognized Org Discarded Age Outs pi oO O O O O OOOOHKOONOBRO OOOOOOOKOOO OOOOOOOOOOO OOOOOOOOOOO OOOOOOOOOOO OOOOOOOOOOO om 0000000000 oo0OOGOOGOGOOGOG Global Counters Neighbor entries Shows the time for when the last entry was last deleted or added ORing Industrial Networking Corp 21 were last changed at Total Neighbors Shows the number of new entries added since switch reboot Entries Added IGPS 9084GP Series User s Manual Total Neighbors Shows the number of new entries deleted since switch reboot Entries Deleted Total Neighbors Shows the number of LLDP frames dropped due to that the entry Total Neighbors Shows the number of entries deleted due to Time To Live Local Counters Rx Frames Th
74. be probed automatically Otherwise the ID specified in this field is used The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Indicates the SNMP trap security name SNMPv3 traps and informs Trap Security R using USM for authentication and privacy A unique security name is ame needed when traps and informs are enabled 5 1 7 2 SNMP Communities Configure SNMPv3 communities table on this page The entry index key is Community SNMPv3 Communities Configuration Delete Community Source IP Source Mask public 0 0 0 0 I private 0 0 0 0 Check to delete the entry It will be deleted during the next save Indicates the community access string to permit access to SNMPv3 Community agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 SourcelP Indicates the SNMP access source address Source Mask Indicates the SNMP access source address mask ORing Industrial Networking Corp 70 IGPS 9084GP Series User s Manual 5 1 7 3 SNMP Users Configure SNMPv3 users table on this page The entry index keys are Engine ID and User Name SNMPv3 Users Configuration User Security Authentication Authentication Privacy Privacy Name Level Protocol Password Protocol Password E 800007e5017f000001 default user NoAuth NoPriv None None None None Delete Engine ID Check to delete the ent
75. bps fos or kips The default value is kbps If flow control is enabled and the port is in flow control mode then Flow Control pause frames are sent instead of discarding frames 5 1 8 6 Queue Policing This page allows you to configure the Queue Policer settings for all switch ports QoS Ingress Queue Policers Queue 0 Queue 1 Queue Queue 3 Queuve4 Queue gt Oueue6 Queue 7 E Rate Unit Enable Enable Enable Enable Enable Enable Enable a soo kops WD a soo kops WD A soo kops WD A soo kops WD A soo kops WD The port number for which the configuration below applies Enable E Controls whether the gueue policer is enabled on this switch port m eee ek bee 4 1 4 bak 4 1 4 1 bie ek o 1 bee ek o 1 be ek ek Controls the unit of measure for the queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers are enabled Controls the rate for the queue policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers are enabled ORing Industrial Networking Corp 81 IGPS 9084GP Series User s Manual 5 1 8 7 QoS Egress Port Scheduler and Shapers This page allows you to configure the Scheduler and Shapers for a specific port Strict Priority Port 1 QoS Egress Port
76. can be used to calculate the Number destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled ORing Industrial Networking Corp 36 IGPS 9084GP Series User s Manual Aggregation Group Configuration Port Members Group ID Normal 1 ae Joson S Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group 5 1 4 2 2 LACP Port Configuration This page allows the user to inspect the current LACP port configurations and possibly change them as well ORing Industrial Networking Corp 37 IGPS 9084GP Series User s Manual LACP Port Configuration LACP Enabled Active Active 4 Active 4 Active m Active Active 4 ii Active Active Mi Active Active Mi i 2 3 4 5 6 7 g E auto Auto MI OO Active Auto iM __ Active M
77. ck console Ilocal telnet local ssh local web local Save Reset The management client for which the configuration below applies Authentication Method can be set to one of the following values M none authentication is disabled and login is not possible Authentication Mothod local use the local user database on the switch for authentication radius use a remote RADIUS server for authentication Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authentication This is only possible if the Authentication Method is set to a value other than none or local Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 21 IGPS 9084GP Series User s Manual 5 1 2 4 IP Setting Configure the switch managed IP information on this page IP Configuration Configured Current DHCP Client anew IP Address 192 168 10 1 192 168 10 1 IP Mask 255 255 253 255 255 255 0 IP Router 0 0 0 0 VLAN ID DNS Server 0 0 0 0 Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and ae OMEN the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to
78. d LED x 8 Fault contact Power Physical Characteristic Ms ew x 105 5 D x 154 3 8 x 4 15 x 6 06 inches Environmental Storage Temperature 40 to 85 C 40 to 185 F Operating Temperature 40 to 70 C 40 to 158 F Operating Humidity 5 to 95 Non condensing Regulatory approvals EN61000 4 2 ESD EN61000 4 3 RS EN61000 4 4 EFT EN61000 4 5 Surge EN61000 4 6 CS EN61000 4 8 EN61000 4 11 Warranty 5 years ORing Industrial Networking Corp 1
79. ddress field that appears Network Destination IP filter is set to Network Specify the Oking Industrial NetworkingCop 07 Industrial Networking Corp 107 IGPS 9084GP Series User s Manual destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear When Host or Network is selected for the destination IP filter you DIP Address M can enter a specific DIP address in dotted decimal notation When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation ARP Parameters Request Reply RARP SMAC Match Sender IP Filter IP Ethernet Length eit meee 192 168 1 1 IP Sender IP Mask 255 255 255 0 Ethernet Target IP Filter Network Target IP Address 192 168 1 254 Target IP Mask 253 253 255 0 Specify the available ARP RARP opcode OP flag for this ACE Any No ARP RARP OP flag is specified OP is don t care ARP RARP ARP Frame must have ARP RARP opcode set to ARP RARP Frame must have ARP RARP opcode set to RARP Other Frame has unknown ARP RARP Opcode flag Specify the available ARP RARP opcode OP flag for this ACE Any No ARP RARP OP flag is specified OP is don t care i M 1 M i 1 vi 1 i bil 1 i ARP RARP Other ARP SMAC Match Request Reply Request Frame must have ARP Request or RARP Request OP flag set Reply Frame must have ARP Reply or RARP Reply OP flag Specify the sen
80. der IP filter for this ACE Any No sender IP filter is specified Sender IP filter is don t care Host Sender IP filter is set to Host Specify the sender IP address in Sender IP Filter the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear Sender IP Address When Host or Network is selected for the sender IP filter you can ORing Industrial Networking Corp 108 ORi IGPS 9084GP Series User s Manual mr enter a specific sender IP address in dotted decimal notation When Network is selected for the sender IP filter you can enter a Sender IP Mask specific sender IP mask in dotted decimal notation Specify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care Host Target IP filter is set to Host Specify the target IP address in Target IP Filter AA the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear When Host or Network is selected for the target IP filter you can Target IP Adress M enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter a Target IP Mask M specific targe
81. dicates the level of DDOS detection Possible levels are Low Low sensibility Sensibility Normal Normal sensibility Medium Medium sensibility High High sensibility Indicates the packet type of DDOS monitor Possible types are RX Total Total ingress packets RX Unicast Unicast ingress packets Packet Type RX Multicast Multicast ingress packets RX Broadcast Broadcast ingress packets TCP TCP ingress packets UDP UDP ingress packets If packet type is UDP or TCP please specify the socket number SA OSTA EE here The socket number could be a range from low to high If the socket number is only one please fill the same number in low field and high field If packet type is UDP or TCP please choose the socket direction Destination Source Indicates the action when DDOS attack happened Possible actions are Do nothing Blocking 1 minute To block the forwarding for 1 mintue and log the event Blocking 10 minute To block the forwarding for 10 mintues and log the event Blocking Just blocking and log the event Shunt Down the Port Shut down the port No Link and log the event Only Log it Just log the event Reboot Device If POE supported the device could be rebooted And log the event Indicates the DDOS Prevention status Possible statuses are Disable Analysing Analyse the packet throughput for initialization Running Function ready Attacked DDOS attack happened
82. e Refer to NAS Admin State Admin State o for a description of possible values The current state of the port Refer to NAS Port State for a Port State a M description of the individual states The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most Mm LN amp 0 fl recently received frame from a new client for MAC based authentication Last ID ORing Industrial Networking Corp The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication 127 IGPS 9084GP Series User s Manual This page provides detailed IEEE 802 1X statistics for a specific switch port running port based authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed NAS Statistics Port 2 Port 2 Auto refresh Port State Punkari Force Authorized Port State ly Disabled Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states These supplicant frame counters are available for the following
83. e MRP topology need setting one device to Manager one MRP topology only can setting one device to Manager if user setting two or more switch to Manager this MRP topology will fail React on Link Change Faster mode if user enable this function MRP Topology will Advanced mode more faster convergence this function only can setting in MRP Manager Switch 1 Ring Port Choosing the port which connect to the MRP ring 2 Ring Port Choosing the port which connect to the MRP ring 5 1 5 2 O Ring Ring is the most powerful Ring in the world The recovery time of Ring is less than 30 ms It can reduce unexpected damage caused by network topology change Ring Supports 3 Ring topology Ring Coupling Ring and Dual Homing ORing Industrial Networking Corp 43 IGPS 9084GP Series User s Manual O Ring Configuration rss E Dual Homing Ring interface The following table describes the labels in this screen Redundant Ring Mark to enable Ring There should be one and only one Ring Master in a ring However if there are two or more switches which set Ring ng Master Master to enable the switch with the lowest MAC address will be the actual Ring Master and others will be Backup Masters 1 Ring Port The primary port when this switch is Ring Master 2 Ring Port The backup port when this switch is Ring Master Coupling Ring Mark to enable Coupling Ring Coupling Ring can be used to divide a big ring into two
