Allworx PowerFlex User Guide
Contents
1. Delete 0 0 0 0 Add new entry opi Reset Parameter Description Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation Delete Check to delete the entry It will be deleted during the next save Start IP address Indicates the start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates that the host can access the switch via HTTP HTTPS interface if the host IP address falls in the IP address range provided in the entry SNMP Indicates that the host can access the switch via SNMP interface if the host IP address falls in the IP address range provided in the entry TELNET SSH Indicates that the host can access the switch via TELNET SSH interface if the host IP address falls in the IP address range provided in the entry Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 198 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 8 2 Statistics This section enables configuring detailed statistics of the Access Management settings including HTTP HTTPS SSH TELNET and SSH To view the Assess Management statistics in the web interface 1 Navigate to Security gt Access Management gt Statistics 2 Check Auto refresh to refresh the page automatically at2. Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type Ethernet type Only Ethernet Type frames can match this ACE The IEEE 802 3 describes the value of Length Type Field specifications to be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with ethernet type IPv4 Only IPv4 frames can match this ACE Notice the IPv4 frames won t match the ACE with ethernet type IPv6 Only IPv6 frames can match this ACE Notice the IPv6 frames won t match the ACE with ehternet type Action Specify the action to take with a frame that hits this ACE Permit The frame that hits this ACE is permitted for the ACE operation Deny The frame that hits this ACE is dropped Rate Limiter Indicates the rate limiter number of the ACE The range is 1 to 16 When set to Disabled the rate limiter operation is disabled Port Redirect Frames that hit the ACE are redirected to the port number specified here The range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Mirror Specify the mirror operation of this port Frames matching the ACE are mirrored to the destination mirror port The values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disable
3. a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 11 QCL Status This section displays the QCL status by different QCL users Each row describes the defined QCE It is a conflict if a specific QCE does not apply to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch To display the QoS Conirol List Status in the web interface 1 Navigate to Configuration gt QoS gt QCL Status 2 Use the drop down menu to select the view and then check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 99 QoS Control List Status QoS Control Combmed Audowahush C Revobe Contict Retwsh List Status Action Cass pp pscp Conflie User QCE Frame Type Port te Oy nt oat a User Indicates the QCL user QCE Indicates the index of QCE Frame Type Indicates the type of incomingframe Possible frame types are e Any The QCE matches all frame types e Ethernet Only Ethernet frames with Ether Type 0x600 OxFFFF e LLC Only LLC frames e LLC Only SNAP frames e Pv4 The QCE matches only IPV4 frames e IPv6 The QCE matches only IPV6 frames Port Indicates the list of ports configured with the QCE Action Indicates the classification action taken on an ingress frame if parameters configured are matched with the frame s content There are three action fields Class D
4. 1 sl 3 4 5 6 if 8 9A 0A 9B oooocooooeo coo eo S D Parameter Description Port The Port coulmn displays the list of ports to see port counters and statistics Join Tx Count Number of GVRP Join packets sent by the switch Leave Tx Count Number of GVRP Leave packets sent by the switch Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 128 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 QoS The switch supports four QoS queues per port with strict or weighted fair queuing scheduling It supports QoS Control Lists QCL for advance programmable QoS classification based on IEEE 802 1p Ethertype VID IPv4 IPv6 DSCP and UDP TCP ports and ranges The switch offers high flexibility in the classification of incoming frames to a QoS class The QoS classification looks for information up to Layer 4 including IPv4 and IPv6 DSCP IPv4 TCP UDP port numbers and user priority of tagged frames The QoS control list QCL implements the QoS classification mechanism The QoS class assigned to a frame is used throughout the device for providing queuing scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class The switch also supports advanced memory control mechanisms providing excellent performance of all QoS classes under any traffic scenario including jumbo frame The ingre
5. 3 Click Save to save the setting or click Reset to cancel changes and revert to previously saved values Figure 108 Mirror Configuration Mirror Configuration Port to mirror to Disabled v Port Mode be lt gt v 4l Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled Z Disabled 6 Disabled 94 Disabled 104 Disabled 9B Disabled 10B Disabled Parameter Description Port to mirror to Port to mirror also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored on this port Disabled disables mirroring Mirror Port Configuration The following table is used for Rx and Tx enabling Port Indicates the port number Mode Select mirror mode Rx only Frames received on this port are mirrored on the mirror port Frames transmitted are not mirrored Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 155 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Tx only Frames transmitted on this port are mirrored on the mirror port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored on the mirror port NOTE For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frame
6. To view the Port Security Port Status in the web interface 1 Navigate to Security gt Port Security gt Port Status 2 Specify the Port to view the status 3 Check Auto refresh to refresh the page automatically at periodic intervals 4 Click Refresh to refresh the page manually Figure 134 Port Security Port Status Port Security Port Status Port 1 Port 1 Auto teftesh MAC Address VLANID State Time of Addition Age Hold No MAC addresses attached Parameter Description MAC Address amp VLAN ID The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it cannot transmit or receive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it stays in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user modul
7. The section displays the SFP module detail information if connected to the switch The information includes Connector type Fiber type wavelength baud rate and Vendor OUI etc To display the SFP information in the web interface Navigate to Configuration gt Port gt SFP Information Figure 26 SFP Information for Port 9B Connector Type Fiber Type Tx Central Wavelength Bit Rate Vendor OUI Vendor Name Vendor PIN Vendor Revision Vendor Serial Number Date Code Temperature Vec Mon1 Bias Mon2 TX PWR Mon3 RX PWR none none none none none none none none none none none none none none none SFP Information Overview Parameter Connector Type Description Display the connector type for instance UTP SC ST LC and so on Fiber Type Display the fiber mode for instance Multi Mode Single Mode Tx Central Wavelength Display the fiber optical transmitting central wavelength for instance 850nm 1310nm 1550nm and so on Baud Rate Display the maximum baud rate of the fiber module supported for instance 10M 100M 1G and so on Vendor OUI Display the Manufacturer s OUI code which is assigned by IEEE Vendor Name Display the company name of the module manufacturer Vendor P N Display the product name by module manufacturer Vendor Rev Revision Display the module revision Vendor SN Serial Number Display the serial number assigned by the
8. DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal Medium and High for individual application An acronym for QoS Control List It is the list table of QCEs containing QoS control entries that classify to a specific QoS class on specific traffic objects Each accessible traffic object contains an identifier to its QCL The privileges determine specific traffic object to specific QoS class In SyncE this is the Quality Level of a given clock source This is received on a port in a SSM indicating the quality of the clock received in the port An acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS is the set of techniques to manage network resources An acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 221 a I Iw rx PowerFlex
9. Default is 32768 3 Click Apply and click Reset to cancel the changes and revert to previously saved values Figure 38 MSTI Configuration MSTI Configuration MSTI Prony Con MSTI Priority CIST 32768 Parameter Description MSTI The bridge instance The CIST is the default instance which is always active Priority Controls the bridge priority Lower numeric values have higher priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 55 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 5 4 CIST Ports When implementing a Spanning Tree protocol on the switch that the bridge instance users need to configure the CIST Ports This section enables the user to inspect and change the current STP CIST port configurations To configure the Spanning Tree CIST Ports parameters via the web interface 1 Navigate to Configuration gt Spanning Tree gt CIST Ports 2 Use the drop down menus and check boxes to set all parameters of CIST Aggregated Port Configuration 3 Enable or disable the STP then use the drop down menus and check boxes to set all parameters of the CIST normal Port configuration 4 Click Apply and click Reset to cancel the changes and revert to previously saved values Figure 39 STP CIST Port Con
10. Disabled Disabled Disabled Disabled RADIUS Accounting Server Status Overview IP Address 0 0 0 0 1813 0 0 0 0 1813 0 0 0 0 1813 0 0 0 0 1813 0 0 0 0 1813 Im I 09 Ino LE Disabled Disabled Disabled Disabled Disabled Parameter Description The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server State The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Serve rs The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server State The current state of the server This field takes one of the followi
11. Error Warning Notice Info and Debug Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 157 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 22 SMTP Configuration The SMTP configuration enables configuring the switch to generate an email when a trap event occurs Up to 6 email recipients can be set To configure the SMTP settings via the web interface 1 Navigate to Configuration gt SMTP Configuration 2 Select the Severity Level and set the parameters 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 110 SMTP Configuration SMTP Configuration Mail Server User Name Password Severity Level Info v Sender Return Path Email Address 1 Email Address 2 Email Address 3 Email Address 4 Email Address 5 Email Address 6 Parameter Description Mail Server Specify the IP Address of the Email server Username Specify the username on the mail server Password Specify the password on the mail server Sender To set the mail sender name Return Path To set the mail return path as sender s mail address Email Address 1 6 Email addresses to send the alarm message to Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 158 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 23 UPnP Universal Plug and Play UPnP enables device
12. It is also known as User Priority An acronym for Powered Device In a PoE gt system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD An abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical layer IEEE 802 3 ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgment that it received the packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin computer and the PING Reply is the packet response from the target PoE is aAn acronym for Power Over Ethernet Power Over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply A policer can limit the bandwidth of received frames It is located in front of the ingress queue An acronym for Post Office Protocol version 3 It is a protocol for email clients to retrieve email messages from a mail server Toll Free 1 866 ALLWORX 585 421 38
13. Timer Values To set the GARP join timer leave timer and leave all timers in micro seconds Three different timers can be configured on this page Join Timer The default value for Join timer is 200ms Leave Timer The range of values for Leave Time is 600 1000ms The default value for Leave Timer is 600ms Leave All Timer The default value for Leave All Timer is 10000ms Application Currently only supported application is GVRP Attribute Type Currently only supported Attribute Type is VLAN GARP Applicant This configuration is used to configure the Applicant state machine behaviour for GARP on a perticular port locally e Normal participant In this mode the Applicant state machine will operate normally in GARP protocol exchanges e Non participant In this mode the Applicant state machine will not participate in the protocol operation The default configuration is normal participant Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 124 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 13 2 Statistics This section displays the GARP port statistics for all ports The port statistics relate to the currently selected stack unit as reflected by the page header To display GARP Port statistics in the web interface 1 Navigate to Configuration gt GARP gt Statistics 2 Check Auto refresh to refresh the page automatically at periodic interva
14. 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 101 sFlow Collector Configuration Ul shows sFlow Receiver ID sFlow Receiver Configuration Configured Current Receiver Id 1 1 IP Type IPV4 IPv4 IP Address 0 0 0 0 0 0 0 0 Port 6343 6343 Time Out D Oo Datagram Size 1400 1400 Parameter Description Collector Id Ul The Collector ID input fields enable the user to select the Collector ID Indicates the displays Receiver ID ID of this particular sFlow Collector Currently one ID is supported as one collector is supported ID Type A drop down list to select the type of IP of Collector is displayed By default it is IPv4 IP Address The address of a reachable IP should be entered This IP is used to monitor the sFlow samples sent by sFlow Agent the switch By default the IP is set to 0 0 0 0 Port A port to listen to the sFlow Agent has to be configured for the Collector The accepted value is within the range of 1 65535 A port number not used by other protocols can to be configured By default the port number is 6343 Time Out The duration during which the collector receives samples Once it expires the sampler stops sending the samples It is through the management the value is set before it expires The accepted value is within the range of 0 2147483647 By default it is set to 0 Datagram Size It is the maximum UDP datagram size to send out the sFlow samples to t
15. 3850 www allworx com Revised October 30 2013 Page 68 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to 128 Type Indicates the Type It can be either Allow or Deny Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 69 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 7 MLD Snooping Curiously enough a network node that acts as a source of IPv6 multicast traffic is only an indirect participant in MLD snooping t just provides multicast traffic and MLD doesn t interact with it Note however that in an application like desktop conferencing a network node may act as both a source and an MLD host but MLD interacts with that node only in its role as an MLD host A source node creates multicast traffic by sending packets to a multicast address In IPv6 addresses with the first eight bits set that is FF as the first two characters of the address are multicast addresses and any node that listens to such an address will receive the traffic sent to that address The source and destination systems running application software coop
16. 3850 www allworx com Revised October 30 2013 Page 78 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 8 3 Groups Information Entries in the MVR Group Table display on this page The MVR Group Table is sorted first by VLAN ID and then by group To display the MVR Groups Information in the web interface 1 Navigate to Configuration gt MVR gt Groups Information 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the MVR Groups Information 4 Click lt lt or gt gt to move to previous or next entry Figure 58 MVR Groups Information MVR Groups Information Auto tefresh L Refresh I lt lt gt gt Start from VLAN 1 add group address 224 0 0 0 with 20 entries per page Port Members VLANID Groups 1 2 3 4 5 6 7 s 9 10 11 12 No more entries Parameter Description MVR Group Table Columns VLAN ID VLAN ID of the group Groups Group ID of the group displayed Port Members Ports under this group Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 79 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 8 4 Statistics This section displays the MVR Statistics on the switch To display the MVR Statistics Information in the web interface 1 Navigate to Configuration gt MVR gt Statistics 2 Check Auto refresh to refresh the page automati
