RGPS-R9244GP+-P User Manual
Contents
1. Save Reset Indicates the ID of each aggregation group Normal means no aggregation Only one group ID is valid per port Port Members Lists each switch port for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group LACP LACP Link Aggregation Control Protocol trunks are similar to static port trunks but they are more flexible because LACP is compliant with the IEEE 802 3ad standard Hence it is interoperable with equipment from other vendors that also comply with the standard This page allows you to enable LACP functions to group ports together to form single virtual links and change associated settings thereby increasing the bandwidth between the switch and other LACP compatible devices ORing Industrial Networking Corp 55 LACP Port Configuration for Switch 1 Port LACP Enabled Key Role Timeout CG lt gt v lt gt lt gt v 32768 1 Auto Active Fast 32768 2 Auto Y Active Y Fast 32768 3 Auto Y Active Y Fast 32768 4 AUTO v Active Y Fast Y 32760 5 Auto v Active Y Fast Y 32 768 Indicates the ID of each aggregation group Normal indicates P enges LACP Enabled Lists each switch port for each group ID Check to include a port in an aggregatio2. Indicates the selected HTTPS mode When the current connection is HTTPS disabling HTTPS will automatically redirect web browser to an HTTP connection The modes include Enabled enable HTTPS Disabled disable HTTPS Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 41 5 1 11 SSH SSH Secure Shell is a cryptographic network protocol intended for secure data transmission and remote access by creating a secure channel between two networked PCs You can configure the SSH mode in the following page SSH Configuration Mode Disabled Y Save Reset Indicates the selected SSH mode The modes include Enabled enable SSH Disabled disable SSH Click to save changes Click to undo any changes made locally and revert to previously saved values LLDP Link Layer Discovery Protocol provides a method for networked devices to receive 5 1 12 LLDP Configurations and or transmit their information to other connected devices on the network that are also using the protocols and to store the information that is learned about other devices This page allows you to examine and configure current LLDP port settings ORing Industrial Networking Corp 42 RGPS R9244GP P Series User Manual LLDP Configuration LLDP Parameters LLDP Port Configuration a lt gt Y 1 Disabled 2 Disabled Y 3 Disabled Y
3. RGPS R9244GP P Series Industrial Rack Mount Ethernet Switch with Gigabit PoE Ports User Manual Version 1 0 September 2014 www oring networking com ORing Industrial Networking Corp y COPYRIGHT NOTICE Copyright 2014 ORing Industrial Networking Corp All rights reserved No part of this publication may be reproduced in any form without the prior written consent of ORing Industrial Networking Corp TRADEMARKS ORing is a registered trademark of ORing Industrial Networking Corp All other trademarks belong to their respective owners REGULATORY COMPLIANCE STATEMENT Product s associated with this publication complies comply with all applicable regulations Please refer to the Technical Specifications section for more details WARRANTY ORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date 5 years for most products ORing will repair or replace products found by ORing to be defective within this warranty period with shipment expenses apportioned by ORing and the distributor This warranty does not cover product modifications or repairs done by persons other than ORing approved personnel and this warranty does not apply to ORing products that are misused abused improperly installed or damaged by accidents Please refer to the Technical Specifications section for the actual warranty period s of the product s associated
4. S s SNMP Engine ID lt engineid gt Community Add lt community gt lt ip_addr gt lt ip_mask gt Community Lookup lt index gt User Add lt engineid gt lt user_name gt MD5ISHA lt auth_password gt DES SNMP gt lt priv_password gt User Delete lt index gt User Changekey lt engineid gt lt user_name gt lt auth_password gt lt priv_password gt d View Lookup lt index gt ORing Industrial Networking Corp 175 RGPS R9244GP P Series User Manual Access Add lt group_name gt lt security_model gt lt security_level gt lt read_view_name gt lt write_view_name gt Access Delete lt index gt Access Lookup lt index gt Firmware Load lt ip_addr_string gt lt file_name gt Firmware PTP Configuration lt clockinst gt ClockCreate lt clockinst gt lt devtype gt lt twostep gt lt protocol gt lt oneway gt lt clockid gt lt tag_enable gt lt vid gt lt prio gt Timingproperties lt clockinst gt lt utcoffset gt lt valid gt lt leap59 gt lt leap61 gt lt timetrac gt lt freqtrac gt lt ptptimescale gt lt timesource gt PTP PortDataSet lt clockinst gt lt port_list gt lt announceintv gt lt announceto gt lt syncintv gt lt delaymech gt lt minpdelayreqintv gt lt delayasymmetry gt lt ingressLatency gt LocalClock lt clockinst gt updatelshowlratio lt clockra
5. Type Indicates whether the entry is a static or dynamic entry MAC address The MAC address of the entry VLAN The VLAN ID of the entry Port Members The ports that are members of the entry 5 10 2 Port Statistics Traffic Overview This page provides an overview of general traffic statistics for all switch ports Port Statistics Overview Auto refresh C Refresh Packets Bytes Errors Drops Filtered Receive Transmit Receive Transmit Receive Transmit Receive Transmit Receive 11 980 86946125 9117790 6259918088 0 0 0 0 0 Port 0 68732984 68732987 4957477714 4957477932 24710409 0 0 0 0 0 68732985 68732987 4957477883 4957477932 25204638 0 oooooo0o ea eo CH CHOCO CH CH CH OOOCOOOOCOCOOOCOHCOOHCH 0 0 0 0 0 0 0 0 0 0 0 0 0 H 0 t Desens S The switch port number to which the following settings will be applied The number of received and transmitted packets per port ORing Industrial Networking Corp 143 RGPS R9244GP P Series User Manual Detailed Statistics This page provides detailed traffic statistics for a specific switch port Use the port drop down list to decide the details of which switch port to be displayed The displayed counters include the total number for receive and transmit the size for receive and transmit and the errors for receive and transmit Detailed Statistics Total Receive amp Transmit Detailed Port Statistics Port 1 Receive Total Rx Pac
6. system Tools gt HyperTerminal gt AY Acrobat Reader 5 0 E Command Prompt QI NetTime A Notepad W paint d A WordPad ORing Industrial Networking Corp 161 Step 2 Inout a name for the new connection Ce New Connection HyperTerminal File Edt View Cal Transfer Help Ole ol 3 ola e Connection Description RG ow Correction Enter a name and choose an icon for the connector Disconnected Autodetect autodetect Soll cars Num Capture Print echo Z termnial HyperTerminal S H a ll xj Fie Edt View Call Transfer Help Del ol 3 ol ei Enter details for the phone number that you want to dial Country region Taiwan EBE Area code 2 Disconnected Autodetect Autodetect SCROLL caps Num Capture Print echo Step 4 A pop up window that indicates COM port properties appears including bits per ORing Industrial Networking Corp 162 second data bits parity stop bits and flow control eT An Wer Pr S Se Ee EN LOM Properties Step 5 The console login screen will appear Use the keyboard to enter the Username and Password same as the password for Web browsers then press Enter Da 3 ne RGPS R9244GP P Command Line Interface Username Password CLI Management by Telnet You can can use TELNETio configure the switch The default values are ORing Industrial Networking Corp 163 IP Address
7. Spean 10 Unaware e O All vi specific _1 Untag_pvid 3 3 fies ae im lal ke Cane ws al 1 fetzen mined oe VLAN 1Q Trunk Mode Switch A Switch B Switch viano VLAN 10 g000 Series 9000 Series 9000 Series VLAN Trunk VLAN Trunk VLAN 20 VLAN 20 10 20 10 20 ORing Industrial Networking Corp 67 Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Port Members Delete VLAN ID VLAN Name 172345 678 9 101112 Mann EI d LL IU AU Auto refresh I Ethertype for Custom S ports 0x ssas VLAN Port Configuration Port VLAN Mode ID j lt gt vi WI ES Mile l Tagged Specific Tagged Specific v Port Type Ingress Filtering Frame Type Untag_pvid Untag_pvid Untag_pvid Untag_pvid Untag_pvid Untag_pvid Unaware Specific 5 Unaware Specific Specific Specific Specific Specific Unaware 7 Unaware Unaware Unaware Untag_pvid Untag_pvid Untag_pvid v Specific Specific Specific Unaware SSS SHS SST Unaware 6 ES BEE JEE EEEE i EE TRER IRIE ERRE ZIRE IRIRE RIRIKIR i Ll Lad Lnd Le oes Re leie E A Lnd L 2 Unaware VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 ORing Industrial Networking Corp 68
8. 5 1 Basic Settings The Basic Settings page allows you to configure the basic functions of the switch 5 1 1 Basic Settings for System Information This page shows the general information of the switch System Information Configuration System Name RGPS R9244GP P AE LE tem Industrial Layer 3 28 port mar System Location System Contact _Save Reset An administratively assigned name for the managed node System Name o 7 By convention this is the node s fully qualified domain name ORing Industrial Networking Corp 31 RGPS R9244GP P Series User Manual A domain name is a text string consisting of alphabets A Z a z digits 0 9 and minus sign Space is not allowed to be part of the name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 The physical location of the node e g telephone closet 3rd System Location floor The allowed string length is 0 to 255 and only ASCII characters from 32 to 126 are allowed The textual identification of the contact person for this Seem Condi managed node together with information on how to contact this person The allowed string length is O to 255 and only ASCII characters from 32 to 126 are allowed 5 1 2 Admin Password This page allows you to configure the system password required to access the web pages or log in from CLI System Password
9. Below are the switch settings VLAN Membership Configuration Start from VLAN P with 20 _ entries per page Port Members Delete VLAN ID VLAN Name 12zi 3456 78 9101112 defaut MMIMMMIMMIMIMM Kik ian20 MOCOOOoooo O O Auto refresh O Ethertype for Custom S ports 0x ssas VLAN Port Configuration Port VLAN Port Port Type Ingress Filtering Frame Type Mode ID Tx Tag 10 Untag_all Untag pvid Untag_pvid Untag_pvid Untag_pvid Untag pvid Untag_pvid Untag_pvid Unaware Non E Specific Specific 1 Specific Specific Unaware Unaware AIK IEN IR Unaware Unaware Sal Ch i P Gu Unaware Specific Unaware Specific v Unaware Untag_pvid Untag_pvid Untag_pvid Untag_pvid Specific Unaware Specific Unaware Specific IDDIE DDT eilsllse le slle ils usllcgkhrsl Ka RIR AAAI AZ Palle dr lt F v v v Unaware Specific v VLAN QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below ORing Industrial Networking Corp 69 VLAN X Unknown VLAN BM 2900 BM 2900 VLAN x VLAN X VLAN TRUNK 200 VLAN TRUNK 200 setting VLAN ID 200 9000 Series Port 1 VLAN Settings VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Port Members Delete VLAN ID VLAN Name 1234567 8
10. IPv4 DHCP IPv4 Delete VLAN l gt IPv6 Enable Fallback Current Lease Address Mask Length Mask Length 192 169 2 99 24 Add Interface IP Routes Delete Network Mask Length Gateway Next Hop VLAN Add Route Save Reset IP Interface ORing Industrial Networking Corp Configure whether the IP stack should act as a host or a router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces You can configure the information of IPv4 and IPv6 in this section IPv4 DHCP configurations include Enable check to enable IPv4 DHCP function Fallback specifies the number of seconds for trying to obtain a DHCP lease Current Lease For DHCP interfaces with an active lease the column shows the current interface address as provided by the DHCP server Pv4 configurations include Address shows the IPv4 address of the interface in dotted decimal notation If DHCP is enabled this field is not used The field may also be left blank if Pv4 operation on the interface is not desired Mask Length the IPv4 network mask in number of bits prefix length Valid values are between O and 30 bits for an IPv4 address If DHCP is enabled this field is not used The field may also be left blank if IPv4 operation on the interface is not desired IPv6 Address IPv6 configurations include Address shows the address of the interface A IPv6 address is in 128 bit
11. RGPS R9244GP P Series User Manual Description The switch port number to which the following settings will be applied Select to apply a policy to the port The allowed values are 1 to 8 Policy ID The default value is 1 Select to Permit to permit or Deny to deny forwarding The default value is Permit Select a rate limiter for the port The allowed values are Disabled or Rate Limiter ID numbers from 1 to 15 The default value is Disabled Select which port frames are copied to The allowed values are Port Copy p SE Disabled or a specific port number The default value is Disabled Specifies the logging operation of the port The allowed values are Enabled frames received on the port are stored in the system log Logging Disabled frames received on the port are not logged The default value is Disabled Please note that system log memory Capacity and logging rate is limited Specifies the shutdown operation of this port The allowed values are Enabled if a frame is received on the port the port will be disabled Disabled port shut down is disabled The default value is Disabled Counts the number of frames that match this ACE Rate Limiters This page allows you to define the rate limits applied to a port ACL Rate Limiter Configuration Rate Limiter ID Rate pps 1 1 v CSIR ISIS ISIE 1 1 1 1 1 1 H 1 1 1 e ORing Industrial Networking Corp 108 RGPS R9244GP P Series User Manua
12. et Ring Port The primary ring port 2d Ring Port The backup ring port Coupling Ring Check to enable Coupling Ring Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes mad affecting all switches It is a good method for connecting two rings Coupling Port Ports for connecting multiple rings A coupling ring needs four switches to build an active and a backup link e Links formed by the coupling ports will run in active backup mode Dual Homing Check to enable Dual Homing When Dual Homing is enabled the ring will be connected to normal switches through two RSTP links ex backbone Switch The two links work in active backup mode and connect each ring to the normal switches in RSTP mode Apply Click to apply the configurations Due to heavy computing loading setting one switch as ring master and coupling ring at the same time is not recommended ORing Industrial Networking Corp 18 4 2 O Chain 4 2 1 Introduction O Chain is ORing s revolutionary network redundancy technology which enhances network redundancy for any backbone networks providing ease of use and maximum fault recovery swiftness flexibility compatibility and cost effectiveness in a set of network redundancy topologies The self healing Ethernet technology designed for distributed and complex industrial networks enables the network to recover in less than 30 milliseconds in full duplex Gigabit operation or 10 mi
13. private Add New Entry Save Reset Check to delete the entry It will be deleted during the next save Indicates the community access string to permit access to SNMPv3 Community agent The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed SourceIP Indicates the SNMP source address Source Mask Indicates the SNMP source address mask 5 5 4 SNMP User Configurations Each SNMP user has a specified username a group to which the user belongs authentication password authentication protocol privacy protocol and privacy password When you create a user you must associate it with an SNMP group The user then inherits the security model of the group This page allows you to configure the SNMPv3 user ORing Industrial Networking Corp 76 table The entry index keys are Engine ID and User Name SNMPv3 User Configuration Security Authentication Authentication Privacy Privacy Level Protocol Password Protocol Password 6000075017000001 default_user NoAuth NoPriv None Engine ID Add New Entry Save Reset Check to delete the entry It will be deleted during the next save An octet string identifying the engine ID that this entry should belong to The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed The SNMPv3 architecture uses User based Security Model USM for message security and View based Access
14. IGMP gt Fastleave lt port_list gt enableldisable ACL Configuration tepon is Action lt port_list gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Policy lt port_list gt lt policy gt Add lt ace_id gt lt ace_id_next gt switch port lt port gt policy lt policy gt lt vid gt lt tag_prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt Gp lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt 1p_flags gt lt tcp_flags gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Delete lt ace_id gt Lookup lt ace_id gt Mirror ORing Industrial Networking Corp 174 RGPS R9244GP P Series User Manual Configuration lt port_list gt lirror Port lt port gt ldisable i Mode lt port_list gt enableldisablelrxltx Config Config _ Load lt ip_server gt lt file_name gt check Firmware Save lt ip_server gt lt file_name gt Load lt ip_addr_string gt lt file_name gt
15. No more entries 5 8 Security 5 8 1 Remote Control Security Remote Control Security allows you to limit remote access to the management interface When enabled requests of the client which is not in the allowed list will be rejected Remote Control Security Configuration LE Enable v Delete Web Telnet SNMP Any d Pon Portruberoftheremoteclont web Chacko enable management viaaWeb erase Check to enable management via a Telnet interface SNMP o Check to enable management via a SNMP interface Check to delete entries ORing Industrial Networking Corp 101 5 8 2 Device Binding Device binding is ORing s proprietary technology which binds the IP MAC address of a device with a specified Ethernet port If the IP MAC address of the device connected to the Ethernet port does not conform to the binding requirements the device will be locked for security concerns Device Binding also provides security functions via alive checking streaming check and DoS DDOS prevention Device Binding Function State mee TER DDOS Alive Check Stream Check Beete Active Status Active Status Active Status IP Address MAC Address Device Scan 0 0 0 0 00 00 00 00 Binding 0O O O 0 0 0 0 00 00 00 00 Shutdown 0 0 0 0 00 00 00 00 0 0 0 0 00 00 00 00 0 0 0 0 00 00 00 00 Indicates the device binding operation for each port Possible modes 4 4 AIR AIR io amp W AD Fa are disable
16. Partner Key When connecting the device to other manufactures devices you may need to configure LACP partner key Partner key is the operational key value assigned to the port associated with this link by the Partner Configures the priority of the partner Last Changed The time since this aggregation is changed Local Ports Indicates which ports belong to the aggregation of the switch stack The format is Switch ID Port Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refresh intervals LACP Port Status This page provides an overview of the LACP status for all ports LACP Status for Switch 1 Auto refresh L Refresh Partner Partner Partner System ID Port Prio No S R No z z i No n n No e No s j LACP Key ANR UNM ORing Industrial Networking Corp 57 RGPS R9244GP P Series User Manual Pot Switch port number Yes means LACP is enabled and the port link is up No means LACP is not enabled or the port link is down Backup means the port cannot join in the aggregation group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated Retesh Clektoretesn the page mmedatoy Auto refresh Check to enable an automatic refresh of the page at regular intervals LACP Port Statistics This page provides an overview of
17. use the standard 0x8100 Ethertype field value on S Ports 802 1Q tagged or 802 1p tagged frames When Port Type is set to S custom port the EtherType also known as TPID of all frames received on the port is changed to the specified value By default the EtherType is set to 0x88a8 IEEE 802 1ad The switch port number to which the following settings will be applied Port can be one of the following types Unaware Customer C port Service S port Custom Service S custom port C port each frame is assigned to the VLAN indicated in the VLAN tag and the tag is removed S port the EtherType of all received frames is changed to Ox88a8 to indicate that double tagged frames are being forwarded across the switch The switch will pass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag Port type other than the EtherType field S custom port the EtherType of all received frames is changed to value set in the Ethertype for Custom S ports field to indicate that double tagged frames are being forwarded across the switch The switch will pass these frames on to the VLAN indicated in the outer tag It will not strip the outer tag nor change any components of the tag other than the EtherType field Unaware all frames are classified to the Port VLAN ID and tags are not removed Enable ingress filtering on a port by checking the box This para
18. 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin Follow the steps below to access console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inputting commands or from the MS DOS prompt as below Type the name of a program Folder document or Internet resource and Windows will open it For you Open telnet 192 168 10 1 Cancel Browse Step 2 The Login screen will appear Use the keyboard to enter the Username and Password same as the password for Web browser and then press Enter c Telnet 192 168 10 44 RGPS R9244GP P Command Line Interface Username Password ORing Industrial Networking Corp 164 ORing Commander Groups RGPS R9244GP P Series User Manual Command Groups Firmware PTP Loop Protect Fastrecovery SFP oa EE E on ia on DEI fe if oe on fl ia ET EI aa fa oe ff ia ET E ff System settings and reset options IP configuration and Ping Port management MAC address table Yirtual LAN Private ULAN Security management Spanning Tree Protocol Link Aggregation Link Aggregation Control Protocol Link Layer Discovery Protocol Power Over Ethernet Quality of Service Port mirroring Load Save of configuration via TFTP Download of firmware via TFTP IEEE1I588 Precision Time Protocol Loop Protection M
19. determined by power of each port or power devices Allocation users can allocate the amount of power that each port reserves The allocated reserved power for each port power device is specified in the Maximum Power field Class each port automatically determines how much power to reserve according to the class the connected power device belongs to and then reserves the power accordingly Four different port classes are available including 4 7 15 4 and 30 Watts In this mode the maximum power field will gray out LLDP MED this mode is similar to the Class mode expect that each port determines the amount power it wants to reserve by exchanging PoE information using the LLDP protocol If no LLDP information is available for the port the port will reserve power using the Class mode In this mode the maximum power fields will gray out In all of the abovementioned modes if a port uses more power ORing Industrial Networking Corp 155 E than the reserved power for the port the port is shut down Power Management There are two modes available when configuring when to shut Mode down the port Actual Consumption the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power of that port The ports are shut down according to port priority If two ports have the same priority
20. dlei l i ler l eisl sgle bech N SYSLOG SMTP Link Up Link Down Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Link Up and Link Down RIRIRIRIRIRIRIRIRIRIRIRK System Cold Start Sends out alerts when the system is restarted Power Status Sends out alerts when power is up or down SNMP Authentication Sends out alert when SNMP authentication fails Failure Redundant Ring Sends out alerts when O Ring topology changes Topology Change Port Event Disable SYSLOG SMTP Link Up event Link Down Link Up amp Link Down ORing Industrial Networking Corp 139 5 10 Monitor and Diag 5 10 1 MAC Table A MAC address tablet is a table in a network switch that maps MAC addresses to ports The switch uses the table to determine which port the incoming packet should be forwarded to Entries in a MAC address table fall into two types dynamic and static entries Entries in a static MAC table are added or removed manually and cannot age out by themselves Entries in a dynamic MAC tablet will age out after a configured aging time Such entries can be added by learning or manual configuration Configuration MAC Address Table Configuration Aging Configuration Disable Automatic Aging im 300 seconds MAC Table Learning Port Members SR LL 10 11 12 ij wa 3 4 00 1E 94 98 89 29 v C Aging Configuration Aging enables the switch to track only
21. or TCP please choose the socket direction Destination Source Indicates the action to take when DDOS attacks occur Possible actions are no action Blocking 1 minute blocks the forwarding for 1 minute and log the event Blocking 10 minute blocks the forwarding for 10 minutes and log the event Blocking blocks and logs the event Shunt Down the Port shuts down the port No Link and logs the event Only Log it simply logs the event Reboot Device if PoE is supported the device can be rebooted The event will be logged Indicates the DDOS prevention status Possible statuses are disables DDOS prevention Analyzing analyzes packet throughput for initialization Running analysis completes and ready for next move Attacked DDOS attacks occur ann basmak Cor ue Industrial Networking Corp 105 Device Description This page allows you to configure device description settings Device Description Device Location Address Description IP Camera IP Phone Access Point PC PLC Network Video Recorder zl oO UO P W N me US MIE IS SESE SE dT v ha w Indicates device types Possible types are NO specification IP Camera IP Phone Access Point PC PLC Network Video Recorder Indicates location information of the device The information can be used for Google Mapping Device descriptions Device Type Stream Check Stream check monitors the consistency of real time net