84. e T RJ 45 Pin Assignments RD et ORing Industrial Networking Corp 13 IGPS 9084GP Series User s Manual 1000Base T P S E RJ 45 port BI_DA with PoE Power input BI DB with PoE Power input BI DC BI DC BI DB with PoE Power input BI DD BI DD The IGPS 9084GP Series switches support auto MDI MDI X operation You can use a straight through cable to connect PC to switch The following table below shows the 10BASE T 100BASE TX MDI and MDI X port pin outs 10 100 Base T MDI MDI X pins assignment TD transmit RD receive TD transmit RD receive MDI X port TD ransmit D Transm ORing Industrial Networking Corp 14 Orina IGPS 9084GP Series User s Manual O o we we 1000 Base T MDI MDI X pins assignment Note and signs represent the polarity of the wires that make up each wire pair 4 2 SFP The Switch has fiber optical ports with SFP connectors The fiber optical ports are in multi mode 0 to 550M 850 nm with 50 125 um 62 5 125 um fiber and single mode with LC connector Please remember that the TX port of Switch A should be connected to the RX port of Switch B Switch A Switch B EG lt i A 1 i il M Aa hy 5 A E AG 5 i p 4 dy me L md F r Fiber cord 4 3 Console Cable IGPS 9084GP switch can be management by console port The DB 9 to RJ 45 cable can be found in the package You can connect th
85. e numberof LLDP trames recewedon tepon mers The number of received LLDP frames containing some kind of error If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP Fames Discarded standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out Each LLDP frame can contain multiple pieces of information TLVs Discarded known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded The number of well formed TLVs but with an unknown type TLVs Unrecognized value Org Discarded The number of organizationally TLVs received Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is Age Outs received within the age out time the LLDP information is removed and the Age Out counter is incremented Click to refresh the page immediately ORing Industrial Networking Corp 28 IGPS 9084GP Series User s Manual Clears the local counters All counters including global counters ear are cleared upon reboot Check this box to enable an automatic refresh of the page at Auto refr
86. e sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port 125 ORi IGPS 9084GP Series User s Manual Security module Only then will frames from the client be forwarded on
87. e shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch Combined Auto refresh CI QoS Control List Status Action Port Conflict User OGEE Frame Type oO Class DPL DSCP No entries Description Indicates the QCL user Indicates the index of QCE Indicates the type of frame to look for incoming frames Possible frame types are Any The QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xFFFF Frame Type are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The ACE will match only IPV4 frames IPv6 The ACE will match only IPV6 frames Indicates the list of ports configured with the QCE jopet Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Sonic Displays Conflict status of QCL entries As H W resources are onflic shared by multiple appl
88. e significantly longer Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that Address can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 ee Provide the IPv6 Prefix of this switch The allowed range is 1 to 128 Provide the IPv6 gateway address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For ORing Industrial Networking Corp 2 IGPS 9084GP Series User s Manual P example 192 1 2 34 Click to save changes Glick to undo any changes made locally and revert to previously LESE saved values 5 1 2 6 HTTPS HTTPS Configuration TREN Disabled Indicates the HTTPS mode operation When the current connection is HTTPS to apply HTTPS disabled mode operation will automatically redirect web browser to an HTTP
89. echnology O Chain Uplink Port Edge Port State Description Enable Enabingthe O Ghainfunoion O O Edge Port In the O Chain application the head and tail of two Switch Port must start the Edge MAG smaller Switch Edge port will be the backup and RM LED Light Edge Port Edge Port O Chain Edge Port Edqe Port ORing Industrial Networking Corp 45 IGPS 9084GP Series User s Manual 5 1 5 4 MSTP Bridge Settings This page allows you to configure RSTP system settings The settings are used by all RSTP Bridge instances in the Switch Stack STP Bridge Configuration Basic Settings Protocol Version Forward Delay Max Age Maximum Hop Count Transmit Hold Count 6 The STP protocol version setting Valid values are STP RSTP Protocol Version and MSTP The delay used by STP Bridges to transition Root and Designated Forward Delay Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds The maximum age of the information transmitted by the Bridge Max Age when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be lt FwdDelay 1 2 This defines the initial value of remainingHops for MSTI information generated at the boundary of an MSTI region It Maximum Hop Count defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 4 to 30 seconds and MaxAge must be lt FwdDela
90. ecked Valid values are ORing Industrial Networking Corp 121 ORi IGPS 9084GP Series User s Manual inthe range 1 to 3600 seconds Determines the time for retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 65535 seconds This has no effect for MAC based ports EAPOL Timeout This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and Age Period free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds For ports in MAC based Auth mode reauthentication doesn t Cause direct communication between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Configuration Hold Time Security AAA page
91. ections a system and a port wide Network Access Server Configuration System Configuration Mode Disabled iy Reauthentication Enabled Reauthentication Period 36 seconds EAPOL Timeout 3 seconds Aging Period 3c 2 seconds Hold Time E j seconds Admin State Force Authorized Globally Disabled Reauthenticate Renita Force Unauthorized Globally Disabled MAC based Auth Globally Disabled 1 2 3 802 1X Globally Disabled 4 5 Force Authorized Globally Disabled Reauthenticate Reinitialize Indicates if 802 1X and MAC based authentication is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames If checked clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is lugged into a switch port Reauthentication j p For MAC based ports reauthentication is only useful if the Enabled RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port see Age Period below o Determines the period in seconds after which a connected client Reauthentication must be reauthenticated This is only active if the Period Reauthentication Enabled checkbox is ch
92. ed indicates that the port copy operation is disabled Specify the logging operation of the ACE The allowed values are Enabled Frames matching the ACE are stored in the System Log Logging Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Specify the port shut down operation of the ACE The allowed values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE The counter indicates the number of times the ACE was hit by a Counter rame MAC Parameters SMAC Filter ecm 00 00 00 00 00 0 DMAC Filter DMAC Value 00 00 00 00 00 0 ORing Industrial Networking Corp 104 IGPS 9084GP Series User s Manual Only displayed when the frame type is Ethernet Type or ARP Specify the source MAC filter for this ACE SMAC Filter Any No SMAC filter is specified SMAC filter status is don t care Specific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value appears When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is SMAC Value XX XX XX XX XX XX A frame that hits this ACE matches this SMAC oo value Specify the destination MAC filter for this ACE Any No DMAC filter is specified DMAG filter status is don t care MC Frame must be multicast B
93. em to PC via a RS 232 cable with DB 9 female ORing Industrial Networking Corp 15 ORing IGPS 9084GP Series User s Manual connector and the other end RJ 45 connector connects to console port of switch PC pin out male assignment RS 232 with DB9 female connector DB9 to RJ 45 Pin 2 RD Pin 2 TD Pin 2 Pin 3 TD Pin 3 RD Pin 3 Pin 5 GD Pin 5 GD Pin 5 DB Male Shield DE Female Signal Ground Received Lina Signa Detect seg g a ou Ring Indicator 1 a DCE Ready J P Traremitted Data DTE Ready af 4 gt a Clear to Send A 7 Clear to Send Transmitted Data ee gt Received Data 3 g gr pees EE e Request to Send DTE Ready 4 Request to Send 9 2 5 1 e f Received Line Signal Detect CE Ready Signal Ground Ring Indicator Shield aj Received by DTE Device eat Received by DCE Device A eee Transmitted from DTE Device Transmitted from DCE Device ORing Industrial Networking Corp 16 IGPS 9084GP Series User s Manual WEB Management While making any establishment and upgrading firmware please remove physical loop connection first DO NOT power off equipment during firmware is upgrading 5 1 Configuration by Web Browser This section introduces the configuration by Web browser 5 1 1 About Web based Management An embedded HTML web site resides in flash memory on the CPU board It contains advanced management features and allows you to manage the switch from anywhere on
94. enableldisable lt 1p addr string gt lt secret gt lt server port gt Statistics lt server index gt STP Configuration Version lt stp_version gt Non certified release v Txhold lt holdcount gt It 15 15 15 Dec 6 2007 MaxAge lt max_age gt ORing Industrial Networking Corp 161 IGPS 9084GP Series User s Manual Port RestrictedRole lt port_list gt enableldisable Msti Port Priority lt msti gt lt port_list gt lt priority gt Aggr Configuration Add lt port_list gt lt aggr 1d gt Delete lt aggr 1d gt Lookup lt aggr 1d gt Mode smacldmacliplport enableldisable Configuration lt port list gt LACP Mode lt port_list gt enableldisable Key lt port_list gt lt key gt i Role lt port_list gt activelpassive ORing Industrial Networking Corp 162 IGPS 9084GP Series User s Manual Status lt port_list gt Statistics lt port_list gt clear LLDP Configuration lt port_list gt Mode lt port_list gt enableldisable LLDI Statistics lt port_list gt clear Info lt port_list gt PoE Configuration lt port_list gt _ Primary_Supply lt supply power gt QoS Storm Broadcast enableldisable lt packet rate gt OCL Add lt gce 1d gt lt qce_id_next gt lt port_list gt lt tag gt lt vid gt lt pcp gt lt dei gt lt smac gt lt dmac_type gt etype lt e
95. enges packets valid or invalid received from the server The number of malformed RADIUS Access m a dona par br ie ae sje A alformed packets include packets with an teid radiusAuthClientExtMalformedAccessResponses invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response A packets containing invalid authenticators or radiusAuthClientExtBadAuthenticators Message Authenticator attributes received from the server Pac ket Cou nte rs The number of RADIUS packets that were Unknown Types radiusAuthClientExtUnknownTypes received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were Packets Dropped radiusAuthClientExtPacketsDropped received from the server on the authentication port and dropped for some other reason The number of RADIUS Access Request Access Requests radiusAuthClientExtAccessReguests packets sent to the server This does not include retransmissions The number of RADIUS Access Request radiusAuthClientExtAccessRetransmissions packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not Access Accepts radiusAuthClientExtAccessAccepts Access Challenges Bad Authenticators Access Retransmissions yet timed out or received a response This Pending Requ
96. erver is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running ORing Industrial Networking Corp 115 IGPS 9084GP Series User s Manual and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Servers RADIUS Accounting Server Status Overview Status Disabled Disabled Disabled Disabled Disabled The RADIUS server number Click to navigate to detailed statistics for this server The IP address and UDP port number in lt IP Address gt lt UDP Port gt IP Address notation of this server The current status of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get