17. 8 24 48 Port GbE PoE Managed Switch User s Guide TELNET TFTP UDP User Priority V VLAN An acronym for TELetype NETwork Itis a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then the client user can enter commands through the Telnet program just as if entering commands directly on the server console An acronym for Trivial File Transfer Protocol It is transfer protocol that uses the User Datagram Protocol UDP and provides file writing and reading but it does not provide directory service and security features An acronym for User Datagram Protocol It is a communications protocol that uses Internet Protocol IP to exchange the messages between computers UDP is an alternative to the Transmission Control Protocol TCP that uses the Internet Protocol IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because of
18. ANPORUCHON ipicsintetin aie 1 1 1 OVE IVIOW sesiis pe A ER ENEE EE O E E E 1 1 2 Overview of this Users Guide 0 ccccceceeecceeeeesceeeeeeecnaeeeeeeeneeeeeeeeneeeeeeeeees 1 2 Operation of Web Based Management cccccssssesseeeeeeeeeeeeeeesseeeeeeeeeees 2 2 1 initial Configuratio siesena a a e a cere 2 2 2 IP Configuratio Meiser a p a a a E EENEN 2 3 System Configuration wccisciciciiscissnttacsssntiaccssetsscteastiesiaansssensanteasteerideraneniaciien 4 3 1 System Information sec cccreascece causa cebcae lt tanstcoamsyotenadieeceeaaeanuecleagietecsedranveaetnnaweene 4 3 2 TME Serre nee ee re near ar nee ee 7 3 3 ACCOUN sai aii aaa Ea AEA a Ea N Aa E A 10 3 4 Porre a a ra ta tatat eeepc 13 3 5 op eo lt eee eer ne ee ee eee eee eee 16 3 6 SNMP cet cere cen wee wee EE rR E Theater ocean eaten 19 3 7 6 5 2 S ena era me em ee ree eae a eer 24 3 8 gS ae ce a ee ee eee ee 25 3 9 ACCOSS een ee ee eer errr 26 eNO Trapen a E a aT E E 27 4 Config ratiOm sciisnctsatisastcisttintiseinentcansiectdneisentdietuastiesisnetdaninactdnutiartinesneidiues 29 4 1 ee pien e a ere rr ere ret 29 4 2 PN lean cE eee lec aaa att E E 38 4 3 PAG ME CANNON knisa e sale a saad aaa E E ae EE AE 46 4 4 AOP gaa tess ee tac cate cee ese succes doce se encase ee cen eee eet 48 4 5 Spanning TG cinta cant dcccutedcntesaasuedesrmadicnedeins daehcanigatactanasantensadarendentaxtorangame 51 4 6 IGMP SRO OD ING ieseciciacsscssetqiisacciasansacieiananiandentdacese
19. Add new Private VLAN Specify the Private VLAN ID and Port Members Click Apply eo M Figure 77 Private VLAN Membership Configuration Private VLAN Membership Configuration Port Members Delete PVLANID 1 2 3 4 5 6 7 8 9A 10A 9B 108 C 1M MMMM K MMM M YY Add New Private VLAN Parameter Description Delete To delete a private VLAN entry check this box The entry will be deleted during the next save Private VLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for each private VLAN ID To include a port in a Private VLAN check the box To remove or exclude the port from the Private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding a New Private Click to add a new private VLAN ID An empty row is added to the table and the VLAN private VLAN can be configured as needed Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 112 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 5 2 Port Isolation Port Isolation provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow The apparatus comprises a switch having said plurality of ports each port configured as a protected port or a non protected port An address table memory stores
20. DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Provide the IP address for the switch in the dotted decimal notation IP Mask Provide the IP mask for the switch in the dotted decimal notation IP Gateway Provide the IP address of the gateway in the dotted decimal notation VLAN ID Provide the management VLAN ID The range is 1 to 4095 DNS Server Provide the IP address of the DNS Server in the dotted decimal notation DNS Proxy When DNS proxy is enabled the switch will relay DNS requests to the current configured DNS server and reply as a DNS resolver to the client device on the network Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 14 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 4 2 IPV6 This section describes how to configure the switch s managedIPv6 information Use the Configured column to view or change the IPv6 configuration and the Current column displays the active IPv6 configuration To configure Management IPv6 of the switch in the web interface 1 Navigate to System gt IPv6 Configuration 2 Specify the IPv6 settings and enable Auto Configurat
21. DHCP page of the Allworx server In the Active Leases section match the hardware address in the table to the MAC address printed on the label of the PowerFlex switch Access the switch via the web interface using the associated IP address For instance browse to http 192 168 2 x using a web browser A pop up screen prompts users to enter the username and password The default username is admin and password is empty O NOTE It is recommended for security purposes to change the username and password after initial login The PowerFlex Series supports a simple user management function enabling only one administrator to configure the system at any given time If there are two or more users using administrator s identity only the first user to login is able to configure the system The other logged in users even with Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 2 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide administrator s identity can only monitor the system Those who are not configured as administrators can only monitor the system A maximum of only three users can log in to the switch at once Figure 1 Login Page Connect to 192 168 2 200 The server 192 168 2 200 at PowerFlex P810 requires a username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a se
22. Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the volatile port configuration of the ACL user module The default value is Enabled Counter Counts the number of frames that match this ACE Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 39 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 2 2 Rate Limiters The section describes how to configure the switch s ACL Rate Limiter parameters The Rate Limiter ID ranges from 1 to 16 and the rate is set in pps or kbps To configure ACL Rate Limiter via the web interface Navigate to Configuration gt ACL gt Rate Limiter Specify the rate ranging from 0 to 3276700 1 2 3 Scroll to set the Unit to pps or kbps 4 Click Apply or click Reset to revert to previously saved values Figure 29 ACL Rate Limiter Configuration ACL Rate Limiter Configuration Rate Limiter ID Rate Unit n lt gt m 1 1 pps v 2 1 pps hd 3 1 pps hd 4 1 pps 5 1 pps hd 6 1 pps hd 7 1 pps e 8 1 pps v 9 1 pps nd 10 1 pps hd 11 1 pps v 12 1 pps x 13 1 pps x 14 1 pps hd 15 1 pps 16 1 pps x Apply Reset Parameter Description Rate Limiter ID The rate limiter ID for the settings Rate The values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Unit Spe
23. Frame Type Indicates the type of frame to look for incoming frames Possible frame types are e Any The QCE will match all frame types e Ethernet Only allows Ethernet frames with Ether Type 0x600 OxFFFF e LLC Only allows LLC frames e SNAP Only allows SNAP frames e Pv4 The QCE will match only IPV4 frames Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 141 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide e Pv6 The QCE will match only IPV6 frames SMAC Displays the OUI field of Source MAC address i e first three octets byte of MAC address DMAC Specify the type of Destination MAC addresses for incoming frame Possible values are e Any Allows all types of Destination MAC addresses e Unicast Only allows Unicast MAC addresses e Multicast Only allows Multicast MAC addresses e Broadcast Only allows Broadcast MAC addresses The default value is Any VID Indicates VLAN ID either a specific VID or range of VIDs VID can be in the range 1 4095 or Any Conflict Not present in Web Ul Displays QCE status It may happen that resources required to add a QCE may not available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the resource required by the QCE and pressing Refresh button PCP and DEI Action Indi
24. Group Name A valid Group Name is a string of 16 characters which consists of a combination of alphabets a z or A Z and integers 0 9 Do not use special characters The Group name to map to a VLAN must be present in Protocol to Group mapping table and must not be preused by other existing mapping entry on this page VLAN ID Indicates the ID to which the Group Name will be mapped A valid VLAN ID ranges from 1 4095 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked Add new entry Click to add a new entry in mapping table An empty row is added to the table The Group Name VLAN ID and port members can be configured as needed Legal values for a VLAN ID are 1 through 4095 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 118 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 12 Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice traffic ensuring the transmission priority of voice traffic and voice quality 4 12 1 Configuration The Voice VLAN feature enables voice traffic forwarding on the Vo
25. ICMPv6 instead of using a separate protocol Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the core network instead the stream s are received on the MVR VLAN and forwarded to the VLANs where hosts have requested the multicast streams Wikipedia An acronym for Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X An acronym for Network Basic Input Output System It is a program that permits applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Open Systems Interconnection OSI model An acronym for Network File System It permits hosts to mount partitions on a remote system and use as a local file systems NFS enables the system administrat
26. It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Delete Check to delete the policy It will be deleted during the next apply Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 88 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Policy ID ID for the policy This is auto generated and shall be used when selecting the polices that shall be mapped to the specific ports Application Type Intended use of the application types 1 Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications 2 Voice Signalling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voice application policy 3 Guest Voice support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interac
27. Managed Switch User s Guide Parameter Description Delete To delete a MAC based VLAN entry check this box and click apply The entry will be deleted on the selected switch in the stack MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Add new entry Click to add a new MAC based VLAN entry An empty row is added to the table and the MAC based VLAN entry can be configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry Do not use broadcast or multicast MAC addresses Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled on the selected stack switch unit when clicking Apply A MAC based VLAN without any port members on any stack unit will be deleted when clicking Apply 4 11 6 2 Status This section displays MAC based VLAN entries configured by various MAC based VLAN users Currently we support following VLAN User types NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server To display MAC based VLANs configured in the web interface 1 Navigate to Conf
28. Mode GVRP Mode is a global setting Select Enable to enable the GVRP globally In a stack this configuration command sends message to all the slaves connected in stack Default value of Global GVRP Mode is Disable Port The Port coulmn displays the list of configurable ports per port GVRP settings There are 2 configuration settings to configure on per port bases e GVRP Mode e GVRP role GVRP Mode This configuration is to enable disable GVRP Mode on a particular port locally e Disable Select to Disable GVRP mode on this port e Enable Select to Enable GVRP mode on this port The default value is disable GVRP role This configuration is used to configure restricted role on an interface e Disable Select to Disable GVRP role on this port e Enable Select to Enable GVRP role on this port The default configuration is disable Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 127 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 14 2 Statistics This section displays the GVRP Port statistics for all switch ports To display GVRP Port statistics in the web interface 1 Navigate to Configuration gt GVRP gt Statistics 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 88 GVRP Port Statistics Reten Port Join Tx Count Leave Tx Count 0
29. October 30 2013 Page 205 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 3 Save Restore This section describes how to save and restore the Switch configuration including resetting the switch to Factory Defaults 6 3 1 Factory Defaults This section describes how to reset the Switch configuration to Factory Defaults Any configuration files or scripts will recover to factory default values To set the switch to Factory Defaults Configuration via the web interface 1 Navigate to Maintenance gt Save Restore gt Factory Defaults 2 Click Yes 3 Check the Restore Default Configuration without changing current IP address checkbox to restore all other settings except the current IP settings to factory defaults This prevents losing connectivity to the switch once it reboots Figure 143 Factory Defaults to be updated Are you sure you want to reset the configuration to Factory Defaults 6 3 2 Save Start This section enables saving the current running configuration to the start up configuration Any current configuration files will be saved in XML format To save current configuration to start up configuration via the web interface 1 Navigate to Maintenance gt Save Restore gt Save Start 2 Click Save Figure 144 Save as Start Configuration Are you sure to save the current setting as Start Configuration Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised O
30. Reset to cancel changes and revert to previously saved values Figure 90 QoS Ingress Port Policing Configuration QoS Ingress Port Policers Port Mode Rate Unit Flow Control _ lt B a 1 O 500 kbps d m 500 kbps L s E 500 kbps O Sj m soo kbps a Gj E 500 kbps 0O G m 500 kbps O m 500 kbps O Sj m 500 kbps a ce ill 500 kbps ad CE m 500 kbps a oO 500 kbps d c 500 kbps a Parameter Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Mode Check uncheck to enable disable port policing for the port Rate To set the Rate limit value for this port the default is 500 Unit Scroll to select the unit of rate includes kbps Mbps fps and kfps The default is kbps Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 131 allworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 3 Port Schedulers This section provides an overview of QoS Egress Port Schedulers for all switch ports To configure the QoS Port Schedulers via the web interface 1 Navigate to Configuration gt QoS gt Port Schedulers 2 Click on the port number to set the parameters for the port Figure 91 QoS Egress Port Schedules If selecting weighted mode the parameters have to be set accordingly a tes P po
31. Revised October 30 2013 Page 37 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 42 ACL ACLs are most common for using as packet filtering but also for selecting types of traffic to analyze forward or influence in some way The ACLs are divided into EtherTypes IPv4 ARP protocol MAC and VLAN parameters etc Here we will just go over the standard and extended access lists for TCP IP While creating ACEs for ingress classification users can assign a policy for each port the policy number is 1 8 applied to any port This makes it very easy to determine the type of ACL policy 4 2 1 Ports The section describes how to configure the ACL parameters ACE of each switch port These parameters affect frames received on a port unless the frame matches a specific ACE To configure the ACL ports via the web interface Navigate to Configuration gt ACL gt Ports Use the drop down menu to set ACL parameters for each port Click Apply or click Reset to revert to previously saved values PW N Click Refresh to refresh port counters or Clear to clear port counters Figure 28 ACL Ports Configuration ACL Ports Configuration Refresh Clear Rate Port Limiter ID Redirect lt m lt gt z Port1 lt gt lt gt iw lt gt lt gt Pot2 Disabled lt 10 Permit Disabled Port1 Disabled Disabled Disabled Enabled Y 0 Port a Action Mirror Logging S
32. SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier spaces It is used with IEEE 802 3 IEEE 802 4 IEEE 802 5 IEEE 802 11 and other IEEE 802 physical network layers as well as with non IEEE 802 physical network layers such as FDDI that use 802 2 LLC 4 11 7 1 Protocol to Group This page enables adding new protocols to Group Name unique for each Group mapping entries as well as enables seeing and deleting already mapped entries for the selected stack switch unit switch To configure Protocol based VLANs via the web interface 1 Navigate to Configuration gt VLAN gt Protocol based VLAN 2 Click Add new eniry and specify the frame type and group name 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 81 Protocol to Group Mapping Table Delete Frame Type Value Group Name No Group entry found Apply J Reset Delete Frame Type Value Group Name a Apply Reset Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 116 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Delete To delete a Protocol to Group Name map entry check this box The entry will be deleted on the switch during the next Apply Frame Type Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP 0 NOTE On changin
33. Shutdown Port v Enable v 8 v Shutdown Port Enable v 9A v Shutdown Port v Enable v 104 v Shutdown Port w Enable v 9B v Shutdown Port v Enable v 108 v Shutdown Port v Enable v Apply Reset Parameter Description Enable Loop Protection Enable disable loop protection globally on the switch Transmission Time The interval between each loop protection PDU sent on each port Valid values are 1 10 seconds Shutdown Time The period for which a port will be kept in disabled state in the event a loop is detected Valid values are 0 604800 seconds A value of 0 will keep the port disabled until next device reboot Port Indicates the port number Enable To enable loop protection on the port Action The action performed when a loop is detected Options are Shutdown Port Shutdown Port and Log or Log Only Tx Mode Controls whether the port is actively generating loop protection PDUs or is just passively looking for PDUs Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 149 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 17 2 Status This page displays the loop protection status Figure 104 Loop Protection Status Loop Protection Status Port Action Transmit Loops Status Loop Time of Last Loop 1 Shutdown Enabled 0 Up 2 Shutdown Enabled 0 Down 3 Shutdown Enabled 0 Down 4 Shutdown Enabled 0 Down 5 Shutdown Enab
34. Statistics Information Global Counters Auto refresh L Neighbour entries were last changed at 2011 01 01 00 00 00 4945 sec ago Total Neighbours Entries Added Total Neighbours Entries Deleted 0 Total Neighbours Entries Dropped 0 Total Neighbours Entries Aged Out 0 LLDP Statistics Local Counters Local Port TxFrames RxFrames Rx Errors Frames Discarded TLVs Discarded TLVs Unrecognized Org Discarded Age Outs 1 0 0 0 0 0 0 0 2 3 4 5 6 7 8 9A 10A 9B 10B Parameter Description Global Counters coocoo ocoooo0oo0oo ecoecoecoececec coo eoocoeoeoce eco o os ecoeoeococ coo ooo ecocoeoc cece eco eooceeoc coc ecs ooooooo0oo0oo0oo0oo0o ecoeoeoeoeeeeoeo cs Neighbor entries were last It displays the time when the last entry was deleted or added and the time changed elapsed since the last change was detected Total Neighbor Entries Added Displays the number of new entries added since switch reboot Total Neighbor Entries Deleted Displays the number of new entries deleted since switch reboot Total Neighbor Entries Dropped Displays the number of LLDP frames dropped due to the entry table being full Total Neightbor Entries Aged Displays the number of entries deleted due to Time To Live expiring Out Local Counters The displayed table contains a row for each port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 96 a I lworx PowerFlex 8 24 48 Port
35. T 3 eg Nothin v 15 5 0000 a 3 aeg Nothing v 15 6 0 00 0 30 3 ae othin v 15 7 0000 T 3 roo Nothin v 15 8 0000 30 3 wag Nothing 15 Parameter Description Ping Check When enabled the function detectes the connection between the PoE port and the PD connected Port Indicates the switch port number Ping IP Address The PD s IP address to ping Interval Time Time intervals at which switch sends a message to the PD Range is 10 120 sec Retry Time When the port is unable to ping the PD it will retry again After 3 failed attempts it will trigger failure action Range is 1 5 Failure Log Failure counter Failure Action Nothing Port continues to ping PD but no action is taken Reboot Remote PD Turn off PoE port power causing PD to reboot Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 101 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 10 5 Scheduling PoE scheduling enables the user to select what time of the day and week a PoE port would provide power to a connected power device To configure the PoE scheduling via the web interface Navigate to Configuration gt PoE gt Scheduling A 2 Enable PoE scheduling for desired ports 3 Specify the days of the week and hours of the day to enable PoE 4 Click Apply Figure 70 POE Scheduling Port 1 2 3 4 6 e Shus x SR FSR SES TE ERA ee Port 1 Shu
36. Table Configuration Disable Automatic Aging C Aging Time seconds Secure O Port Members Delete VLANID MAC Address 1 joooonn DOOOOOOOOOO0 Ad nf static ety Rese Port Members Delete VLANID MAC Address 1 2 3 4 5 6 7 8 9a 10a 9B 108 00 00 00 00 0 00 OOOOOOOOO0OO00 Parameter Description Aging Configuration By default dynamic entries are removed from the MAC table after 300 seconds This removal is called aging Configure aging time by entering a value in seconds The range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking Disable Automatic Aging MAC Table Learning If the learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Each port can do learning based upon the following settings Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No learning is done Secure Only static MAC entries are learned all other frames are dropped Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 104 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide NOTE Make sure that the link used for managing the switch is added to the Static MAC Table before changing to secure learning mode otherwise t
37. a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide The TACACS Authentication Server number for which the configuration below applies Upto 5 servers can be configured Enabled Enable the TACACS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the TACACS Authentication Server IP address is expressed in dotted decimal notation Port The TCP port to use on the TACACS Authentication Server If the port is set to 0 zero the default port 49 is used on the TACACS Authentication Server Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 186 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 6 2 RADIUS Overview This section shows an overview of the RADIUS Authentication and Accounting server statistics To view the RADIUS server statistics in the web interface 1 Navigate to Security gt AAA gt RADIUS Details 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 130 RADIUS Authentication Server Status Overview RADIUS Authentication Server Status Overview Auto refresh C IP Address 0 0 0 0 1812 0 0 0 0 1812 0 0 0 0 1812 0 0 0 0 1812 0 0 0 0 1812 Ion IS 100 In FE Disabled
38. address Blocks intruders on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server An acronym for Domain Name System It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For example the domain name www example com might translate to 192 168 0 1 An acronym for Denial of Service In a denial of service DoS attack an attacker attempts to prevent legitimate users from accessing information or services By targeting at network sites or network connection an attacker may be able to prevent network users from accessing email web sites online accounts banking etc or other services that rely on the affected computer Refers to a method of writing IP addresses using decimal numbers and dots as separators between octets An IPv4 dotted decimal address has the form x y z w where x y z and w are decimal numbers between 0 and 255 An acronym for Differentiated Services Code Point It is a field in the header of IP packets for packet classification purposes An abbreviation for Energy Efficient Ethernet defined in IEEE 802 3az Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 215 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch Us
39. also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 IP Fragment IPv4 frame fragmented option yes no any Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP e _ Pv6 Protocol IP protocol number 0 255 TCP or UDP or Any Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 143 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Source IP IPv6 source address a b c d or Any 32 LS bits DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Action Configuration Class QoS Class class 0 7 default basic classification DP Valid DP Level can be 0 3 default basic classification DSCP Valid dscp value can be 0 63 BE CS1 CS7 EF or AF11 AF43 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 144
40. bit field in the VLAN tag An acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key An acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server The DHCP server ensures that all IP addresses are unique for example no IP address is assigned to a second client while the first client s assignment is valid its lease has not expired IP address pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software tracks IP addresses rather than requiring an administrator to manage the Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 214 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide DHCP Relay DHCP Snooping DNS D
41. e Selected Classify only selected DSCP to enable classification as specified in DSCP Translation window for the specific DSCP e All Classify all DSCP Egress Port Egress Rewriting can be one of below parameters e Disable No Egress rewrite e Enable Rewrite enable without remapping Remap DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 137 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 7 DSCP Based QoS This section describes how to configure the DSCP Based QoS mode To configure the DSCP Based QoS settings via the web interface Navigate to Configuration gt QoS gt DSCP Based QoS Check the Trust checkbox to turn on DSCP Trust Use the drop down menu to select the QoS Class and DPL parameters a ee Click Apply or click Reset to cancel changes and revert to previously saved values Figure 95 DSCP Based QoS Ingress Classification Configuration Fj Refresh DSCP Trust QoS Class DPL ox ov ow M M K Parameter Description DSCP Maximum number of supported DSCP values is 64 Trust Click if the DSCP value is trusted QoS Class QoS Class value can range from 0 7 DPL Drop Precedence Level 0 3 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 P
42. from 32 to 126 System Name An assigned name for this managed switch By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Z a z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character and the first or last character must not be a minus sign The string length is 0 to 255 System Location The physical location of this switch e g telephone closet 3rd floor The string length is 0 to 255 and the content is ASCII characters from 32 to 126 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 6 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 2 Time This page enables configuring the system time manually or automatically using NTP server s 3 2 1 Manual Manual setting is simple just enter Year Month Day Hour Minute and Second within the valid value range indicated in each item To configure system time manually from the web interface 1 Navigate to System gt Time gt Manual 2 Specify the parameters in each field 3 Click Apply Figure 4 Manual Time Configuration Time Configuration Use Local Settings Clock Source x O Use NTP Serer Local Time 2011 01 01 00 12 26 YYYY MM DD HH MM SS Time Zone Offset 0 min Daylight Savings LI Enable Time Set Offs
43. help text for further information for each The maximum number of ACEs is 64 ACL Ports Use the ACL Ports configuration to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic rules Create the Traffic Policy under the Access Control List page Users can also set up specific traffic properties Action Rate Limiter Port copy etc for each ingress port Each only applies if the frame gets past the ACE matching without getting matched In that case a counter associated with that port increments See the Web page help text for each specific port property ACL Rate Limiters Under this page configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per second Under Ports and Access Control List web pages users can assign a Rate Limiter ID to the ACE s or ingress port s An acronym for Advanced Encryption Standard The encryption key protocol is applied in 802 1i standard to improve WLAN security It is an encryption standard by the U S government which will replace DES and 3DES AES has a fixed block size of 128 bits and a key size of 128 192 or 256 bits An acronym for Automatic Protection Switching Use this protocol to secure bidirectional switching in the two ends of a protection group defined in G 8031 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 213 a I Iw rx PowerFlex 8 24 48 Port GbE PoE
44. is 30 seconds Set Aging Period Default is 300 seconds Set Hold Time Default is 10 seconds Enable RADIUS Assigned QoS and VLAN Checked Guest VLAN Enabled 10 Specify Guest VLAN ID 11 Specify Max Reauth Count 12 Check Allow Guest VLAN if EAPOL Seen 13 Click Apply Figure 122 Network Access Server Configuration OO lO On ee NS o RADIUS Assigned QoS Enabled RADIUS Assigned VLAN Enabled Guest VLAN Enabled Guest VLAN ID Max Reauth Count Allow Guest VLAN if EAPOL Seen HER Sal NEED gg eens acres pete anemia gt a Force Authorized Y 6 7 8 9A 9B 08 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 171 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports can forward frames Reauthentication Enabled If checked successfully authenticated supplicants clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1 X enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore does not imply that a client is still
45. is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 113 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 6 MAC based VLAN MAC address based VLAN decides the VLAN for forwarding an untagged frame based on the source MAC address of the frame The most common way of grouping VLAN members is by port hence the name port based VLAN Typically the device adds the same VLAN tag to untagged packets received through the same port Later forward these packets within the same VLAN Port based VLAN is easy to configure and applies to networks where the locations of terminal devices are relatively fixed As mobile office and wireless network access gain more popularity the ports that terminal devices use to access the networks are very often not fixed A device may access a network through Port A this time but through Port B the next time If Port A and Port B belong to different VLANs the device will be assigned to a different VLAN the next time it accesses the network As a result it will not be able to use the resources in the old VLAN On the other hand if Port A and Port B belong to the same VLAN after terminal devices access the network through Port B each has access to the same resources as those accessing the network through Port A do which
46. management VLAN or connect to the new management VLAN through a multi VLAN route 4 11 1 VLAN Membership Users can monitor and modify the VLAN membership configuration for the selected stack switch unit which supports up to 4096 VLANs This page enables for adding and deleting VLANs as well as adding and deleting port members of each VLAN To configure VLAN membership configuration via the web interface 1 Navigate to Configuration gt VLAN gt VLAN Membership 2 Click Add New VLAN to add a new VLAN Modify the VLAN ID and name Add or remove ports by selecting the port members 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 73 VLAN Membership Configuration VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Port Members Delete VLAN ID VLAN Name 1 2 3 4 5 6 7 8 9a 10A 96 10B 1 default MMMMMMIMMM A 200 AllworxLAN MIL JE OM be 74 300 Allwon WAN a IL vajra Parameter Description Delete To delete a VLAN entry check this box The entry will be deleted on the selected switch in the stack If none of the ports of this switch are members of a VLAN then the delete checkbox is greyed out unable to delete the entry during the next Apply VLAN ID Indicates the ID of this particular VLAN VLAN Name Indicates the name of the VLAN VLAN Name can only contai