22. Control Model VACM for access control For the USM entry the usmUserEnginelD and usmUserName are the entry keys In a simple agent usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In other words if user engine ID is the same as system engine ID then it is local user otherwise it s remote user A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Indicates the security model that this entry should belong to Possible security models include NoAuth NoPriv no authentication and none privacy Security Level Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The value of security level cannot be modified if the entry already exists which means the value must be set correctly at the time of entry creation Indicates the authentication protocol that this entry should belong to Possible authentication protocols include Authentication None no authentication protocol Protocol MD5 an optional flag to indicate that this user is using MD5 authentication protocol SHA an optional flag to indicate that this user is using SHA ORing Industrial Networking Corp 77 RGPS R9244GP P Series User Manual authentication protocol The value of security level cannot be
23. IP Address Port gt notation of the server The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP communications are built and the RADIUS module is ready to accept access attempts Dead X seconds left access attempts are made to this server but it does not reply within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled ORing Industrial Networking Corp 122 RADIUS Accounting Server Status Overview Status Disabled Disabled Disabled Disabled Disabled The RADIUS server number Click to navigate to detailed statistics of the server The IP address and UDP port number in lt IP Address gt lt UDP Port gt IP Address notation of the server The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not yet up and running Ready the server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left accounting attempts are made to this server but it does not repl
24. Org Discarded The number of organizationally TLVs received Each LLDP frame contains information about how long the LLDP information is valid age out time If no new LLDP frame is Age Outs received during the age out time the LLDP information will be removed and the value of the age out counter will be incremented Refresh Click to refresh the page immediately o Click to clear the local counters All counters including global ear counters are cleared upon reboot Check to enable an automatic refresh of the page at regular Auto refresh intervals 5 1 13 Modbus TCP Modbus TCP uses TCP IP and Ethernet to carry the data of the Modbus message structure between compatible devices The protocol is commonly used in SCADA systems for communications between a human machine interface HMI and programmable logic controllers This page enables you to enable and disable Modbus TCP support of the switch MODBUS Configuration Meret Disabled Y Save Reset Mode Shows the existing status of the Modbus TCP function 5 1 14 Backup Restore Configurations You can save switch configurations as a file or load a previously stored configuration file to the device to restore to old settings The configuration file is in XML format You can click Save configuration to save existing settings as a file and store in your local PC ORing Industrial Networking Corp 46 Configuration Save Choose the configuration file f
25. RM Green On Device is operating as a ring master Ring is enabled and device is running in Ring mode Green Blinking Ring structure is broken Fault Amber On Errors power failure or port malfunctioning 10 100 1000Base T X RJ45 port Port is linked and runs at 1000Mbps Link Act Port is linked and runs at 10 100Mbps ORing Industrial Networking Corp 8 RGPS R9244GP P Series User Manual PoE Green On Power is supplied over Ethernet cable SFP port Link Act G Port is connected ink Ac reen Blinking Transmitting data 2 2 Rear Panel On the rear panel of the switch sits two panel module slots and one terminal block The terminal block includes two power pairs for redundant power supply 1 Power switch 2 AC power input 100V 240V 50 60Hz ORing Industrial Networking Corp 9 Hardware Installation 3 1 Rack mount Installation The switch comes with two rack mount kits to allow you to fasten the switch to a rack in any environments Follow the following steps to install the switch to a rack Step 1 Install the mounting brackets to the left and right front sides of the switch using three screws provided with the switch Step 2 With front brackets orientated in front of the rack fasten the brackets to the rack using two more screws e UM LN Vin ORing Industrial Networking Corp 10 3 2 Wiring Attention 1 Be sure to disconnect the power cord
26. Reacty teceved Line Sona Daeg aa Ring Indicator l at DTE Ready wf 4 _ Trars mitted Data eg Transmitted Data E 3 a Clear to Send 7 een Clear to Send Received Data 3 Si Request to Send 9 Rinig Irdi cator Ces Received Data 2 im Request to Send DTE Ready 4 i 5 Received Line Signal Detea 7 DCE Ready Signal Ground 7 g Received by DTE Device ag Received by DCE Device Be Transmitted from DTE Device Tanmitted from DCE Device ORing Industrial Networking Corp 13 3 3 3 SFP The switch comes with fiber optical ports that can connect to other devices using SFP modules The fiber optical ports are in multi or single mode with LC connectors Please remember that the TX port of Switch A should be connected to the RX port of Switch B Switch A Switch B g A if Ki S ri P IN gil Syme LE Fiber 3 3 4 O Ring O Chain O Ring You can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps 1 Connect each switch to form a daisy chain using an Ethernet cable 2 Set one of the connected switches to be the master and make sure the port setting of each connected switch on the management page corresponds to the physical ports connected For information about the port setting please refer to 4 1 2 Configurations 3 Connect the last switch to the first switch to form a ring
27. Scan scans IP MAC automatically but no binding function Binding enables binding Under this mode any IP MAC that does not match the entry will not be allowed to access the network Shutdown shuts down the port No Link Alive Check Check to enable alive check When enabled switch will ping the Active device continually Indicates alive check status Possible statuses are disable Alive Check Got Reply receive ping reply from device meaning the device is still Status alive Lost Reply not receiving ping reply from device meaning the device might have been dead Stream Check Check to enable stream check When enabled the switch will detect Active the stream change getting low from the device Indicates stream check status Possible statuses are Stream Check Status disable Normal the stream is normal ORing Industrial Networking Corp 102 RGPS R9244GP P Series User Manual O raitemenromsi O O O DdoS Prevention Check to enable DDOS prevention When enabled the switch will Indicates DDOS prevention status Possible statuses are disable DdoS Prevention Analyzing analyzes packet throughput for initialization Status Running analysis completes and ready for next move Attacked DDOS attacks occur Device IP Address Specifies IP address of the device Device MAC Specifies MAC address of the device Address Advanced Configurations Alias IP Address This page provides
28. Switch 1 Port 0 DP level PCP DEI Tag Class DSCP Based class lt gt yY lt gt 1 0 Y 0 2 H L 3 0 O 4 0 Y 0 S LU 7Y 0 Y lt gt vil lt gt v v OY OY Disabled v A A Disabled v OY Ov Disabled v OY OY Disabled v Ov OY Disabled Fon OO The port number for which the configuration below applies QoS Class DP level ORing Industrial Networking Corp Controls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS class PCP value 0 1234567 QoS class 10234567 H the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default QoS class The classified QoS class can be overruled by a QCL entry Note if the default QoS class has been dynamically changed then the actual default QoS class is shown in parentheses after the configured default QoS class Controls the default Drop Precedence Level All frames are classified to a DP level If the port is VLAN aware and the frame is tagged then the frame is classified to a DP
29. System Name The name advertised by the neighbor Description of the neighbor s capabilities The capabilities include 1 Other Repeater Bridge WLAN Access Point System Capabilities nom Telephone DOCSIS Cable Device Station Only 2 3 4 9 6 7 8 9 Reserved When a capability is enabled a will be displayed If the capability is disabled a will be displayed Management The neighbor s address which can be used to help network Address management This may contain the neighbor s IP address Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refresh intervals Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters will apply settings to the whole switch stack while local counters will apply settings to specified switches ORing Industrial Networking Corp 44 Sute refresh Refresh Clear LLDP Global Counters Global Counters Neighbour entries were last changed 1970 01 01 00 00 00 00 00 1260 secs ago Total Neighbours Entries Added D Total Neighbours Entries Deleted D Total Neighbours Entries Dropped A _Total Neighbours Entnes Aged Out A LLDP Statistics Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TLVs Discarded TLWS Unrecognized Org Discarded Age Outs 1 0 0 0 a O D 0 a 0 0 D 0 D 0 0 D O oO D 0 a 0 4 0 0 0 O
30. The NAD may then forward accounting information to the RADIUS server to document the transaction the RADIUS server may store or forward this information as needed to support billing for the services provided Server Configuration Delete Hostname Auth Port Acct Port Timeout Retransmit Delete 1812 1813 Save Reset Click to delete an entry from the table Specifies the host name of the RADIUS server The maximum supported length for the AAA RADIUS hostname is 40 characters The UDP port to use on the RADIUS accounting server If the port is set to O zero the default port 1813 is used on the RADIUS accounting server The authentication port which specifies the UDP port used to connect the RADIUS server for authentication The default is 1812 ORing Industrial Networking Corp 121 RGPS R9244GP P Series User Manual The shared secret between the switch and the RADIUS server The time to wait for the RADIUS server to respond The number of times the switch tries to connect to a RADIUS server RADIUS Overview This page provides information about the status of the RADIUS server configurable on the authentication configuration page RADIUS Authentication Server Status Overview Auto refresh L IP Address Disabled Disabled Disabled Disabled Disabled The RADIUS server number Click to navigate to detailed statistics of the server The IP address and UDP port number in lt IP Address gt lt UDP
31. VRRP Configuration VRRP Group Delete VRID Priority AuthCode Delete 100 Add Group VRRP Member VLAN ID Primary VRID VRIP DefaultIP Save VRRP combines a group of routers including a master and multiple backups on a LAN into a virtual router called VRRP group VRRP Group Delete Click the button if you want to delete an entry from the table VRID Enter a unique ID number for this virtual router The range of valid values is 1 to 255 ORing Industrial Networking Corp 40 RGPS R9244GP P Series User Manual Priority VRRP determines the role master or backup of each router in a VRRP group by priority A router with a higher priority is more likely to become the master VRRP priority is in the range of O to 255 and the greater the number the higher the priority Priorities 1 to 254 are configurable Priority O is reserved for special uses and priority 255 is for the IP address owner The router acting as the IP address owner in a VRRP group always has the running priority 255 and acts as the master as long as it works properly AuthCode Enter the authorization code for the VRRP group Add Group Click the button if you want to add a new entry Shows the information of the VRRP members including the VLAN VRRP Member ID of the device primary status VRID VRIP and defult IP 5 1 10 HTTPS You can configure the HTTPS mode in the following page HTTPS Configuration Hora Disabled Y Save Reset
32. Weighted scheduling will deliver traffic on a rotating basis It can guarantee each queue s minimum bandwidth based on their bandwidth weight when there is traffic congestion Only when a port has more traffic than it can handle will this mode be activated A queue Is given an amount of bandwidth regardless of the incoming traffic on that port Queue with larger weights will have more guaranteed bandwidth than others with smaller weights Port 1 kl Qos Egress Port Scheduler and Shapers Port 1 Queue Shaper Queue Scheduler Port Shaper Enable Rate Unit Excess Weight Percent Enable Rate Unit ZS E g 0O o o R ei 0 0O O oO ei S ORing Industrial Networking Corp 89 RGPS R9244GP P Series User Manual Two scheduling modes are available Strict Priority or Scheduler Mode Weighted Check to enable queue shaper for individual switch Queue Shaper Enable ports Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 Queue Shaper Rate o when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 Queues Shaper Unit WW when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the weight of each queue The default value Queue Scheduler Weight is 17 This value is
33. You can set QoS egress queues on a port such as classifying data and marking it according to its priority and the policies Packets will then travel across the switch s internal paths carrying their assigned QoS tag markers At the egress port these markers are read and used to determine which queue each data packet is forwarded to When the traffic does not conform to the conditions set in a policer command you can remark the traffic ORing Industrial Networking Corp 83 QoS Egress Port Tag Remarking for Switch 1 Classified Classified Classified The switch port number to which the following settings will be applied Click on the port number to configure tag remarking Shows the tag remarking mode for this port wp Whe Classified use classified PCP DEI values Default use default PCP DEI values Mapped use mapped versions of QoS class and DP level 5 6 4 Port DSCP DSCP Differentiated Services Code Point is a measure of QoS It can classify data packets by using the 6 bit DS field in the IP header so you can manage each traffic class differently and efficiently thereby achieving optimized use of network bandwidth DSCP enabled routers on the network will read the DSCP value of the data packet and put the packet into different queues before transmission such as high priority and most efficient transmission With such QoS functions you can ensure low latency for critical traffic This page allows you to configur
34. _ PWR 1 CI PWR 2 L L d L F CJ L CI RW CJ 5 9 2 System Warning SYSLOG Setting SYSLOG is a protocol that allows a device to send event notification messages across IP networks to event message collectors It permits separation of the software that generates messages from the system that stores them and the software that reports and analyzes them As Syslog messages are UDP based the sender and receiver will not be aware of it if the ORing Industrial Networking Corp 136 packet is lost due to network disconnection and no UDP packet will be resent system Log Configuration Server Mode Disabled Server Address A Server Mode Indicates existing server mode When the mode operation is enabled the syslog message will be sent to syslog server The syslog protocol is based on UDP communications and received on UDP port 514 and the syslog server will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server does not exist Possible modes are Enabled enable server mode Disabled disable server mode SYSLOG Server IP Address Indicates the IPv4 host address of syslog server If the switch provides DNS functions it also can be a host name SMTP Setting SMTP Simple Mail Transfer Protocol is a protocol for transmitting e mails across the Internet By setting up S
35. active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 Configures the priority for ports having identical port costs See Priority i above Click to save changes Click to undo any changes made locally and revert to previously saved values Mapping This page allows you to examine and change the configurations of current STP MSTI bridge instance MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification Configuration Name 00 1e 94 ff ff ff Configuration Revision w MSTI Mapping MSTI VLANs Mapped ORing Industrial Networking Corp 25 RGPS R9244GP P Series User Manual The name which identifies the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the Configuration Name VLAN to MSTI mapping configurations in order to share spanning trees for MSTIs intra region The name should not exceed 32 characters Configuration Revision of the MSTI configuration named above This must be Revision an integer between 0 and 65535 MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped The list of VLANs mapped to the MSTI The VLANs must be separated with commas and or space A VLAN
36. alias IP address configuration Some devices might have more than one IP addresses You could specify other IP addresses here Alias IP Address Port Alias IP Address Specifies alias IP address Keep 0 0 0 0 if the device does not have Alias IP Address an alias IP address Alive Check Alive Checking monitors the real time status of the device connected to the port Alive checking packets will be sent to the device to probe if the device is running If the switch receives no response from the device actions will be taken according to your configurations ORing Industrial Networking Corp 103 ORing Alive Check Action Only Log it oon mo amp DA NM ra bah bh ba M ka Link Change Shunt Down the Port Reboot Device Status w i z wi Ww w RGPS R9244GP P Series User Manual Link Change Disables or enables the port Only log it Simply sends logs to the log server Shunt Down the Disables the port Port Reboot Device Disables or enables PoE power DdoS Prevention The switch can monitor ingress packets and perform actions when DDOS attack occurred on this port When network traffic from a specific device increases significantly in a short period of time the switch will lock the IP address of that device to protect the network from attacks You can configure DdoS prevention on this page to achieve maximum protection DDOS Prevention Socket Number Mode Sensibility
37. before installing and or wiring your switches 2 Calculate the maximum possible current in each power wire and common wire Observe all electrical codes dictating the maximum current allowable for each wire size 3 If the current goes above the maximum ratings the wiring could overheat Causing serious damage to your equipment 4 Use separate paths to route wiring for power and devices If power wiring and device wiring paths must cross make sure the wires are perpendicular at the intersection point 5 Do not run signal or communications wiring and power wiring through the same wire conduit To avoid interference wires with different signal characteristics should be routed separately 6 You can use the type of signal transmitted through a wire to determine which wires should be kept separate The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together 7 You should separate input wiring from output wiring 8 It is advised to label the wiring to all devices in the system 3 2 1 AC Power Connection For power supply simply insert the AC power cable to the power connector at the back of the switch and turn on the power switch The input voltage is 100V 240V 50 60Hz 3 3 Connection 3 3 1 Cables 10 100BASE T X amp 1000BASE T Pin Assignments The device comes with standard Ethernet ports According to the link type the switch uses CAT 3 4 5 5e UTP cables to connect to any other n
38. can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a ORing Industrial Networking Corp 131 RGPS R9244GP P Series User Manual string in the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to
39. custom port is used tor user TPID 88A8 S custom port is used for user defined TPID While Ethertype for Custom S ports is configured to 8123 H H Packet Discarded VID 5 TPID 8123 outgoing packet will bring with TPID 7 8123 tag D ze e rm mm e re KS Se e KS rm e Se e pm rm em SS em mp e mm em Se SS ere Examples of VLAN Settings VLAN Access Mode Switch A Switch B Switch C p il VLAN J10 9000 Series 9000 Series 9000 Seres N10 EE Geen VLAN Trunk VLAN 20 RH ee 10 20 VLAN 20 Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the switch settings ORing Industrial Networking Corp 66 VLAN Membership Configuration Start from VLAN 1 with 20 j entries per page Port Members Delete VLANID VLAN Name _ 1234567 8 9 101112 for port 1 VLAN trunk setting for port 7 amp port8 VLAN Access l lt gt v d lt gt sl lt gt Ales v 1 C port k CJ Tagged Specific wi 1 Tag_all v 2 Unaware x O All vi None B Untag_pvid 3 Unaware vi CH all v Specific 1 Untag_pvid 4 Unaware v C All v Specific Untag_pv jid v 5 Unaware v F All Specific 1 Untag pvid 6 Unaware a Untagged Specific 10 Untag_pvid v 7 Unaware v Untagged y Specific Untag_pvid 8 Unaware v Untagged v Specific d Untag_pvid i
40. link is up and red means the link is The drop down list provides available link speed options for a given switch port Auto selects the highest speed supported by the link Configured Link Speed partner Disabled disables switch port configuration lt gt configures all ports When Auto is selected for the speed the flow control will be negotiated to the capacity advertised by the link partner When a fixed speed setting is selected that is what is used Current Rx indicates whether pause frames on Pon Conia the port are obeyed and Current Tx indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last auto negotiation You can check the Configured column to use flow control This setting is related to the setting of Configured Link Speed You can enter the maximum frame size allowed for the Maximum Frame Size switch port in this column including FCS The allowed range is 1518 bytes to 9600 bytes Configures port transmit collision behavior Discard Excessive Discard frame after a certain amount of collisions Collision Mode default Restart Restart backoff algorithm after a certain amount of collisions Click to undo any changes made locally and revert to ro Jesse Click to refresh the page Any changes made locally mw Je ORing Industrial Networking Corp 53 5 3 2 Port Trunk A port trunk is a group of ports that have been grouped to
41. manage and set up event alarms through this page by inputting a value that will trigger event alarm when the temperature reaches the threshold ORing Industrial Networking Corp 148 SFP Monitor Auto refresh II Port No 1 2 3 4 5 6 7 8 9 Warning Temperature 85 C 0 100 Event Alarm Cl Syslog 5 10 7 Ping This command sends ICMP echo request packets to another node on the network Using the ping command you can see if another site on the network can be reached ICMP Ping IP Address 0 0 0 0 Ping Length S Ping Count 5 1 Ping Interval Start IP Address The destination IP Address Ping Length The payload size of the ICMP packet Values range from 8 to 1400 bytes Ping Count Define the number of pings that will be sent Please enter an integer ORing Industrial Networking Corp 149 RGPS R9244GP P Series User Manual Ping Interval Specifies the interval between pings that are sent to the destination address After you press Start five ICMP packets will be transmitted and the sequence number and round trip time will be displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp _seq 0 time Oms 64 bytes from 10 10 132 20 icmp seq 1 time Oms 64 bytes from 10 10 132 20 icmp _seq 2 time Oms 64 bytes from 10 10 132 20 icmp seq 3 t
42. modified if the entry already exists which means the value must be set correctly at the time of entry creation A string identifying the authentication pass phrase For MD5 Authentication authentication protocol the allowed string length is 8 to 32 For SHA Password authentication protocol the allowed string length is 8 to 40 Only ASCII characters from 33 to 126 are allowed Indicates the privacy protocol that this entry should belong to Possible privacy protocols include Privacy Protocol None no privacy protocol DES an optional flag to indicate that this user is using DES authentication protocol A string identifying the privacy pass phrase The allowed string length Privacy Password is 8 to 32 and only ASCII characters from 33 to 126 are allowed 5 5 5 SNMP Group Configurations An SNMP group is an access control policy for you to add users Each SNMP group is configured with a security model and is associated with an SNMP view A user within an SNMP group should match the security model of the SNMP group These parameters specify what type of authentication and privacy a user within an SNMP group uses Each SNMP group name and security model pair must be unique This page allows you to configure the SNMPv3 group table The entry index keys are Security Model and Security Name SNMPv3 Group Configuration Delete Security Model Security Name Group Name public default_ro_group private default_rw_group public default_ro_
43. more information please refer to Unicast Slave Configuration VLAN Tag Enable Enables VLAN tagging for PTP frames Note Packets are only tagged if the port is configured for vlan tagging i e Port Type Unaware and PortVLAN mode None and the port is member of the VLAN VLAN identifiers used for tagging the PTP frames Priority code point values used for PTP frames Status This page shows the status of the PTP function based on the settings you made in the configuration page PTP External Clock Mode AISECT Disable JAHE GE False VCXO Enable False Clock Frequency 1 PTP Clock Configuration Auto refresh Refresh Port List Clock Instance Device Type 17345678691011121314151617181970 No Clock Instances Present 5 12PoE 5 12 1 Configuration PoE Power Over Ethernet is a technology that transmits electrical power to devices such as IP telephones wireless LAN access points and IP cameras over standard Ethernet cables The ability is very useful in places where power supply is difficult or expensive deploy ORing Industrial Networking Corp 154 Power Over Ethernet Configuration Reserved Power determined by Class allocation Power Management Mode Actual Consumption Reserved Power PoE Power Supply Configuration Primary Power Supply W 720 PoE Port Configuration PoE Mode Priority Maximum Power W H Reserved Power There are three modes available when configuring the reserved