97. esh regular intervals 5 1 2 9 Modbus TCP Support Modbus TCP About Modbus please reference http www modbus org MODBUS Configuration Enabled The following table describes the labels in this screen Enable or Disalble Modbus TCP function 5 1 2 10 Backup Restore Configuration You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags Configuration Save Save configuration Configuration Upload ORing Industrial Networking Corp 29 IGPS 9084GP Series User s Manual 5 1 2 11 Firmware Update This page facilitates an update of the firmware controlling the stack switch Firmware Update 5 1 3 DHCP Server 5 1 3 1 Setting The system provides with DHCP server function Enable the DHCP server function the switch system will be a DHCP server DHCP Server Configuration Enabled Sene Liit 192 168 10 100 End IP Address 1192 168 10 200 Subnet Mask 255 255 255 0 Router 192 168 10 254 DNS 192 168 10 254 Lease Time sec E 5400 TFTP Server Boot File Name 5 1 3 2 DHCP Dynamic Client List When the DHCP server function is activated the system will collect the DHCP client information and display in here ORing Industrial Networking Corp 30 IGPS 9084GP Series User s Manual
98. ests radiusAuthClientExtPendingRequests variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or radiusAuthClientExtTimeouts give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout ORing Industrial Networking Corp 117 IGPS 9084GP Series User s Manual This section contains information about the state of the server and the latest round trip time RFC4668 Name Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and Other Info running l ae Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured
99. ext Transfer Protocol over Secure Socket Layer RMON Remote Network Monitoring Security Switch Authentication Configuration urity switch auth gt Method consoleltelnetlsshlweb nonellocallradius p enableldisable Security Switch SSH 7 Mode enableldisable Security Switch HTTPS 7 Mode enableldisable Security Switch RMON Statistics Add lt stats 1d gt lt data source gt Statistics Delete lt stats 1d gt Statistics Lookup lt stats_id gt History Add lt history 1d gt lt data source gt lt interval gt lt buckets gt History Lookup lt history 1d gt Alarm Add lt alarm 1d gt lt interval gt lt alarm variable gt absoluteldelta lt rising threshold gt rising event index gt lt falling threshold gt lt falling event index gt risinglfallinglboth Alarm Delete lt alarm 1d gt Alarm Lookup lt alarm_id gt ORing Industrial Networking Corp 159 Security Network IGPS 9084GP Series User s Manual Psec Port Security Status Network Access Server IEEE 802 1X NAS ACL Access Control List DHCP Dynamic Host Configuration Protocol Security Network Psec Switch lt port_list gt Port lt port_list gt Security Network NAS ReauthPeriod lt reauth_period gt Statistics lt port_list gt clearleapollradius Security Network ACL Configuration lt port_list gt Action lt port_list gt permitldeny lt rate_limiter gt
100. for Custom S ports x ssas VLAN Port Configuration lt gt E Unaware Specific 1 Untag_pvid w Unaware e Spesie v 1 Untag_pvid v Unaware Spes x Untag_pvid Unaware Specific 1 Untag pvid v Speake Ml Untag pvid Unaware Specific Unaware Specific Unaware Oo 2 Specific v E i i Untag_ pvid 1 2 3 4 3 Unaware 6 7 8 Unaware Specific N I 1 Untag pvid 10 Cera Specific vi Untag pvid ve Specific A Untag_ vid vi Specific 1 ii Unaware 01 1 1298 18 124 78111 1 1094 ee 8 8 lata El 12 Unaware Ethertype for This field specifies the ether type used for Custom S ports This is customer S Ports a global setting for all the Custom S ports Pot This is the logical port number of this row Port can be one of the following types Unaware Customer port C port Service port S port Custom Service port S custom port Port type M If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed ORing Industrial Networking Corp 56 Ingress Filtering Frame Type Port
101. ge occurred Last Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C regular intervals STP Port Status This page displays the STP CIST port status for port physical ports in the currently selected switch ORing Industrial Networking Corp 32 IGPS 9084GP Series User s Manual STP Port Status Auto refresh L Port CIST Role CIST State Uptime Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding iD 09 Oh on LJ Bo re port o The switch port number of the logical STP port The current STP port role of the CIST port The port role can be CIST Role one of the following values AlternatePort BackupPort RootPort DesignatedPort The current STP port state of the GIST port The port state can be one of the following values Blocking Learning Forwarding Uptime The time since the bridge port was last initialized Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh L regular intervals STP Statistics This page displays the RSTP port statistics counters for bridge ports in the currently selected switch STP Statistics Auto refresh I I Port Transmitted Received Disca
102. h TPID 0x88A8 it is forwarded 2 if the TPID of tagged frame is not 0x88A8 ex 0x8100 it will be discarded When the port received untagged frames an untagged frame obtain a tag based on PVID and is forwarded When the port received tagged frames ORing Industrial Networking Corp gg Industrial Networking Corp The TPID of frame transmitted by Unaware port will be set to 0x8100 The final status of the frame after egressing are also effected by Egress Rule The TPID of frame transmitted by C port will be set to 0x8100 The TPID of frame transmitted by S port will be set to 0x88A8 The TPID of frame transmitted by S custom port will be set to an self customized value Oring o IGPS 9084GP Series User s Manual 1 if an tagged frame with TPID 0x88A8 it is which can be set by the forwarded user using the column 2 if the TPID of tagged frame is not 0x88A8 ex of Ethertype for 0x8100 it will be discarded Custom S ports M o I VLAN VID 5 TPID 8100 VID PVID TPID 8100 VID 5 TPID 8100 9000 Series VID 5 TPID 88A8 Packet Discarded M 1 Fa VLAN VID 8 TPID 8100 VID 8 TPID 8100 9000 Series VID 8 TPID 88A8 Packet Discarded ORing Industrial Networking Corp 59 IGPS 9084GP Series User s Manual Xt Packet Discarded VID 10 TPID 88A8 I VLAN Packe
103. hat this entry should belong to Possible security models are Security Level NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is Read View Name 1 to 32 and the allowed content is the ASCII characters from 33 to 126 The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is Write View Name 1 to 32 and the allowed content is the ASCII characters from 33 to 126 ORing Industrial Networking Corp 74 IGPS 9084GP Series User s Manual 5 1 8 Traffic Prioritization 5 1 8 1 Stom Control There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The rate is 2 n where n is equal to or less than 15 or No Limit The unit of the rate can be either pps packets per second or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note Frames which are sent to the CPU of the switch are always limited to aproximately 4 kpps For example broadcasts in the management VLAN are limited
104. hole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address ORing Industrial Networking Corp 134 IGPS 9084GP Series User s Manual Static MAC Table Configuration Port Members Delete VLAN ID MAC Address 1323 45 6 8 9 1011 13 H 00 4 94 98 88 68 GO M e E e a a e e e E 1 oo oo oo oo oo oOAOOOOOOOOOOO li 00 00 00 00 00 0000O0O000000000 Add new static entry Checkmarks indicate which ports are members of the entry Port Members Check or uncheck as needed to modify the entry Click Add new static entry Adding a New Static to add a new entry to the Entry static MAC table Specify the VLAN ID MAG address and port members for the new entry Click Save 5 1 12 1 2 MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAG address found in the MAC Table The Start from MAG address and VLAN input fields allow the user to select the starting Refresh point in the MAC Table Clicking the button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will Refresh upon a button click assume the value of the first displayed entry allowi
105. i kt ita hiti kina 29 3142 10 Back p Kestote E OIT OUR ALIOIN sssrinin e kana a akaatsial 29 TNT NNN 30 LE PP NN 30 EE EE 30 5 1 3 2 DHCP Dynamic Client List 30 5 1 3 3 DHCP Client List rrrrrrrrrorosnnrrrrrrrrrrrrrnnnrrrrrrrrrrrrnnnnnrrrrrrrrrrnnnnnrrrnnrrssrnnnnn 31 5 1 3 4 DHCP Relay Agent 31 5 15 EE EEE 31 5 1 3 4 2 Relay Statistics 33 TN 34 S141 Portrom isi miimika rn 34 5 1 4 2 Port TMU vosicicticeiciensdaseistcvaiasoncbercieliesdchamsbevesotsvaiecoasbaneialvecdadambereaaiesesosenbancd 36 95149 LONG 42 515 RKN aa O ai a a 43 SLST MEP 701 a mea AUS EE 43 5 1 95 2 O RING maana ina anamneesi ilm nisa 43 DI FM hr 45 5154 VEP gu un ua lu 46 5 1 5 5 Fast Recovery mode errrrrrrrrennnnnnnnnenennnann anna na saan 54 6 VRANG 55 5 1 6 1 VLAN Membership Contfiguration m 55 5 1 6 2 VLAN Port Configuration 56 How is Unaware gt C Port gt S Port S Customer Port 0 0 0 0 eee 58 VLAN Setting Example rrrorroooonooooooonnnnrnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 61 5163 Private VEAN Lauannepenapdueeeoselerveseienkesmnneddanmaane 66 0 EEE EEE EN EE 67 5 1 7 1 NPS TEN 67 5 1 7 2 SNMP Communities rrrrrrrrroonnrrrrrrrrrrrrrnnnrrrrrrrrrrrrnnnnrrrrerrrrrnrnnnnrrrerrsrennnnne 70 DL SNP USS 1 ss neli al aa A tia aaa 71 5 1 7 4 SNMP Groups mleeeeerrmmmeeeeeeeeeesvvvrvrnneressrssssssn 12 5 1 7 5 SNMP
106. ications It may happen that resources ORing Industrial Networking Corp 91 IGPS 9084GP Series User s Manual required to add a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add QCL entry on pressing Resolve Conflict button 5 1 9 Multicast 5 1 9 1 IGMP Snooping This page provides IGMP Snooping related configuration ISMP Snooping Configuration Global Configuration Snooping Enabled C Unregistered IPMCv4 Flooding Enabled Port Related Configuration Port Router Port Fast Leave meek 4 91 ek bm eek ee ek Snooping Enabled Enable the Global IGMP Snooping Unregistered IPMCv4Flooding Enable unregistered IPMC traffic flooding enabled Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or Router Port IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Enable the fast leave on the port ORing Industrial Networking Corp 92 IGPS 9084GP Series User s Manual 5 1 9 2 IGMP Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from
107. ice Indicates the Stream Check status Possible statuses are Stream Check Disable IGPS 9084GP Series User s Manual Status Normal The stream is normal Low The stream is getting low DDoS Prevention Enable Disable DDOS Prevention When enabled switch will monitor Acton the device to against DDOS attack from device Indicates the DDOS Prevention status Possible statuses are Disable DDoS Prevention Analysing Analyse the packet throughput for initialization Status Running Function ready Attacked DDOS attack happened Device IP Address Specify the IP Address of device Device MAC Specify the MAC Address of device Address 4 1 10 2 1 Advanced Configuration Alias IP Address This page provides Alias IP Address related configuration Some device might have more IP addresses than one you could specify the other IP address here Alias IP Address Alias IP Address 0 0 0 0 0 0 0 0 sje sl el e s a e e amp s a s a amp Label Description Specify Alias IP address Keeps 0 0 0 0 if the device doesn t have Alias IP Address alias IP address ORing Industrial Networking Corp 97 IGPS 9084GP Series User s Manual Alive Check using the ping command check port link status if port link fail user can setting action field select the switch action Alive Check Link Change Only Log it Shunt Down the Port Reboot Device gt