47. mode operation Disabled Disable server mode operation Server Address 1 IPv4 address of syslog server If the switch has DNS enabled the host name can be entered Server Address 2 IPv4 address of alternate syslog server If the switch has DNS enabled the host name can be entered Syslog Level Indicates what kind of messages will be sent to the syslog server Possible levels are Debug Info Notice Warning Error Critical Alert Emergency Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 16 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 5 2 Log This section displays the system log information of the switch To display the log configuration in the web interface Navigate to System gt Syslog gt Log Figure 11 Syslog Log Display Level 1970 01 01 00 00 05 1970 01 01 00 26 08 1970 01 01 00 55 53 1970 01 01 01 47 14 1970 01 01 01 48 36 1970 01 01 02 20 04 1970 01 01 18 55 49 1970 01 01 19 58 11 1970 01 01 19 58 45 4 2 3 4 5 amp I 8 9 10 reren ce e e eee Message Switch just made a cold boot Link up on port 1 Link down on port 1 Link up on port 1 Link down on port 1 Link up on port 1 Link down on port 1 Link up on port 1 Link down on port 1 Link up on port 1 Parameter Description Auto refresh Evokes automatic periodic refresh of the log messages Level Level of the system l
48. no House number Example 21 House no suffix House number suffix Example A v2 Landmark Landmark or vanity address Example Columbia University Additional location info Additional location info Example South Wing Name Name residence and office occupant Example Flemming Jahn Zip code Postal zip code Example 27913 Building Building structure Example Low Library Apartment Unit Apartment suite Example Apt 42 Floor Floor Example 4 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 87 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Room no Room number Example 450F Place Type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional Code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diag
49. o Doz Click Apply To revert to the original settings click Reset Figure 20 SNMP Trap Host Configuration Severity Security Authentication Privacy Delete No Version Server IP UDP Port Community Security Name eqs N A Protocol Trap Version Server IP UDP Port Community Security Name Severity Level Security Level Authentication Protocol Authentication Password Privacy Protocol Privacy Password Parameter Description Delete Check to delete the entry deleted during the next save Trap Version Select v2c or v3 trap Server IP Server IP address to send the trap Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 27 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide UDP Port Port on which trap is sent to the server Default 162 Community Security Name The length of Community Security Name string is restricted to 1 32 Security Level Indicates what kind of message will be sent to the server NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Authentication Protocol Select MD5 or SHA for authentication Authentication Password The length of MD5 Authentication Password is restricted to 8 32 The length of SHA Authentication Password is restricted to 8 40 Privacy Protocol
50. of a module that may request Port Security services Abr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status The table has one row for each port on the selected switch Port The port number for which the status applies Click the port number to see the status for this particular port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 195 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Users Each of the user modules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security State Shows the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MA
51. periodic intervals 3 Click Refresh to refresh the page manually Figure 136 Access Management Statistics Access Management Statistics Autoveresh O Interface Received Packets Allowed Packets Discarded Packets HTTP HTTPS SNMP TELNET SSH Ss i es i 0 0 0 0 0 0 0 0 0 0 Parameter Interface Description The interface type through which the remote host can access the switch Received Packets Allowed Packets Number of received packets from the interface when access management mode is enabled Number of allowed packets from the interface when access management mode is enabled Discarded Packets Number of discarded packets from the interface when access management mode is enabled Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 199 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 9 SSH This section enables configuring SSH Secure SHell on the switch to securely access it SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication To configure SSH via the web interface 1 Navigate to Security gt SSH 2 Select Enabled in the mode to enable SSH 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 137 SSH Configuration SSH Configuration Mode Enabled Y Parameter Description Mode Indicate
52. port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients do not need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality RADIUS Assigned QoS Enabled When RADIUS Assigned QoS is both globally enabled and enabled checked on a given port the switch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid traffic received on the supplicant s port will be classified to the given QoS Class If re authentication fails or the RADIUS Access Accept packet no longer carries a QoS Class or it is invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This opt
53. product at www allworx com Conventions This guide uses the following conventions throughout this guide to show information Notification for installation operation maintenance performance or general tips that are important but not hazardous to anything or anyone Description of a potentially hazardous situation which if not avoided could result in death or serious or moderate It can also advise against unsafe practices Description of a potentially hazardous situation which if not avoided could result in minor or moderate injury It can also advise against unsafe practices Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page ii a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Compliances and Safety Statements FCC Class A This equipment has been tested and found to comply with the limits for a Class A computing device pursuant to Subpart J of part 15 of FCC Rules which are designed to provide reasonable protection against such interference when operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user must correct the interference at their own expense CAUTIO
54. s Guide 4 6 5 Groups Information Entries in the IGMP Group Table display on this page The IGMP Group Table is sorted first by VLAN ID and then by group The switch will use the last entry of the currently displayed table as a basis for the next lookup When reaching the end the text No more entries displays To display the IGMP Snooping Group Information in the web interface 1 Navigate to Configuration gt IGMP Snooping gt Group Information 2 Check Auto refresh to refresh the page at periodic intervals 3 Click Refresh to refresh an entry of the IGMP Snooping Groups Information 4 Click lt lt or gt gt to move to previous or next entry Figure 48 IGMP Snooping Groups Information IGMP Snooping Groups Information Anosereshi _ Start from VLAN 1 and group address 224 0 0 0 with 20 entries per page Port Members VLAN ID Groups 1 2 3 4 5 6 7 8 9 10 11 12 No more entries Parameter Description Navigating the IGMP Group Table The Start from VLAN and group input fields enable the user to select the starting point in the IGMP Group Table The switch will use the last entry of the currently displayed table as a basis for the next lookup When reaching the end the text No more entries displays IGMP Group Table Columns VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Toll Free 1 866 ALLWORX 585 421 3850 www allworx c
55. secured through the Port Security module State The client can either be authenticated or unauthenticated In the authenticated state it can forward frames on the port and in the unauthenticated state it is blocked As long as the backend server has not successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client will remain in the unauthenticated state for Hold Time seconds Last Authentication Shows the date and time of the last authentication of the client successful as well as unsuccessful Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 182 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 6 AAA This section shows how to use an AAA Authentication Authorization and Accounting server to provide access control to the network The AAA server can be a TACACS or RADIUS server 5 6 1 Configuration This section describes how to configure AAA setting of TACACS or RADIUS server To configure the RADIUS and TACACS server settings 1 Navigate to Security gt AAA gt Configuration 2 Click Apply after setting the parameters or click Reset to cancel changes and revert to previously saved values To configure the Common Configuration parameters via the web interface 1 Set Timeout Default is 15 seconds 2 Set Dead Time Default is 300 seconds To configure TACACS Authori
56. set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influence the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Guard Restricted TCN If enabled it causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistent incorrectly learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently BPDU If enabled it causes the port to disable itself upon receiving valid BPDUs Contrary to the similar bridge setting the port Edge status does not effect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Point to Point Controls whether the port connects to a point to point LAN rather than to a shared medium This can be automatically determined or forced either true or false Transition to the forwarding state is faster
57. the name advertised by the neighbor unit Port Description Port Description is the port description advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are Other Repeater Bridge WLAN Access Point Router Telephone DOCSIS cable device Station only oOo N OO A UO N 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbor s IP address Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 84 allwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 9 3 LLDP MED Configuration Media Endpoint Discovery is an enhancement of LLDP known as LLDP MED that provides the following facilities Auto discovery of LAN policies Such as VLAN Layer 2 Priority and Differentiated services Diffserv settings enabling plug and play networking Device location discovery to enable creation of location databases and in the case of Voice over Internet Protocol VoIP Enhanced 911 services Extended and automated power management of Power over Ethernet PoE end points
58. the next save Security Model Indicates the security model for this entry Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name for this entry The string length is 1 to 32 and the content is ASCII characters from 33 to 126 Group Name A string identifying the group name for this entry The string length is 1 to 32 and the content is ASCII characters from 33 to 126 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 24 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 8 Views Use the function to configure SNMPv3 view Max Group Number 28 To configure SNMP Views Configuration via the web interface 1 Navigate to System gt SNMP gt Views 2 Click Add new view and specify the SNMP View parameters 3 Click Apply Figure 18 SNMP Views Configuration SNMPv3 Views Configuration Delete View Name View Type OID Subtree Add new view Apply SNMPv3 yews Configuration Delete View Name View Type OID Subtree included Add new view Apply Parameter Description Delete Check to delete the entry It will be deleted during the next save View Name A string identifying the view name The string length is 1 to 32 and the content is ASCII characters from 33 to 126 View Type Indicates the view type tha
59. the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malformed access responses Rx Bad Authenticators The number of RADIUS packets containing invalid authenticators received from the server Rx Unknown Types The number of RADIUS packets of unknown types that were received from the Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 190 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide server on the accounting port Rx Packets Dropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Requests The number of RADIUS packets sent to the server This does not include retransmissions Tx Retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server Tx Pending Requests The number of RADIUS packets destined for the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission Tx Timeouts The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a dif
60. to previously saved values Figure 33 LACP Port Configuration LACP Port Configuration Port LACP Enabled Key Role ii C lt gt v lt gt v 1 C Auto Active 2 Ci Auto Active 3 a Auto yY Actie v 4 a Auto Active 5 a Auto Active 6 C Auto Active v 7 E Auto Active 8 a Auto Active 9A d Auto Y Active 10A O Auto Active Y 9B C Auto Active v 106 B Auto Active Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 48 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port The switch port number LACP Enabled Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form a maximum of 12 LLAGs per switch and 2 GLAGs per stack Key The Key value incurred by the port range 1 65535 The Auto setting will set the key based on the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot Role The Role displays the LACP activity status Active will transmit LACP packets each second while Passive will wait for a LACP packets from a partner speak if spoken to 4 4 2 System Status This section provides a statu
61. types None Rx Tx or All By default the value is None By default the IP is set to 0 0 0 0 Sampling Rate Configured sampling rate on the ports Max Hdr Size Configured size of the header of the sampled frame Polling Interval Configured polling interval for the sampling Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 148 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 17 Loop Protection With the loop protection feature enabled configure the switch to shut down a port if detecting a loop in the edge of the network An undetected loop can cause a broadcast storm 4 17 1 Configuration To configure loop protection general and port settings via the web interface 1 Navigate to Configuration gt Loop Protection gt Configuration 2 Specify the global loop protection settings and then specify loop protection settings for each port 3 Click Apply or Click Reset to revert to previously saved values Figure 103 Loop Protection Global Configuration Enable Loop Protection Disable v Transmission Time 5 seconds Shutdown Time 180 seconds Port Enable Action Tx Mode lt gt v v 1 v Shutdown Port v Enable v 2 v Shutdown Port w Enable v 3 v Shutdown Port v Enable v 4 v Shutdown Port Enable v 5 v Shutdown Port v Enable v 6 v Shutdown Port v Enable v T v
62. used for the specified application type One of the eight priority levels 0 through 7 can be used DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 It contains one of 64 code point values 0 through 63 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 93 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 9 5 EEE By using EEE users achieve power savings at the expense of traffic latency This latency occurs due to that the circuits EEE turn off to save power need time to boot up before sending traffic over the link This time is called wakeup time To achieve minimal latency devices can use LLDP to exchange information about the respective TX and RX wakeup time as a way to agree upon the minimum wakeup time necessary This page provides an overview of EEE information exchanged by LLDP To display LLDP EEE neighbors 1 Click LLDP gt EEE The discovered EEE devices display 2 Click Refresh for manual update web screen 3 Click Auto refresh for auto update web screen Figure 64 LLDP Neighbors EEE Information LLDP Neighbors EEE Information Auto refresh C Local Port Tx Tw Rx Tw Fallback Receive Tw Echo Tx Tw EchoRx Tw Resolved Tx Tw ResolvedRx Tw EEE activated No LLDP EEE information found NOTE If the network has no devices enabled EEE function then Gi the t
63. very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP A 3 bit field storing the priority level for the 802 1Q frame Also known as PCP An acronym for Virtual LAN A method to restrict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected to VLAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames Provider switching This is also known as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all f