44. port number Maximum Power Indicates the maximum power in watts that can be delivered to a remote device the maximum allowed value is 30 W ORing Industrial Networking Corp 156 5 12 2 Status This page allows you to examine the current status for all PoE ports Power Over Ethernet Status Auto refresh O Refresh Local Port PD dass Power Requested Power Allocated Power Used Current Used Priority Port Status 1 o w o Ww o w 0 mA Low No PD detected e o w o w o w D mA Low No PD detected 3 o w o w o w D mA Low No PD detected 4 o wW D w O W D mA Low No PD detected 5 o Ww o w o w D mA Low No PD detected 6 o wW D w D W D mA Low No PD detected 7 D W D Ww o w D mA Low No PD detected 8 o w o w o w 0 mA Low No PD detected o w o w o w o mA Low No PD detected 10 o wW D Iw oO Ww 0 mA Low No PD detected 11 o w D wW D Ww m Low No PD detected 12 o w o w o w D mA Low No PD detected 13 D IW D W D W D m Low No PD detected ia n Parl DTW nm Fiat D fmaAl out Me Di datactad Local Port The switch port number to which the following settings will be applied PD Class Each power device is classified according to the class that defines the maximum power consumed by the PD This setting includes five classes Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max po
45. the ACE Any no IP protocol filter is specified don t care Specific if you want to filter a specific IP protocol filter with the ACE choose this value A field for entering an IP protocol filter appears ICMP selects ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear For more details of these fields please refer to the help file UDP selects UDP to filter Pv4 UDP protocol frames Extra fields for defining UDP parameters will appear For more details of these fields please refer to the help file TCP selects TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear For more details of these fields please refer to the help file Specifies the time to live settings for the ACE Zero Pv4 frames with a time to live value greater than zero must not be able to match this entry Non zero Pv4 frames with a time to live field greater than zero must be able to match this entry Any any value is allowed don t care Specifies the fragment offset settings for the ACE This includes settings of More Fragments MF bit and Fragment Offset FRAG OFFSET for an IPv4 frame No IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any any value is allowed don t care Spec
46. the LACP statistics for all ports LACP Statistics for Switch 1 Auto refresh Refresh Clear LACP LACP Discarded Received Transmitted Unknown Illegal LU P w he ooo Oo OO CH CH CH CH og oO Oo CH ooo 0 O Pon Swtonponmmber O Discarded The number of unknown or illegal LACP frames discarded at each port Refresh Click to refresh the page immediately Check to enable an automatic refresh of the page at regular Auto refresh intervals Clear Click to clear the counters for all ports ORing Industrial Networking Corp 58 5 3 3 Loop Protection This feature prevents loop attack When receiving loop packets the port will be disabled automatically preventing the loop attack from affecting other network devices Configuration General Settings Global Configuration SIE Befsisflziveieiegbifl Disable Y Transmission Time 5 seconds Shutdown Time 180 seconds Enable Loop Protection Activate loop protection functions as a whole Transmission Time The interval between each loop protection PDU sent on each port The valid value is 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid value is 0 to 604800 seconds 7 days A value of zero will keep a port disabled permanently until the device is restarted Port Configuration for Switch 1 Port Enable b e lt gt v 7 gt Y 1 d Shutdown Port Enable
47. the rest of queues will not be sent until the highest priority queue is empty The SP algorithm is preferred when the received packets contain high priority data such as voice and video ORing Industrial Networking Corp 87 Portl QoS Egress Port Scheduler and Shapers Port 1 Port Shaper Enable Rate Unit Queue Shaper Enable Rate Unit Excess ao S 500 kbps ir Two scheduling modes are available Strict Priority or Weighted Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Rate Configures the rate for each queue shaper The default value is 500 This value is restricted to 100 to 1000000 Queues Shaper Unit a when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth Port Shaper Enable Check to enable port shaper for individual switch ports ORing Industrial Networking Corp 88 RGPS R9244GP P Series User Manual Configures the rate of each port shaper The default value is 500 This value is restricted to 100 to 1000000 when the Port Shaper Rate _ SE l Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the unit of measurement for each port shaper Port Shaper Unit rate as kbps or Mbps The default value is kbps Weighted
48. user on the same port and does not require the users to have special 802 1X software installed on their system The switch uses the users MAC addresses to authenticate against the backend server As intruders can create counterfeit MAC addresses MAC based authentication is less secure than 802 1X authentication ORing Industrial Networking Corp 125 Overview of 802 1X Port Based Authentication In an 802 1X network environment the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible as it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch does not need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame in
49. will be probed automatically Otherwise the ID specified in this field is used Trap Security Indicates the SNMP trap security engine ID SNMPv3 sends traps Engine ID and informs use USM for authentication and privacy A unique engine ORing Industrial Networking Corp 75 RGPS R9244GP P Series User Manual ID for these traps and informs is needed When Trap Probe Security Engine ID is enabled the ID will be probed automatically Otherwise the ID specified in this field is used The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Indicates the SNMP trap security name SNMPv3 traps and informs Trap Security using USM for authentication and privacy A unique security name is Name needed when traps and informs are enabled 5 5 3 SNMP Community Configurations You can define access to the SNMP data on your devices by creating one or more SNMP communities An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent A SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities This page allows you to configure SNMPv3 community table The entry index key is Community SNMPv3 Community Configuration Delete Community Source IP Source Mask public
50. 0 Oo O 0 T o D O D 0 Global Counters Neighbor entries Shows the time when the last entry was deleted or added were last changed at Total Neighbors Entries Added Total Neighbors Shows the number of new entries added since switch reboot l Shows the number of new entries deleted since switch reboot Entries Deleted Total Neighbors Shows the number of LLDP frames dropped due to full entry table Entries Dropped Total Neighbors Entries Aged Out Shows the number of entries deleted due to expired time to live Local Counters Rx Frames The number of LLDP frames received on the pot Rx Errors Uienmpe of received LLDP frames containing errors If a port receives an LLDP frame and the switch s internal table is full the LLDP frame will be counted and discarded This situation is known as too many neighbors in the LLDP standard LLDP Frames Discarded frames require a new entry in the table if Chassis ID or Remote Port ID is not included in the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information ORing Industrial Networking Corp 45 RGPS R9244GP P Series User Manual known as TLVs Type Length Value If a TLV is malformed it will be counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value
51. 4 Disabled Y 5 Disabled Y Sets the transmit interval which is the interval between regular Tx Interval o transmissions of LLDP advertisements The switch port number to which the following settings will be applied Indicates the selected LLDP mode Rx only the switch will not send out LLDP information but LLDP information from its neighbors will be analyzed Tx only the switch will drop LLDP information received from its neighbors but will send out LLDP information Disabled the switch will not send out LLDP information and will drop LLDP information received from its neighbors Enabled the switch will send out LLDP information and will analyze LLDP information received from its neighbors Neighbors This page provides a status overview for all LLDP neighbors The following table contains information for each port on which an LLDP neighbor is detected The columns include the following information ORing Industrial Networking Corp 43 LLDP Neighbour Information Auto refresh Refresh LLDP Remote Device Summary Local Port Chassis ID PortID Port Description System Name System Capabilities Management Address No neighbour information found Local Port The port that you use to transmits and receives LLDP frames The identification number of the neighbor sending out the LLDP Chassis ID frames The identification of the neighbor port Port Description The description of the port advertised by the neighbor
52. 44GP P Series User Manual ei Control Center d RSTP d Backup Path y SS d d d d r Main P Z Switch8 Main Path Switch A O Ring O Chain When connecting multiple O Rings to meet your expansion demand you can create an O Chain topology through the following steps 1 Select two switches from the chain Switch A amp B that you want to connect to the O Ring and connect them to the switches in the ring Switch C amp D 2 In correspondence to the ports connected to the ring configure an edge port for both of the connected switches in the chain by checking the box in the management page see 4 1 2 Configurations 3 Once the setting is completed one of the connections will act as the main path and the other as the backup path Switch C Switch A Switch D Switch B ORing Industrial Networking Corp 16 Redundancy Redundancy for minimized system downtime is one of the most important concerns for industrial networking devices Hence ORing has developed proprietary redundancy technologies including O Ring and Open Ring featuring faster recovery time than existing redundancy technologies widely used in commercial applications such as STP RSTP and MSTP ORing s proprietary redundancy technologies not only support different networking topologies but also assure the reliability of the network 4 1 O Ring 4 1 1 Introduction O Ring is ORing s proprietary redundant ring technology with rec
53. 9101112 1 default MIMIMIMMMMIMIMIMI bA kl Qing Kik III H a O Auto refresh O Ethertype for Custom S ports 0X ssas VLAN Port Configuration Port VLAN Port Type Ingress Filtering Frame Type Mode Tx Tag E WE sl W v 1 Unaware v a Specific Untag_all wi C port v a Tagged _ None Tag al T aware il E 7 pecme Oil Le ag_pvid a 4 Unaware vi id All v Specific wei 1 Untag_pvid 5 Unaware v a All Si Specific 1 Untag_pvid wal 6 Unaware o All si Specific ___1 Untag_pvid v VLAN ID Settings When setting the management VLAN only the same VLAN ID port can be used to control the switch ORing Industrial Networking Corp 70 9000 Series VLAN Settings IP Configuration Configured Current DHCP Client EI IP Address 192 168 10 2 192 168 10 2 IP Mask 255 255 255 0 255 255 255 0 IP Router 0 0 0 0 0 0 0 0 SNTP Server 5 4 3 Private VLAN A private VLAN contains switch ports that can only communicate with a given uplink The restricted ports are called private ports Each private VLAN typically contains many private ports and a single uplink The switch forwards all frames received on a private port out the uplink port regardless of VLAN ID or destination MAC address A port must be a member of both a VLAN and a private VLAN to be able to forward packets This page allows you to configure private VLAN memberships for the switch By
54. AC address found in the MAC Table Each page shows up to 999 entries from the MAC table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN fields allow the user to select the starting point in the MAC table Clicking Refresh will update the displayed table starting from that or the closest next MAC table match In addition the two input fields will upon clicking Refresh assume the value of the first displayed entry allows for continuous refresh with the same start address The gt gt button will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When it reaches the end the text no more entries is shown in the displayed table Use the lt lt button to start over ORing Industrial Networking Corp 142 MAC Address Table Auto refresh C Start from VLAN 1 _and MAC address 00 00 00 00 00 0 with 20 entries per page Port Members Type VLAN MAC Address CPU 1 2 3 45 6 7 8 9 101112 Static 00 1E 94 98 89 89 wi Static Q0 1E 94 FF FF FF y Static 1 01 80 C2 4A 44 06 W wi wi wi wi wi wi wi wi wi wi wi wi Static 33 33 FF A8 0A 01 E Static 33 33 FF FF FF FF wi Static FF FF FF FF FF FF wi C v wi wi wi wi C wi Wi wi
55. CL TACACS and 802 1x user authentication for security Supports 9 6K Bytes Jumbo Frame SFP socket support DDM function Supports multiple notifications for incidents Supports management via Web based interfaces Telnet Console CLI and Windows utility Open Vision Supports LLDP Protocol A Hardware Specifications 19 inch rack mountable design 24 x 10 100 1000Base T X RJ 45 ports with PoE function fully compliant with IEEE802 3at standard 4 x 1G 10GBase X SFP ports Operating temperature 40 to 60 C Storage temperature 40 to 85 C Operating humidity 5 to 95 non condensing Dimensions 431 W x 342 D x 44 H mm 16 97 x 13 46 x 1 73 inch Hardware Overview 2 1 Front Panel 2 1 1 Ports and Connectors The RGPS R92244GP P comes with the following ports and connectors on the front panel Ethernet ports 24 x 10 100 1000Base T X EEE802 3at P S E ports Fiber ports 4 x 1G 10G SFP ports Console port 1 x console port Reset button 1 x reset button Press the button for 3 seconds to reset and 5 seconds to return to factory default j RGPS RI244AGP P 1 Console port 7 LAN with IEEE802 3at PoE ports 2 Reset button 8 Link Act Speed status LED for Ethernet ports in the 3 Power indicator bottom row 4 Ring status LED 9 Link Act Speed status LED for Ethernet ports in the top 5 RM status LED row 6 Fault indicator 10 SFP port 11 Link Act LED for SFP ports 21 2 LED 12 PoE status LED for LAN ports
56. Configuration Refresh Network Access Server Configuration System Configuration Mode Disabled Reauthentication Enabled CO Reauthentication Period DU seconds EAPOL Timeout 3 seconds Aging Period seconds Hold Time Lt seconds Port Configuration Port Admin State Port State Restart lt gt Force Authorized Globally Disabled Force Unauthorized Globally Disabled 802 1X Globally Disabled MAC based Auth Globally Disabled Force Authorized Globally Disabled e Loes S Indicates if 802 1X and MAC based authentication is globally enabled or disabled on the switch If globally disabled all ports are allowed to forward frames ORing Industrial Networking Corp 127 Reauthentication Enabled Reauthentication Period EAPOL Timeout Age Period Hold Time ORing Industrial Networking Corp RGPS R9244GP P Series User Manual lf checked clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore does not imply that a client is still present on a port see Age Period below Determines the period in seconds after which a connected client must be re authenticated This is o
57. DP destination filter for the ACE Any no TCP UDP destination filter is specified TCP UDP destination filter status is don t care Specific if you want to filter a specific TCP UDP destination filter with the ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears Range if you want to filter a specific range TCP UDP destination filter with the ACE you can enter a specific TCP UDP destination range A field for entering a TCP UDP destination value appears When Specific is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination value The allowed range is O to 65535 A frame matching the ACE will use this TCP UDP destination value When Range is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination range value The allowed range is 0 to 655385 A frame matching the ACE will use this TCP UDP destination value Specifies the TCP FIN no more data from sender value for the ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is allowed don t care TCP SYN Specifies the TCP SYN synchronize sequence numbers value for ORing Industrial Networking Corp 118 RGPS R9244GP P Series User Manual the ACE 0 TCP frames where the SYN field is set must not be able to m
58. E 145 5 10 4 System Log Information ccc cccesessseeeeeeeseessseeeeeeeeeseesaees 146 5 10 5 VeriPHYCable Diagnostics 0c cccccsccccccccececeeeeeeeeeeeesessssaaaees 147 5 10 6 SPP le e E 148 5 10 7 Te EE 149 5 10 8 IPVO PINO cnan E eem mene ah ssn decsancnee EET 150 5 10 9 SPP TEE 151 5 11 Zevpchronzaton eein EEEE 152 5 11 1 L 1 E 152 sT Ce e E 154 5 12 1 Gontftguratton cece cccccsssssssceeeeecesseesaceeseeeesseessaseeseeeesesesaaeeeeees 154 5 12 2 LIT 157 5 12 3 POE TE TE 158 5 12 4 POE AUO PINO onenian iE e A pr AAE E A EE AA 158 Selo Fa Uy DE E eorr ea ER R ERRARE EREEREER ERTER RRETA 159 GE Oy 21 18 6 6 EE 160 Command Line Interface Management cccscsesssseeeseeeeneesenseeseaes 161 ORing Industrial Networking Corp 5 Getting Started 1 1 About the RGPS R9244GP P The RGPS P9244GP P is a Layer 3 PoE Gigabit managed Ethernet switch with 24x 10 100 1000Base T X IEEE802 3at P S E ports and 4x1G 10GBase X SFP ports It is able to meet the needs for high port density and high speed long distance transmission The P S E enabled ports are able to provide sufficient power for power hungry devices with up to 30w per port With complete support for Ethernet redundancy protocols such as O Ring recovery time lt 30ms over 250 units of connection and MSTP RSTP STP compatible the switch can protect your mission critical applications from network interruptions or temporary malfunctions with its fast recovery te
59. LAN ID You can assign switch ports to a VLAN and add new VLANs in this page ORing Industrial Networking Corp 60 VLAN Membership Configuration Refresh lt lt gt gt Start from VLAN 1 with 20 entries per page Port Members Delete VLAN ID VLAN Name 1234567891011121314 default MMIMIMIMIMIMIMIMI VI ki Kl kl ki Add New VLAN Save Reset Checkmarks indicate which ports are members of the entry Port Members Check or uncheck as needed to modify the entry Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Valid values for a VLAN ID are 1 through 4095 ett After clicking Save the new VLAN will be enabled on the selected switch stack but contains no port members A VLAN without any port members on any stack will be deleted when you click Save Click Delete to undo the addition of new VLANs 5 4 2 Port Configurations This page allows you to set up VLAN ports individually Auto refresh Updating Ethertype for Custom S ports 0x ssas VLAN Port Configuration Port VLAN Mode ID Port Port Type Ingress Filtering Frame Type Tx Tag Save Reset ORing Industrial Networking Corp 61 This field specifies the Ethertype used for custom S ports This is a global setting for all custom S ports Custom Ethertype enables you to change the Ethertype value on a port to any value to support network devices that do not Ethertype for customer
60. LD IGMP Snooping Fault Alarm Configuration Event Selection DHCP Server Configuration Ring Configuration Chain Configuration Remote Control Security Fast Recovery Configuration SFP Monitor Configuration Device Binding Configuration MRP Configuration Modebus TCP Configuration ORing Industrial Networking Corp 165 RGPS R9244GP P Series User Manual System Timezone lt offset gt Log lt log_id gt alllinfolwarninglerror clear DHCP enableldisable Setup lt ip_addr gt lt 1p_mask gt lt ip_router gt lt vid gt Ping lt ip_addr_string gt lt ping_length gt SNTP lt ip_addr_string gt Port Configuration test bitten Mode lt port_list gt autol 1 Ohdx 1 Ofdxl100hdx I1 00fdx 1 000fdxlsfp_auto_ams MAC Configuration lt port_list gt Add lt mac_addr gt lt port_list gt lt vid gt J Delete lt mac_addr gt lt vid gt ORing Industrial Networking Corp 166 RGPS R9244GP P Series User Manual VLAN PVID lt port_list gt lt vid gt Inone FrameType lt port_list gt allltaggedluntagged IngressFilter lt port_list gt enableldisable PortType lt port_list gt unawarelc portls portls custom port tx_tag lt port_list gt untag_pvidluntag_allltag_all Private VLAN Isolate lt port_list gt enableldisable Configuration lt port_list gt Security Switch Switch security setting Network Network security se
61. MTP alert the device will send a notification e mail when a user defined event occurs ORing Industrial Networking Corp 137 SMTP Setting E mail Alert Disable v SMTP Server Address Sender E mail Address Mail Subject Wi Authentication Recipient E mail Address 1 Recipient E mail Address 2 Recipient E mail Address 3 Recipient E mail Address 4 Recipient E mail Address 5 Recipient E mail Address 6 E mail Alarm Enables or disables transmission of system warnings by e mail Sender E mail SMTP server IP address Address Mail Subject Subject of the mail Authentication m Username the authentication username m Password the authentication password Confirm Password re enter password Recipient E mail The recipient s e mail address A mail allows for 6 recipients Address Apply Click to activate the configurations Event Selection The device supports both SYSLOG and SMTP alerts Check the corresponding box to enable the system event warning method you want Please note that the checkboxes will gray out if SYSLOG or SMTP is disabled ORing Industrial Networking Corp 138 System Warning Event Selection System Events System Start iPower Status ISNMP Authentication Failure iIRedundant Ring Topology Change SYSLOG Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled P 1 4 5 e 7 9 n Jeng
62. Old User Name Old Password New User Name New Password Confirm New Password Save Old Password The existing password If this is incorrect you cannot set the new password New Password The new system password The allowed string length is 0 to 31 and only ASCII characters from 32 to 126 are allowed Confirm New Re type the new password Password 5 1 3 Authentication Method This page allows you to configure how a user is authenticated when he she logs into the switch ORing Industrial Networking Corp 32 ORing RGPS R9244GP P Series User Manual via one of the management interfaces Authentication Method Configuration Client console local telnet no v ssh radius Y local http radius Y radius Save Reset The management client for which the configuration below applies Authentication Method can be set to one of the following values None authentication is disabled and login is not possible Local local user database on the switch is used for authentication Radius a remote RADIUS server is used for authentication Click to undo any changes made locally and revert to previously saved values 5 1 4 IP Settings This page allows you to configure IP information for the switch You can configure the settings of the device operating in host or router mode ORing Industrial Networking Corp 33 ORing IP Configuration Mode Router Host RGPS R9244GP P Series User Manual
63. P1 6 lt gt v d lt gt Wl lt gt v O BE O BE i O BE 0 BE 1 E v id H v 1 w i 2 E v H 2 si 2 v 3 3 v C 3 y 3 v 4 4 bi ul 4 j 4 K 5 E Sg E Is sl 5 v E 6 v o 6 v e v 7 7 J L 7 sl 7 v 8 cs1 8 cs1 D fs cs wi s cs M 9 9 v a 9 vi 9 v DSCP Maximum number of supported DSCP values is 64 and valid DSCP value ranges from 0 to 63 Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate Enables ingress translation of DSCP values based on the specified classification method DSCP can be translated to any of 0 63 DSCP values 2 Classify Enable Classification at ingress side as defined in the QoS Port DSCP Configuration table Configurable engress parameters include Remap DPO Re maps DPO field to selected DSCP value DPO indicates a drop precedence with a low priority You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges from 0 to 63 ORing industrial Netwerkinmg Cor oe Industrial Networking Corp 92 RGPS R9244GP P Series User Manual Remap DP1 Re maps DP1 field to selected DSCP value DP1 indicates a drop precedence with a high priority You can select the DSCP value from a selected menu to which you want to remap DSCP value ranges from 0 to 63 5 6 11 DSCP Classification This page allows you to co
64. Packet Type Filter Action Status Low High 1 Enabled Normal TCP ka 80 80 2 Normal TCP k 80 60 3 Normal TCP v 80 80 4 Normal TCP v 80 80 5 Normal wi TCP bil 80 80 D Normal TCP NW 80 80 7 Normal TCP k 80 80 8 Normal TCP v 80 80 3 Normal TCP 80 80 10 Normal TCP D 80 80 11 Normal TCP k 80 BO ORing Industrial Networking Corp Destination Destination Destination Destination Destination Destination Destination Destination Destination Destination Destination Blocking 1 minute Blocking 10 minute Blocking Shunt Down the Port ee Running 104 Mode Enables or disables DDOS prevention of the port Indicates the level of DDOS detection Possible levels are Low low sensibility Sensibility Normal normal sensibility Medium medium sensibility High high sensibility Indicates the types of DdoS attack packets to be monitored Possible types are RX Total all ingress packets RX Unicast unicast ingress packets Packet Type RX Multicast multicast ingress packets RX Broadcast broadcast ingress packets TCP TCP ingress packets UDP UDP ingress packets If packet type is UDP or TCP please specify the socket number here The socket number can be a range from low to high If the socket Socket Number number is only one please fill the same number in the low and high fields If packet type is UDP
65. Port No Dest Port Filter Specific Dest Port No TCP FIN TCP SYN TCP RST TCP PSH TCP ACK TCP URG 80 UDP Parameters Any Any Source Port Filter Specific Any Source Port No 0 Any M A OTT Range Vv Any Mi TEATELE SO 65535 Any Specifies the TCP UDP source filter for the ACE Any no TCP UDP source filter is specified TCP UDP source filter status is don t care TCP UDP Source Filter ORing Industrial Networking Corp Specific if you want to filter a specific TCP UDP source filter with the ACE you can enter a specific TCP UDP source value A field for 117 TCP UDP Source No TCP UDP Source Range TCP UDP Destination Filter TCP UDP Destination Number TCP UDP Destination Range TCP FIN RGPS R9244GP P Series User Manual entering a TCP UDP source value appears Range if you want to filter a specific TCP UDP source range filter with the ACE you can enter a specific TCP UDP source range A field for entering a TCP UDP source value appears When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is O to 65535 A frame matching the ACE will use this TCP UDP source value When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is O to 65535 A frame matching the ACE will use this TCP UDP source value Specifies the TCP U