108. ient has successfully authenticated to the backend server Port and MAC based Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server Port based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted last supplicant client that attempted to for the following Description dotixAuthLastEapolFrameSource The MAC address of the last supplicant client The VLAN ID on which the last frame from the last supplicant client was received The protocol version number carried in the most Version dotlxAuthLastEapolFrameVersion recently received EAPOL frame MAC based Not applicable 802 1X based The user name supplicant identity carned in the most recently received Response Identity EAPOL frame MAC based Not applicable ORing Industrial Networking Corp 129 IGPS 9084GP Series User s Manual 5 1 11 Warning 5 1 11 1 Fault Alarm When any selected fault event is happened the Fault LED in switch panel will light up and the elec
109. iew for all LLDP neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The columns hold the following information Auto refresh L Local Port Chassis ID Remote Port ID System Name Port Description System Capabilities Management Address Port 8 00 1E 94 12 45 78 7 IGS 9812GP Port 7 Bridge 192 168 10 14 IPv4 Local Port The port on which the LLDP frame was received The Chassis ID is the identification of the neighbors LLDP Chassis ID frames Remote Port ID The Remote Port ID is the identification of the neighbor port System Name System Name is the name advertised by the neighbor unit Port Description is the port description advertised by the neighbor Port Description i unit System Capabilities describes the neighbor unit s capabilities The possible capabilities are System Capabilites 1 Other 2 Repeater 3 Bridge ORing Industrial Networking Corp 26 IGPS 9084GP Series User s Manual 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address is the neighbor unit s address that is used Management for higher layer entities to assist the discovery by the network Address management This could for instance hold the neighbor s IP address Click to refresh the page immedi
110. iffserv Code Point value DSCP It can be a specific ORing Industrial Networking Corp 89 Action Parameters IGPS 9084GP Series User s Manual value range of values or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Class QoS class 0 7 or Default DP Valid Drop Precedence Level can be 0 1 or Default DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE 5 1 8 14 QoS Counters This page provides statistics for the different queues for all switch ports Queuing Counters Auto refresh L 0 0 oon PB to Bor ORing Industrial Networking Corp g 0 g 0 g g g 0 g g g g 0 g 0 g 0 g g g 0 g g g g 0 g 0 g g g g g g g g g g 0 g 0 g 0 g 0 g 0 g 0 g g 0 0 0 0 0 0 0 0 g 0 g g g 0 0 0 g 0 g 0 g 0 0 g 0 g 0 g 0 g g g g g g g g g QO 493 g 0 0 0 g g g 0 0 g g 0 2326 g 0 g g g g 0 o g g g The logical port for the settings contained in the same row There are 8 QoS queues per port QO is the lowest priority queue The number of received and transmitted packets per queue 90 IGPS 9084GP Series User s Manual 5 1 8 15 QCL Status This pag
111. il vvs 8 2 2 Wall Mounting Installation ororrrrrrrrnrrrrrnnnnnnnnnnrrrrrnrrrrrrrnnrrrnnnnnnnnnnnnennnnrsnnnnnnnnnnnnnnnnnn 9 Hardware OvervieW nnnxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnnnnnennnnennnnennnnennn 10 3 1 E KONE FANG as la a cs anal ga aa i wc os E aita a na 10 3 2 FONGE ANO EE DO A EAA a 11 3 3 Top view PAN cccccccccccccccccceeeeeessssssseeeeeeeececeeeeeeeesssausaseeseeeeeeeeeceeeeeessssaaaaaeeeeesees 12 CDEN 13 4 1 Ethernet Cables 5 tinomisetenanikkankr ni amenint hrad rr Ereni Nn E EIEEE EAEAN EE E EAEE NEEE 13 4 1 1 1000 100BASE TX 10BASE T Pin Assignments nieernneennneeenn seene neeen naene 13 1000BASE T P S E RJ 45 PORT nnnannnnnnennnnnnnnnnnnnnnnnnnnnnnennnnnnnnnnnnnennennnnnnenn 14 4 2 FTP 15 4 3 101061 0 EE EEE EN 15 WEB ANAC CIO UN OPPREPASTE AUASTET ETEA 17 5 1 Configuration by Web Browser 17 5 1 1 About Web based Management rmieerneennneeene teene neeeneneennnnenneneenn aenea nene nee 17 A Bale 000 EEE ina aaa a 19 5 1 2 1 System Information ieerrreeneneeen veere neeen nene neen n neen nene reena nene even nene enn nennea 19 EE NT 20 NNN 21 mA DEE E E E E E 0 Osi kaua aa ja au ava A 22 M S LAS Er 23 TT TN 24 LEM 25 ORing Industrial Networking Corp 2 ORi IGPS 9084GP Series User s Manual 3128 BD ENE 25 5 1 2 9 Modbus TCP isicccnivstarsrancewdendusdererancopbarduslessawhoowbartuolavoamheee ka
112. ination filter is specified TCP UDP destination filter status is don t care Specific If you want to filter a specific TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears Range If you want to filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination 111 Orina IGPS 9084GP Series User s Manual range value A field for entering a TCP UDP destination value appears When Specific is selected for the TCP UDP destination filter you TCP UDP can enter a specific TCP UDP destination value The allowed range Destination is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value Number When Range is selected for the TCP UDP destination filter you can TCP UDP enter a specific TCP UDP destination range value The allowed Destination Range range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value Specify the TCP No more data from sender FIN value for this ACE 0 TCP frames where the FIN field is set must not be able to match TCP FIN this entry 1 TCP frames where the FIN field is set must be able to match this entry Any Any value is allowed don t care Specify the TCP Synchronize sequence numbers SYN value for this ACE 0 TCP frames where the SYN field is set must not be ab
113. is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Controls the port priority This can be used to control priority of Priority A ports having identical port cost See above Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 51 IGPS 9084GP Series User s Manual STP Bridges This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information STP Bridges Auto refresh LL Bridge ID Topology Topology Port Cost Flag Change Last 80 00 00 1E 94 FF FF FF 80 00 00 1E 94 FF FF FF MASTI The Bridge Instance This is also a link to the STP Detailed Bridge ewe BridgeID ID The The Bridge ID of this Bridge instance 09090900 ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Path Cost For the Root Bridge this is zero For all other Root Cost Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge The current state of the Topology Change Flag for this Bridge Topology Flag instance Topology Change The time since last Topology Chan
114. iv Disabled EI led Disabled 108498 2 1 Permit rv Disabled ig Disabled v Disabled w Disabled v 0 3 ii Permit Disabled Disabled Disabled Disabled 68732984 1 Permit Disabled pel Disabled Disabled Disabled Disabled 0 5 1 5 Permit v Disabled Disabled Disabled Disabled 0 5 1880 Permit Disabled K Disabled TI Disabled v Disabled 68732984 7 1 ae Perinat Permit Disabled ed ES Disabled Disabled Disabled 0 8 mw Permit vi Disabled Disabled x Disabled w Disabled Disabled 0 ORing Industrial Networking Corp 101 IGPS 9084GP Series User s Manual Pot The logical port for the settings contained in the same row Select the policy to apply to this port The allowed values are 1 Policy ID through 8 The default value is 1 Select whether forwarding is permitted Permit or denied Deny The default value is Permit Select which rate limiter to apply to this port The allowed values are Rate Limiter ID Disabled or the values 1 through 15 The default value is Disabled Select which port frames are copied to The allowed values are Port Copy M l Disabled or a specific port number The default value is Disabled Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Logging Disabled Frames received on the port are not logged
115. ized and Y are unauthorized Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication whenever the guiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted ORing Industrial Networking Corp 126 IGPS 9084GP Series User s Manual immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Switch This page provides an overview of the current NAS port states Network Access Server Switch Status Auto refresh I I Port Admin State Port State Last Source Last ID Force Authorized Force Authorized Force Authorized Force Authorized Globally Disabled Globally Disabled Globally Disabled Globally Disabled Force Authorzed Force Authorized Globally Disabled Globally Disabled The switch port number Click to navigate to detailed 802 1X statistics for this port The port s current administrative stat
116. k down power savings enabled PerfectReach Link up power savings enabled Enabled Both link up and link down power savings enabled Total Power Usage Total power usage in board measured in percent Save Click to save changes Click to undo any changes made locally and revert to previously eset saved values Click to refresh the page Any changes made locally will be Refresh undone ORing Industrial Networking Corp 35 ett IGPS 9084GP Series User s Manual 5 1 4 2 Port Trunk 5 1 4 2 1 Trunk Configuration This page is used to configure the Aggregation hash mode and the aggregation group Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address IP Address TCP UDP Port Number Source MAC Address The Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC The Destination MAC Address can be used to calculate the Address destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled TCP UDP Port The TCP UDP port number
117. le to match TCP SYN this entry 1 TCP frames where the SYN field is set must be able to match this entry Any Any value is allowed don t care Specify the TCP Push Function PSH value for this ACE 0 TCP frames where the PSH field is set must not be able to match TCP PSH this entry 1 TCP frames where the PSH field is set must be able to match this entry Any Any value is allowed don t care Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames where the ACK field is set must not be able to match TCP ACK this entry 1 TCP frames where the ACK field is set must be able to match this entry Any Any value is allowed don t care OkRing Industrial Networkingcop mm Industrial Networking Corp 112 IGPS 9084GP Series User s Manual Specify the TCP Urgent Pointer field significant URG value for this ACE 0 TCP frames where the URG field is set must not be able to match TCP URG this entry 1 TCP frames where the URG field is set must be able to match this entry Any Any value is allowed don t care 5 1 10 4 AAA 5 1 10 4 1 Common Server Configuration This page allows you to configure the Authentication Servers Authentication erver Configuration Common Server Configuration Timeout seconds Dead Time 300 seconds E S The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a
118. low IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps below to access the console via Telnet Step 1 Telnet to the IP address of the switch from the Windows Run command or from the MS DOS prompt as below Run hh 2 x a Type the name of program Folder document or Internet resource and Windows will open it For you telnet 192 168 10 1 Cancel Browse Step 2 The Login screen will appear Use the keyboard to enter the Username and Password The same with the password for Web Browser and then press Enter Telnet 192 168 10 1 IGP3 884GP Command Line Interface Username Password ORing Industrial Networking Corp 155 ORing IGPS 9084GP Series User s Manual Commander Groups Command Groups System settings and reset options IP configuration and Ping Port management MAG address table Uirtual LAM Private WLAN Security management Spanning Tree Protocol Link Aggregation Link Aggregation Control Protocol Link Layer Discovery Protocol Power Over Ethernet Quality of Service Port mirroring Load Save of configuration via TFTP Download of firmware via TFTP IEEE1548 Precision Time Protocol Loop Protection MLDATIGMP Snooping Fault Alarm Configuration Event Selection DHCP Server Configuration Ring Configuration Chain Configuration