64. 0 200 200 200 Auto refresh L Refresh Clear I lt lt gt gt and MAC address 00 00 00 00 00 00 with 20 entries per page Port Members VLAN MAC Address cpu 1 2 3 4 5 6 7 8 9A 10A 9B 10B 00 04 DD 04 00 14 00 14 22 C5 6C 56 33 33 00 00 00 01 33 33 00 00 00 02 33 33 FF 04 00 14 33 33 FF A8 01 01 Parameter E eS C a aa at ee e Se a E 7 ME me ese AR Mk a xq ee Ge ee Cnr lt a Gon eo pe ig Mas ie lt ene es ae Description Type Indicates whether the entry is a static or dynamic entry VLAN ID MAC Address The VLAN ID of the entry The MAC address of the entry Port Members The ports that are members of the entry Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 106 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 VLAN Use the management VLAN to establish an IP connection to the switch from a workstation connected to a port in the VLAN This connection supports a VSM SNMP and Telnet session By default the active management VLAN is VLAN 200 but users can designate any VLAN as the management VLAN using the Management VLAN window Only one management VLAN can be active at a time When specifying a new management VLAN the HTTP connection to the old management VLAN is lost For this reason verify the connection between the management station and a port in the new
65. 1 No Voice VLAN 3 1 UnAware Disabled All Untag This 1 No MSTP 4 1 UnAware Disabled All Untag This 1 No GVRP 5 1 UnAware Disabled All Untag This 1 No Combined 6 1 UnAware Disabled All Untag This 1 No 7 1 UnAware Disabled All Untag This 1 No 8 1 UnAware Disabled All Untag This 1 No 9A 1 UnAware Disabled All Untag This 1 No 10A 1 UnAware Disabled All Untag This 1 No 9B 1 UnAware Disabled All Untag This 1 No 10B 1 UnAware Disabled All Untag This 1 No Parameter Description Port The logical port for the settings contained in the same row PVID Displays the VLAN identifier for that port The values are 1 through 4095 The default value is 1 Port Type Displays the Port Type Port type can be any of Unaware C port S port Custom S port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed C port is Customer Port S port is Service port Custom S port is S port with Custom TPID Ingress Filtering Displays the ingress filtering on a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN the frame is discarded Frame Type Displays whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Tx Tag Displays egress filtering frame status wheth
66. 11 01 01 00 03 27 System Uptime Od 00 03 27 BIOS Version v1 00 Firmware Version v2 29 2013 08 07 Hardware Mechanical 1 014101 Version Series Number PO810000A40004001 4 Host IP Address 192 168 2 200 Subnet Mask 255 255 255 0 Gateway IP Address 192 168 2 254 Host MAC Address 00 Da dd 04 00 14 Console Baudrate 115200 RAM Size 64MB Flash Size 16MB Bridge FDB Size 8192 MAC Addresses Transmit Queue 8 queues per port Maximum Frame Size 9600 Model Name The device model name System Description A brief description of the switch Location User defined location of the switch Contact User defined contact person for switch administration Configure this parameter through the device user interface or SNMP Device name User defined name for the switch Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 4 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide System Date Display the system time and date Format year day of week month hours minutes seconds System up time Time the system has been up since powering on or last reboot Format days hours minutes seconds BIOS version The switch BIOS version Firmware version The switch firmware version Hardware Mechanical version The version of Hardware and Mechanical The figure before the hyphen is the version of the electronic hardware the one after the hyphen
67. 21 3850 www allworx com Revised October 30 2013 Page 161 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 1 3 Dynamic Table This section displays to configure the Dynamic IP Source Guard Table To display the Dynamic IP Source Guard Table in the web interface Navigate to Security gt IP Source Guard gt Dynamic Table Specify the Start from port VLAN ID IP Address and entries per page Check Auto refresh to refresh the page automatically at periodic intervals Click Refresh to refresh the page manually Ce Os NS Click lt lt or gt gt to go to the previous or next page Figure 114 Dynamic Table Dynamic IP Source Guard Table Autorefresh L Refresh J lt lt gt gt Start from Pot 1 v VLAN 1 and IP address 0 0 0 0 with 20 entries per page Port VLANID IP Address MAC Address No more entries Parameter Description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the IP traffic is permitted IP Address User IP address of the entry MAC address Source MAC address Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 162 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 2 ARP Inspection This section describes how to configure the ARP Inspection parameters of the switch 5 2 1 Configuration To configure ARP Inspection via the web interface 1 Navigate to
68. 3 Page 19 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 6 2 Configuration The SNMP Get Read and Set Write community strings are set on this page The default values are public and private Enable is the Set community To configure the community strings via the web interface 1 Navigate to System gt SNMP gt Configuration 2 Specify the Get and Set community strings 3 Click Apply Figure 14 SNMP Configuration SNMP Configuration Get Community public Set Community private Enable w Parameter Description Get Community The Get or read community string Set Community The Set or write community string The set community can be enabled or disabled to allow or deny set operations Indicates the community access string to permit access to SNMPv3 agent The string length is 1 to 32 and the content is ASCII characters from 33 to 126 The community string will be treated as security name and map an SNMPVv1 or SNMPv2c community string Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 20 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 6 3 Communities Use the function to configure SNMPv3 communities The Community and Username must be unique The maximum Group Number is 4 To configure SNMP Communities via the web interface 1 Navigate to System gt SNMP gt Communities 2 Click Add new community 3 Specify t
69. 30 2013 Page 194 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 7 2 Switch Status This section shows the Port Security status on the switch Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses pass on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If even one user module decides to block it blocking continues until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status To view the Port Security Switch Status in the web interface 1 Navigate to Security gt Port Security gt Switch Status 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 133 Port Security Switch Status User Module Name Abbr Current Limit i v Bee Bese eee me S Parameter Description User Module Legend The legend shows all user modules that may request Port Security services User Module Name The full name
70. 3850 www allworx com Revised October 30 2013 Page 121 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 12 2 OUI This section describes how to configure Voice VLAN OUI table The maximum number of entries is 16 Modifying the OUI table will restart auto detection of OUI process To configure Voice VLAN OUI Table via the web interface 1 Navigate to Configuration gt Voice VLAN gt OUI 2 Specify Telephony OUI and Description 3 Click Apply Figure 84 Voice VLAN OUI Table Voice VLAN OUI Table Delete Telephony OUI 00 01 e3 00 03 66 00 0f e2 00 60 b9 00 d0 1e 00 e0 75 00 e0 bb Parameter Description Description Siemens AG phones Cisco phones H3C phones Philips and NEC AG phones Pingtel phones Polycom phones 3Com phones Delete Check to delete the entry It will be deleted during the next apply Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit Description The description of the OUI address Normally it describes which vendor telephony device it belongs to The string length is 0 to 32 Add New entry Click to add a new entry in Voice VLAN OUI table An empty row is added to the table and the Telephony OUI and Description can be set Toll Free 1 866 ALLWORX 585 421 3850 ww
71. 48 Port GbE PoE Managed Switch User s Guide Authentication Password A string identifying the authentication password phrase For MD5 authentication protocol the string length is 8 to 32 For SHA authentication protocol the string length is 8 to 40 The content is ASCII characters from 33 to 126 Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocols are None No privacy protocol DES An optional flag to indicate that this user uses DES authentication protocol Privacy Password A string identifying the privacy password phrase The string length is 8 to 32 and the content is ASCII characters from 33 to 126 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 23 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 7 Groups Use the function to configure SNMPv3 groups Max Group Number v1 2 v2 2 v3 10 To configure SNMP Groups via the web interface 1 Navigate to System gt SNMP gt Groups 2 Specify the group security parameters 3 Click Apply Figure 17 SNMP Groups Configuration SNMPv3 Groups Configuration Delete SecurityModel SecurityName Group Name Add new group Apply SNMPv3 Groups Configuration Delete Security Model Security Name Group Name usm SNMP z Add new group Apply Parameter Description Delete Check to delete the entry It will be deleted during
72. 50 www allworx com Revised October 30 2013 Page 220 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Private LAN PTP Q QCE QCL QL QoS RARP POPS is designed to delete mail on the server as soon as the user has downloaded it However some implementations enable users or an administrator to specify that mail be saved for some period of time POP can be thought of as a store and forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the server Consider IMAP as a remote file server POP and IMAP deal with the receiving of e mail Do not with the Simple Mail Transfer Protocol SMTP Send e mail with SMTP and a mail handler receives it on the recipient s behalf Then the mail is read using POP or IMAP IMAP4 and POP3 are the two most prevalent Internet standard protocols for e mail retrieval Virtually all modern e mail clients and servers support both In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN An acronym for Precision Time Protocol a network protocol for synchronizing the clocks of computer systems An acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE frame types Ethernet Type VLAN UDP TCP Port
73. 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any SMAC Source MAC address 24 MS bits OUI or Any DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any Frame Type Frame Type can have any of the following values e Any e Ethernet e LLC e SNAP e 6 IPv4 e IPv6 NOTE All frame types are explained below e Any Allow all types of frames e Ethernet Ethernet Type Valid Ethernet type can have value within 0x600 OxFFFF or Any default value is Any e LLC SSAP Address Valid SSAP Source Service Access Point can vary from 0x00 to OxFF or Any the default value is Any DSAP Address Valid DSAP Destination Service Access Point can vary from 0x00 to OxFF or Any the default value is Any Control Address Valid Control Address can vary from 0x00 to OxFF or Any the default value is Any e SNAP PID Valid PID a k a Ethernet type can have value within 0x00 0xF FFF or Any default value is Any e Pv4 Protocol IP protocol number 0 255 TCP or UDP or Any Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When converting Mask to a 32 bit binary string and read from left to right all bits following the first zero must
74. 8 24 48 Port GbE PoE Managed Switch User s Guide RADIUS RDI RSTP SHA Shaper SMTP SNAP SNMP SNTP SPROUT SSID An acronym for Remote Authentication Dial In User Service It is a networking protocol that provides centralized access authorization and accounting management for people or computers to connect and use a network service An acronym for Remote Defect Indication It is a OAM functionallity that is used by a MEP to indicate defect detected to the remote peer MEP In 1998 the IEEE with document 802 1w introduced an evolution of STP the Rapid Spanning Tree Protocol which provides for faster spanning tree convergence after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP An acronym for Secure Hash Algorithm designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length Limits the bandwidth of transmitted frames It is located after the ingress queues An acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications re
75. 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 6 Port DSCP This section describes how to set the QoS Port DSCP configuration To configure the QoS Port DSCP parameters via the web interface 1 Navigate to Configuration gt QoS gt Port DSCP 2 Check the Translate checkbox to enable the Ingress Translate and enable disable the Classify and Egress Rewrite parameters using the drop down menu 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 94 QoS Port DSCP Configuration QoS Port DSCP Configuration Port Ingress 3 Egress Translate Classify Rewrite 1 Disable w Disable v 2 a Disable Disable v 3 C Disable Disable v 4 Disable w Disable v L L Disable v Disable v 6 a Disable Disable v 7 a Disable Disable v 8 C Disable Disable v 9A Disable w Disable v 10A a Disable Disable v 9B L Disable w Disable v 10B 0O Disable Disable v Parameter Description Port The Port coulmn displays the list of ports to configure dscp ingress and egress settings Ingress Change the ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress Translate To Enable the Ingress Translation Classify Classification for a port has 4 different values e Disable No Ingress DSCP Classification e DSCP 0 Classify if incoming or translated if enabled DSCP is 0
76. A Disabled Receiver Disabled v 98 Disabled Receiver Disabled v 108 Disabled v Receiver Disabled v Parameter Description MVR Mode Enable Disable the MVR globally VLAN ID Specify the Multicast VLAN ID Mode Enable MVR on the port Type Specify the MVR port type on the port Immediate Leave IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 77 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Type Enable fast leave on the port 4 8 2 Port Group Allow This section enables adding multicast groups To configure Port Allow Group via the web interface 1 Navigate to Configuration gt MVR gt Port Group Allow 2 Click Add new Allow Group 3 Click Apply or Click Reset to revert to previously saved values Click Apply and Save Start to save the change Figure 57 MVR Port Group Allow MVR Port Group Allow Configuration Delete Port StartAddress End Address MVR Port Group Allow Configuration Delete Port Start Address End Address 1 amp Add new Allow Group Apply amp Save Start Parameter Description Delete Check to delete entry the next apply deletes Port Indicates the port number Allow Group The allowed IP multicast groups Toll Free 1 866 ALLWORX 585 421
77. A Low PoE mmer OFF PoE 4 0 o ow ow 0 mA Low Boe nimed OFF PoE 5 0 om om ow 0 MA T RoE umed OFF PoE 6 0 ow ow ow 0 mA Low Pores Greate 7 0 OM ow ow 0 mA Low Pi OFF PoE 8 0 ow ow ow 0 mA Low ee OFF PoE Total ow ow ow 0 mA Parameter Description Local Port This is the logical port number for this row PD Class The PD class that the device attached port belongs to The classification current describes the amount of power the PD will require during normal operation Power Requested The Power Requested displays the requested amount of power the PD wants reserved Power Allocated The Power Allocated displays the amount of power the switch has allocated for the PD Power Used The Power Used displays the power the PD is currently using Current Used The Current Used displays the current the PD is currently using Priority The Priority displays the port s priority configured by the user Allworx is typically 3 watts Port Status The Port Status displays the port s status Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 99 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 10 3 Power Delay This page enables the user to set a time delay to provide power on a port after the rebooting the device To set the power delay via the web interface 1 Navigate to Configuration gt PoE gt Power Delay 2 Enable the Delay
78. ACL or use the other ACL modification buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 Specific the parameters of the ACE 4 Click Apply or click Reset to revert to previously saved values When editing an entry on the ACE Configuration page note that the items displayed depend on various selections such as Frame Type and IP Protocol type Specify the relevant criteria to match for this rule and set the actions to take when matching a rule such as Rate Limiter Port Copy Logging and Shutdown Figure 30 ACL Rate Limiter Configuration Refresh Clear Remove An Ingress Port Policy Bitmask Frame Type Action RateLimiter PortRedirect Mirror ae ar 802 1QTagged Any VLAN ID Filter Any x Tag Priority Any Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 41 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Ingress Port Select the ingress port for which this ACE applies All The ACE applies to all port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care Specific To filter a specific policy with this ACE select this value Two fields for entering policy value and bitmask appear