66. SE The number of valid EAPOL frames of any Total dot 1xAuthEapolFramesRx type that have been received by the switch The number of valid EAP Resp ID frames that have been received by the switch The number of valid EAPOL response frames Responses dotixAuthEapolRespFramesRx other than Resp ID frames that have been received by the switch The number of EAPOL Start frames that have been recenved by the switch The number of valid EAPOL logoff frames that have been received by the switch l The number of EAPOL frames that have Invalid Type dotixAuthInvalidEapolFramesRx been received by the switch in which the frame type is not recognized The number of EAPOL frames that have Invalid Length dotix4uthEapLengthErrorframesRx been received by the switch in which the Packet Body Length field is invalid GC The number of EAPOL frames of any type Total dotixAuthEapolFramesTx that have been transmitted by the switch The number of EAP initial request frames that have been transmitted by the switch The number of valid EAP Request frames Requests dotixAuthEapolReqFramesTx other than initial request frames that have been transmitted by the switch Response ID dotixAuthEapolRespidFramesRx Start dot lxAuthEapolStartFramesRx Logoff dotixAuthEapolLogoffframeskx Request ID dotixAuthEapolReqldFramesTx These backend RADIUS frame counters are available for the following administrative states e 802 1X e MAC based Auth Backend Server Counter
67. The values include CIST Role AlternatePort BackupPort RootPort and DesignatedPort The current STP port state of the CIST port The values include Blocking Learning and Forwarding Uptime The time since the bridge port is last initialized Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh regular intervals STP Statistics This page displays the STP port statistics for the currently selected switch STP Statistics Auto refresh C Transmitted MSIP RSIP SIP ICN MSTP Received Discarded z Port RSTP STP TCN Unknown Illegal No ports enabled Port The switch port number to which the following settings will be applied The number of RSTP configuration BPDUs received transmitted on the port The number of legacy STP configuration BPDUs received transmitted on the port ORing Industrial Networking Corp 22 RGPS R9244GP P Series User Manual The number of legacy topology change notification BPDUs received transmitted on the port Discarded The number of unknown spanning tree BPDUs received and discarded on the port Discarded The number of illegal soanning tree BPDUs received and discarded on Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals STP Bridge Configurations STP Bridge Configuration i Basic Settings amp Protocol Version Forwa
68. Translation gt Egress Remap DO table or from the DSCP Translation gt Egress Remap DP 1 table 5 6 5 Port Policing Policing is a traffic regulation mechanism for limiting the rate of traffic streams thereby controlling the maximum rate of traffic sent or received on an interface When the traffic rate exceeds the configured maximum rate policing drops or remarks the excess traffic This page allows you to configure Policer for all switch ports ORing Industrial Networking Corp 85 QoS Ingress Port Policers for Switch 1 Port Enabled Rate Unit X sooi lt gt 7Y 1 500 kbps 2 500 Kbps e SOO kbps 4 500 kbps Y 5 500 kbps 7 Pot The port number for which the configuration below applies Enabled Check to enable the policer for individual switch ports Configures the rate of each policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and is restricted to 1 to 3300 when the Unit is Mbps or kfps Configures the unit of measurement for each policer rate as kbps om ee pe reste 5 6 6 Queue Policing QoS Ingress Queue Policers for Switch 1 Queue O Queue 1 Queue 2 Queue 2 Queue4 QueueS Queue6 Queue 7 Fore Enable Enable Enable Enable Enable Enable Enable Enable LU P wW M ra The port number for which the configuration below applies Enable E Check to enable queue policer for individual switch ports Configures the rate of each queue policer The
69. Y 2 Y Shutdown Port Enable Y 3 d Shutdown Port 7 Enable Y 4 KL Shutdown Port Enable 7 5 wi Shutdown Port Enable Y ORing Industrial Networking Corp 59 RGPS R9244GP P Series User Manual Switch port number Activate loop protection functions as a whole ro Pepe Configures the action to take when a loop is detected Valid values include Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is actively generating loop protection a Loop Protection Status This page shows the Loop protection information you made in the configuration page Loop Protection Status for Switch 1 Auto refresh Refresh Port Action Transmit Loops Status Loop Time of Last Loop No ports enabled Pon Swichpor number Action Shows the acon occur based on your soting Loops The number of loops detected on this interface since the last system boot or since statistics were cleared Status The current loop protection status of the port Loop Whether a loop is currently detected on the port Time of Last Loop The time of the last loop event detected 5 4 VLAN 5 4 1 VLAN Membership A VLAN Virtual LAN is a logical LAN based on a physical LAN with links that does not consist of a physical wired or wireless connection between two computing devices but is implemented using methods of network virtualization A VLAN can be created by partitioning a physical LAN into multiple logical LANs using a V
70. a range of VIDs PCP Priority Code Point can be specific numbers 0 1 2 3 4 5 6 7 a range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator can be any of values between 0 and 1 or Any SMAC Source MAC Address can be 24 MS bits OUI or Any DMAC Type Destination MAC type can be unicast UC multicast MC broadcast BC or Any Frame Type can be the following values Any Ethernet LLC SNAP IPv4 and IPv6 Note all frame types are explained below Valid Ethernet values can range from 0x600 to OxFFFF or Any but excluding 0x800 IPv4 and 0x86DD IPv6 The default value is Any ORing Industrial Networking Corp 94 RGPS R9244GP P Series User Manual LLC SSAP Address valid SSAP Source Service Access Point values can range from 0x00 to OxFF or Any The default value is Any DSAP Address valid DSAP Destination Service Access Point values can range from 0x00 to OxFF or Any The default value is Any Control Valid Control valid values can range from 0x00 to OxFF or Any The default value is Any PID valid PID a k a ethernet type values can range from 0x00 to OxXFFFF or Any The default value is Any Protocol 0 255 TCP or UDP or any Source IP specific Source IP address in value mask format or any IP and mask are in the format of x y z w where x y Z and w are decimal numbers between 0 and 255 When the mask is converted to a 32 bit binary string and read fr
71. ace Static MAC Table Configurations This tablet shows the static entries in the MAC table which can contain up to 64 entries Using static MAC address entries can reduce broadcast packets remarkably and are suitable for networks where network devices seldom change You can manage the entries in this page The MAC table is sorted first by VLAN ID and then by MAC address ORing Industrial Networking Corp 141 Static MAC Table Configuration Port Members Delete VLAN ID MAC Address ffe ee Sr e S r d ee LV RN ee e _ 00 1E 94 98 89 89 MOO OOOO OOOOOOOOO ID 00 00 00 00 00 00 JOU OIOOOOOOUOOU0 1 o0 00 00 00 00 00 TO 000 2 00000 00 Add new static entry Check to delete an entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Checkmarks indicate which ports are members of the entry Port Members Check or uncheck to modify the entry l Click to add a new entry to the static MAC table You can specify Adding New Static the VLAN ID MAC address and port members for the new entry Entry Click Save to save the changes MAC Table Each page shows up to 999 entries from the MAC table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest M
72. active MAC addresses on the network and flush out MAC addresses that are no longer used thereby keeping the table current By default aged entries are removed after 300 seconds You can configure aging time by entering a value in the Age Time box in seconds The allowed range is 10 to 1000000 seconds You can also disable the automatic aging of dynamic entries by checking Disable Automatic Aging ORing Industrial Networking Corp 140 MAC Table Learning The switch can add the address and port on which the packet was received to the MAC table if the address does not exist in the table by examining the source address of each packet received on a port This is called learning It allows the MAC table to expand dynamically If the learning mode for a given port is grayed out it means another module is in control of the mode and thus the user cannot change the configurations An example of such a module is MAC Based authentication under 802 1X MAC Table Learning Port Members Disable OO O0000 Secure OOO O O O O Learning is done automatically as soon as a frame with unknown SMAC is received Only static MAC entries are learned all other frames are dropped Note make sure the link used for managing the switch is added to the static Mac table before changing to secure learning mode otherwise the management link will be lost and can only be restored by using another non secure port or by connecting to the switch via the serial interf
73. ame type Next Hop VLAN The VLAN ID VID of the specific IPv6 interface associated with the gateway The given VID ranges from 1 to 4094 and will be effective only when the corresponding IPv6 interface is valid If the IPv6 gateway address is link local it must specify the next hop VLAN for the gateway If the IPv6 gateway address is not link local system ignores the next hop VLAN for the gateway 5 1 5 IP Status This page will show the IP details of the device based on the settings you made in the IP Setting section ORing Industrial Networking Corp 35 Auto refresh Refresh IP Interfaces Interface Type Address Status 00 00 00 00 00 00 lt UP LOOPBACK RUNNING MULTICAST gt 127 0 0 1 8 feBO 1 1 64 1 128 00 1e 94 ff ff ff lt UP BROADCAST RUNNING MULTICAST gt 192 168 2 99 24 fe80 2 21e 94ff feff fft 64 IP Routes Network Gateway Status 6 127 0 0 1 32 OS lo 127 0 0 1 lt UPHOST gt 192 168 2 0 24 VLANI lt UP HW_RT gt 224 0 0 0 4 O lo 127 0 0 1 lt UP gt 1 128 OS lo 1 lt UP HOST gt Neighbour cache IP Address Link Address 192 168 2 130 VLAN1 b8 88 e3 8f cO Sb 192 168 2 191 WLAN1 ac 22 0b 7e 8f 33 fe50 2 21d aaff fe82 94e0 VL4N1 00 1d aa 82 94 e0 fe80 2 21e 94ff feff fF WLAN1 00 1e 94 ff ff ff 5 1 6 SNTP SNTP Simple Network Time Protocol is a protocol able to synchronize the time on your system to the clock on the Internet It will synchronize you
74. an enter a Sender IP Mask 8 specific sender IP mask in dotted decimal notation Specifies the target IP filter for the specific ACE Any no target IP filter is specified target IP filter is don t care Host target IP filter is set to Host Specify the target IP address in Target IP Filter the Target IP Address field that appears Network target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear When Host or Network is selected for the target IP filter you can Target IP Address p enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter a Target IP Mask 8 specific target IP mask in dotted decimal notation Specifies whether frames will meet the action according to their sender hardware address field SHA settings ARP SMAC Match 0 ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Any any value is allowed don t care Specifies whether frames will meet the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address RARP SMAC Match Any any value is allowed don t care ORing Industrial Networking Corp 112 RGPS R9244GP P Series User Manual Specifies
75. and only ASCII characters from 33 to 126 are allowed Indicates the view type that this entry should belong to Possible view types include Included an optional flag to indicate that this view subtree should be included View Type Excluded An optional flag to indicate that this view subtree should be excluded Generally if an entry s view type is Excluded it should exist another entry whose view type is Included and its OID subtree oversteps the Excluded eniry ORing industrial Netwerkinmg Cor mm Industrial Networking Corp 79 RGPS R9244GP P Series User Manual The OID defining the root of the subtree to add to the named view OID Subtree The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 5 5 7 SNMP Access Configurations This page allows you to configure SNMPv3 access table The entry index keys are Group Name Security Model and Security Level SNMPv3 Access Configuration Delete Group Name Security Model Security Level Read View Name Write View Name default_ro_group any NoAuth NoPriv default_view Y kees el default_rw_group any NoAuth NoPriv default_view Y default_view Add New Entry Save Reset Check to delete the entry It will be deleted during the next save A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed I
76. arget IP Filter Target IP Address Target IP Mask ARP SMAC Match RARP SMAC Match IP Ethernet Length IP Ethernet Other Request Network 259 255 259 0 Network 192 168 1 254 255 255 255 0 Leg nem O ARP RARP Specifies the available ARP RARP opcode OP flag for the ACE Any no ARP RARP OF flag is specified OP is don t care ARP frame must have ARP RARP opcode set to ARP RARP frame must have ARP RARP opcode set to RARP Other frame has unknown ARP RARP Opcode flag ORing Industrial Networking Corp 111 RGPS R9244GP P Series User Manual Specifies the available ARP RARP opcode OP flag for the ACE Any no ARP RARP OF flag is specified OP is don t care Request frame must have ARP Request or RARP Request OP flag Request Reply set Reply frame must have ARP Reply or RARP Reply OP flag Specifies the sender IP filter for the ACE Any no sender IP filter is specified sender IP filter is don t care Host sender IP filter is set to Host Specify the sender IP address in Sender IP Filter the SIP Address field that appears Network sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the sender IP filter you can Sender IP Address enter a specific sender IP address in dotted decimal notation When Network is selected for the sender IP filter you c
77. atch this entry 1 TCP frames where the SYN field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP PSH push function value for the ACE 0 TCP frames where the PSH field is set must not be able to match Top pei this entry 1 TCP frames where the PSH field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP ACK acknowledgment field significant value for the ACE 0 TCP frames where the ACK field is set must not be able to match TCP ACK this entry 1 TCP frames where the ACK field is set must be able to match this entry Any any value is allowed don t care Specifies the TCP URG urgent pointer field significant value for the ACE 0 TCP frames where the URG field is set must not be able to match TCP URG this entry 1 TCP frames where the URG field is set must be able to match this entry Any any value is allowed don t care ACL Status DHCP Auto refresh Refresh ACL Status User Ingress Port Frame Type Action Rate Limiter Port Redirect CPU CPU Once Counter Conflict No entries 5 8 4 AAA Authentication Authorization and Accounting An AAA server is an application that provides authentication authorization and accounting services for attempted access to a network An AAA server can reside in a dedicated computer an Ethernet switch an access point or a network access server The cu
78. can only be VLANS Mapped mapped to one MSTI An unused MSTI will be left empty ex without any mapped VLANs Click to save changes Click to undo any changes made locally and revert to previously saved values Priority This page allows you to examine and change the configurations of current STP MSTI bridge instance priority MS TI Configuration a MSTI Priority Configuration MSTI Priority w Ww y ha Yv wv ORing Industrial Networking Corp 26 RGPS R9244GP P Series User Manual The bridge instance CIST is the default instance which is always active Indicates bridge priority The lower the value the higher the Priority priority The bridge priority MSTI instance number and the 6 byte MAC address of the switch forms a bridge identifier Click to undo any changes made locally and revert to previously saved values 4 4 3 CIST With the ability to cross regional boundaries CIST is used by MSTP to communicate with other MSTP regions and with any RSTP and STP single instance spanning trees in the network Any boundary port that is if it is connected to another region will automatically belongs solely to CIST even if it is assigned to an MSTI All VLANs that are not members of particular MSTIs are members of the CIST Port Settings STP CIST Ports Configuration J CIST Aggregated Ports Configuration STP aaa Ages Restricted Point to Port Enabled Path Cost Priority Admin Ed
79. characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users 13 ORing 5 5 2 Trap Configuration Trap Configuration Global Settings Viv Disabled Y Trap Destination Configurations Delete Name Enable Version Destination Address RGPS R9244GP P Series User Manual Destination Port Add New Entry Save Reset i ia SNMP Trap Configuration Trap Config Name Trap Mode Trap Version Trap Community Trap Destination Address Trap Destination Port Trap Inform Mode Trap Inform Timeout seconds Trap Inform Retry Times Trap Probe Security Engine ID Trap Security Engine ID Trap Security Name SNMP Trap Event _ Warm Start Link up none Link down none System Interface LLDP none _ Authentication Fail AAA Switch O O STP ORing Industrial Networking Corp 2 specific specific Disabled SNMP 2c public 162 Disabled 3 5 Enabled Hi None 2 all switches specific all switches all switches 74 Indicates existing SNMP trap mode Possible modes include Trap Mode Enabled e
80. chnology Featuring a wide operating temperature from 40 C to 60 C the device can be managed centrally and conveniently via Open Vision web browsers Telnet and console CLI configuration making it one of the most reliable choice for highly managed and Fiber Ethernet power substation and rolling stock application 1 2 Software Features Supports Layer 3 routing RIP and static routing function Supports Open Ring to interoperate with other vendors ring technology in open architecture WR Support O Ring recovery time lt 30ms over 250 units of connection and MSTP RSTP STP compatible for Ethernet Redundancy Supports O Chain to allow multiple redundant network rings Support PoE scheduled configuration and PoE auto ping check function Support hardware IEEE 1588v2 clock synchronization Supports standard IEC 62439 2 MRP Media Redundancy Protocol function Supports IPv6 new Internet protocol Supports Modbus TCP protocol Supports IEEE 802 3az Energy Efficient Ethernet technology Supports HT TPS SSH protocols to enhance network security Supports SMTP client Supports IP based bandwidth management Supports application based QoS management Supports Device Binding security function Supports DOS DDOS auto prevention Supports IGMP v2 v3 IGMP snooping support to filter multicast traffic Supports SNMP v1 v2c v3 amp RMON amp 802 1Q VLAN network management ORing Industrial Networking Corp 6 ORing Industrial Networking Corp Supports A
81. ddress once successfully authenticated b Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Multi 802 1X variant Multi 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Multi 802 1X one or more supplicants can be authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as the destination MAC address for EAPOL frames sent from the switch to the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that
82. default all ports are VLAN unaware and members of VLAN 1 and private VLAN 1 Membership Configuration Auto refresh Refresh Private VLAN Membership Configuration for Switch 1 Port Members Delete PVLANID 1 2 3 4756 7 8 9101112131415 16 17 L WWW WWW WWW WW jw WW nmg Add New Private VLAN Save Reset Delete Check to delete the entry It will be deleted during the next save PVLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for each private ORing Industrial Networking Corp 71 RGPS R9244GP P Series User Manual VLAN ID You can check the box to include a port in a private VLAN To remove or exclude the port from the private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Port Isolation A private VLAN is defined as a pairing of a primary VLAN with a secondary VLAN A promiscuous port is a port that can communicate with all other private VLAN port types via the primary VLAN and any associated secondary VLANs whereas isolated ports can communicate only with a promiscuous port Auto refresh Refresh Port Isolation Configuration for Switch 1 _ Port Number 123 45 6 7 8 9 1011121314151617181920 Save Reset Leg Loes S A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port Port Members l ee When
83. default value is 500 This value is restricted to 100 to 1000000 ORing Industrial Networking Corp 86 RGPS R9244GP P Series User Manual when the Unit is kbps and is restricted to 1 to 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled Configures the unit of measurement for each queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled 5 6 7 Port Scheduler Port scheduling can solve performance degradation during network congestions The schedulers allow switches to maintain separate queues for packets from each source and prevent specific traffic to use up all bandwidth This page allows you to configure Scheduler and Shapers for individual ports This page provides an overview of QoS Egress Port Schedulers for all switch ports QoS Egress Port Schedulers for Switch 1 Weight Mode Q2 03 04 Q5 LU OI Strict Priority Strict Priority Strict Priority i Strict Priority S Strict Priority e n LU P UNM QoS Egress Port Scheduler and Shaper Strict Priority Strict Priority uses queues based only priority When traffic arrives at the device traffic on the highest priority queue will be transmitted first followed by traffic on lower priorities If there is always some content in the highest priority queue then the other packets in
84. e DSCP settings for each port QoS Port DSCP Configuration for Switch 1 Ingress Egress Translate Classify Rewrite X lt gt v lt gt v 1 Disable Y Disable Y 2 Disable Y Disable Y 3 Disable Y Disable Y 4 Disable Y Disable Y 5 Disable e Disable Y ORing Industrial Networking Corp 84 RGPS R9244GP P Series User Manual Shows the list of ports for which you can configure DSCP Ingress and Egress settings In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate check to enable the function Classify includes four values Disable no Ingress DSCP classification DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific All classify all DSCP Port egress rewriting can be one of the following options Disable no Egress rewrite Enable rewrite enabled without remapping Remap DP Unaware DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation gt Egress Remap DO table Remap DP Aware DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP
85. e Disabled means the port copy operation is disabled Specifies the logging operation of the ACE The allowed values are Enabled frames matching the ACE are stored in the system log Disabled frames matching the ACE are not logged Please note that system log memory capacity and logging rate is limited Specifies the shutdown operation of the ACE The allowed values are Enabled if a frame matches the ACE the ingress port will be disabled Disabled port shutdown is disabled for the ACE Indicates the number of times the ACE matched by a frame Frame Type as Ethernet Type ORing Industrial Networking Corp 110 RGPS R9244GP P Series User Manual Ethernet Type Parameters EtherType Filter Specific Y S R OX FFFF L Save Reset Cancel EtherType Filter Ethernet Type Value Specify the Ethernet type filter for this ACE including Any No EtherType filter is specified EtherType filter status is don t care Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherlType value A field for entering a EtherType value appears When Specific is selected for the EtherType filter you can enter a specific EtherType value The allowed range is 0x600 to OxFFFF A frame that hits this ACE matches this EtherType value Frame Type as ARP ARP Parameters ARP RARP Request Reply Sender IP Filter Sender ieee 192 168 1 1 Sender IP Mask T
86. ease note that conflict can be resolved by releasing the hardware resources required to add the QCL entry by pressing Resolve Conflict button Ging Idette Netwerkinmg Cor e Industrial Networking Corp 97 5 Multicast 5 7 1 IGMP Snooping Basic Configuration IGMP Internet Group Management Protocol snooping monitors the IGMP traffic between hosts and multicast routers The switch uses what IGMP snooping learns to forward multicast traffic only to interfaces that are connected to interested receivers This conserves bandwidth by allowing the switch to send multicast traffic to only those interfaces that are connected to hosts that want to receive the traffic instead of flooding the traffic to all interfaces in the VLAN This page allows you to set up IGMP snooping configurations IGMP Snooping Configuration Global Configuration Snooping Enabled Unregistered IPMCv4 Flooding Enabled Port Related Configuration Port Router Port Fast Leave S LI d 1 o O 2 L LJ 3 A O L d 5 d O 6 L d Snooping Enabled Check to enable global IGMP snooping Unregistered IPMCv4Flooding Check to enable unregistered IPMC traffic flooding enabled Specifies which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or Router Port IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fa
87. ed disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled The switch port number to which the following settings will be applied Click on the port number to configure the shapers Shows disabled or actual queue shaper rate e g 800 Mbps Shows disabled or actual port shaper rate e g 800 Mbps 5 6 9 DSCP based QoS This page allows you to configure DSCP based QoS Ingress Classification settings for all ports DSCP Based QoS Ingress Classification DSCP Trust QoS Class DPL L lt gt N lt gt 0 BE O ov ov Oo ow ow 2 C Ov Ov 3 8 ov ow 4 F Ov ow s D og ba DSCP Maximum number of supported DSCP values is 64 Check to trust a specific DSCP value Only frames with trusted DSCP values are mapped to a specific QoS class and drop precedence level Frames with untrusted DSCP values are treated as a non IP frame QoS Class QoS class value can be any number from 0 7 Drop Precedence Level 0 1 ORing Industrial Networking Corp 91 5 6 10 DSCP Translation This page allows you to configure basic QoS DSCFP translation settings for all switches DSCP translation can apply to Ingress or Egress DSCP Translation Ingress Egress Translate Classify RemapDPO Remap D