119. ly Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or Point2Point forced either true or false Transition to the forwarding state is faster for point to point LANs than for shared media Click to save changes Glick to undo any changes made locally and revert to previously LESE saved values MSTI Ports This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated seperately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global ORing Industrial Networking Corp 50 IGPS 9084GP Series User s Manual MSTI Port Configuration Select MSTI Mst v Get MST2 MST3 MST4 MSTS k MSTO MST MSTI Normal Ports Configuration Port Path Cost The switch port number of the corresponding STP CIST and MSTI port Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a Path Cost user defined value can be entered The path cost
120. m CIST Normal Ports Configuration STP Enabled ae Restricted Point to Path Cost Priori Auto Edge BPDU Guard z ty 9e Role TCN point w E Edge a O Auto m 428 4 Edge M 0 o E Auto K EL 128 Edge aa CI Auto M AI 128 w Edge E M ail Auto v ALT 28 Ede a a oO Auto vi 128 W Edge M E CI Auto vl PPE r 7 ral FI i m me Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a Path Cost user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Controls the port priority This can be used to control priority of riority ports having identical port cost See above Operational flag describing whether the port is connecting directly OpenEdge setate to edge devices No Bridges attached Transitioning to the flag forwarding state is faster for edge ports having operEdge true than for other ports Controls whether the operEdge flag should start as beeing set or AdminEdge M ve cleared The initial operEdge state when a
121. mote client ORing Industrial Networking Corp 95 IGPS 9084GP Series User s Manual IP address of remote client Keeps this field 0 0 0 0 means Any IP Address i emme Check tistem t enable SNMP management erase 5 1 10 2 Device Binding This page provides Device Binding related configuration Device Binding is an powerful monitor for devices and network security Device Binding tati t Enable DDOS Alive Check Stream Check Merrin Active Status Active Status Active Status IF Address MAC Address 2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Device Description Indicates the per port Device Binding operation Possible modes are Disable Scan Scan IP MAC automatically but no binding function Binding Enable binding function Under this mode any IP MAC doesn t match the entry will not be allowed to access the network Shutdown Shutdown the port No Link Alive Check Enable Disable Alive Check When enabled switch will ping the Active device continually Indicates the Alive Check status Possible statuses are Disable Got Reply Got ping reply from device that means the device is still Alive Check Satus alive Lost Reply Lost ping reply from device that means the device might have been hanged Stream Check Enable Disable Stream Check When enabled switch will detect the ORing Industrial Networking Corp 96 stream change getting low from dev
122. n port also known as egress or destination mirroring ORing Industrial Networking Corp 138 IGPS 9084GP Series User s Manual Port to mirror also knwon as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled disables mirroring Mirror Configuration emetic Disabled isabled E The logical port for the settings contained in the same row o Pot Select mirror mode Rx only Frames received at this port are mirrored to the mirror port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored to the mirror port Note For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames for the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only ORing Industrial Networking Corp 139 IGPS 9084GP Series User s Manual 5 1 12 4 System Log Information The switch system log information is provided here System Log Information Auto refresh C The total number of entries is 1 for the given level Start from ID 1 with 20 entries per page Info 1970 01 01 00 01 09 0000 Port 1 Device 192 168
123. ndicate that this view subtree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtree overstep the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view ORing Industrial Networking Corp 73 IGPS 9084GP Series User s Manual The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 5 1 7 6 SNMP Accesses Configure SNMPv3 accesses table on this page The entry index keys are Group Name Security Model and Security Level SNMPv3 Accesses Configuration Delete Group Name Security Model Security Level Read View Name Write View Name C default_ro_group any NoaAuth NoPriv default view None E default_rw_group any NoAuth NoPriv default view default view Check to delete the entry It will be deleted during the next save A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the security model that this entry should belong to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Model Indicates the security model t
124. ndicates the SNMP entity is permitted to generate authentication rap failure traps Possible modes are Authentication a il Enabled Enable SNMP trap authentication failure ailure Disabled Disable SNMP trap authentication failure Indicates the SNMP trap link up and link down mode operation Trap Link up and Possible modes are Link down Enabled Enable SNMP trap link up and link down mode operation Disabled Disable SNMP trap link up and link down mode operation Indicates the SNMP trap inform mode operation Possible modes are Trap Inform Mode Enabled Enable SNMP trap inform mode operation Disabled Disable SNMP trap inform mode operation Trap Inform Indicates the SNMP trap inform timeout The allowed range is 0 to Trap Inform Retry Indicates the SNMP trap inform retry times The allowed range is 0 to Indicates the SNMP trap probe security engine ID mode of operation Possible values are Trap Probe Enabled Enable SNMP trap probe security engine ID mode of Security Engine ID operation Disabled Disable SNMP trap probe security engine ID mode of operation ORing Industrial Networking Corp 69 IGPS 9084GP Series User s Manual Indicates the SNMP trap security engine ID SNMPv3 sends traps and informs using USM for authentication and privacy A unique engine ID for these traps and informs is needed When Trap Probe Trap Security Engine ID Security Engine ID is enabled the ID will
125. ng Shutdown Disabled Counter a S Select the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number Ingress Port of the switch port Policy n The ACE applies to this policy number where n can range from 1 through 8 Select the frame type for this ACE These frame types are mutually exclusive Frame Type Any Any frame can match this ACE Ethernet Type Only Ethernet Type frames can match this ACE The IEEE 802 3 descripts the value of Length Type Field specifications ORing Industrial Networking Corp 103 IGPS 9084GP Series User s Manual should be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with etnernet type IPv4 Only IPv4 frames can match this ACE Notice the IPv4 frames won t match the ACE with etnernet type Specify the action to take with a frame that hits this ACE Permit The frame that hits this ACE is granted permission for the ACE operation Deny The frame that hits this ACE is dropped Specify the rate limiter in number of base units The allowed range is Rate Limiter M MM 1 to 15 Disabled indicates that the rate limiter operation is disabled Frames that hit the AGE are copied to the port number specified Port Copy here The allowed range is the same as the switch port number range Disabl
126. ng Industrial Networking Corp 9 T IGPS 9084GP Series User s Manual Hardware Overview 3 1 Front Panel The following table describes the labels that stick on the IGPS 9084GP series 4 100 1000Base X Copper Port 8 10 100 1000Base T X P S E Use RS 232 with RJ 45 connecter to manage switch IGPS 9084GP 1 2 3 14 f 5 13 8 12 9 11 10 11000007 ul Reset button Push the button 3 seconds for reset 5 seconds for factory default LED for PWR When the PWR UP the green led will be light on LED for PWR1 LED for PWR2 LED for R M Ring master When the LED light on it means that the switch is the ring oS 2 M master of Ring LED for Ring When the led light on it means the Ring is activated ORing Industrial Networking Corp 10 IGPS 9084GP Series User s Manual 6 LED for Ring When the led light on it means the O Ring is activated 7 LED for Fault When the light on it means Power failure or Port down fail 8 Console port RJ 45 9 LED for P O E Status 10 LED for Ethernet ports link status 11 LED for Ethernet ports speed status 12 10 100 1000Base T X ports 13 LED for SFP ports link status 14 100 1000Base X SFP 3 2 Front Panel LEDs up foor me oemt Green DC power module 1activated Ring has only One link lack Slowly blinking of one link to build the ring Fast blinking Ring work normally Fault relay Power failure or Amber On Port down fail
127. ng for continuous refresh with the same start address gt gt The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the dg displayed table Use the button to start over ORing Industrial Networking Corp 135 IGPS 9084GP Series User s Manual MAC Address Table Auto refresh CI Start from VLAN E E and MAC address 00 00 00 00 00 0 with 20 entries per page Port Members Type VLAN MAC Address CPU 1 2 3 4 5 6 7 8 9 101112 Static O0 1E 94 98 89 89 y Static 00 1E 34 FF FF FF w Static 01 860 C2 4h 44 06 W WNN NNN NENEN Static 33 33 FF A8 02 01 y Static 33 33 FF FF FF FF vi Static FF FF FF FF FF FF Wf WN NN NN NNN N NX 5 1 12 2 Port Statistic 5 1 12 2 1 Traffic Overview This page provides an overview of general traffic statistics for all switch ports Port Statistics Overview Auto refresh L Port Packets Bytes Errors Drops Filtered Receive Transmit Receive Transmit Receive Transmit Receive Transmit Receive 117980 86946125 9117790 6259918088 0 0 0 0 0 a 08732984 68732987 4957477714 4957477932 24710409 0 0 0 0 a 68732985 08732987 4957477883 4957477932 25204638 O OOO OO FFDOODLWMU D O OOO OO O O OOO D O O O O O O O O OOD D O D D O G O D O oe 0 0 0 0 a 0 0 0 0 a 0 0 0 0 a 0 a g 0 0 0 0 0 0 0 ORing Industrial Networking Corp 136 IGPS 9084GP Series User s Manual
128. ntry Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is Classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value Controls the default DEI value All frames are classified to a DEI value If the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value TT IGPS 9084GP Series User s Manual Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping Tag Class Note This setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default QoS class and DP level DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification 5 1 8 3 Port Tag Remaking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports QoS Egress Port Tag Remarking 1 Classified 2 Classified 3 Classified 4 Classified 5 Classified 6 Classified 7 Classified 8 Classified Classified 10 Classified 11 Classified 12 Classified The logical port for the settings contained in the same row Click on the