79. ANs configured on the switch The drop down menu on the top of the page enables displaying only specific VLANs To display VLAN membership status in the web interface 1 Navigate to Configuration gt VLAN gt Switch Status 2 Select the view from the drop down list Figure 75 VLAN Membership Status for Static User The ports belong to the currently selected stack unit as reflected by the page header VLAN Membership Status for Staticuser Static v Auto refresh L Refresh Static P NAS VLAN ID 1 2 3 4 5 6 7 8 9a 104 96 108 a MV 1 GA A I ars VERN MSTP Parameter Description VLAN USER scroll to select one kind VLAN user as below VLAN User module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID Currently we support the following VLAN user types CLI Web SNMP These are referred to as static NAS NAS provides port based authentication which involves communication between a Supplicant Authenticator and an Authentication Server MVRP Multiple VLAN Registration Protocol MVRP allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network GVRP GARP VLAN Registration Protocol GVRP allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones
80. C addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a dash Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 196 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 7 3 Port Status This section shows the MAC addresses secured by the Port Security module Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one user module decides to block it blocking continues until that user module decides otherwise
81. CP servers may be on another network 5 4 1 Configuration This section describes how to configure DHCP Relay settings including e Relay Mode Enabled or Disabled e Relay Server IP setting e Relay Information Mode Enabled or Disabled e Relay Information Mode Policy Replace Keep and Drop To configure DHCP Relay via the web interface 1 Navigate to Security gt DHCP Relay gt Configuration 2 Enable the DHCP Relay mode and then specify the Relay Server IP address 3 Enable the Relay Information Mode and then specify the Relay Information Policy setting 4 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 120 UPnP Configuration DHCP Relay Configuration DHCP Relay Configuration Relay Mode Disabled v Relay Server 0 0 0 0 Relay Information Mode Disabled v Relay Information Policy Replace v Parameter Description Relay Mode Indicates the DHCP relay mode operation Possible modes are Enabled Enable DHCP relay mode operation When DHCP relay mode operation is enabled the agent forwards and transfers DHCP messages between the clients and the server if not located in the same subnet domain The DHCP broadcast messages will not be flooded for security considerations Disabled Disable DHCP relay mode operation Relay Server Indicates the DHCP relay server IP address Relay Information Mode Indicates the DHCP relay information mode option operation Possible modes a
82. GbE PoE Managed Switch User s Guide Local Port The port on which LLDP frames are received or transmitted Tx Frames The number of LLDP frames transmitted on the port Rx Frames The number of LLDP frames received on the port Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port s link is down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Age Outs Each LLDP frame contains information about how long the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 97 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Manag
83. Guard This section describes how to configure the IP Source Guard parameters 5 1 1 Configuration To configure IP Source Guard via the web interface Navigate to Security gt IP Source Guard gt Configuration Set the mode to Enabled to enable the IP Source Guard on the switch globally oy Set the port mode and Maximum Dynamic Clients for each port 4 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 112 UPnP Configuration IP Source Guard Configuration Mode Disabled v Translate dynamic to static Port Mode Configuration Port Mode Max Dynamic Clients lt gt i lt gt v 1 Disabled Unlimited v 2 Disabled Unlimited v 3 Disabled Unlimited v 4 Disabled Unlimited v 5 Disabled Unlimited v 6 Disabled Unlimited hi 7 Disabled Unlimited v 8 Disabled Unlimited v 9A Disabled Unlimited v 104 Disabled Unlimited v 9B Disabled Unlimited v 10B Disabled Unlimited v Apply Reset Parameter Description Mode Enable or disable IP Source Guard globally on the switch All configured ACEs will be lost when the mode is enabled Port Mode Configuration Select ports on which to enable IP Source Guard It has to be enabled both globally and at port level for it to take effect Max Dynamic Clients Specify the maximum number of dynamic clients to learn on the port This value ca
84. Guide If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it is invalid or the supplicant is otherwise no longer present on the port the port s VLAN ID is immediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e e Port based 802 1X e Single 802 1X For trouble shooting VLAN assignments use the Monitor gt VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access Accept packet The following criteria are used e The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet e The switch looks for the first set of these attributes that have the same Tag value and fulfill the following requirements if Tag 0 is used the Tunnel Private Group ID does not need to include a Tag e Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 e Value of Tunnel Type must be set to VLAN ordinal 13 e Value of Tunnel Private Group ID must be a string of ASCII characters in the range 0 9 which is interpreted as a decimal stri
85. IGMP snooping on the switch To configure the IGMP Snooping parameters via the web interface 1 Navigate to Configuration gt IGMP Snooping gt Basic Configuration Check the Snooping Enabled box to enable IGMP snooping globally on the switch Check the port that has to be set as the Router Port and enable disable the Fast Leave function on the ports Use the drop down menu to set the Throttling parameter Click Apply or click Reset to cancel the changes and revert to previously saved values Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 62 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Figure 44 IGMP Snooping Configuration IGMP Snooping Configuration Global Configuration Snooping Enabled a Unregistered IPMCv4 Flooding Enabled IGMP SSM Range 232 0 0 0 8 Proxy Enabled Port Related Configuration Port RouterPort FastLeave Throttling x C a lt gt v 1 a C unlimited 7 unlimited 3 C unlimited 4 a d unlimited 5 a a unlimited 6 a unlimited rd unlimited 8 LI unlimited JA a al unlimited 104 O C unlimited 9B CI O unlimited 10B d unlimited Parameter Description Snooping Enable IGMP Snooping globally on the switch Unregistered IPMC Enable unregistered IPMC traffic flooding Floodin
86. IUS Authentication Server Configuration The RADIUS Authentication Server number for which the configuration below applies Upto 5 servers can be configured Enabled Enable the RADIUS Authentication Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Authentication Server IP address is expressed in dotted decimal notation Port Secret The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server The secret up to 29 characters long shared between the RADIUS Authentication Server and the switch RADIUS Account Server Co nfiguration The RADIUS Accounting Server number for which the configuration below applies Upto 5 servers can be configured Enabled Enable the RADIUS Accounting Server by checking this box IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is expressed in dotted decimal notation Port The UDP port to use on the RADIUS Accounting Server If the port is set to 0 zero the default port 1813 is used on the RADIUS Accounting Server Secret The secret up to 29 characters long shared between the RADIUS Accounting Server and the switch TACACS Authentication Server Configuration Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 185
87. Inventory management enabling network administrators to track network devices and determine the characteristics manufacturer software hardware versions and serial or asset number This page enables configuring LLDP MED This function applies to VoIP devices which support LLDP MED To configure LLDP MED via the web interface 1 Click Configuration gt LLDP gt LLDP MED Configuration 2 Modify the parameters according to requirement 3 Click Add new policy After defining the new policy apply it to the ports 4 Click Apply Figure 62 LLDP MED Configuration Latitude o degrees Nom v Longitude o degrees Eat v Atitude o0 metes v MapDatum wose v State City district Leading street direction House no Building Room no P O Box Emergency Call Service Delete Policy ID Application Type _ VLANID L2 Priority DSCP Ei 0 Voice T RE Kal 200 Add new policy Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 85 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VolP systems in general In addition it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice net
88. MSTI mapping configuration in order to share spanning trees for MSTIs Intra region The name is at most 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI Mapping MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANs Mapped The list of VLANs mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI An unused MSTI should just be left empty i e not have any VLANs Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 54 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 5 3 MSTI Priorities When implementing an Spanning Tree protocol on the switch that the bridge instance The CIST is the default instance which is always active For controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier This section enables the user to inspect and change the current STP MSTI bridge instance priority configurations To configure the Spanning Tree MSTI Priorities parameters via the web interface 1 Navigate to Configuration gt Spanning Tree gt MSTI Priorities 2 Set the priority for the MSTI Instances
89. MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment VLAN ID Indicates the ID of this particular VLAN VLAN Membership The VLAN Membership Status Page displays the current VLAN port members for all VLANs configured by a selected VLAN User When ALL VLAN Users are selected it displays this information for all the VLAN Users and this is by default VLAN membership allows the frames classified to the VLAN ID to be forwarded on the respective VLAN member Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 110 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 4 Port Status This page displays the VLAN status by port To display VLAN Port Status in the web interface 1 Navigate to Configuration gt VLAN gt Port Status 2 Select an option from the drop down list Figure 76 VLAN Port Status for Static User VLAN Port Status for Static user E v Auto refresh O tatic Port PVID PortType Ingress Filtering Frame Type TxTag UVID Conflicts NAS 4 1 UnAware Disabled All Untag This 1 No Mep 2 1 UnAware Disabled All Untag This
90. Managed Switch User s Guide Aggregation ARP ARP Inspection Auto Negotiation C CC CCM CDP DEI DES DHCP Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation An acronym for Address Resolution Protocol It is a protocol used to convert an IP address into a physical address such as an Ethernet address ARP permits a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet address of the desired destination system A secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches Use this feature to block such attacks Only valid ARP requests and responses can go through the switch device The process where two different devices establish the mode of operation and share the speed settings by those devices for a link An acronym for Continuity Check It is a MEP functionality able to detect loss of continuity in a network by transmitting CCM frames to a peer MEP An acronym for Continuity Check Message It is a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality An acronym for Cisco Discovery Protocol An acronym for Drop Eligible Indicator It is a 1
91. Mode and set the delay time 3 Click Apply Figure 68 Power Delay POE Power Delay Port Delay Mode Delay Time 0 300 sec lt gt Disable Disable Disable Disable Disable Disable Disable an ao nn amp W NY OFoyoyo yoyo oyo Disable Parameter Description Port Indicates the port number Delay Mode To turn on off the power delay function Enabled Enable PoE power delay Disabled Disable PoE power delay Delay Time Upon reboot the PoE port with start providing power after waiting for the delay time to end Value ranges from 0 300 sec Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 100 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 10 4 Auto Checking This page enables the user to set auto detect parameters to check the link status between the PoE port and the power device If a fail connect is detected the PD is rebooted automatically To configure Auto Checking via the web interface 1 Navigate to Configuration gt PoE gt Auto Checking 2 Specify the Auto Checking parameters for the ports 3 Click Apply Figure 69 Auto Checking POE Auto Checking Ping Check Disable v 7 Interval Retry 7 Reboot Port Ping IP Address Time sec Time FailureLog Failure Action Time sec 1 000 0 30 3 oag Nothin y 15 2 0 000 0 3 Nothing v 15 3 0000 a 3 mr athin v 15 4 0000
92. N changes or modifications not expressly approved by the party responsible for compliance could void the authority to operate the equipment It is possible to use unshielded twisted pair UTP for RJ 45 connections Category 3 or better for 10 Mbps connections Category 5 or better for 100 Mbps connections Category 5 5e or 6 for 1000 Mbps connections For fiber optic connections it is possible use a 50 125 or 62 5 125 micron multimode fiber or 9 125 micron single mode fiber CE Mark Declaration of Conformance for EMI and Safety EEC This equipment has been tested and found to comply with the protection requirements of European Emission Standard EN55022 EN61000 3 and the Generic European Immunity Standard EN55024 A Caution Maintenance Personnel To avoid electric shock turn the power off and detach the input power cord prior to doing any equipment maintenance After completing the equipment maintenance verify the ground connection and setup Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page iii Revision History This section summarizes the changes in each revision of this guide Release BEIG Revision V2 29 09 09 2013 A3 V1 52 05 22 2013 A2 V1 07 10 17 2011 Al Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page iv a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Table of Contents 1
93. NMP protocol to govern the transfer of information between SNMP manager and agent and traverses the Object Identity OID of the Management Information Base MIB described in the form of SMI syntax The SNMP agent running on the switch responds to the request issued by the SNMP manager It is passive except when issuing trap information The system has a switch to turn on or off the SNMP agent Setting the field SNMP to Enable starts the SNMP agent Access all supported MIB OIDs including RMON MIB via SNMP manager If the field SNMP is set to Disable the SNMP agent de activates and ignores the related Community Name Trap Host IP Address Trap and all MIB counters 3 6 1 System This section enables globally enabling or disabling SNMP on the switch To configure SNMP via the web interface 1 Navigate to System gt SNMP gt System 2 Select the Enable or Disable radio buttons to turn on or off the SNMP function 3 Specify the Engine ID 4 Click Apply Figure 13 SNMP System Configuration SNMP System Configuration SNMP State Enable Disable Engine ID 800007e5017f000001 Parameter Description SNMP State Enable or Disable SNMP on the switch Enable Enable SNMP state operation Disable Disable SNMP state operation Engine ID SNMPv3 engine ID Syntax 0 9 a f A F min 5 octet max 32 octet fifth octet cannot be 00 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 201
94. ORX 585 421 3850 www allworx com Revised October 30 2013 Page 202 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 Maintenance This chapter describes the entire switch Maintenance configuration tasks including Restart Device Firmware upgrade Save Restore Import Export and Diagnostics 6 1 Restart Device This section describes how to restart switch for any maintenance needs Any configuration files or scripts saved in the switch should still be available afterwards To restart the switch via the web interface 1 Navigate to Maintenance gt Restart Device 2 Click Yes or No Figure 140 Restart Device Restart Device Are you sure you want to perform a Restart No Parameter Description Restart Device Restart the switch from this page After restart the switch will boot normally Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 203 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 2 Firmware This section describes how to upgrade Firmware 6 2 1 Firmware Upgrade To perform a Firmware Upgrade via the web interface 1 Navigate to Maintenance gt Firmware gt Firmware Upgrade 2 Click Choose File and browse to the file in the local device 3 Click Upload Figure 141 Firmware update Firmware Update Browse Upload Parameter Description Choose File Click the Choose File button to locate the path