88. eeeeseesseeeeeseeaeeees 49 5 24 DHCP Relay Aaa eee ee ee NNSA eee 49 5 3 Rese eee ee ea ene 52 Sol Gen COMO EE 32 S92 FON DUNK cai E E eee eet 54 5 3 3 Loop td te ET EE 59 5 4 ARC ME GO 5 4 1 VLAN Membershm ccc ccccsssssssssssssesssseseeeesessssteeseseeeeeeeeeeeees 60 5 4 2 Port Configurations cc cccccccccssssssceeeeeeeeeeeeeeeeseeesessssseeeeeeeeeeeees 61 Examples of VLAN Settings cc ccc cccccccccccceeeeseessssssseseeeeeeececececeeeeeesttttaaaees 66 54 3 Privat E 9 en eee 71 5 5 ee 72 ORing Industrial Networking Corp 3 Du WEE Cu ME 73 5 5 2 Trap Configuration cc ccccccccesssssssssssscccccecsccccccceessssssssssseeeeeeessececes 74 5 5 3 SNMP Community Configurations 00 cc ccccccccceseessssseeeeeeeeeeeeees 76 5 5 4 SNMP User Configurations cccccssssscceeeeeeeeeeeeeeeseesssssssaaaees 76 5 5 5 SNMP Group Configurations ccc cccccccccceceeeeessesssssssseeeeeeeeeeees 78 5 5 6 SNMP View Configurations ccc ccccccccccccccceeceeeeseesssssssseeeeeeeeseeees 79 5 5 7 SNMP Access Configurations 00000000eesennnnnnosssssssssssssoerrressssssssssssssrsen 80 5 6 Traffic Prioritization cccccecceecceccceeceeeeeeeceeeceeeseeceeeseeseeceeeseeeseeseeeseeeseeeaeeses 81 5 6 1 Storm COMTI E 81 5 6 2 Port Cassttcatnon cc cccccescccccessseeeeesessseeeeeeessseeeeeseesseeeeeseesseeees 81 5 6 3 Port Tagbemaking cc cccccccscceeeeeceeeeeeeeeessaasseeeee
89. end server for a given port left most table or dent nght most table Possible retransmissions are not counted Access Challenges dotlx4uthBackendaccessChallenges Auth Successes dotixAuthbackendsuthSuccesses Information about the last supplicant client that attempts to Last authenticate This information is available for the following Supplicant Client administrative states Info e 802 1X e MAC based Auth ORing Industrial Networking Corp 135 RGPS R9244GP P Series User Manual Last Supplicant Client Info IEEE Name Description re dotlxAuthLastEapolFrameSource The MAC address of the last supplicant client VLAN The VLAN ID on which the last frame from the last ID supplicant cllent was received 802 1X based The protocol version number carned in the most Version dotlxAuthLastEapolFrameVersionrecently received EAPOL frame MAC based Not applicable 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable 5 9 Warning 5 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the electric relay will signal at the same time The following pages allow you to set up alert conditions based on your needs for individual switch ports including actions to be taken during disconnection and power failure Port Link Down Broken Port Active Fault Alarm Power Failure
90. equest from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate a Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they are not authenticated individually To overcome this security breach use the Single 802 1X variant Single 802 1X is not yet an IEEE standard but features many of the same characteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communications between the supplicant and the switch If more than one supplicant are connected to a port the one that comes first when the port s link is connected will be the first one considered If that supplicant does not provide valid credentials within a certain amount of time the chance will be given to another supplicant Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s ORing Industrial Networking Corp 130 RGPS R9244GP P Series User Manual MAC a
91. erating in O Ring mode O Ring Indicator Ring Green Blinking Indicates that the Ring is broken Fault Indicator Fault Amber Indicate unexpected event occurred Dual color LED for Link Act Speed indicator Green 1G Link Act Amber 10 100M 10 100 1000Base T X RJ 45 Port Indicator Link Act 1G 10GBase X SFP Port Indicator Green for port Link Act PoE Indicator Green PoE enabled LED x 24 Fault contact Power Physical Characteristic 431 44 Dimension W x D x H x 342 x 16 97 x 13 46 x 1 73 inch Environmental Storage Temperature 40 to 85 C 40 to 185 F Operating Temperature 40 to 60 C 40 to 140 F Operating Humidity 5 to 95 Non condensing Regulatory approvals FCC Part 15 CISPR EN55022 class A EN61000 4 2 ESD EN61000 4 3 RS EN61000 4 4 EFT EN61000 4 5 Surge EN61000 4 6 CS EN61000 4 8 EN61000 4 11 Warranty 5 years ORing Industrial Networking Corp 182 RGPS R9244GP P Series User Manual ORing Industrial Networking Corp 183
92. et Mask 255 255 255 0 Default Gateway 192 168 10 254 User Name admin Password admin System Login 1 Launch the Internet Explorer 2 Type http and the IP address of the switch Press Enter m SARR E TE P i 7 oe oy TH WEED D zs Googie keng ec E EC ng ZE F Toulube Newa OI loommenis Calemi A login screen appears Type in the username and password The default username and password is admin 5 Click Enter or OK button the management Web page appears KS a Enter Network Password Enter your password to connect to PC SWRDI9 f i i admin Domain ORING Remember my credentials righ G Logon failure unknown user name or bad password ORing Industrial Networking Corp 30 After logging in you can see the information of the switch as below Information Message Name RGPS R9244GP P Industrial Layer 3 28 port managed Gigabit PoE Ethernet switch Description with 24x10 100 1000Base T X P S E and 4x1G 10GBase x SFP socket power supply included Location Contact Hardware MAC Address System Date 1970 01 01 00 03 55 00 00 System Uptime Od 00 03 55 Kernel Version Software Version v1 00 Software Date 2014 09 19T14 09 23 08 00 Auto refresh Refresh Enable Location Alert On the right hand side of the management interface shows links to various settings You can click on the links to access the configuration pages of different functions
93. etwork devices PCs servers switches routers or hubs Please refer to the following table for cable specifications ORing Industrial Networking Corp 11 RGPS R9244GP P Series User Manual 10BASE T UTP 100 m 328 ft 100BASE TX UTP 100 m 328 ft 1000BASE T UTP 100 m 328ft With 10 100 1000BASE T X cables pins 1 and 2 are used for transmitting data and pins 3 and 6 are used for receiving data 10 100Base T X P S E RJ 45 port e reine 1000Base T P S E RJ 45 port pre reimeen The series also support auto MDI MDI X operation You can use a cable to connect the switch to a PC The table below shows the 10BASE T 100BASE TX MDI and MDI X port pin outs 10 100 Base T X MDI MDI X Pin Assignments TD transmit RD receive TD transmit RD receive RD receive TD transmit ORing Industrial Networking Corp 12 RGPS R9244GP P Series User Manual re T wo GE e een men 1000 Base T MDI MDI X Pin Assignments Pin number Wen wus SESCH SSES BI DD BI DC BI DD BI_DC Note and signs represent the polarity of the wires that make up each wire pair 3 3 2 RS 232 console port wiring The device can be managed via the console port using a RS 232 cable which can be found in the package Connect each end of the RS 232 cable to the switch and a PC respectively PC pin out male assignment DB9 to RJ 45 DEY Male DEY Female Signal Ground s 5 oe a DCE
94. fresh Port Vendor PID _ Version ORing Industrial Networking Corp 151 5 11 Synchronization 5 11 1 PTP PTP External Clock Mode is a protocol for synchronizing clocks throughout a computer network On a local area network it achieves clock accuracy in the sub microsecond range making it suitable for measurement and control systems Clock Configuration PTP External Clock Mode ARC NR Disable STEET Mm False VCXO Enable One_pps_ mode The box allows you to select One_pps_mode configurations The following values are possible Output enable the 1 pps clock output Input enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The box allows you to configure external clock output The following values are possible True enable external clock output False disable external clock output VCXO _ Enable The box allows you to configure the external VCXO rate adjustment The following values are possible True enable external VCXO rate adjustment False disable external VCXO rate adjustment Clock Frequency The box allows you to set clock frequency The range of values is 1 25000000 1 25MHz ORing Industrial Networking Corp 152 PTP Clock Configuration Port List 123456789 101112131415 16 17 18 19 20 Device Type No Clock Instances Present Add New PTP Clock Check this box and click Save to delete the clock instance Clock Instance Indicates the instance of a
95. g Industrial Networking Corp 51 ORing RGPS R9244GP P Series User Manual Client Statistics Transmit Transmit Receive Receive Replace Keep Drop to Client Error from Client Agent Option Agent Option Agent Option Agent Option 0 0 0 A 0 0 The number of received packets containing relay agent Transmit Error Receive from Client Receive Agent Option information Replace Agent Option The number of packets replaced when received messages contain relay agent information Keep Agent Option The number of packets whose relay agent information is retained Drop Agent Option The number of packets dropped when received messages contain relay agent information 5 3 Port Setting Port Setting allows you to manage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This page shows current port configurations Ports can also be configured here Port Configuration Refresh Port Link Speed Maximum Excessive ORing Industrial Networking Corp Current Configured Frame Size Collision Mode d lt gt 10056 lt gt 1 Down Auto 10056 Discard 2 Down Auto 10056 Discard G Down AUTO 10056 Discard 4 Down Auto 10056 Discard 5 Down Auto 10056 Discard 6 Down Auto 10056 Discard 7 1Gfdx Auto 10056 Discard 52 The switch port number to which the following settings will be applied The current link state is shown by different colors Link Green indicates the
96. g tree instances known as MSTIs to form individual MST regions Each switch is assigned to an MST region Hence each MST region consists of one or more MSTP switches with the same VLANs at least one MST instance and the same MST region name Therefore switches can use different paths in the network to effectively balance loads Port Settings This page allows you to examine and change the configurations of current MSTI ports A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before MSTI port configuration options are displayed This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global MSTI Port Configuration MST1 ESTEE MST2 MST3 MST4 wer MST6 MST7 i MSTI Normal Ports Configuration Port Path Cost Priority 1 Auto 2 Auto 3 Auto e 4 Auto si 8 v 5 Auto 128 v 6 v 128 v Auto ORing Industrial Networking Corp 24 RGPS R9244GP P Series User Manual The switch port number of the corresponding STP CIST and MSTI port Configures the path cost incurred by the port Auto will set the path cost according to the physical link speed by using the 802 1D recommended values Specific allows you to enter a Path Cost user defined value The path cost is used when establishing an
97. garsa e anoe of aparaat maneo al clock instance 0 3 garsa e anoe of aparaat maneo al on the clock instance number to edit the clock details Device Type Indicates the type of the clock instance There are five device types Ord Bound ordinary boundary clock P2p Transp peer to peer transparent clock E2e Transp end to end transparent clock Master Only master only Slave EE slave only Port List Set check mark for each port Set check mark for each port configured for this Clock Instance for this Clock Instance 2 Step Flag Static member defined by the system true if two step Sync events and Pdelay_Resp events are used Clock Identity Shows a unique clock identifier One Way H true one way measurements are used This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master always responds to delay requests Protocol Transport protocol used by the PTP protocol engine Ethernet PTP over Ethernet multicast ip4multi PTP over IPv4 multicast ip4uni PTP over IPv4 unicast Note IPv4 unicast protocol only works in Master Only and Slave Only clocks For more information please refer to Device Type In a unicast Slave Only clock you also need to configure which master clocks to request Announce and Sync messages from ng industrial Nenka Cor un Industrial Networking Corp 153 RGPS R9244GP P Series User Manual pe For
98. ge Auto Edge Role TCN BPDU Guard point a a Forced True CIST Normal Ports Configuration K STP Restricted Point to Port Enabled Path Cost Priority Admin Edge Rale TCN BPDU Guard point Configures the path cost incurred by the port Auto will set the path cost according to the physical link speed by using the Path Cost 802 1D recommended values Specific allows you to enter a user defined value The path cost is used when establishing an ORing Industrial Networking Corp 27 RGPS R9244GP P Series User Manual active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The range of valid values is 1 to 200000000 a Configures the priority for ports having identical port costs See Priority bere above A flag indicating whether the port is connected directly to edge OpenEdge setate devices or not no bridges attached Transiting to the forwarding flag state is faster for edge ports operEdge set to true than other ports Configures the operEdge flag to start as set or cleared the initial AdminEdge ae operEdge state when a port is initialized Check to enable the bridge to detect edges at the bridge port AutoEdge automatically This allows operEdge to be derived from whether BPDUs are received on the port or not When enabled the port will not be selected as root port for CIST or any MSTI even if it has the best spanning tree priority
99. gether to function as one logical path This method provides an economical way for you to increase the bandwidth between the switch and another networking device In addition it is useful when a single physical link between the devices is insufficient to handle the traffic load This page allows you to configure the aggregation hash mode and the aggregation group Configurations Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address IP Address TCP UDP Port Number Source MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Calculates the destination port of the frame You can check this Address box to enable the destination MAC address or uncheck to disable By default Destination MAC Address is disabled IP Address Calculates the destination port of the frame You can check this box to enable the IP address or uncheck to disable By default IP Address is enabled TCP UDP Port Calculates the destination port of the frame You can check this Number box to enable the TCP UDP port number or uncheck to disable By default TCP UDP Port Number is enabled ORing Industrial Networking Corp 54 Aggregation Group Configuration for Switch 1 Port Members Group ID 1 2 3 4 5 6 7 8 9 101112131415 1617 1819 20 s MD OI sl DO Sf WN rz
100. group private default_rw_group default_user default_rw_group Add New Entry Save Reset Delete Check to delete the entry It will be deleted during the next save Security Model Indicates the security model that this entry should belong to Possible ORing Industrial Networking Corp 78 RGPS R9244GP P Series User Manual security models included v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM A string identifying the security name that this entry should belong to Security Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed 5 5 6 SNMP View Configurations The SNMP v3 View table specifies the MIB object access requirements for each View Name You can specify specific areas of the MIB that can be accessed or denied based on the entries or create and delete entries in the View table in this page The entry index keys are View Name and OID Subtree SNMPv3 View Configuration Delete View Name View Type OID Subtree default_view included Y ci Add New Entry Save Reset Check to delete the entry It will be deleted during the next save A string identifying the view name that this entry should belong to View Name The allowed string length is 1 to 32
101. gt lt bootfile gt Ring Couple Port lt port gt Dualhoming Mode enableldisable Dualhoming Port lt port gt ae Couple Mode enableldisable Chain Mode enableldisable Chain gt 1stUplinkPort lt port gt E 2ndUplinkPort lt port gt EdgePort 1stl2ndlnone RCS Mode enableldisable Add lt ip_addr gt lt port_list gt web_onlweb_off telnet_onltelnet_off snmp_onlsnmp_ off Del lt inde gt ORing Industrial Networking Corp 178 Configuration FastReocvery oe ee Mode enableldisable Port lt port_list gt lt fr_priority gt SFP syslog enableldisable temp lt temperature gt Info DeviceBinding Port DDOS Packet lt port_list gt rx_totallrx_unicastlrx_multicastlrx_broadcastltcpludp Port DDOS Low lt port_list gt lt socket_number gt Port DDOS High lt port_list gt lt socket_number gt Port DDOS Filter lt port_list gt sourceldestination Port DDOS Action lt port_list gt do_nothinglblock_1_miunlblock_10_minslblocklshutdownlonly_lo glreboot_device Port Alive Mode lt port_list gt enableldisable Port Alive Action lt port_list gt do_nothingllink_changelshutdownlonly_loglreboot_device Port Alias lt port_list gt lt ip_addr gt Port DeviceType lt port_list gt unknownlip_camlip_phonelaplpclplclnvr Port Location lt port_list gt lt device_location gt ORing Industrial Networking Co
102. hat matched it from the RADIUS Trip radiusA uthChentExthound i nptime authentication server The granulanty of this measurement is 100 ms A value of Time O ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Statistics for Server 1 Receive Packets Responses Malformed Responses Bad Authenticators Unknown Types Packets Dropped Transmit Packets Requests Retransmissions Pending Requests Timeouts IP Address State Round Tri Time ORing Industrial Networking Corp Other Info 0 0 0 0 1813 Disabled Oms 124 RGPS R9244GP P Series User Manual RADIUS accounting server packet counters There are five receive four transmit counters Direction RFC4670 Name Description The number of RADIUS packets valid or invalid recened from the server The number of malformed RADIUS packets recened from the server Malformed packets madude packets radiu AccClentExtMalformedResponses with an invalid length Bad authenticators or or unknown types are not included as malformed access responses The number of RADIUS packets containing invalid authenticators recemed from the server The number of RADIUS packets of unknown types that Packet Cou nters Unknown Types radiusAceClentextUnknownTypes were received from the server on the accounting port The number of RADIUS packets that were received from Packets Dropped radiusAccClientExtPacket
103. he DHCP server Surplus Lease The Remaining time for a corresponding IP address lease 5 2 3 Static Client List You can manually add clients to your DHCP server that obtain the same IP address each time they start up by entering the MAC address and IP address of the client in the page and add it as a Static client DHCP Client List MAC Address IP Address Add as Static No Select Type MAC Address IP Address Surplus Lease Delete Select Clear Al 5 2 4 DHCP Relay DHCP relay is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain You can configure the function in this page ORing Industrial Networking Corp 49 ORing Label RGPS R9244GP P Series User Manual DHCP Relay Configuration Relay Mode Disabled Relay Server 0 0 0 0 SEU Bitti Disabled Relay Information Policy Keep v SE Reset Save Relay Mode Relay Server Relay Mode Information Drop Indicates the existing DHCP relay mode The modes include Enabled activate DHCP relay When DHCP relay is enabled the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations Disabled disable DHCP relay Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and transfer DHCP
104. he values is 1 through 4095 The default value is Port VLAN ID 1 Note The port must be a member of the same VLAN as the port VLAN ID Determines egress tagging of a port Untag_pvid all Tx Tag VLANs except the configured PVID will be tagged Tag_all all VLANs are tagged Untag_all all VLANs are untagged Introduction of Port Types Below is a detailed description of each port type including Unaware C port S port and Ingress action Egress action S custom port Unaware When the port receives untagged frames The TPID of a frame The function of an untagged frame obtains a tag based transmitted by ORing Industrial Networking Corp 63 Unaware can be used for 802 1QinQ double tag S custom port RGPS R9244GP P Series User Manual on PVID and is forwarded When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will become a double tag frame and will be forwarded 2 If the TPID of tagged frame is not 0x8100 ex Ox88A8 it will be discarded When the port receives untagged frames an untagged frame obtains a tag based on PVID and is forwarded When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not 0x8100 ex Ox88A8 it will be discarded When the port receives untagged frames an untagged frame obtains a tag based on PVID and is forwarded When the port recei
105. icast multicast and broadcast traffic The unit of the rate can be either pps packets per second or kpps kilopackets per second Note frames sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is configured on the IP setup page QoS Port Storm Control Port Unicast Frames Broadcast Frames Unknown Frames Enabled Rate Unit Enabled Rate Unit Enabled Rate Unit 1 500 kbps 500 kbps 500 kbps 2 500 kbps 500 kbps 500 kbps 3 500 kbps 500 kbps 500 kbps 4 500 kbps 500 kbps soo kbps 5 500 kbps 500 kbps 500 kbps Frame types supported by the Storm Control function including Frame Type Unicast Multicast and Broadcast Enabled Enables or disables the given frame type The rate is packet per second pps configure the rate as 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps 5 6 2 Port Classification QoS Quality of Service is a method to achieve efficient bandwidth utilization between devices by prioritizing frames according to individual requirements and transmit the frames based on their importance Frames in higher priority queues receive a bigger slice of bandwidth than those in a lower priority queue ORing Industrial Networking Corp 81 ORing RGPS R9244GP P Series User Manual QoS Ingress Port Classification for
106. ified SMAC filter status is don t care Specific if you want to filter a specific source MAC address with the ACE choose this value A field for entering an SMAC value appears When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx Frames matching the ACE will use this SMAC value Specifies the destination MAC filter for this ACE Any no DMAC filter is specified DMAC filter status is don t care MC frame must be multicast BC frame must be broadcast UC frame must be unicast RGPS R9244GP P Series User Manual Specific If you want to filter a specific destination MAC address with the ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific DMAC Value destination MAC address The legal format is XX XX XX XX XX XX Frames matching the ACE will use this DMAC value VLAN Parameters VE Biesiiccm Specific Y VLAN ID Tag Priority Specifies the VLAN ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter status is VLAN ID Filter don t care Specific if you want to filter a specific VLAN ID with the ACE choose this value A field for entering a VLAN ID number appears When Specific is selected for the VLAN ID filter you can enter a VLAN ID specific VLAN ID number The allowed range is 1 to 4095 Frames matching the ACE will use
107. ifies the options flag settings for the ACE No Pv4 frames whose options flag is set must not be able to match this entry Yes IPv4 frames whose options flag is set must be able to match this entry Any any value is allowed don t care Specifies the source IP filter for this ACE Any no source IP filter is specified Source IP filter is don t care Host source IP filter is set to Host Specify the source IP address in 114 RGPS R9244GP P Series User Manual the SIP Address field that appears Network source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear Specifies the destination IP filter for the ACE Any no destination IP filter is specified destination IP filter is don t care Host destination IP filter is set to Host Specify the destination IP address in the DIP Address field that appears Network destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear MAC Parameters il A gl Specific e iw Af CIR 00 00 00 00 00 0 HH zg Specific Y STYRET 00 00 00 00 00 0 SMAC Filter SMAC Value DMAC Filter ORingindutiaiNeworkingGer a 4 Industrial Networking Corp 115 Only displayed when the frame type is Ethernet Type or ARP Specifies the source MAC filter for the ACE Any no SMAC filter is spec
108. ime Oms 64 bytes from 10 10 132 20 icmp seq 4 time Oms Sent 5 packets received 5 OK 0 bad 5 10 8 IPv6 Ping This page enables you to ping IPv6 address to verify the connectivity from this device to an IPv6 device by performing an ICMP for IPv6 echo test ICMP v6 Ping IP Address 0 0 0 0 0 0 0 0 Ping Length 56 Ping Count S Ping Interval 1 Egress Interface Start IP Address The destination IP Address You must specify this address in hexadecimal using 16 bit values between colons Ping Count Define the number of pings that will be sent Please enter an integer value Ping Length The payload size of the ICMP packet Values range from 8 to 1400 bytes ORing Industrial Networking Corp 150 RGPS R9244GP P Series User Manual Ping Interval Specifies the interval between pings that are sent to the destination address Egress Interface Specifies a physical interface over which you can verify connectivity If you specify a physical interface such as an Ethernet interface you must also specify the port number of the interface If you specify a virtual interface such as a VE you must specify the number associated with the VE PING6 server 192 168 10 1 sendto sendto sendto sendto sendto Sent 5 packets received 0 OK 0 bad 5 10 9 SFP Type This page shows the details of the SFP port For each port the summary displays the SFP type the vendor name and serial number SFP Type Auto refresh Re
109. ings To reset the switch select Reset to Factory Defaults from the drop down list and click Yes Only the IP configuration is retained Factory Defaults Are you sure you want to reset the configuration to Factory Defaults Keep IP Keep User Password Yes No ORing Industrial Networking Corp 159 RGPS R9244GP P Series User Manual Yes Click to reset the configuration to factory defaults No Click to return to the Port State page without resetting 5 14 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you have powered on the devices Restart Device Are you sure you want to perform a Restart Yes Click to reboot device No Click to return to the Port State page without rebooting ORing Industrial Networking Corp 160 Command Line Interface Management Besides Web based management the device also supports CLI management You can use console or telnet to manage the switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring RS 232 serial console connect the RS 232 port of the switch to your PC Com port using a RJ45 to DBY F cable Follow the steps below to access the console via RS 232 serial cable Step 1 On Windows desktop click on Start gt Programs gt Accessories gt Communications gt Hyper Terminal HyperTerminal Network Time Protocol gt Network and Dial up Connections