129. o segregate and secure network traffic Radius centralized password management SNMPv3 encrypted authentication and access security Https SSH enhance network security STP RSTP MSTP IEEE 802 1D w s Redundant Ring O Ring with recovery time less than 30ms over 250 units TOS Diffserv supported Quality of Service 802 1p for real time traffic VLAN 802 1Q with VLAN tagging and GVRP supported IGMP Snooping Software Features IP based bandwidth management Application based QoS management DOS DDOS auto prevention Port configuration status statistics monitoring security DHCP Server Client Relay SMTP Client Modbus TCP O Ring Open Ring Network Redundancy O Chain MRP MSTP RSTP STP compatible RS 232 Serial Console Port RS 232 in RJ45 connector with console cable 115200bps 8 N 1 LED indicators Power Indicator PWR Green Power LED x 2 Ring Master Indicator R M Green Indicates that the system is operating in O Ring Master mode IGPS 9084GP Series User s Manual Green Indicates that the system operating in O Ring mode O Ring Indicator Ring A KAKA Green Blinking Indicates that the Ring is broken Fault Indicator Fault Amber Indicate unexpected event occurred 10 100 1000Base T X RJ45 Port TAA A macai Dual color LED Green for 1000Mbps Link Act indicator Amber for 10 100Mbps Link Act indicator ndicator 100 1000Base X SFP Port Indicator Green for port Link Act PoE Indicator Green PoE enable
130. oftware installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure than 802 1X authentication Overview of 802 1X Port Based Authentication In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding reguests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is ORing Industrial Networking Corp 119 ORi IGPS 9084GP Series User s Manual that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or
131. p 164 IGPS 9084GP Series User s Manual Configuration lt port_list gt Action lt port_list gt permitldeny lt rate_limiter gt lt port copy gt lt logging gt lt shutdown gt Policy lt port list gt lt policy gt Rate lt rate limiter list gt lt packet_rate gt Add lt ace 1d gt lt ace 1d next gt switch I port lt port gt I policy lt policy gt lt vid gt lt tag prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp opcode gt lt arp_flags gt Gp lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip flags gt lt tep flags gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Delete lt ace_id gt Lookup lt ace_id gt Clear Mirror Port lt port gt Idisable Configuration lt port_list gt Mode lt port_list gt enableldisablelrxltx Config Load lt ip addr string gt lt file name gt ORing Industrial Networking Corp 165 IGPS 9084GP Series User s Manual User Add lt engineid gt lt user_name gt MDSISHA lt auth password gt DE
132. pers Port 1 Port Shaper Enable Rate Unit 5 a ORing Industrial Networking Corp 83 IGPS 9084GP Series User s Manual Controls whether the scheduler mode is Strict Priority Scheduler Mode Weighted on this switch port Queue Shaper Controls whether the queue shaper is enabled for this queue on Enable this switch port Controls the rate for the queue shaper The default value is 500 Queue Shaper Rate This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Controls the rate for the queue shaper The default value is 500 Queues Shaper Unit This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queue Shaper E Controls whether the queue is allowed to use excess bandwidth xcess Controls the weight for this queue The default value is 17 This Queue Scheduler value is restricted to 1 100 This parameter is only shown if Weight Scheduler Mode is set to Weighted Queue Scheduler Shows the weight in percent for this queue This parameter is only Percent shown if Scheduler Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Controls the rate for the port shaper The default value is 500 Port Shaper Rate This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1
133. port is initialized Controls whether the bridge should enable automatic edge AutoEdge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the ORing Industrial Networking Corp 49 IGPS 9084GP Series User s Manual CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influencing the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also know as Root Guard If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning trees active topology as a result of persistent incorrectly Gees learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions freguent
134. port number in order to configure tag remarking Shows the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level ORing Industrial Networking Corp 78 IGPS 9084GP Series User s Manual 5 1 8 4 Port DSCP This page allows you to configure the basic QoS Port DSCP Configuration settings for all switch ports QoS Port DSCP Configuration Part Ingress Egress TENNE EE EE ENE e Ele Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable w Disable Disable Disable Disable Disable Disable Disable Disable Disable i 2 3 4 5 5 7 5 g Disable Disable Disable _ E C OS 1795 21 94 1 199 1294 A 14 79 08 i KJ The Port column shows the list of ports for which you can configure dscp ingress and egress settings In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress 1 Translate 2 Classify 1 Translate To Enable the Ingress Translation click the checkbox Classification for a port have 4 different values
135. product s associated with this publication DISCLAIMER Information in this publication is intended to be accurate ORing shall not be responsible for its use or infringements on third parties as a result of its use There may occasionally be unintentional errors on this publication ORing reserves the right to revise the contents of this publication without notice CONTACT INFORMATION ORing Industrial Networking Corp 3F NO 542 2 Jhongjheng Rd Sindian District New Taipei City 231 Taiwan R O C Tel 886 2 2218 1066 Fax 886 2 2218 1014 Website www oring networking com Technical Support E mail support oring networking com Sales Contact E mail sales oring networking com Headquarters sales oring networking com cn China ORing Industrial Networking Corp 1 ORi IGPS 9084GP Series User s Manual Table of Content Getting to Know Your Switch nnernnnnennnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnennnnnennnnnennnnnennn 6 1 1 About the IGPS 9084GP Industrial Switch 6 1 2 Software Features 000 cccesssssssssssssseeccsccccceeeeessssessssssssneeesaseeeceeeeeessssesseesssseeaaaaees 6 1 3 Hardware FeatureS rrrrrrnrnnnnnnnnnnn nn nn n annan annan annan annan annan annan anna annan 7 Hardware Installation anrennnnunennnnnnnnnennnnnnnnennnannnannnnnnennnnnnn nen 8 2 1 Installing Switch on DIN Rail eeeeeeees 8 2 1 1 Mount IGPS 9084GP on DUN R a
136. r is RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel 123 ORi IGPS 9084GP Series User s Manual on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since
137. raffic Prioritization Multicast Security Open all A EM Tag o NAA CH m 0 ZE oP system Information Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy I VLAN g VLAN Membership m Ports ju Private VLAN SNMP Traffic Prioritization Multicast Security Warning Monitor and Diag Synchronization PoE Factory Default system Reboot VLAN Membership Configuration Start from VLAN with entries per page Delete VLAN ID VLAN Name 1 Auto refresh L Ethertype for Custom S ports 0x ssas VLAN Port Configuration Unaware bel Unaware Unaware M Specific Specific Specific Specific x Specific M Specific w Unaware Unaware M Unaware Un aware ha 10 Unaware 11 Unaware a 74 1984 ee kJ 98 8 A 12 Unaware Specific ORing Industrial Networking Corp Port Members 127345 6 7 8 9 101112 h Tv TT TITT h hv tanto MII OOO Tx Tag 1 les ka 10 Untag all 1 Untag pvid Untag pvid vi 1 Untag pvid vi 1 Untag pvid m Fa Untag_p vid 1 Untag pvid 1 Untag_pvid 1 Untag_pvid 1 Untag_pvid vi Untag pvid Untag pvid vi E 63 IGPS 9084GP Series User s Manual VLAN QinQ mode On the VLAN QinQ Mode usually used in an environment with unknown VLAN
138. rameters These parameters vary according to the frame type that you select ACE Configuration Port Members 11 12 13 14 15 16 1 18 19 20 specific value la m SMAC Specific 0x 00 00 00 Denne UC OV Frame Type MAC Parameters Ether Type Specific Value OX FFFF Check the checkbox button to include the port in the QCL entry Port Members By default all ports are included Key configuration is described as below Tag Value of Tag field can be Any Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 Key Parameters 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any SMAC Source MAC address 24 MS bits OUI or Any DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any Frame Type Frame Type can have any of the following values ORing Industrial Networking Corp 88 ORing IGPS 9084GP Series User s Manual 1 Any 2 Ethernet 3 LLC 4 SNAP 5 IPv4 6 IPv6 Note All frame types are explained below Allow all types of frames Ethernet Type Valid ethernet type can have a value within 0x600 0xFFFF or Any but excluding 0x800 IPv4 and Ox86DD
139. rded MSTP RSTP STP TCN MSTP RSTP STP TCN Unknown Illegal No ports enabled ORing Industrial Networking Corp 53 IGPS 9084GP Series User s Manual The switch port number of the logical RSTP port The number of RSTP Configuration BPDU s received transmitted on the port The number of legacy STP Configuration BPDU s received transmitted on the port Ten The number of legacy Topology Change Notification BPDU s received transmitted on the port The number of unknown Spanning Tree BPDU s received and Discarded Unknown discarded on the port The number of illegal Spanning Tree BPDU s received and Discarded Illegal discarded on the port Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C regular intervals 5 1 5 5 Fast Recovery mode The Fast Recovery Mode can be set to connect multiple ports to one or more switches The IGPS 9084GP with its fast recovery mode will provide redundant links Fast Recovery mode supports 12 priorities only the first priority will be the act port the other ports configured with other priority will be the backup ports Fast Recovery Mode MAR Motinchded Tee ee Motincuded EM Mot included Ami Fast Recovery Mode interface ORing Industrial Networking Corp 54 IGPS 9084GP Series User s Manual The following table describes the labels in this screen Active Activate the fast recove
140. re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled ORing Industrial Networking Corp 116 IGPS 9084GP Series User s Manual 5 1 10 6 RADIUS Details The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for RADIUS Authentication Statistics for Server 1 Server 1 Auto refresh 1 Receive Packets Transmit Packets Access Accepts Access Requests Access Rejects Access Retransmissions Access Challenges Pending Requests Malformed Access Responses Timeouts Bad Authenticators Unknown Types Packets Dropped Other Info IP Address 0 0 0 0 1812 State Disabled Round Trip Time O ms RADIUS authentication server packet counter There are seven receive and four transmit counters Direction RFC4668 Name Description The number of RADIUS Access Accept packets valid or invalid received from the server s 3 3 The number of RADIUS Access Reject packets Access Rejects radiusAuthClientExtAccessRejects valid or invalid received from the server The number of RADIUS Access Challenge radiusAuthClientExtAccessChall