95. PL and DSCP e Class Classified QoS Class if a frame matches the QCE it goes in the queue e DPL Drop Precedence Level if a frame matches the QCE then DP level will be set to value displayed in the DPL column e DSCP If a frame matches the QCE then DSCP will be classified with the value displayed in the DSCP column Conflict Displays QCE status It is possible that resources required to add a QCE may not be available If so a Yes conflic status displays otherwise it is always No To resolve the conflict release the resource required by the QCE and press Refresh button Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 145 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 12 Storm Control This section enables the user to configure the Storm control for the switch There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch To configure the Storm Conirol Configuration parameters via the web interface 1 Navigate to Configuration gt QoS gt Storm Control 2 Enable Storm Control for the port and set the rate limits for the frame types 3 Click Apply or click Reset to cance
96. Port gt Port Description 2 Specify the port alias or description an alphanumeric string 3 Click Apply Figure 22 Port Description Port Description Port Description To Allworx LAN To Allworx WAN JA Uplink 10A Uplink 9B Uplink 106 Uplink Parameter Description Port This is the port number Description Description of device ports CANNOT contain amp Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 31 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 1 3 Traffic Overview This page provides an overview of general traffic statistics for all switch ports To display the port statistics overview in the web interface 1 Navigate to Configuration gt Port gt Traffic Overview 2 Check the Auto refresh check box for periodic page refresh 3 Click Refresh to update the port statistics or click Clear to clear all information on the ports Figure 23 Port Statistics Overview Port Statistics Overview Auto efresh O Port Packets Bytes Errors Drops Filtered Received Transmitted Received Transmitted Received Transmitted Received Transmitted Received ki 7619 10650 1514026 3332717 0 0 0 0 29 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 0 0 7 0 0 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 0 0 it 0 0 0 0 0 0 0 0 0 12 0 0 0 0 0 0 0 0 0 Parameter D
97. Port Indicates the port number Port Type Port can be one of the following types Unaware Customer port C port Service Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 108 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide port S port Custom Service port S custom port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed Ingress Filtering Enable ingress filtering on a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded By default ingress filtering is disabled Frame Type Determines whether the port accepts all frames or only tagged untagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All Port VLAN ID Configures the VLAN identifier for the port The values are 1 through 4095 The default value is 1 NOTE The port must be a member of the same VLAN as the Port VLAN ID Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 109 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 3 Switch Status This page displays the status of all VL
98. Port based 802 1X e Single 802 1X e Multi 802 1X e MAC based Auth Selected Counters Selected Counters The Selected Counters table is visible when the port is in one of the following administrative states e Multi 802 1X e MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Attached MAC Addresses Identity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not available for MAC based Auth MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached VLAN ID Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 181 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide This column holds the VLAN ID that the corresponding client has currently
99. PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Updated October 30 2013 allworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide allworx a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 2013 Allworx Corp a Windstream Communications company All rights reserved No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopy recording or otherwise without the prior written permission of Allworx Corp All brand and product names referenced in this guide are trademarks or registered trademarks of their respective companies Software in this product is 2013 Allworx Corp a Windstream Communications company or its vendors All rights are reserved The software is protected by United States of America copyright laws and international treaty provisions applicable worldwide Allworx Software Products End User License Agreement Purpose This guide gives specific information on how to operate and use the management functions of the switch Audience Intended use For use by network administrators who are responsible for operating and maintaining network equipment consequently it assumes a basic working knowledge of general switch functions the Internet Protocol IP and Simple Network Management Protocol SNMP Warranty Find a copy of the specific warranty terms applicable to this
100. Security gt ARP Inspection gt Configuration 2 Select Enabled to globally enable ARP Inspection and set the mode for each port 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 115 ARP Inspection Configuration Mode Translate dynamic to static a Port Mode lt gt v 1 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled v Disabled Disabled Y Patio Disabled v Disabled Parameter Description Mode Enable or disable ARP Inspection globally on the switch Port Mode Configuration Enable or disable ARP Inspection for each port It has to be enabled both globally and at each port level for it to take effect on the port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 163 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 2 2 Static Table This section describes how to configure the Static ARP Inspection Table parameters To configure the Static ARP Inspection Table via the web interface 1 Navigate to Security gt ARP Inspection gt Static Table 2 Click Add new eniry 3 Specify the Port VLAN ID IP Address and MAC address for the entry 4 Click Apply Figure 116 Static ARP Inspection Table Delete Port VLANID MAC Address IP Address Apply f Reset Delete Port VLAN ID MAC Address IP Ad
101. The privacy protocol is set to DES encryption Privacy Password The length of Privacy Password is restricted to 8 32 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 28 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 Configuration This chapter describes all the network configuration tasks which include the Ports Layer 2 network protocols e g VLANs QoS IGMP ACLs and PoE etc and other settings on the switch 4 1 Port This section enables configuring the port parameters such as speed duplex settings or enabling and disabling a port 4 1 1 Configuration This section describes how to view the current port configuration and how to configure ports to non default settings including e Linkup Linkdown e Speed Current and configured e Flow Control Current Rx Current Tx and Configured e Maximum Frame Size e Excessive Collision Mode e Power Control To configure port settings via the web interface 1 Navigate to Configuration gt Port gt Configuration 2 Specify the Speed Configured Flow Control Maximum Frame size Excessive Collision mode and Power Control 3 Click Apply Figure 21 Port Configuration Port Configuration Speed Flow Control Maximum Excessive pace Port Link Current Current Frame Collision Current Configured Rx Tx Config
102. VLAN security mode operation Port Discovery Protocol Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled Enable the LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP Note If using is a phone model 9224 handset do the following steps Connect the phone to the switch The phone fails to boot up Press the button below the Config softkey and navigate to Network Settings Select the option by pressing the V key Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 120 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Set the VLAN mode to Enabled and navigate down to the Phone VLAN settings Set the phone VLAN to 200 and press EXIT Select YES when prompted to save configuration Reboot the phone The phone will now boot successfully and load new firmware Select YES to load firmware to flash Once the phone boots up select CONFIG and navigate down to Set Factory Defaults Select YES to save configuration changes The phone will reboot and now will have the default VLAN mode set to Auto Config desired setting Toll Free 1 866 ALLWORX 585 421
103. VirtualStack Parameter Description Mode Possible modes are Disable Disable Single IP mode Master Enable Single IP Management and set the switch as the Master switch Slave Enable Single IP Management and set the switch as a Slave switch Group Name Name of the Single IP group upto 64 characters in length Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 151 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 18 2 Information This page displays the active Slave switch information To view the Slave switch information via the web interface Navigate to Configuration gt Single IP gt Information Figure 106 Single IP Information Single IP Information Index Model Name MAC Address No Single IP information found Parameter Description Index The ID of the active Slave switch Model Name Displays the model name of the Slave switch MAC Address Displays the MAC address of the Slave switch Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 152 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 19 Easy Port Easy Port provides a convenient way to save and share common configurations to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network Users can easily implement devices such as V
104. Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 1000 when the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 133 allworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 4 Port Shaping This section provides an overview of QoS Egress Port Shapers for all switch ports To configure the QoS Port Shapers via the web interface 1 Navigate to Configuration gt QoS gt Port Shaping 2 Click on the port number to set the parameters for that port Figure 92 QoS Egress Port Shape Click the Port index to set the QoS Earess Port Shaners Schedul Mode Strict Priority Enable Unit Excess Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 134 If selecting weighted mode the parameters have to be set accordingly a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port The logical port for the settings contained in the same row Click on the port number in order to config
105. able displays No LLDP EEE information found Parameter Description Local Port The port for receiving or transmitting LLDP frames Tx Tw The link parther s maximum time that transmit path can holdoff sending data after deassertion of LPI Rx Tw The link parther s time that receiver would like the transmitter to holdoff to allow time for the receiver to wake from sleep Fallback Receive Tw The link parther s fallback receive Tw A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx Since a receiving link partner is likely to have discrete levels for savings this provides the transmitter with additional information that it may use for a more efficient allocation Systems that do not implement this option default the value to be the same as that of the Receive Tw_sys_tx Echo Tx Tw The link partner s Echo Tx Tw value The respective echo values shall be defined as the local link partners reflection echo of the remote link partners respective values When a local link partner receives its echoed values from the remote link partner it can determine whether or not the remote link partner has received registered and processed its most recent Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 94 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide values For example if the local link partner receives echoed paramet
106. abled Global Configuration Port Related Configuration Port RouterPort FastLeave 0O 1 a 2 0O 3 C 7 5 Oo e 7 LI 8 O 9A O 10A O 9B 108 LI Parameter E Ci Description ffe Throttling lt gt unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited v 96 Snooping Enabled Enable the Global MLD Snooping Unregistered IPMC Flooding enabled Enable unregistered IPMCv 6 traffic flooding Note that disabling unregistered IPMCv 6 traffic flooding may lead to failure of Neighbor Discovery Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Throttling To enable the fast leave on the port Enable to limit the number of multicast groups to which a switch port can belong Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 71 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 7 2 2 VLAN Configuration When MLD snooping is enabled on a VLAN the switch acts to minimize unnecessary multicast traffic If the switch rec
107. age 138 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 8 DSCP Translation This section describes how to the QoS DSCP Translation settings Do the DSCP translation in Ingress or Egress To configure the DSCP Translation parameters via the web interface 1 Navigate to Configuration gt QoS gt DSCP Translation 2 Use the drop down menu to set the Ingress Translate and Egress Remap parameters 3 Check the Classify checkbox to enable DSCP classification 4 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 96 DSCP Translation Configuration DSCP Translation Auto refresh L _Refresh pcg N Remap PEU ae DP1 0 BE BE amp a BE BE S 1 1 v 1 v 1 v 2 2 2 w 2 3 3 B 3 v 3 4 4 4 B 4 N s i E 7 T v 7 v 7 v 8 CS1 CS1 CS1 CS1 9 9 v 9 v 9 v 10 10 10 10 11 n g 1 S 1 12 12 S 2 B 2 S 52 a 52 2 y 53 v o 53 53 v 54 4 v s 54 o 5a 55 x O 55 55 66 CBT 56 y a OICI v 57 yoo s 57 58 8 f a i EL e 59 o o i 59 60 0 v a y 60 v S DM a iene 53 63 o spie v Parameter Description DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges is 0 to 63 Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration paramet
108. agnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything under Maintenance Debug Only present in CLI Privilege Levels Every group has an authorization Privilege level for the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same or greater than the authorization Privilege level to have access to that group Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 12 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 4 IP IP stands for Internet Protocol It is a protocol used for communicating data across a inter network IP is a best effort system which means that there is no assurance that a packet of information sent reaches the destination in the same condition Each device connected to a Local Area Network LAN or Wide Area Network WAN has an Internet Protocol address This IP address identifies the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bit IP addresses enabling for over four billion unique addresses The practice of webmasters taking addresses in large
109. alid values are between 30 and 86400 seconds 24 hours Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 53 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 5 2 MSTI Mapping When implementing Spanning Tree protocol on the switch that the bridge instance The CIST is not available for explicit mapping as it receives the VLANs not explicitly mapped Due to the reason that users need to set the list of VLANs mapped to the MSTI Separate the VLANs with comma and or space Map a VLAN to one MSTI Leave the unused MSTI empty i e no mapped VLANs This section enables the user to inspect and change the current STP MSTI bridge instance priority configurations To configure the Spanning Tree MSTI Mapping parameters via the web interface 1 Navigate to Configuration gt Spanning Tree gt MSTI Mapping 2 Specify the configuration identification parameters in the fields 3 Specify the values in the VLANs Mapped field 4 Click Apply or click Reset to cancel the changes and revert to previously saved values Figure 37 MSTI Configuration MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Parameter Description Configuration Identification Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to