110. ink Change ist Ring Port Port 7 ze LinkDown 2nd Ring Port PortS se Forwarding Enabie Enables the MRP function Manager Every MRP topology needs a MRP manager One MRP topology can only have a Manager If two or more switches are set to be Manager the MRP topology will fail React on Link Change Faster mode Enabling this function will cause MRP topology to Advanced mode converge more rapidly This function only can be set in MRP manager switch 17 Ring Port Chooses the port which connects to the MRP ring a Ring Port Chooses the port which connects to the MRP ring ORing Industrial Networking Corp 20 4 4 STP RSTP MSTP 4 4 1 STP RSTP STP Spanning Tree Protocol and its advanced versions RSTP Rapid Spanning Tree Protocol and MSTP Multiple Spanning Tree Protocol are designed to prevent network loops and provide network redundancy Network loops occur frequently in large networks as when two or more paths run to the same destination broadcast packets may get in to an infinite loop and hence causing congestion in the network STP can identify the best path to the destination and block all other paths The blocked links will stay connected but inactive When the best path fails the blocked links will be activated Compared to STP which recovers a link in 30 to 50 seconds RSTP can shorten the time to 5 to 6 seconds STP Bridge Status This page shows the status for all STP bridge instance STP Bridges A
111. kets Rx Octets Rx Unicast Rx Multicast Rx Broadcast Rx Pause l Receive Size Counters Rx 64 Bytes Rx 65 127 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 512 1023 Bytes Rx 1024 1526 Bytes Rx 1527 Bytes Receive Queue Counters Receive Error Counters Rx CRC Alignment Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered ORing Industrial Networking Corp Pot 1 Auto refresh C Refresh Transmit Total _ Tx Packets Tx Octets Tx Unicast Tx Multicast Tx Broadcast Tx Pause Transmit Size Counters Tx 64 Bytes Tx 65 127 Bytes Tx 128 255 Bytes Tx 256 511 Bytes Tx 512 1023 Bytes Tx 1024 1526 Bytes Tx 1527 Bytes Transmit Queue Counters Transmit Error Counters Tx Late Exc Coll 144 RGPS R9244GP P Series User Manual Rx and Tx Packets The number of received and transmitted good and bad packets The number of received and transmitted good and bad bytes Rx and Tx Octets l l including FCS except framing bits The number of received and transmitted good and bad unicast Rx and Tx Unicast packets Rx and Tx The number of received and transmitted good and bad multicast Multicast packets Rx and Tx The number of received and transmitted good and bad broadcast Broadcast packets The number of MAC Control frames received or transmitted on this Rx and Tx Pause a port that have an opcode indicating a PAUSE operation The number of frames dropped due to insufficient receive b
112. l Rate Limiter ID The rate limiter ID for the settings contained in the same row The rate unit is packet per second pps which can be configured as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps ACL Control List An ACE Access Control Entry is an element in an access control list ACL An ACL can have zero or more ACEs Each ACE controls or monitors access to an object based on user defined configurations Each ACE consists of several parameters which vary with the frame type you have selected Auto refresh Refresh Clear Remove All Access Control List Configuration Ingress Port Policy Bitmask Frame Type Action Rate Limiter Port Redirect Counter Click on the at the right hand side of the table will bring up a another page with detailed configurations as shown below ACE Configuration Ingress Port Port 2 Action Deny Rate Limiter i alaietan Fort 1 Logging Enabled Shutdown Enabled Counter Policy Filter Specific Policy Value 0 Gelee A Ox ff Frame Type Ethernet Type Y Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this port number where n is the number Ingress Port l of the switch port Policy n the ACE applies to this policy number where n can range from 1 to 8 Specifies the policy number filter for this ACE An
113. lay information when a DHCP message containing the information is received Keep keep the original relay information when a DHCP message containing the information is received Drop drop the package when a DHCP message containing the information is received The relay statistics shows the information of relayed packets of the switch Auto refresh Refresh Clear DHCP Relay Statistics Server Statistics Transmit Transmit Receive Receive Missing Receive Missing Receive Missing Receive Bad Receive Bad to Server Error from Server Agent Option Circuit ID Remote ID Circuit ID Remote ID Client Statistics Transmit Transmit Receive Receive Replace Keep Drop to Client Error from Client Agent Option Agent Option Agent Option Agent Option Label Description Transmit to Sever The number of packets relayed from the client to the server Transmit Error The number of packets with errors when being sent to clients Receive from Server The number of packets received from the server Receive Missing Agent The number of packets received without agent information Option Receive Missing The number of packets received with Circuit ID Circuit ID Receive Missing The number of packets received with the Remote ID option Remote ID missing Receive Bad Circuit ID The number of packets whose Circuit ID do not match the known circuit ID Receive Bad Remote ID The number of packets whose Remote ID do not match the known Remote ID ORin
114. level that is equal to the DEI 82 RGPS R9244GP P Series User Manual value in the tag Otherwise the frame is classified to the default DP level H the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default DP level The classified DP level can be overruled by a QCL entry Controls the default PCP value All frames are classified to a PCP value If the port is VLAN aware and the frame is tagged then the frame is classified to the PCP value in the tag Otherwise the frame is classified to the default PCP value Controls the default DEI value All frames are classified to a DEI value If the port is VLAN aware and the frame is tagged then the frame is classified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Shows the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged Tag Class frames Click on the mode to configure the mode and or mapping Note this setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default QoS class and DP level Click to enable DSCP based QoS Ingress Port DSCP Based Classification 5 6 3 Port Tag Remaking
115. lliseconds in full duplex Fast Ethernet operation for up to 250 switches if at any time a segment of the chain fails O Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the most robust network topology It can create multiple redundant networks beyond the limitations of current redundant ring technologies Edge Pont 9 chain F992 Pot Edge Port Edge Port 0O Chain 4 2 2 Configurations O Chain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Other switches beside them just need to have O Chain enabled O Chain Enable Uplink Port Edge Port State is PE Apply ORing Industrial Networking Corp 19 RGPS R9244GP P Series User Manual Enable cheek to erable Chain tureton The second port connecting to the ring Edge Port An O Chain topology must begin with edge ports The ports with a smaller switch MAC address will serve as the backup link and RM LED will light up 4 3 MRP 4 3 1 Introduction MRP Media Redundancy Protocol is an industry standard for high availability Ethernet networks MRP allows Ethernet switches in a ring to recover from failure rapidly to ensure seamless data transmission A MRP ring IEC 62439 can support up to 50 devices and will enable a back up link in 80ms adjustable to max 200ms 500ms 4 3 2 Configurations MRP Enable M Manager Mf React on L
116. lpower onlpower off lt reboot gt PoE gt DSCP Map lt dscp_list gt lt class gt lt dpl gt DSCP Translation lt dscp_list gt lt trans_dscp gt _ DSCP Trust lt dscp_list gt enableldisable ORing Industrial Networking Corp 172 RGPS R9244GP P Series User Manual QCL Add lt qce_id gt lt qce_id_next gt lt port_list gt lt tag gt lt vid gt lt pcp gt lt dei gt lt smac gt lt dmac_type gt etype lt etype gt LLC lt DSAP gt lt SSAP gt lt control gt SNAP lt PID gt ipv4 lt protocol gt lt sip gt lt dscp gt lt fragment gt lt sport gt lt dport gt ipv6 lt protocol gt lt sip_v6 gt lt dscp gt lt sport gt lt dport gt lt class gt lt dp gt lt classified_dscp gt QCL Delete lt qce_id gt QCL Lookup lt qce_id gt QCL Status combined staticlconflicts OCL Refresh Mirror Configuration lt port_list gt Port lt port gt ldisable d Mode lt port_list gt enableldisablelrxltx Dot1x Statistics lt port_list gt clearleapollradius Clients lt port_list gt alll lt client_cnt gt Agetime lt age_time gt Timeout lt eapol_timeout gt ORing Industrial Networking Corp 173 Holdtime lt hold_time gt IGMP Mode enableldisable State lt vid gt enableldisable Querier lt vid gt enableldisable Configuration lt port_list gt
117. mes transmitted are not mirrored Tx only only frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled neither transmitted nor received frames are mirrored Enabled both received and transmitted frames are mirrored to the mirror port Note for a given port a frame is only transmitted once Therefore you cannot mirror Tx frames to the mirror port In this case mode for the selected mirror port is limited to Disabled or Rx nly 5 10 4 System Log Information This page provides switch system log information ORing Industrial Networking Corp 146 System Log Information for Switch 1 Auto refresh Refresh Clear lt lt lt lt gt gt gt gt The total number of entries is O for the given level Start from ID 1 with 20 entries per page ID Time Message No system log entries Check this box to enable an automatic refresh of the page at Auto refresh regular intervals Updates system log entries starting from the current entry ID Flushes all system log entries Updates system log entries starting from the first available Updates system log entries ending at the last entry currently Updates system log entries starting from the last entry Updates system log entries ending at the last available entry ID The level of the system log entry The following level types are supported Info provides general information Warning provides warning for abnormal opera
118. messages between the clients and the server when they are not in the same subnet domain Indicates the existing DHCP relay information mode The format of DHCP option 82 circuit ID format is vlan_id module_id port_no The first four characters represent the VLAN ID and the fifth and sixth characters are the module ID In stand alone devices the module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108 means the DHCP message received form VLAN ID 3 switch ID 1 and port No 8 The option 82 remote ID value equals to the switch MAC address The modes include Enabled activate DHCP relay information When DHCP relay information is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to ORing Industrial Networking Corp 50 RGPS R9244GP P Series User Manual a DHCP client It only works when DHCP relay mode is enabled Disabled disable DHCP relay information Relay Information Indicates the policies to be enforced when receiving DHCP relay Policy information When DHCP relay information mode is enabled if the agent receives a DHCP message that already contains relay agent information it will enforce the policy The Replace option is invalid when relay information mode is disabled The policies includes Replace replace the original re
119. meter affects VLAN ingress processing If ingress Ingress Filtering SO filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame will be ORing Industrial Networking Corp 62 RGPS R9244GP P Series User Manual discarded By default ingress filtering is disabled no check mark Determines whether the port accepts all frames or only tagged untagged frames This parameter affects VLAN Frame Type ingress processing If the port only accepts tagged frames untagged frames received on the port will be discarded By default the field is set to All The allowed values are None or Specific This parameter affects VLAN ingress and egress processing If None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag_pvid when this mode is used Port VLAN Mode If Specific the default value is selected a port VLAN ID can be configured see below Untagged frames received on the port are classified to the port VLAN ID If VLAN awareness is disabled all frames received on the port are classified to the port VLAN ID If the classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID a VLAN tag with the classified VLAN ID will be inserted in the frame Configures the VLAN identifier for the port The allowed range of t
120. n the switch EAP is very flexible as it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch does not need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it ORing Industrial Networking Corp 129 RGPS R9244GP P Series User Manual When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never be authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expired the same server will be contacted when the next backend authentication server r
121. n or clear the box to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group The Key value varies with the port ranging from 1 to 65535 Auto will set the key according to the physical link speed 10Mb 1 100Mb 2 1Gb 3 Specific allows you to enter a user defined value Ports with the same key value can join in the same aggregation group while ports with different keys cannot Indicates LACP activity status Active will transmit LACP packets every second while Passive will wait for a LACP packet from a partner speak if spoken to Timeout You can Gelee the LACP timer rate to modify the duration of the D eat tant sn Set the port priority The higher the priority value the lower the P ag nam mep ae oe Reset Click to undo changes made locally and revert to previous values LACP System Status This page provides a status overview for all LACP instances ORing Industrial Networking Corp 56 LACP System Status Auto refresh Refresh Partner Partner Partner Last Local System ID Key Prio Changed Ports Aggr ID ports enabled or no existing partners Aggr ID The aggregation ID is associated with the aggregation instance For LLAG the ID is shown as isid aggr id and for GLAGs as aggr id Partner System ID System ID MAC address of the aggregation partner
122. n the range is considered the end IP address For example if the range is from 192 168 1 100 to 192 168 1 200 192 168 1 200 will be the end IP address Subnet Mask The subnet mask for the dynamic IP assign range ae ii Co of your network DNS te The DNS IP of your network IP of your network Lease Time The length of time that the client may use the IP address it has been sec assigned The time is measured in seconds The IP address of the FTFP where you put the configuration file or TFTP Server where you want to restore the switch to previous settings The boot file is used by the clients to identify the boot image Enter the Boot File Name boot file name you receive Apply Click to apply the configurations ORing Industrial Networking Corp 48 5 2 2 Dynamic Client List When DHCP server functions are activated the switch will collect DHCP client information and display in the following table You can assign the specific IP address which is in the assigned dynamic IP range to the specific port When the device is connecting to the port and asks for dynamic IP assigning the system will assign the IP address that has been assigned before in the connected device DHCP Dynamic Client List No Select Type MAC Address IP Address Surplus Lease Select Clear All Add to static Table Delete MAC Address Displays the MAC address of a given host IP Address Displays the IP address that the client obtains from t
123. n the most recently received EAPOL frame for EAPOL based authentication and the most Last Source l recently received frame from a new client for MAC based authentication 133 ORing Industrial Networking Corp RGPS R9244GP P Series User Manual The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based Last ID authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication NAS Port Status This page provides detailed IEEE 802 1X statistics for a specific switch port using port based authentication For MAC based ports only the statistics of selected backend server statistics will be shown Use the drop down list to select which port details to be displayed NAS Statistics Port 2 Port 3 Auto refresh C Port State TESCH Force Authorized Port State Globally Disabled Admin State The port s current administrative state Refer to NAS Admin State for more details regarding each value Port State The current state of the port Refer to NAS Port State for more details regarding each value These supplicant frame counters are available for the following administrative states EAPOL Counters e Force Authorized e Force Unauthorized e 802 1X ORing Industrial Networking Corp 134 RGPS R9244GP P Series User Manual EAPOL Counters Direction Name __TEEE Name ae Descrtpton
124. nable SNMP trap mode Disabled disable SNMP trap mode Indicates the supported SNMP trap version Possible versions include Trap Version SNMP v1 supports SNMP trap version 1 SNMP v2c supports SNMP trap version 2c SNMP v3 supports SNMP trap version 3 Indicates the community access string when sending SNMP trap Trap Community packets The allowed string length is O to 255 and only ASCII characters from 33 to 126 are allowed Trap Destination Indicates the SNMP trap destination address Address This is the SNMP Trap destination port used by the SNMP Trap a option for event notification You can optionally change the IP port on Trap Destination Pori which to send the SNMP trap this must be the actual port on which or the SNMP trap host listens The typical well known port for SNMP traps is 162 default Indicates the SNMP trap inform mode Possible modes include Trap Inform Mode Enabled enable SNMP trap inform mode Disabled disable SNMP trap inform mode Trap Inform Configures the SNMP trap inform timeout The allowed range is O to Trap Inform Retry Configures the retry times for SNMP trap inform The allowed range Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of Trap Probe operation Security Engine ID Disabled Disable SNMP trap probe security engine ID mode of operation When is enabled the ID
125. nday Tuesday Wednesday Thursday Friday Saturday 00 O1 02 03 DA US D GPP DN a ERE BL Bi Re Be Poo oa DDDDDID COOC 00O amp DDDDDID D O0 0 0O 0 Configure port Select a port for the schedule Schedule mode Enables or disables the schedule mode Select all Check to have the schedule enabled at all time Hour Check to choose the hour for the schedule Sunday Saturday Check to choose the day for the schedule 5 12 4 PoE Auto Ping You can control PoE functions via ping commands which will enable or disable other PoE devices connected to the configured ports ORing Industrial Networking Corp 158 Auto Ping Check Ping Check Disable v Interval Time Ping IP Address 10 120 seconds 1 Reboot Time Retry Time Failure Log Failure Action 3 120 1 5 seconds 3 0 0 0 0 10 1 error 0 total 0 Nothing v 2 0 0 0 0 10 1 error 0 total 0 Nothing v 3 3 0 0 0 0 10 ji error 0 total 0 Nothing v 3 4 0 0 0 0 10 1 error 0 total 0 Nothing v 3 5 0 0 0 0 10 1 error 0 total 0 Nothing v 3 6 0 0 0 0 10 1 error 0 total 0 Nothing v 3 7 0 0 0 0 10 1 error 0 total 0 Nothing MM 3 Retry Time Set up the number of times for which the function will perform repeatedly Failure Log Note down failed results Failure Action Assign the action you want to perform Reboot Time Assigns the time for rebooting the switch after check fails 5 13 Factory Defaults This function is to force the switch back to the original factory sett
126. ndicates the security model that this entry should belong to Possible security models include any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Model Indicates the security model that this entry should belong to Possible security models include Security Level NoAuth NoPriv no authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this Read View Name request may request the current values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed The name of the MIB view defining the MIB objects for which this Write View Name request may potentially SET new values The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed ORing Industrial Networking Corp 80 5 6 Traffic Prioritization 5 6 1 Storm Control A LAN storm occurs when packets flood the LAN creating excessive traffic and degrading network performance Errors in the protocol stack implementation mistakes in network configuration or users issuing a denial of service attack can cause a storm Storm control prevents traffic on a LAN from being disrupted by a broadcast multicast or unicast storm ona port In this page you can specify the rate at which packets are received for un
127. nfigure the mapping of QoS class and Drop Precedence Level to DSCP value DSCP Classification QoS Class DPL DSCP gt lt gt v 0 0 O BE v 0 1 8 C51 S 1 0 14 AF13 1 1 0 BE ei 2 0 0 BE v Label Description QoS Class Actual QoS class Actual Drop Precedence Level DSCP Select the classified DSCP value 0 63 5 6 12 QoS Control List This page shows all the QCE Quality Control Entries for a given QCL You can edit or add new QoS control entries in this page A QCE consists of several parameters These parameters vary with the frame type you select QoS Control List Configuration Action QCE Port Frame Type SMAC DMAC VID PCP DEI Class DPL DSCP Click on the at the right hand side of the table will bring up a another page with detailed configurations as shown below ORing Industrial Networking Corp 93 ORing QCE Configuration RGPS R9244GP P Series User Manual Port Members SE H eS Keen I WS PO SEI DE FAE wE EIF SIE tAE GAE s ELS SEKR Tag VID PCP DEI SMAC Specific DMAC Type UC Frame Type Any Label Key Parameters T Port Members Action Parameters Class a DPL Default DScP Default 00 00 00 Check to include the port in the QCL entry By default all ports are included Key configurations include Tag value of tag can be Any Untag or Tag VID valid value of VLAN ID from 1 to 4095 Any can be a specific value or
128. nly active if the Reauthentication Enabled checkbox is checked Valid range of the value is 1 to 3600 seconds Determines the time for retransmission of Request Identity EAPOL frames Valid range of the value is 1 to 65535 seconds This has no effect for MAC based ports This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds For ports in MAC based Auth mode reauthentication does not Cause direct communications between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Configuration Security AAA page the client is put on 128 RGPS R9244GP P Series User Manual hold in Unauthori
129. nsole port wirmg Pe E 334 EE O Ring 14 Se la Ee E 4 1 COSTING enee Eet SS Vim 21 1 lt 6 et Le EE 7 Wis yes 0 0 0 10 6 11 0 0s ee eee 4 2 EE eegen 4 2 1 AptreoghueHont eseagegegegegdeEdgeEdEeEdEeENdEaENEeEdENEdEeENENE ENEE NEEN ENENENEdENEd ENEE EEdEeEdEn 42 2 EEN 4 3 Ve BGAN le gel Heite 4 3 2 Configurations gege de gd d gg 4 4 We OH E ORing Industrial Networking Corp sA SVG ROW I eere eee EEEE EEEE EE EEEE 21 STP Eelst 21 E E ee E E E eeeere erence eee 24 Jao GE ee E E R 27 4 5 FAS INCCOV GLY aeos E EEE EEE EE 29 SES 30 5 1 BASIC STING e O A O O O A seebe ee eeoeseos eee eeeteesee sears 31 5 1 1 Basic Settings for System Intormaton 31 my at AOP E NO EE 32 5 1 3 Authentication Method 32 FA E EE 33 SE E W EE 35 Di aN a cect mutancatecttastenateacatonthastencteacnesttant sudeanitastdnom sant emetauttncdaeatouantoutsnetaceteaantnas 36 ce DayhehtSavng Kr 37 os ET ereee erent te tee E ger errr aren cet er ree er O OE E net Te 39 MeV EE 40 5 1 10 HIP ceoatesacet ret acset sale nased eco aieagatanto nnd E aaa basact aes 41 5 1 11 Se EE 42 ILI EE EI 42 5 1 13 Modbus TCP scsi cetacenbcoanesusosnarsunoosaesnscenbacsubiasarsesonbecessdoanenmoesieceuniautechaeamedeunenetis 46 5 1 14 Back RES One Coni 8 UF AU ONS seier eaa ia e enie 46 5 1 15 EEN 47 92 Kel i ze 47 Del SENS aeaa a A E ee eee 47 5 22 Dynamic Chent BT ENEE SE EATA 49 5 2 3 Static Client List cc ccccssccccesessseeeeessesseeeeessesse
130. o disable the Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving 37 RGPS R9244GP P Series User Manual Time duration for single time configuration Default Disabled Start Time Settings Set up the start time of the daylight saving time period End Time Settings Set up the ending time of the daylight saving time period Offset Settings Set up the offset time Local Time Zone Conversion from UTC Time at 12 00 UTC November Time Zone 11 am ADT Atlantic Daylight 9am AST Atlantic Standard 4 hours 8am EDT Eastern Daylight EST Eastern Standard 5 hours 7 am CDT Central Daylight CST Central Standard 6 hours 6 am MDT Mountain Daylight MST Mountain Standard 7 hours 5 am PDT Pacific Daylight PST Pacific Standard 8 hours 4am ADT Alaskan Daylight CET Central European FWT French Winter MET Middle European 1 hour 1 pm MEWT Middle European Winter SWT Swedish Winter 8 CA ORing Industrial Networking Corp RGPS R9244GP P Series User Manual BT Baghdad USSR Zone 3 hours 2 WAST West Australian 7 hours Standard CCT China Coast USSR 8 hours Zone 7 JST Japan Standard 9 hours USSR Zone 8 EAST East Australian Standard GST Guam Standard USSR Zone 9 10 hours IDLE International Da
131. om left to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment lpv4 frame fragmented options include yes DO and any Sport Source TCP UDP Port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP Port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Protocol 0 255 TCP or UDP or Any Source IP a b c d or Any 32 LS bits DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 Sport Source TCP UDP port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific value or port range applicable for IP protocol UDP TCP Action Parameters Class QoS class 0 7 or Default Valid Drop Precedence Level value can be 0 1 or Default Valid DSCP value can be 0 63 BE CS1 CS7 EF or ORing Industrial Networking Corp 95 5 6 13 QoS Counters This page shows information on the number of packets sent and received at each queue Queuing Counters Auto refresh Refresh Ao P w he Ooceoooks There are 8 QoS queues per port QO is the lowest priorit