141. resh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh L regular intervals ORing Industrial Networking Corp 40 IGPS 9084GP Series User s Manual 5 1 4 2 5 LACP Statistics This page provides an overview for LACP statistics for all ports LACP Statistics auto refresh C Port LACP LACP Discarded Transmitted Received Unknown Illegal WO 00 Oh LN fe Oo hd Fi E 2 fos a gd aal oe T id de D O DO O D D O G O O DOGODO G a g g 0 g g g g 0 g g 0 g D DO DO O O O DO DO O KE Pro Theswtcnponumber Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh L regular intervals Clear Clears the counters for all ports ORing Industrial Networking Corp 4 IGPS 9084GP Series User s Manual 5 1 4 3 Loop Gourd This feature prevents the loop attack When the port receives loop packet This port will auto disable prevent the loop attack affect other network devices Global Configuration Enable Loop Protection Transmission Time seconds Shutdown Time seconds Enable Loop Protection Controls whether loop protections is enabled as a whole Transmission Time The interval between each loop protection PDU sent on each port valid values are 1 to 10 seconds
142. rmation E E 0 a i a e e M a i E E Configuration 1 PoE J Low E E Status 2 PoE Wo E Factory Default 3 PoE v Low vw B System Reboot 4 PoE a Low E 5 Po Mer A 5 PoE KI Low PoE Low vi 8 PoE Low Front Panel Basic Setting DHCP Server Relay Port Setting Redundancy VLAN SNMP Traffic Prioritization Multicast Security Warming Monitor and Diag Synchronization PoE Seem TUE GS Class Allocation LLDP MED Power Management Mode Actual Consumption Reserved Power PoE Power Supply Configuration Primary Power Supply W K ORing Industrial Networking Corp 146 ORi IGPS 9084GP Series User s Manual Reserved Power There are three modes for configuring how the ports PDs may determined by reserve power 1 Allocated mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields 2 Class mode In this mode each port automatically determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exist and one for 4 7 15 4 or 30 Watts In this mode the Maximum Power fields have no effect 3 LLDP MED mode This mode is similar to the Class mode expect that each port de
143. ry It will be deleted during the next save An octet string identifying the engine ID that this entry should belong to The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM eniry the usmUserEnginelD and usmUserName are the entry s keys In a simple agent usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In othe words if user engine ID equal system engine ID then it is local user otherwize it s remote user A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication and none privacy Security Level Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exists That means must first ensure that the value is set correctly PE Indicates the authentication protocol that this entry should belong to Possible authentication protocols are Protocol
144. ry mode Port can be configured as 12 priorities Only the port with highest priority will be the active port 1st Priority is the highest Click Apply to activate the configurations 5 1 6 VLAN 5 1 6 1 VLAN Membership Configuration The VLAN membership configuration for the selected stack switch unit switch can be monitored and modified here Up to 64 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Port Members Delete VLAN ID Name 1234567 8 9101112 default MAAA KA Checkmarks indicate which ports are members of the entry Port Members Check or uncheck as needed to modify the entry Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 Adding a New Static Entry The VLAN is enabled on the selected stack switch unit when you click on Save The VLAN is thereafter present on the other stack ORing Industrial Networking Corp 55 IGPS 9084GP Series User s Manual switch units but with no port members A VLAN without any port members on any stack unit will be deleted when you click Save Delete 1 The button can be used to undo the addition of new VLANS 5 1 6 2 VLAN Port Configuration Auto refresh L Ethertype
145. sabled disabled disabled disabled disabled disabled disabled 5 1 8 10 DSCP Based QoS This page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches DSCP Based QoS Ingress Classification DSCP Trust beg A feb 4 1 ORing Industrial Networking Corp QoS Class A vi DPL 4 The logical port for the settings contained in the same row Click on the port number in order to configure the shapers Shows disabled or actual queue shaper rate e g 800 Mbps Shows disabled or actual port shaper rate e g 800 Mbps 85 IGPS 9084GP Series User s Manual DSCP Maximum number of supported DSCP values are 64 Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any of 0 7 Drop Precedence Level 0 1 5 1 8 11 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches DSCP translation can be done in Ingress or Egress DSCP Translation Ingress Egress Translate Classify RemapDPO Remap DP1 lt gt 0 BE DS amp CP T 4 hege fb fe 8 11 8 1 AA W 4 4 4 f ii lll 4 BE O BE 0 BE TITT KIE LI lt ll iil KINN IT ll i C51
146. security considerations Disabled Disable DHCP relay mode operation Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and to transfer DHCP messages between the clients and the server when they are not in the same subnet domain Indicates the DHCP relay information mode option operation The option 82 circuit ID format as vlan id module id port no The first four characters represent the VLAN ID the fifth and sixth characters are the module ID in standalone device it always egual 0 in stackable device it means switch ID and the last two characters are the port number For example 00030108 means the DHCP message receive form VLAN ID 3 switch ID 1 port No 8 And the option 82 remote ID value is equal the switch MAC address Possible modes are Enabled Enable DHCP relay information mode operation When DHCP relay information mode operation is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client It only works when DHCP relay operation mode is enabled Disabled Disable DHCP relay information mode operation Indicates the DHCP relay information option policy When DHCP relay information mode operation is enabled if agent receives a DHCP message that already contains relay agent information it will enforce the policy The Replace option is invalid
147. strial Networking Corp 150 IGPS 9084GP Series User s Manual ORing Industrial Networking Corp 151 IGPS 9084GP Series User s Manual Command Line Interface Management 6 1 About CLI Management Besides WEB base management IGPS 9084GP also support CLI management You can use console or telnet to management switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before Configuring by RS 232 serial console use an RJ45 to DB9 F cable to connect the Switches RS 232 Console port to your PC s COM port Follow the steps below to access the console via RS 232 serial cable Step 1 From the Windows desktop click on Start gt Programs gt Accessories gt Communications gt Hyper Terminal Accessibility Fa Communications T HyperTerminal B Network Time Protocol gt Network and Dial up Connections System Tools S HyperTerminal k ET Acrobat Reader 5 0 j id Address Book mi Calculator EN command Prompt gt NetTime Motepad AR Windows Update NT paint a _ z BJ windows Explorer Im Accessories Ey wordPad sam i Network Associates F Documents startup 24 Internet Explorer 91 Outlook Express Search 2 Programs b Settings Q Ww i Run sat 8 G Bb ORing Industrial Networking Corp 152 IGPS 9084GP Series User s Manual Connection Description aE Hew Connection Enter a name and choose an icon for the connector Mame
148. t FRAG OFFSET field for an IPv4 frame IP Fragmeni No IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any Any value is allowed don t care Specify the options flag setting for this ACE No IPv4 frames where the options flag is set must not be able to IP Option match this entry Yes IPv4 frames where the options flag is set must be able to match this entry Any Any value is allowed don t care Specify the source IP filter for this ACE Any No source IP filter is specified Source IP filter is don t care Host Source IP filter is set to Host Specify the source IP address in the SIP Address field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the source IP filter you can SIP Address enter a specific SIP address in dotted decimal notation When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation Specify the destination IP filter for this ACE Any No destination IP filter is specified Destination IP filter is don t care Host Destination IP filter is set to Host Specify the destination IP address in the DIP A
149. t Discarded E VLAN a jp VID 10 TPID 8100 9000 Series VID 10 TPID 88A8 ER VLAN a VID 5 TPID 8100 9000 Series VID 5 pe ki TPID 88A8 S custom port is used for user defined TPID While Ethertype for Custom S ports is configured to 8123 outgoing packet will bring with TPID 8123 tag mm am eee eee eee eee eee eee ee am am am am A VID 5 TPID 8123 P kkdskde av av av av av ORing Industrial Networking Corp 60 IGPS 9084GP Series User s Manual VLAN Setting Example VLAN Access Mode Setting Switch A Switch B Switch C VLAN 10 Z 99090 Series 9000 Series mere SM VLAN Trunk HERE Uele VLAN 20 psp 10 20 Like this topology Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Switch setting as following Open all VLAN Membership Configuration gy System Information a M Basic Setting E DHCP ServerRelay Start fram VLAN 1 with 20 entries per page i Port Setting M Redundancy E VLAN E VLAN Membership gy Ports fn Private VLAN a i SNMP Traffic Prioritization Multicast fm Security for port 1 VLAN trunk setting E Waming Monitor and Diag Synchronization Port Members Delete VLAN ID l VLAN Name 123456 7 8 9 101112 for port 7 8 port8 VLAN Access
150. t IP mask in dotted decimal notation Specify whether frames can hit the action according to their sender hardware address field SHA settings ARP SMAC Match 0 ARP frames where SHAis not egual to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Any Any value is allowed don t care Specify whether frames can hit the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any Any value is allowed don t care RARP SMAC Match Specify whether frames can hit the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings IP Ethernet 0 ARP RARP frames where the HLN is egual to Ethernet 0x06 and Length the PLN is egual to IPv4 0x04 must not match this entry 1 ARP RARP frames where the HLN is egual to Ethernet 0x06 and the PLN is egual to IPv4 0x04 must match this entry Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is egual to Ethernet 1 must not match this entry 1 ARP RARP frames where the HLD is egual to Ethernet 1 must match this entry ORing Industrial Networking Corp 109 ICMP Type Filter ICMP Type Value ICMP Code Filter ICMP Code Value
151. termine the amount power it reserves by exchanging PoE information using the LLDP protocol and reserves power accordingly If no LLDP information is available for a port the port will reserve power using the class mode In this mode the Maximum Power fields have no effect For all modes If a port uses more power than the reserved power for the port the port is shut down Power Management There are 2 modes for configuring when to shut down the ports Mode 1 Actual Consumption In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority the port with the highest port number is shut down 2 Reserved Power In this mode the ports are shut down when total reserved powered exceeds the amount of power that the power supply can deliver In this mode the port power is not turned on if the PD requests more power than available from the power supply Primary and Backup Some switches support having two PoE power supplies One is Power Source used as primary power source and one as backup power source If the switch doesn t support backup power supply only the primary power supply settings will be shown In case that the primary power source fails the backup power source will t