132. on RADIUS lt server_index gt enableldisable ACCT_RADIUS lt server_index gt enableldisable lt ip_addr_string gt lt secret gt lt server_port gt Statistics lt server_index gt STP Configuration Version lt stp_version gt Non certified release v ORing Industrial Networking Corp 170 RGPS R9244GP P Series User Manual Msti Port Priority lt msti gt lt port_list gt lt priority gt Aggr Configuration Add lt port_list gt lt aggr_id gt Delete lt aggr_id gt Lookup lt aggr_id gt Mode smacldmacliplport enableldisable LACP Configuration lt port_list gt Ee Mode lt port_list gt enableldisable ORing Industrial Networking Corp 171 LLDP PoE QoS RGPS R9244GP P Series User Manual Key lt port_list gt lt key gt Role lt port_list gt activelpassive Status lt port_list gt Statistics lt port_list gt clear Configuration lt port_list gt Mode lt port_list gt enableldisable Statistics lt port_list gt clear Info lt port_list gt Kaell SSS Schedule Port lt port_list gt enableldisable sun tmonltuelwedlthulfrilsat lt hour gt AutoPing Configuration lt port_list gt AutoPing Log clear AutoPing Mode enableldisable AutoPing Port lt port gt lt 1p_addr gt lt ping_interval gt lt retry gt nothinglrest art foreverlrestart once
133. ot yet timed out or r c ived a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challange timeout or retransmission The number of authentication timeouts to the server After a timeout the chent may retry to the same server send to a differant server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time RFC4668 Name Other Info Round Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Hot Ready The server is enabled but IP communication is not yet up and running kk The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server But it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs ts displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request t
134. overy time of less than 30 milliseconds in full duplex Gigabit operation or 10 milliseconds in full duplex Fast Ethernet operation and up to 250 nodes The ring protocols identify one switch as the master of the network and then automatically block packets from traveling through any of the network s redundant loops In the event that one branch of the ring gets disconnected from the rest of the network the protocol automatically readjusts the ring so that the part of the network that was disconnected can reestablish contact with the rest of the network The O Ring redundant ring technology can protect mission critical applications from network interruptions or temporary malfunction with its fast recover technology O Ring Backup Patt Ki Li 4 1 2 Configurations O Ring supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below ORing Industrial Networking Corp 17 O Ring Configuration O Ring Ring Master Disable This switch is Not a Ring Master 1st Ring Port Port 1 e LinkDown 2nd Ring Port Port2 jLinkDown E Coupling Ring Coupling Port E Dual Homing Redundant Ring Check to enable O Ring topology Only one ring master is allowed in a ring However if more than one switch are set to enable Ring Master the switch with the Ring Master lowest MAC address will be the active ring master and the others will be backup masters
135. p Oocoo os Oocoodoo orks oo ocooo g COOC OO OH CH Sooocpcomooconoaos oo CH CH Combined zs Auto refresh C QoS Control List Status Action S Use CE Frame Ty Port Conflict ser Q rame Type o Gace DPL DSCP onfli No entries User Indicates the QCL user QCE Indicates the index of QCE Indicates the type of frame to look for incoming frames Possible frame types are Any the QCE will match all frame type Ethernet Only Ethernet frames with Ether Type 0x600 0xF FFF Frame Type are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 the QCE will match only IPV4 frames IPv6 the QCE will match only IPV6 frames Indicates the list of ports configured with the QCE Pot Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to a value displayed under DPL column DSCP if a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Displays the conflict status of QCL entries As hardware resources are shared by multiple applications resources required D to add a QCE may not be available In that case it shows conflict status as Yes otherwise it is always No Pl
136. p and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporanly been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms value of 0 ms indicates that there hasn t been round trip communication with the server yat radiusAccChentExtRound TnpTine 5 8 5 NAS 802 1x A NAS Network Access Server is an access gateway between an external communications network and an internal network For example when the user dials into the ISP he she will be given access to the Internet after being authorized by the access server The authentication between the client and the server include IEEE 802 1X and MAC based The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more backend servers RADIUS determine whether the user is allowed access to the network MAC based authentication allows for authentication of more than one
137. r computer system time with a server that has already been synchronized by a source such as a radio satellite receiver or modem SNTP Configuration Mode Disabled AnA lA 0 0 0 0 Save Reset Enable or disable the use of SNTP server Server Address Input the IP address of the SNTP server if enabled ORing Industrial Networking Corp 36 ORing RGPS R9244GP P Series User Manual 5 1 7 Daylight Saving Time Time Zone Configuration Time Zone Acronym Time Zone Configuration 0 16 characters Daylight Saving Time Configuration Month Date Year Hours Minutes Month Date Year Hours Minutes Offset Save Reset Daylight Saving Time Mode Daylight Saving Time Disabled Start Time settings Offset settings 1 1440 Minutes Time Configuration Daylight Saving Time Configuration ORing Industrial Networking Corp Time Zone Set the switch location time zone The following table lists the different location time zone for your reference Acronym User can set the acronym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 alpha numeric characters and can contain or Daylight Saving Time Mode Enable or disable daylight saving time function This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable t
138. rd Delay Max Age Maximum Hop Count 20 Transmit Hold Count The version of the STP protocol Valid values include STP RSTP Protocol Version and MSTP The delay used by STP bridges to transit root and designated Forward Delay ports to forwarding used in STP compatible mode The range of valid values is 4 to 30 seconds The maximum time the information transmitted by the root bridge is considered valid The range of valid values is 6 to 40 seconds and Max Age must be lt FwdDelay 1 2 This defines the initial value of remaining hops for MSTI information generated at the boundary of an MSTI region It Maximum Hop Count defines how many bridges a root bridge can distribute its BPDU information to The range of valid values is 4 to 30 seconds and MaxAge must be lt FwdDelay 1 2 The number of BPDUs a bridge port can send per second When Transmit Hold Count exceeded transmission of the next BPDU will be delayed The range of valid values is 1 to 10 BPDUs per second Click to save changes ORing Industrial Networking Corp 23 RGPS R9244GP P Series User Manual Click to undo any changes made locally and revert to previously saved values 4 4 2 MSTP Since the recovery time of STP and RSTP takes seconds which are unacceptable in some industrial applications MSTP was developed The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spannin
139. records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 21 cff fe03 4dc7 The symbol is a special syntax 34 RGPS R9244GP P Series User Manual that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 The field may be left blank if IPv6 operation on the interface is not desired Mask Length the IPv6 network mask in number of bits prefix length Valid values are between 1 and 128 bits for a IPv6 address The field may be left blank if IPv6 operation on the interface is not desired Delete Select this option to delete an existing IP route Network The destination IP network or host address of this route Valid format is dotted decimal notation or a valid IPv6 notation A default route can use the value0 0 0 0or IPv6 notation Mask Length The destination IP network or host mask in number of bits prefix length It defines how much of a network address that must match in order to qualify for this route Valid values are between 0 and 32 bits respectively 128 for IPv6 routes Only a default route will have a mask length of O as it will match IP Routes anything Gateway The IP address of the IP gateway Valid format is dotted decimal notation or a valid IPv6 notation Gateway and Network must be of the s
140. recovery mode can be set to connect multiple ports to one or more switches The device s fast recovery mode will provide redundant links Fast recovery mode supports 28 priorities Only the first priority will be the active port and the other ports with different priorities will be backup ports Fast Recovery Mode iv Active KE rk Hot included w RY Not included ieee a Notincdudead v ZC Not included w Liz Active Activates fast recovery mode Ports can be set to 28 priorities Only the port with the highest priority will be the active port 1st Priority is the highest Apply Click to activate the configurations ORing Industrial Networking Corp 29 Management The switch can be controlled via a built in web server which supports Internet Explorer Internet Explorer 5 0 or above versions and other Web browsers such as Chrome Therefore you Can manage and configure the switch easily and remotely You can also upgrade firmware via a web browser The Web management function not only reduces network bandwidth consumption but also enhances access speed and provides a user friendly viewing screen By default IE5 0 or later version do not allow Java applets to open sockets You need to modify the browser setting separately in order to enable Java applets for network ports Preparing for Web Management You can access the management page of the switch via the following default values IP Address 192 168 10 1 Subn
141. restricted to 1 to 100 This parameter is only shown if Scheduler Mode is set to Weighted Shows the weight of the queue in percentage This Queue Scheduler Percent parameter is only shown if Scheduler Mode is set to Weighted Configures the rate of each port shaper The default Port Shaper Rate value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Configures the unit of measurement for each port Port Shaper Unit shaper rate as kbps or Mbps The default value is kbps 5 6 8 Port Shaping Port shaping enables you to limit traffic on a port thereby controlling the amount of traffic passing through the port With port shaping you can shape the aggregate traffic through an interface to a rate that is less than the line rate for that interface When configuring port shaping on an interface you specify a value indicating the maximum amount of traffic allowable for the interface This value must be less than the maximum bandwidth for that interface ORing Industrial Networking Corp 90 ORing QoS Egress Port Shapers RGPS R9244GP P Series User Manual Shapers Q4 Q5 IO on a i AD e disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabl
142. rk ACL Configuration lt port_list gt Action lt port_list gt permitldeny lt rate_limiter gt lt port_redirect gt lt murror gt lt logging gt lt shutdown gt Policy lt port_list gt lt policy gt Rate lt rate_limiter_list gt lt rate_unit gt lt rate gt a Add lt ace_id gt lt ace_id_next gt port lt port_list gt policy lt policy gt lt policy_bitmask gt lt tagged gt lt vid gt lt tag_prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt Gp lt sip gt lt dip gt lt protocol gt lt ip_flags gt ORing Industrial Networking Corp 169 RGPS R9244GP P Series User Manual icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt permitldeny lt rate_limiter gt lt port_redirect gt lt muirror gt lt logging gt lt shutdown gt Delete lt ace_id gt Lookup lt ace_id gt Status combined staticlloop_protectldhcplptplipmclconflicts Port State lt port_list gt enableldisable Security Network DHCP Statistics clear Security Network AAA Configurati
143. rk access control 802 1x Single 802 1x and Multiple 802 1x MAC based authentication QoS assignment Guest VLAN MAC address limit TACACS VLAN 802 1Q to segregate and secure network traffic Radius centralized password management SNMPv3 encrypted authentication and access security Https SSH enhance network security Web and CLI authentication and authorization IP source guard Hardware routing RIP and static routing IEEE 1588v2 clock synchronization IEEE 802 1D Bridge auto MAC address learning aging and MAC address static Multiple Registration Protocol MRP MSTP RSTP STP compatible Redundant Ring O Ring with recovery time less than 30ms over 250 units TOS Diffserv supported Quality of Service 802 1p for real time traffic VLAN 802 1Q with VLAN tagging IGMP v2 v3 Snooping IP based bandwidth management Application based QoS management DOS DDOS auto prevention 181 RGPS R9244GP P Series User Manual Port configuration status statistics monitoring security DHCP Server Client DHCP Relay Modbus TCP DNS client proxy SMTP Client O Ring Open Ring Network Redundancy O Chain MRP MSTP RSTP STP compatible RS 232 Serial Console Port RS 232 in DB 9 connector with console cable 115200bps 8 N 1 LED indicators Power Indicator PWR Green Power indicator Ring Master Indicator R M Green Indicates that the system is operating in O Ring Master mode Green Indicates that the system op
144. rom a drive and click Upload The file will be loaded to the device Configuration Upload BRS FBR Upload 5 1 15 Update Firmware This page allows you to update the firmware of the switch Simply choose the firmware file you want to use and click Upload The file will be loaded to the device Software Upload EE HESE Upload 5 2 DHCP Server The switch provides DHCP server functions By enabling DHCP the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients 5 2 1 Settings This page allows you to set up DHCP settings for the switch You can check the Enabled checkbox to activate the function Once the box is checked you will be able to input information in each column ORing Industrial Networking Corp 47 RGPS R9244GP P Series User Manual DHCP Server Configuration Enabled Start IP Address 192 168 10 100 End IP Address 192 168 10 200 Subnet Mask 255 255 255 0 Router 192 168 10 254 DNS 192 168 10 254 BEDEIT 56400 TFTP Server 0 0 0 0 Boot File Name Save Reset be the DHCP server on your local network Start IP Address The beginning of the dynamic IP address range The lowest IP address in the range is considered the start IP address For example if the range is from 192 168 1 100 to 192 168 1 200 192 168 1 100 will be the start IP address End IP Address The end of the dynamic IP address range The highest IP address i
145. rp 179 RGPS R9244GP P Series User Manual MRP Port Description lt port_list gt lt device_description gt Parameter MRP_LNKNRmax lt value gt Modbus Mode enableldisable ORing Industrial Networking Corp 180 ORing RGPS R9244GP P Series User Manual Technical Specifications ORing Switch Model Physical Ports 10 100 1000Base T X RJ45 Auto MDI MDIX AHA Technology Ethernet Standards IEEE 802 3 for 10Base T IEEE 802 3u for 100Base TX and 100Base FX IEEE 802 3ab for 1000Base T IEEE 802 z for 1000Base X IEEE 802 3ae for 10Gigabit Ethernet IEEE 802 3x for Flow control IEEE 802 3ad for LACP Link Aggregation Control Protocol IEEE 802 1p for COS Class of Service IEEE 802 1Q for VLAN Tagging IEEE 802 1w for RSTP Rapid Spanning Tree Protocol IEEE 802 1s for MSTP Multiple Spanning Tree Protocol IEEE 802 1x for Authentication IEEE 802 1AB for LLDP Link Layer Discovery Protocol IEEE 802 3at PoE specification up to 30 Watts per port for P S E 40 55 C PoE output 720W Max 55 60 C PoE output 360W Max Switch Properties Switching latency 7 us Switching bandwidth 128Gbps Max Number of Available VLANs 256 IGMP multicast groups 128 for each VLAN Port rate limiting User Define ORing Industrial Networking Corp Security Features Software Features Device Binding security feature Enable disable ports MAC based port security Port based netwo
146. rrent standard by which ORing Industrial Networking Corp 119 devices or applications communicate with an AAA server is RADIUS Remote Authentication Dial In User Service RADIUS is a protocol used between the switch and the authentication server This page allows you to configure common settings for an authentication server RADIUS Server Configuration Global Configuration Timeout seconds Retransmit 3 times Deadtime minutes Key NAS IP Address NAS IPv6 Address NAS Identifier The timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this time frame we will consider it to be dead and continue with the next enabled server if any TE RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead The number of times the switch tries to connect to a RADIUS server The dead time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request Dead Time This will stop the switch from continually trying to con
147. s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate schedules a reauthentication whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized Reinitialize forces a reinitialization of the clients on the port and hence a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress NAS Switch Status This page shows the information on current NAS port statuses Network Access Server Switch Status Auto refresh L Admin State Port State Last Source Last ID Force Authorized Globally Disabled 1 Force Authorized Globally Disabled 2 Force Authorized Globally Disabled 3 Force Authorized Globally Disabled 4 Force Authorized Globally Disabled e 6 Force Authorized Globally Disabled The switch port number Click to navigate to detailed 802 1X Statistics of each port The port s current administrative state Refer to NAS Admin Admin State l l State for more details regarding each value The current state of the port Refer to NAS Port State for more Port State details regarding each value The source MAC address carried i
148. s Direction Hame IEEE Name Description Port based Counts the number of times that the switch recemes the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or chent right most table Port based Counts the number of times that the Backend Server switch sends an EAP Request packet e following the first to the supplicant Other Requests dotixAuthBackendOtherRequestsToSupplicant Indicates that tis bakarni caver chose an EAP methed Counters MAC based Not applicable Port and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant clent has successfully authenticated to the backend server Port and MAC based Gre the numb r times that E c Switen recenes 3 failure message IS Auth Fotlures cot SAUTE erkennt ails indicates that the supplicant clent has not authenticated to the backend server Port based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are Responses dot lxAuthBackendResponses not counted MAC based Counts all the backend server packets sent from the switch towards the back
149. sDropped the server on the accounting port and dropped for Some other reason Responses radimusAccChentExtResponses Malformed Responses Bad SE Authenticators radivsAcetClantExtBadsuthenticators The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or receed a response radiusAccChentExtPendingRequests This vanable ts incremented when a Request is sent and decremented due to receipt of a Response Drmenut or retransmission The number of accounting timeouts to the server After Requests radiusAccClentextRegquests Retransmissions radiusAccClientExtRetransmissions Pending Requests a timeout the dient may retry to the same server send to a different server or give up A retry to the Same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well ae a timeout Timeouts radiusAcoCliantExtTimeouts This section contains information about the state of the server and the latest round trip time RFC4670 Name Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Hot Ready The server is enabled but IP communication is not yet up and Other Info running Ready The server is enabled IP communication is u
150. save VLAN ID The VLAN ID of the entry IGMP Snooping Check to enable IGMP snooping for individual VLAN Up to 32 Enable VLANs can be selected IGMP Querier Check to enable the IGMP Querier in the VLAN ORing Industrial Networking Corp 99 Status This page provides IGMP snooping status Auto refresh C Refresh IGMP Snooping Status Statistics VLAN Querier Host Querier Queries Queries ViReports V2Reports V3 Reports V2 Leaves ID Version Version Status Transmitted Received Received Received Received Received v3 DISABLE Router Pori D tin E AM V1 Reports l l The number of received V1 reports Receive V2 Reports l The number of received V2 reports Receive V3 Reports The number of received V3 reports Receive V2 Leave Receive The number of received V2 leave packets Click to refresh the page immediately Clear Clear all statistics counters Auto refresh Check to enable an automatic refresh of the page at regular intervals Switch port number Indicates whether a specific port is a router port or not Groups Information of IGMP Snooping Information about entries in the IGMP Group Table is shown in this page The IGMP Group Table is sorted first by VLAN ID and then by group ORing Industrial Networking Corp 100 IGMP Snooping Group Information Start from VLAN 1 and group address 224 0 0 0 with 20 entries per page Port Members VLAN ID Groups 123 456789 10 11 12 13 14 15 16 17 18 19 20
151. seeeeeeeeeeeeeeeeeaeaaas 83 564 Pon OP E 84 96 9 POM POICINO BEE 85 5 6 6 Queue fo ei ue nena ke te ane te sen nee Pe eiiie ee ee 86 Oe PON SCI TE te ciated etc aTa 87 5 6 8 Porn Shaping ge 90 5 6 9 DSCP based Q0S 0 00 00 ccccccssscceeeeeeeeesssseeeeeeeesseesseeeeeeeesseeesseeeeeeeeeees 91 5 6 10 DSCP Translation 0 cc cccccccccccessceeeecesssseeeeeseeseeeeessesseeeeeseesseeeeees 92 5 6 11 DGSChCOassttcaton cccccesccceceessseeeeesessseeeeeseeseeeeeseeseeeeees 93 5 6 12 QoS Control EE 93 5 6 13 QOS ee LE 96 5 6 14 Bier WT 96 5 7 lt tie E 98 5 7 1 IGMP Snooping cece cccccccceeeseseeessssseeeeeeeeeceeeseeeeeeeeessssaeeeeeeeeeeeees 98 5 8 SC OEY EEEE E EE 101 5 8 1 Remote Control Gecutyv 0 ceccecsssscccceeeeeecceeeeeeeeeeeteettssaeaees 101 5 8 2 Device Bindmg ee eeeeceessesseesessesseesseeeseseeseeeeeeeeeseeeeeseeeeeeeeeeeegs 102 303 AGE a eae ee eae eee Osan Se eee eee ee er nen eee ere ere 107 5 8 4 AAA Authentication Authorization and Accounting 0000000000000 119 EEN 122 RADIUS 1 6 een eee ne a eee ere ee 123 RER TTC Ku RE 125 Bel te AUN ON EE 127 5 9 WWammmg nnn nnn nene 136 SRL FUA e E E 136 5 9 2 System VWWarnimng ccc ccccccccccccccccceseeeesessssssseeeeeeeeeeeeeeeeeeeeeeeessssssaaees 136 St Wie tel ANG Deser no E 140 ORing Industrial Networking Corp 4 5 10 1 MAC Fakten geen 140 5 10 2 Port Statistics 0 0 00 cccccceccceeesesseeeeeeeeeseesseeeeeeeeseseeesseeeeeeeenens 143 5 10 3 FOR IME le BE
152. st Leave Check to enable fast leave on the port ORing Industrial Networking Corp 98 VLAN Configurations If a VLAN is not IGMP snooping enabled it floods multicast data and control packets to the entire VLAN in hardware When snooping is enabled IGMP packets are trapped to the CPU Data packets are mirrored to the CPU in addition to being VLAN flooded The CPU then installs hardware resources so that subsequent data packets can be switched to desired ports in hardware without going to the CPU Each page shows up to 99 entries from the VLAN table depending on the value in the Entries Per Page field By default the page will show the first 20 entries from the beginning of the VLAN table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN field allows the user to select the starting point in the VLAN Table Clicking Refresh will update the displayed table starting from that or the next closest VLAN Table match The gt gt button will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over IGMP Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page Delete VLANID Snooping Enabled IGMP Querier Oo aC Add New IGMP VLAN Ban Check to delete the entry The designated entry will be deleted during elete the next
153. tact a server that it has already determined as dead Setting the dead time to a value greater than 0 zero will enable this feature but only if more than one server has been configured ORing Industrial Networking Corp 120 RGPS R9244GP P Series User Manual Indicates the identifying IP Address of the NAS which is requesting NAS IP Address authentication of the user and SHOULD be unique to the NAS within the scope of the RADIUS server Network Access Server identifier NAS ID for the interface The NAS ID is sent to the RADIUS server by the controller as a RADIUS client using the authentication request which is used to classify users to different groups You can enter up to 32 alphanumeric characters When a user requests network connection a RADIUS client which receives the request will perform an initial access negotiation with the user to obtain identity oassword information The client then passes the information to a RADIUS server as part of an authentication authorization request The RADIUS server matches data from the authentication authorization request with information in a trusted database If a match is found and the user s credentials are correct the RADIUS server sends an accept message to the client to grant access If a match is not found or a problem is found with the user s credentials the server returns a reject message to deny access The NAD then establishes or terminates the user s connection
154. tch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string in the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly ORing Industrial Networking Corp 126 When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients do npt need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported 802 1X and MAC Based authentication configurations consist of two sections system and port wide
155. te Line NZST New Zealand 12 hours Midnight Standard NZT New Zealand 5 1 8 RIP RIP Routing Information Protocol is one of the protocols which may be used by routers to exchange network topology information It is characterized as an interior gateway protocol and is typically used in small to medium sized networks A router running RIP sends the contents of its routing table to each of its adjacent routers every 30 seconds When a route is removed from the routing table it is flagged as unusable by the receiving routers after 180 seconds and removed from their tables after an additional 120 seconds You can choose to enable or disable RIP in the section ORing Industrial Networking Corp 39 RGPS R9244GP P Series User Manual RIP Configuration Mode Disabled Y Save Reset 5 1 9 VRRP A VRRP Virtual Router Redundancy Protocol is a computer networking protocol aimed to eliminate the single point of failure by automatically assigning available IP routers to participating hosts Using a virtual router ID VRID address and virtual router IP VRIP address to represent itself a virtual router consists of two or more physical routers including one master router and one or more backup routers All routers in the virtual router group share the same VRID and VRIP The master router provides primary routing and the backup routers monitor the status of the master router and become active if the master router fails
156. the port with the highest port number is shut down Reserved Power the ports are shut down when total reserved power exceeds the amount of power that the power supply can deliver The port power will not be turned on if the power device requests more power than available from the power supply Primary and Backup Some switches support two PoE power supplies One is used as Power Source primary power source and one as a backup If the switch does not support backup power supply only the primary power supply settings will be shown If the primary power source fails the backup power source will take over To determine the amount of power allowed for the power device you must configure the amount of power the primary and backup power sources can deliver Valid values are in the range 0 to 2000 watts The logical port number for this row Ports that are not PoE capable are grayed out and thus unable to be configured PoE Mode A drop down list for selecting PoE operations The modes include Disabled disable PoE PoE enable PoE IEEE 802 3af Class 4 PDs limited to 15 4W PoE enable PoE IEEE 802 3at Class 4 PDs limited to 30W Priority Indicates port priority There are three levels of power priority Low High and Critical The priority is used when remote devices require more power than the power supply can deliver The port with the lowest priority will be turn off and power will be supplied to the port with the highest
157. the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients do not need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized the port is in Force Authorized or a single supplicant Port State mode and the supplicant is authorized Unauthorized the port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server A Auth Y Unauth the port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only ORing Industrial Networking Corp 132 RGPS R9244GP P Series User Manual enabled when authentication is globally enabled and the port
158. this VLAN ID value Specifies the tag priority for the ACE A frame matching the ACE will Tag Priority use this tag priority The allowed number range is 0 to 7 Any means that no tag priority is specified tag priority is don t care ICMP Parameters eae alice Specific Y Ae elite 255 eee alicia Specific ICMP Siem eam 255 ORing Industrial Networking Corp 116 RGPS R9244GP P Series User Manual ICMP Type Filter ICMP Type Value ICMP Code Filter ICMP Code Value Specifies the ICMP filter for the ACE Any no ICMP filter is specified ICMP filter status is don t care Specific if you want to filter a specific ICMP filter with the ACE you can enter a specific ICMP value A field for entering an ICMP value appears When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 Aframe matching the ACE will use this ICMP value Specifies the ICMP code filter for the ACE Any no ICMP code filter is specified ICMP code filter status is don t care Specific if you want to filter a specific ICMP code filter with the ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP code value TCP Parameters Alle hAlvda1CTd Specific Y Source
159. tio gt Filter lt clockinst gt lt def_delay_filt gt lt period gt lt dist gt Servo lt clockinst gt lt displaystates gt lt ap_enable gt lt ai_enable gt lt ad_enable gt lt ap gt lt ai gt lt ad gt MasterTableUnicast lt clockinst gt ExtClockMode lt one_pps_mode gt lt ext_enable gt lt clocktfreq gt lt vcxo_enable gt OnePpsAction lt one_pps_clear gt Debug Mode lt clockinst gt lt debug_mode gt Wireless mode lt clockinst gt lt port_list gt enableldisable ORing Industrial Networking Corp 176 RGPS R9244GP P Series User Manual Wireless pre notification lt clockinst gt lt port_list gt Wireless delay lt clockinst gt lt port_list gt lt base_delay gt lt incr_delay gt Loop Protect Configuration Mode enableldisable IPMC Wu o SSCSC S S S Version igmp lt vid gt N Fault Alarm PortLinkDown lt port_list gt enableldisable l Alarm PowerFailure pwrllpwr2Ipwr3 enableldisable Event 4vent gt Syslog SystemStart enableldisable Syslog PowerStatus enableldisable ORing Industrial Networking Corp 177 RGPS R9244GP P Series User Manual SMTP Port lt port_list gt disablellinkup linkdownlboth DHCPServer Mode enableldisable Setup lt ip_start gt lt ip_end gt lt ip_mask gt lt ip_router gt lt ip_dns gt lt ip_tftp gt lt lease
160. tion Error provides error message All enables all levels The time of the system log entry The MAC address of the switch 5 10 5 VeriPHYCable Diagnostics You can perform cable diagnostics for all ports or selected ports to diagnose any cable faults short open etc and feedback a distance to the fault Simply select the port from the drop down list and click Start to run the diagnostics This will take approximately 5 seconds If ORing Industrial Networking Corp 147 all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY diagnostics is only accurate for cables 7 140 meters long 10 and 100 Mbps ports will be disconnected while running VeriPHY diagnostics Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is completed VeriPHY Cable Diagnostics Cable Status Port Dar A LengthA PawB LengthB Paic LengthC PawrD Length D Pot The port for which VeriPHY Cable Diagnostics is requested Cable Status Port port number Pair the status of the cable pair Length the length in meters of the cable pair 5 10 6 SFP Monitor SFP modules with DDM Digital Diagnostic Monitoring function can measure the temperature of the apparatus helping you monitor the status of connection and detect errors immediately You can
161. to the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding the result to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note in an environment where two backend servers are enabled the server timeout is configured to X seconds using the authentication configuration page and the first server in the list is currently down but not considered dead if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds it will never be authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expired the same server will be contacted when the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the swi
162. topology O Ring ORing Industrial Networking Corp 14 Coupling Ring If you already have two O Ring topologies and would like to connect the rings you can form them into a coupling ring All you need to do is select two switches from each ring to be connected for example switch A and B from Ring 1 and switch C and D from Ring 2 Decide which port on each switch to be used as the coupling port and then link them together for example port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D Then enable Coupling Ring on the management page and select the coupling ring in correspondence to the connected port For more information on port setting please refer to 4 1 2 Configurations Once the setting is completed one of the connections will act as the main path while the other will act as the backup path Main Path Switch 8 m in Switch D O Ring O Ring Backup Path Switch A Switch C J Se a a ee eee Frgeennneaenengpeggn f Dual Homing If you want to connect your ring topology to a RSTP network environment you can use dual homing Choose two switches Switch A amp B from the ring for connecting to the switches in the RSTP network backbone switches The connection of one of the switches Switch A or B will act as the primary path while the other will act as the backup path that is activated when the primary path connection fails ORing Industrial Networking Corp 15 RGPS R92
163. ts radiusAuthChentExtPendingRequests Timeouts radiusAuthChentExtAccessRejects radiusAuthCheantExtAccessChallanges radius4uthChentExtBadAuthenticators radius4AuthChentExtAccessRetransmissians radiusAuthCh entExtTimeouts RFC4668 Name Description The number of RADIUS Access Accept packets valid or invalid received from the server The number of RADIUS Access Reject packets valid or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received fram the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authentcator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenbcators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS Access Request patkets sent to the server This does not indude retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have n
164. tting ORing Industrial Networking Corp 167 JAAA Authentication Authorization and Accounting setting Security Switch Password lt password gt Auth Authentication SSH Secure Shell HTTPS Hypertext Transfer Protocol over Secure Socket Layer IRMON Remote Network Monitoring Security Switch Authentication Configuration Method consoleltelnetlsshlweb nonellocallradius enableldisable Security Switch SSH _ Mode enableldisable Security Switch HTTPS 7 Mode enableldisable Security Switch RMON Statistics Add lt stats_id gt lt data_source gt Statistics Delete lt stats_id gt Statistics Lookup lt stats_id gt History Add lt history_id gt lt data_source gt lt interval gt lt buckets gt History Lookup lt history_id gt Alarm Add lt alarm_id gt lt interval gt lt alarm_variable gt absoluteldelta lt rising_threshold gt lt rising_event_index gt lt falling threshold gt lt falling_event_index gt risinglfallinglboth Alarm Delete lt alarm_id gt Alarm Lookup lt alarm_id gt ORing Industrial Networking Corp 168 Security Network Psec Port Security Status Network Access Server IEEE 802 1X NAS ACL Access Control List DHCP Dynamic Host Configuration Protocol Security Network Psec Switch lt port_list gt Port lt port_list gt Security Network NAS ReauthPeriod lt reauth_period gt Security Netwo
165. uffer or Rx Drops l egress congestion Rx The number of frames received with CRC or alignment errors CRC Alignment 1 Short frames are frames smaller than 64 bytes 2 Long frames are frames longer than the maximum frame length configured for this port 5 10 3 Port Mirroring Port mirroring function will copy the traffic of one port to another port on the same switch to allow the network analyzer attached to the mirror port to monitor and analyze packets The function is useful for troubleshooting To solve network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The traffic to be copied to the mirror port can be all frames received on a given port also known as ingress or source mirroring or all frames transmitted on a given port also known as egress or destination mirroring The port to which the monitored traffic is copied is called mirror port ORing Industrial Networking Corp 145 RGPS R9244GP P Series User Manual Mirror Configuration eee igeumcum Disabled 1 Disabled v 2 Disabled ze 3 Disabled ze 4 Disabled ze 5 Disabled ze 6 Disabled ze 7 Disabled v 8 Disabled ze 9 Disabled ze 10 Disabled v 11 Disabled ze The switch port number to which the following settings will be applied Drop down list for selecting a mirror mode Rx only only frames received on this port are mirrored to the mirror port Fra
166. unchecked port isolation is disabled for that port By default port isolation is disabled for all ports 5 5 SNMP SNMP Simple Network Management Protocol is a protocol for managing devices on IP networks It is mainly used network management systems to monitor the operational status of networked devices In an event triggered situation traps and notifications will be sent to administrators ORing Industrial Networking Corp 72 ORing 5 5 1 System RGPS R9244GP P Series User Manual SNMP System Configuration Mode Version Enabled SNMP v2c RCT RTS OUbIIC AAKALA private Engine ID Version Read Community Write Community ORing Industrial Networking Corp 6800007e5017f000001 Indicates existing SNMP mode Possible modes include Enabled enable SNMP mode Disabled disable SNMP mode Indicates the supported SNMP version Possible versions include SNMP v1 supports SNMP version 1 SNMP v2c supports SNMP version 2c SNMP v3 supports SNMP version 3 Indicates the read community string to permit access to SNMP agent The allowed string length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table Indicates the write community string to permit access to SNMP agent The allowed string length is O to 255 and only ASCII
167. uto refresh _ Bridge ID Topology Topology Port Cost Flag Change Last 80 00 00 1E 94 FF FF FF 80 00 00 1E 94 FF FF FF 0 Steady Ti The bridge instance You can also link to the STP detailed bridge status Bridge ID The bridge ID of this bridge instance Root ID The bridge ID of the currently selected root bridge Root Port The switch port currently assigned the root port role Root path cost For a root bridge this is zero For other bridges it is Root Cost the sum of port path costs on the least cost path to the Root Bridge Topology Flag The current state of the topology change flag for the bridge instance Topology The time since last topology change occurred Change Last Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals STP Port Status This page displays the STP port status for the currently selected switch ORing Industrial Networking Corp 21 RGPS R9244GP P Series User Manual STP Port Status Auto refresh CIST Role CIST State Uptime 1 Non STP Non STP Non STP Non STP Non STP Non STP Non STP Non STP Non STP Non STP Non STP Non STP Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding The switch port number to which the following settings will be applied The current STP port role of the CIST port
168. vector Such a port will be selected as an alternate port after the root port has been selected If set soanning trees will lose connectivity It can be set by Restricted Role a network administrator to prevent bridges outside a core region of the network from influencing the active spanning tree topology because those bridges are not under the full control of the administrator This feature is also Known as Root Guard When enabled the port will not propagate received topology change notifications and topology changes to other ports If set it will cause temporary disconnection after changes in an active spanning trees topology as a result of persistent incorrectly learned station location Restricted TCN information It is set by a network administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently Configures whether the port connects to a point to point LAN rather than a shared medium This can be configured automatically or set to Point2Point SS true or false manually Transiting to forwarding state is faster for point to point LANs than for shared media Click to save changes Click to undo any changes made locally and revert to previously saved values ORing Industrial Networking Corp 28 4 5 Fast Recovery Fast
169. ves tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not Ox88A8 ex 0x8100 it will be discarded When the port receives untagged frames an untagged frame obtains a tag based on PVID and is forwarded When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not Ox88A8 ex 0x8100 it will be discarded Below are the illustrations of different port types ORing Industrial Networking Corp Unaware port will be set to 0x8100 The final status of the frame after egressing will also be affected by the Egress Rule The TPID of a frame transmitted by C port will be set to 0x8100 The TPID of a frame transmitted by S port will be set to Ox88A8 The TPID of a frame transmitted by S custom port will be set to a self customized value which can be set by the user via Ethertype for Custom S ports 64 RGPS R9244GP P Series User Manual QinQ Vit PVID TPID 8100 VID 5 TPID 8100 VID 5 TPID 8848 Packet Discarded No VLAN VID 8 TPID 8100 VID 8 TPID 8100 VID 8 TPID 88A8 Packet Discarded VID 10 TPID 8100 Packet Discarded VID 10 VID 10 TPID 88A8 TPID 88A8 ORing Industrial Networking Corp 65 No VLAN RGPS R9244GP P Series User Manual VID 5 TPID 8100 KR TPID f S
170. wer 15 4 W Class 4 Max power 30 0 W Power Requested Shows the amount of power requested by the power device Power Allocated Shows the amount of power the switch has allocated for the power device Shows how much power the power device currently is using Current Used Shows how much current the PD currently is using Shows the port s priority configured by the user Shows the port s status The status can be one of the following values PoE not available no PoE chip found PoE turned OFF PoE is disabled by user PoE turned OFF power budget exceeded The total requested or used power by the power devices exceeds the maximum power ORing Industrial Networking Corp 157 RGPS R9244GP P Series User Manual the power supply can deliver and port s with the lowest priority will be powered down No PD detected no power devices detected on the port PoE turned OFF power devices overload The power devices have requested or used more power than the port can deliver and the port is powered down PoE turned OFF the power device is turned off Invalid PD the power device is detected but is not working correctly 5 12 3 PoE Schedule You can appoint a date and time as well as enable or disable PoE functions The switch will perform PoE functions based on your configurations SNTP function must be enabled Power Over Ethernet Schedule Configuration Configure port alalu Enabled Select all Sunday Mo
171. whether frames will meet the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings IP Ethernet 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and Length the PLN is equal to IPv4 0x04 must not match this entry 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed don t care Specifies whether frames will meet the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 must not match this entry 1 ARP RARP frames where the HLD is equal to Ethernet 1 must match this entry Any any value is allowed don t care Specifies whether frames will meet the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Any any value is allowed don t care Frame Type as IPv4 IP Parameters IP Protocol Filter IP TTL IP Fragment IP Option SIP Filter DIP Filter Save Reset Cancel ORing Industrial Networking Corp 113 ORing RGPS R9244GP P Series User Manual IP Protocol Filter IP TTL IP Fragment IP Option ORing Industrial Networking Corp Specifies the IP protocol filter for
172. with this publication DISCLAIMER Information in this publication is intended to be accurate ORing shall not be responsible for its use or infringements on third parties as a result of its use There may occasionally be unintentional errors on this publication ORing reserves the right to revise the contents of this publication without notice CONTACT INFORMATION ORing Industrial Networking Corp 3F NO 542 2 JhongJheng Rd Sindian District New Taipei City 231 Taiwan R O C Tel 886 2 2218 1066 Fax 886 2 2218 1014 Website www oring networking com Technical Support E mail support oring networking com Sales Contact E mail sales oring networking com Headquarters sales oring networking com cn China ORing Industrial Networking Corp 1 Table of Content al Getting Startled EE 6 1 1 About the RGPS R9244GP P cccccceecccssseeecessseeecsoeseceesaaeeesausaeessausesessusenes 1 2 EE EE 1 3 Hardware Specifications cccccceccccesceceececeeeeceeeeseuceceueeseueeseueeseeeeeeeeeseeesaneesees Hardware e HATT 8 2 1 Front Hanel 2d PO ae Ee ne SG EC E RE 2 2 FRO FF ANC een Hardware ISLA de EE 3 1 Rack mount Installation uk 3 2 WVIGING EE aal AG ENEE EECHER 3 3 CONNECHON NEE SEN e 10 100BASE T X amp 1000BASE T Pin Assignments n0nnnnnonnnnnennnnnnnnnnnnnnnnnnnnenennnee 1000BASE T P S E RJ 45 PORT 10 000 ee ceee cece eneeeneeeneeeneeneeenssensseneseeseneseaes 3 3 2 RS 232 co
173. work traffic from the device bound with the port When the traffic changes sharply all of a sudden an alert will be issued This page allows you to configure stream check settings ORing Industrial Networking Corp 106 RGPS R9244GP P Series User Manual Stream Check Action Log it e Status Enabled NI Normal I RIRIRIR Enables or disables stream monitoring of the port Mode Indicates the action to take when the stream gets low Possible actions are DO action Log it simply logs the event 5 8 3 ACL An ACL Access Control List is a list of permissions attached to an object An ACL specifies which users or system processes are authorized to access the objects and what operations are allowed on given objects Port Configuration ACL Ports Configuration Rate Limiter Action ID Logging Shutdown Counter 1 1v Permit se Disabled zw Disabled Disabled Disabled sw 108498 2 Li Permit Disabled xv Disabled Disabled xv Disabled v 0 3 1 Permit Y Disabled Disabled Disabled Disabled 68732984 4 1 Permit Disabled Disabled Disabled Disabled 0 5 Li Permit Disabled Disabled Disabled Disabled v 0 6 Li Permit Disabled sw Disabled Disabled sw Disabled 68732984 7 Li Permit Disabled Disabled Disabled Disabled v 0 8 i iv Permit v Disabled Disabled xv Disabled xv Disabled v 0 ORing Industrial Networking Corp 107
174. y No policy filter is specified policy filter status is Policy Filter don t care Specific If you want to filter a specific policy with this ACE ORing Industrial Networking Corp 109 Frame Type Rate Limiter Port Copy Logging RGPS R9244GP P Series User Manual choose this value Two fields for entering a policy value and bitmask appear Policy Value When Specific is selected for the policy filter you can enter a specific policy value The allowed range is 0 to 255 Policy Bitmask When Specific is selected for the policy filter you can enter a specific policy bitmask The allowed range is 0x0 to Oxff Indicates the frame type of the ACE These frame types are mutually exclusive Any any frame can match the ACE Ethernet Type only Ethernet Type frames can match this ACE ARP only ARP frames can match the ACE Notice the ARP frames will not match the ACE with Ethernet type IPv4 only IPv4 frames can match the ACE Notice the IPv4 frames will not match the ACE with Ethernet type Specifies the action to take when a frame matches the ACE Permit takes action when the frame matches the ACE Deny drops the frame matching the ACE Specifies the rate limiter in number of base units The allowed range is 1 to 15 Disabled means the rate limiter operation is disabled Frames matching the ACE are copied to the port number specified here The allowed range is the same as the switch port number rang
175. y The number of received and transmitted packets per queue Ooo 00 ORs OOo oop RGPS R9244GP P Series User Manual AF11 AF43 or Default Default means that the default classified value modified by this QCE COOCCO COOCOCOF COOCOC OF oooo oO O Detailed Port Statistics for Switch 1 Port 2 Port 2 T Aute reimesh Buafresh Clear Receive Total Rx Packets Rx Multicast Rx Broadcast Rex Pause Receive Size Counters Rx 64 Bytes Rx 65 127 Bytes RX 178 255 Bytes Rx 256 511 Bytes RX S12 LO2S Bytes Rx L024 1526 Bytes Rx 1527 Bytes Receive Queue Counters Rx OOo RX Q1 Rx QZ Rx Oo Rat Q4 Rx OS Fix Op Rx oe Receive Error Counters Rx Drops Re CROZ Alignment Rx Undersize Rx Oversize Rx Fragments Rx Jabber Ra Filtered 5 6 14 QCL Status This page shows the QCL status by different QCL users Each row describes the QCE that is defined A conflict will occur if a specific QCE is not applied to the hardware due to hardware DOC e Be 5O EI EL OC oo 0 4 Soca 0 ooo 4 So oc ia 0 ir Transmit Tatal Tx Packets TH Octets Tx Unbeast Tx Multicast Tx Broadcast Tx Pause Transmit Size Counters Ix 64 Bytes Tx 65 127 Bytes Tx 128 255 Bytes Tx 256 511 Bytes Tx 512 1023 Bytes TH 1024 1526 Bytes Tx 132 7 Bytes Transmit Queue Counters Transmit Error Counters Tx Drops Tx Late fExc Coll limitations The maximum number of QCEs is 256 on each switch ORing Industrial Networking Cor
176. y within the configured timeout The server has temporarily been disabled but will be re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Details This page shows the access statistics of the authentication and accounting servers Use the server drop down list to switch between the backend servers to show related details RADIUS Authentication Statistics for Server 1 Server 1 Auto refresh E Receive Packets Transmit Packets Access Accepts 0 Access Requests Access Rejects Access Retransmissions Access Challenges 0 Pending Requests Malformed Access Responses 0 Timeouts Bad Authenticators Unknown Types Packets Dropped Other Info IP Address 0 0 0 0 1812 Disabled ms ORing Industrial Networking Corp 123 RGPS R9244GP P Series User Manual Leg nenne S RADIUS authentication server packet counters There are seven receive and four transmit counters Direction Name Access Accepts radiusAuthChentExtAccessAccepts Access Rejects Access Challenges Malformed Access radiusAuthChentExtMalformedsccessResponses Responses Bad Authenticators Packet Counters Unknown Types radiusAuthChlentExtUnknownTypes Packets Dropped radimus4uthChentExtPacketsDropped Access Requests radiusAuthChlentExtAccessRequests Access Retransmissions Pending Reques
177. zed state The hold timer does not count during an on going authentication The switch will ignore new frames coming from the client during the hold time The hold time can be set to a number between 10 and 1000000 seconds Pot The port number for which the configuration below applies If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link is up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link is up and any client on the port will be disallowed network access Port based 802 1X In an 802 1X network environment the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the Greet man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number o
Download Pdf Manuals
Related Search