152. the client is put on hold in the Unauthorized state The hold timer does not count during an on going authentication The switch will ignore new frames coming from the client during the hold time The Hold Time can be set to a number between 10 and 1000000 seconds Pon The port number for which he configuration below apples If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Admin State Force Authorized In this mode the switch will send one EAPOL Success frame ORing Industrial Networking Corp 122 ORi ORing Industrial Networking Corp IGPS 9084GP Series User s Manual when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch is special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS serve
153. to this rate The management VLAN is configured on the IP setup page Storm Control Configuration Frame Type Status Rate pps Unicast 1K Multicast d Broadcast The settings in a particular row apply to the frame type listed here Frame Type unicast multicast or broadcast Enable or disable the storm control status for the given frame type The rate unit is packet per second pps configure the rate as 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps ORing Industrial Networking Corp 75 IGPS 9084GP Series User s Manual 5 1 8 2 Port Classifcation QoS is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols QoS Ingress Port Classification PCP DEI Tag Class DSCP Based lt gt Mj lt gt 84 la os Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled aes 0O EI ti NL an al KIKI all lt Iio lalla a A ee S Eek CS S E port o The port number for which the configuration below applies Controls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0
154. tric relay will signal at the same time Port Link Down Broken Port Active i E ee 2 M Fault Alarm Power Failure CIPWR 1 LIPWR 2 g 10 d 11 C 12 C 5 1 11 2 System Warning 5 1 11 2 1 SYSLOG Setting The SYSLOG is a protocol to transmit event notification messages across networks Please refer to RFC 3164 The BSD SYSLOG Protocol System Log Configuration SE Disabled Server Address System Warning SYSLOG Setting interface The following table describes the labels in this screen Server Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the ORing Industrial Networking Corp 130 IGPS 9084GP Series User s Manual syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are Enabled Enable server mode operation Disabled Disable server mode operation SYSLOG Server IP Address Indicates the IPv4 host address of syslog server If the switch provide DNS feature it also can be a host name 5 1 11 2 2 SMTP Setting The SMTP is Short for Simple Mail Transfer Protocol It is a protocol for e mail transmission across the Internet Please refer to RFC
155. ty module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Multi 802 1X variant ORing Industrial Networking Corp 124 ORi ORing Industrial Networking Corp IGPS 9084GP Series User s Manual Multi 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1 X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In Multi 802 1X one or more supplicants can get authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames sent from the switch towards the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity fram
156. type gt LLC lt DSAP gt lt SSAP gt lt control gt SNAP lt PID gt ipv4 lt protocol gt lt sip gt lt dscp gt lt fragment gt lt sport gt ORing Industrial Networking Corp 163 IGPS 9084GP Series User s Manual I lt dport gt ipv6 lt protocol gt lt sip v6 gt lt dscp gt lt sport gt lt dport gt lt class gt lt dp gt lt classified_dscp gt OCL Delete lt qce_id gt QCL Lookup lt qce_id gt OCL Status combinedlstaticlconflicts JOCL Refresh Mirror Port lt port gt Idisable Configuration lt port list gt Mode lt port_list gt enableldisablelrxItx Dot1x Mode enableldisable State lt port_list gt macbasedlautolauthorizedlunauthorized Authenticate lt port_list gt now Reauthentication enableldisable Configuration lt port_list gt t I x Period lt reauth period gt Clients lt port_list gt alll lt client_cnt gt Agetime lt age_time gt Holdtime lt hold time gt Timeout lt eapol timeout gt Statistics lt port list gt clearleapollradius IGMP Configuration lt port list gt Mode enableldisable State lt vid gt enableldisable Querier lt vid gt enableldisable Router lt port_list gt enableldisable Flooding enableldisable Groups lt vid gt Status lt vid gt Fastleave lt port list gt enableldisable ORing Industrial Networking Cor
157. us SNMP Authentication Failure Redundant Ring Topolagy Change SYSLOG P Disabled Link Up and Link Down Disabled Link Up _ Disabled _ w Link Down Pisae i Disabled Disabled Disabled Disabled alaga Disabled Disabled M Disabled Disabled mi Disabled Disabled Disabled Disabled E Disabled Disabled E Disabled Disabled a Disabled System Warning Event Selection interface D Go M mm LA a ld hJ bi lt x x x x jk sk ka Pad EE The following table describes the labels in this screen System Cold Start Alert when system restart Power Status Alert when a power up or down SNMP Authentication Alert when SNMP authentication failure Failure O Ring Topology Alert when O Ring topology changes ORing Industrial Networking Corp 132 IGPS 9084GP Series User s Manual Port Event Disable SYSLOG SMTP Link Up event Link Down Link Up amp Link Down Apply Click Apply to activate the configurations 5 1 12 Monitor and Diag 5 1 12 1 MAC Table 5 1 12 1 1 Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here MAC Address Table Configuration Aging Configuration Disable Automatic Aging i Age Time 300 seconds MAC Table Learning Port Members 1 3 4 5 6 7 8 9 1011 12 Auto CO DisableO COC 00000000
158. ver These backend RADIUS frame counters are available for the Counters following administrative states ORing Industrial Networking Corp 128 802 1X e MAC based Auth Backend Server Counters Direction IEEE Name Access Challenges dotixAuthBackendAccessChallenges Other Requests dotixAuthBackendOtherRequestsToSupplicant Auth Successes dotixAuthBackendAuthSuccesses Auth Failures dotixAuthBackendAuthFails dotixAuthBackendResponses Information about the This administrative states e 802 1X e MAC based Auth authenticate information Last Supplicant Client Info Last IEEE Name MAC Address VLAN ID Supplicant Client Info 802 1X based is available IGPS 9084GP Series User s Manual Description Port based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Port based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Port and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant cl
159. we created a simple example as shown below VLAN X Unknown VLAN BM 2900 BM 2900 VLAN X sull VLAN VLAN P1 A VLAN X TRUNK 200 TRUNK 200 x gt tagged 200 i gge Setting VLAN dX i QinQ 200 9000 Series Port 1VLAN Setting Open all VLAN Membership Configuration m System Information Basic Setting fl DHCP ServerRelay Start from VLAN 1 with 20 entries per page M Port Setting fi Redundancy VLAN Ej VLAN Membership may Ports ail i Private VLAN M SNMP Traffic Prioritization im Multicast Security Port Members Delete VLAN ID VLAN Name 12345678 9 101112 default kikiki hv hd ding MIM IL IL IL IIL ILL LI UO L 200 Open all Auto refresh L gg System Information e Front Panel Ethertype for Custom ports 0x ssas Basic Setting DEE JE VLAN Port Configuration Port Setting s M Redundancy E BEN Port VLAN Tx Tag Port Type Ingress Filtering Frame Type Mode ID E VLAN Membership 2 all z BES x ES Sines 1 Unaware F All v Specific 200 Untag all w lim Private VLAN a i o Tagged I IN x 1 T Tl SNMP Pari nd eas 99gEe0 8 None Tagal M m Trafic Prioritization ta lt SA fe OST f Multicast 4 Unaware All v Specific w 1 Untag pvid mf Security 5 Unaware v F All v Specific s EE Untag_pvid fm Warning 6 Unaware w d Al vi Specific
160. when relay information mode is disabled Possible ORing Industrial Networking Corp 32 IGPS 9084GP Series User s Manual policies are Replace Replace the original relay information when a DHCP message that already contains it is received Keep Keep the original relay information when a DHCP message that already contains it is received Drop Drop the package when a DHCP message that already contains relay information is received 5 1 3 4 2 Relay Statistics Auto refresh L DHCP Relay Statistics Server Statistics SE Receive 2 A Receive Transmit Receive poi Receive Receive Receive Transmit Missing Erna HEr Bad to Error from aent Missing Missing Bad omaa Server Server g Circuit ID Remote ID Circuit ID Option ID g 0 0 0 0 g 0 The following table describes the labels in this screen Transmit to Sever The number of packets that are relayed from client to server Transmit Error The number of packets that resulted in errors while being sent to clients Receive Missing Agent The number of packets received without agent information Option options Receive Missing Cirucit The number of packets received with the Circuit ID option ID missing Receive Missing Remote The number of packets received with the Remote ID option ID missing Receive Bad Circuit ID The number of packets whose Circuit ID option did not match Known circuit ID Receive Bad Remote ID The number of packets whose Remote
161. which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge ORing Industrial Networking Corp 120 IGPS 9084GP Series User s Manual method is supported The 802 1X and MAC Based Authentication configuration consists of two s
162. working Corp 4 Orina IGPS 9084GP Series User s Manual 5 1 12 6 SFP Monitor vridde ean 141 om Pe A GAM O E E E E E EE i laia 142 341120 28 Pr rr E E AA 143 5 1 13 Synchronization PTP iiierereeenneeeneneene never naene nene n neva n nnenn veena nee e nn nennn nee 144 5 1 14 ME E E A 146 5 1 14 1 COMPPQUTATION 000000 00 ccc cccccecceceeesseeeeessssseeeeeeeeeeeeeeeeeseeeeeeeaaaaeaes 146 SE SUN 148 5 1 15 DN 150 5 1 16 SAR a m maa a aan u a aa 150 Command Line Interface Management rnnnnnnnnnnennnnnennnnnennnnnnnnnnnennnnvennnnr 152 6 1 Dou 132 ORing Industrial Networking Corp 5 Orina IGPS 9084GP Series User s Manual Getting to Know Your Switch 1 1 About the IGPS 9084GP Industrial Switch IGPS 9084GP is managed redundant ring PoE Ethernet switch with 8x10 100 1000Base T X P S E ports and 4x100 1000Base X SFP ports The switch support Ethernet Redundancy protocol O Ring recovery time lt 30ms over 250 units of connection and MSTP RSTP STP compatible can protect your mission critical applications from network interruptions or temporary malfunctions with its fast recovery technology IGPS 9084GP also support Power over Ethernet a system to transmit electrical power up to 30 watts along with data to remote devices over standard twisted pair cable in an Ethernet network Each IGPS 9084GP switch has 8x10 100 1000Base T X P S E Power Sourcing Equipment ports P S E is
163. y 1 2 The number of BPDU s a bridge port can send per second When Transmit Hold Count exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Click to save changes Click to undo any changes made locally and revert to previously ese saved values ORing Industrial Networking Corp 46 IGPS 9084GP Series User s Manual MSTI Mapping This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification _ A Configuration Name 00 1e 94 ff ff ff Configuration Revision O MSTI Mapping MSTI VLANs Mapped ae Joson O The name identifiying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the Configuration Name VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration The revision of the MSTI configuration named above This must Revision be an integer between 0 and 65535 The bridge instance The CIST is not available for explicit MSTI mapping as it will receive the VLANs not explicitly mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VL
Download Pdf Manuals
Related Search