110. allworx com Revised October 30 2013 Page 86 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean Civic Address location IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Country Code The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US State National subdivisions state canton region province prefecture County County parish gun Japan district City City township shi Japan Example Copenhagen City district City division borough city district ward chou Japan Block Neighborhood Neighborhood block Street Street Example Main Street Leading street Direction Leading street direction Example N Trailing street suffix Trailing street suffix Example SW Street suffix Street suffix Example Ave Platz House
111. an address table having a destination address and port number pair A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet The method for isolating ports on a layer 2 switch comprises of configuring each of the ports on the layer 2 switch as a protected port or a non protected port A destination address on a data packet is matched with a physical address on said Layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet and sends The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or non protected port Use this page to enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN To configure Port Isolation via the web interface 1 Navigate to Configuration gt VLAN gt Private VLANs gt Port Isolation 2 Select the ports that have to be isolated 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 78 Port Isolation Configuration Port Isolation Configuration Port Number 1 2 3 4 5 6 7 8 9A 10A 9B 10B 8 8 8 a 8 8a a eee Parameter Description Port Members A check box is provided for each port of a private VLAN When checked port isolation
112. anaged Switch User s Guide 6 5 2 Ping6 This section enables issuing ICMPv6 PING packets to troubleshoot IPv6 connectivity issues To send an ICMPv6 PING via the web interface 1 2 3 4 Navigate to Maintenance gt Diagnostics gt Ping6 Specify the IPv6 address to ping Specify the ping Length Count and Interval Click Start Figure 150 ICMPv6 Ping Update figure ICMPV6 Ping IP Address 0 0 0 0 0 0 0 0 Ping Length 56 Ping Count 5 Ping Interval 1 After clicking Start 5 ICMPv6 packets transmit and then display the sequence number and roundtrip time upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 56 bytes of data 64 bytes from 10 10 132 20 icmp_seq 0 time Oms 64 bytes from 10 10 132 20 icmp_seq 1 time Oms 64 bytes from 10 10 132 20 icmp _seq 2 time Oms 64 bytes from 10 10 132 20 icmp _seq 3 time Oms 64 bytes from 10 10 132 20 icmp_seq 4 time Oms Sent 5 packets received 5 OK 0 bad Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 211 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 5 3 VeriPHY This section is used for running the VeriPHY Cable Diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically
113. and the cable diagnostics results display in the cable status table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete To run a VeriPHY Cable Diagnostics via the web interface 1 Navigate to Maintenance gt Diagnostics gt VeriPHY 2 Specify the Port to generate cable statistics Select All to run the diagnostics for all ports 3 Click Start Figure 151 VeriPHY VeriPHY Cable Diagnostics Port All v Cable Status Port PairA LengthA PairB LengthB PairC LengthC PairD LengthD SOON AMA EWN t f I i I EH CEI Eo Sia LE EA aa aE Parameter Description Port The port for requiring VeriPHY Cable Diagnostics Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 212 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 7 Glossary of Web based Management A ACE ACL AES APS An acronym for Access Control Entry describing access permission associated with a particular ACE ID The three ACE frame types are Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed differen
114. arding Uptime The time since the bridge port was last initialized 4 5 8 Port Statistics After completing the STP configuration display the STP Statistics This section displays the STP Statistics counters of the bridge ports in the currently selected switch Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 60 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide To display the STP Port statistics in the web interface 1 Navigate to Configuration gt Spanning Tree gt Port Statistics 2 Checking the Auto refresh button automatically refreshes the page at periodic intervals 3 Click Refresh to refresh the STP Bridges Figure 43 STP Statistics STP Statistics Auto refresh CI Port Transmitted Received Discarded MSTP RSTP STP TCN MSTP RSTP STP TCN Unknown illegal No ports enabled Parameter Description Port The switch port number of the logical STP port MSTP The number of MSTP Configuration BPDUs received transmitted on the port RSTP The number of RSTP Configuration BPDUs received transmitted on the port STP The number of legacy STP Configuration BPDUs received transmitted on the port TCN The number of legacy Topology Change Notification BPDUs received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDUs received and discarded on the port Discarded Illegal The number of illegal Soanning Tr
115. beginning of the MLD Group Table The Start from VLAN and group input fields enable the user to select the starting point in the MLD Group Table The Start from VLAN and group fields enable the user to select the starting point in the IGMPv3 Information Table Clicking the Refresh button will update the displayed table starting from that or the closest next IGMPv3 Information Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The switch will use the last entry of the currently displayed table as a basis for the next lookup When reaching the end the text No more entries displays MLD Snooping Information Table Columns VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Members Ports under this group Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 75 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 7 6 IPv6 SSM Information The MLDv2 Information Table is sorted first by VLAN ID then by group and then by Port No It also treats different source addresses belong to the same group as single entry Each page displays up to 64 entries from the MLDv2 SSM Source Specific Multicast Information table default being 20 selected through the entries per page input field When first visite
116. ber 30 2013 Page 44 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide the rate limiter operation is disabled Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The values are Disabled or a specific port number When disabled the port redirect operation is disabled Mirror Specify the mirror operation of this port The values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled CPU Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU Counter The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE If Yes the specific ACE is not applied to the hardware due to hardware limitations Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 45 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 3 Aggregation Use Aggregation to configure the settings of Link Aggregation Users can bundle more than one port with the same speed full duplex and the same MAC to be a single logical port thus the logical port aggregates the bandwidth of these ports For example if there are three Fast Ethernet ports aggregated in a logical port then
117. bes configuring and managing the PowerFlex series switches through the web user interface With this facility users can easily access and monitor the switch including MIBs status port activity Spanning tree status port aggregation status and multicast traffic VLAN and priority status and even illegal access record and so on The PowerFlex Series switches ship with a preconfigured firmware image This eliminates the need to make changes to the switch in order for it to work with the Allworx servers and phones The default configuration is detailed below Following the instructions below makes the server switch and phones a plug n play network 2 2 IP Configuration The switch has DHCP enabled to obtain an address from the Allworx server If for some reason DHCP fails the switch falls back to the configured static IP NOTE If DHCP has failed in a multiple PowerFlex switch configuration it will be necessary to disconnect each switch from the others before attemplting to log into the switches using the default IP IP Address 192 168 2 200 Subnet Mask 255 255 255 0 Default Gateway 192 168 2 254 Username admin Password lt blank gt Once the switch has obtained its IP address users may determine its current address from the DHCP lease table of the network s DHCP server In a default configuration an Allworx server is the DHCP server The IP information may be viewed by navigating to the Servers gt
118. ble business network infrastructure These switches deliver intelligent features needed to improve the availability of critical business applications protect sensitive information and optimize network bandwidth to deliver information and applications more effectively It provides the ideal combination of affordability and capabilities for entry level networking including small business or enterprise applications and helps create a more efficient better connected workforce PowerFlex 8 24 48 L2 Managed Switches provide 8 24 or 48 100 1000 ports depending on the model the specifications are as follows e L2 features provide better manageability security QoS and performance e High port count design with all Gigabit Ethernet ports e Support guest VLAN voice VLAN Port based tag based and Protocol based VLANs e Support 802 3az Energy Efficient Ethernet standard e Support 802 3at High power PoE Plus standard e Support IPv6 IPv4 Dual stack e Support sFlow e Support Easy Configuration Port for easy implementation of IP Phones IP Cameras or Wireless environment 1 2 Overview of this User s Guide e Chapter 2 Operation of Web based Management e Chapter 3 Maintenance Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 1 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 2 Operation of Web Based Management 2 1 Initial Configuration This chapter descri
119. bled Figure 127 RADIUS Authentication Configuration Figure 128 RADIUS Accounting Configuration Figure 129 TACACS Authentication Configuration Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 184 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Timeout The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe it will be considered dead and continue with the next enabled server if any RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RAD
120. bled for the port Enabled Enables PoE IEEE 802 3af at Priority The Priority represents the port s priority There are three levels of power priority Low High and Critical The priority is used in the case where the remote devices require more power Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 98 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number Maximum Power It indicates the maximum power in watts that can be delivered to a remote device NOTE Tto set the Port support IEEE802 3at then set the Maximum allowed D value to 30W 4 10 2 Status This page enables the user to inspect the current status for all PoE ports The section displays all ports PoE Status To display PoE Status in the web interface 1 Navigate to Configuration gt PoE gt Status 2 Click Auto refresh to refresh the page automatically at periodic intervals 3 Clicking Refresh manually refreshes the page Figure 67 Power over Ethernet Status Power Over Ethernet Status Auto refresh C Local PD Power Power Power Current F Port class Requested Allocated Used Used Prony Pa SELES 1 0 on om o w 0 mA we ee OFF PoE 2 0 oW ow ow 0 mA Low Por aeg OFF PoE 3 0 OM ow ow 0 m
121. bles multicast traffic forwarding on the Multicast VLAN In a multicast television application a PC or a television with a set top box can receive the multicast stream Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an MVR receiver port When a subscriber selects a channel the set top box or the PC sends an IGMP join message to Switch A requesting to join the appropriate multicast MVR source parts are uplink ports that send and receive multicast data to and from the multicast VLAN 4 8 1 Configuration The section describes the MVR basic configuration To configure MVR via the web interface 1 Navigate to Configuration gt MVR gt Configuration 2 Use the drop down menu to enable or disable MVR Set the VLAN ID and port details 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 56 MVR Configuration MVR Configuration MVR Mode Disabled v VLAN ID 100 Port Configuration Port Mode Type Immediate Leave lj lt gt vii lt gt vi lt gt vv 1 Disabled v Receiver v Disabled v 2 Disabled Receiver Disabled v 3 Disabled Receiver v Disabled v 4 Disabled Receiver Disabled v 5 Disabled Receiver v Disabled v 6 Disabled v Receiver v Disabled v 7 Disabled v Receiver v Disabled v 8 Disabled Receiver Disabled v 9A Disabled v Receiver Disabled v 10
122. blocks the bulk of which remain unused drastically reduces this number There is a rather substantial movement to adopt a new version of the Internet Protocol IPv6 which would have 128 bit IP addresses A three with thirty nine zeroes after it can represent this number roughly However IPv4 is still the protocol of choice for most of the Internet 3 4 1 IPV4 Obtain the IPv4 address for the switch via DHCP Server To configure an address manually change the switch default settings to values that are compatible with the network It may be necessary to establish a default gateway between the switch and management stations that exist on another network segment Use the Configured column to view or change the IP configuration Use the Current column to display the active IP configuration To configure an IP address in the web interface 1 Navigate to System gt IPV4 2 Specify the IPv4 settings and enable DNS proxy service if required 3 Click Apply Figure 8 IP Configuration IP Configuration Configured Current DHCP Client IP Address 192 168 2 200 192 168 2 200 IP Mask 255 255 255 0 255 255 255 0 IP Gateway 192 168 2 254 192 168 2 254 VLAN ID 200 200 DNS Server 0 0 0 0 0 0 0 0 IP DNS Proxy Configuration DNS Proxy Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 13 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description
123. brings security issues To provide user access and ensure data security the MAC based VLAN technology was developed MAC based VLANs group VLAN members by MAC address With MAC based VLAN configured the device adds a VLAN tag to an untagged frame according to its source MAC address Primarily use MAC based VLANs in conjunction with security technologies such as 802 1 X to provide secure flexible network access for terminal devices 4 11 6 1 Configuration This page enables adding and deleting MAC based VLAN entries and assigning the entries to different ports This page displays only static entries To configure MAC address based VLANs via the web interface 1 Navigate to Configuration gt VLAN gt MAC based VLAN gt Configuration 2 Click Add new entry and specify the MAC address and VLAN ID 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 79 MAC based VLAN Membership Configuration MAC based VLAN Membership Configuration Port Members Delete MAC Address VLANID 1 2 3 4 5 6 7 8 9 10 9B 10B Currently no entries present Add new entry MAC based VLAN Membership Configuration Port Members Delete MAC Address VLANID 1 2 3 4 5 6 7 8 9A 10A 9B 10B 00 00 00 00 00 00 j i l mi Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 114 a I Iw rx PowerFlex 8 24 48 Port GbE PoE
124. but it can only appear once It can also represent a legally valid IPv4 address For example 192 1 2 34 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 15 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 5 SYSLOG The Syslog is a standard for logging programming messages It enables separation of the software that generates messages from the system that stores the messages and the software that reports and analyzes the messages used for informational analysis and debugging messages and supported by a wide variety of devices and receivers across multiple platforms 3 5 1 Configuration This section describes how to configure the system log To configure Syslog configuration in the web interface ONS 4 Navigate to System gt Syslog gt Configuration Specify the syslog mode and IP Address of the Syslog server s Specify the Syslog level Click Apply Figure 10 Syslog Configuration System Log Configuration Server Mode Disabled v Server Address 1 Server Address 2 Syslog Level Info v Parameter Description Server Mode Indicates the server mode operation When the mode operation is enabled syslog messages will be sent to the syslog server The syslog protocol is based on UDP and received on UDP port 514 Syslog packets will be sent out even if the syslog server does not exist Possible modes are Enabled Enable server
125. c Disable We PoE Scheduling seleotan Tja a Ba a i a ea e a m a m Eji 3 a a a a il af e ee ee a a Taj aj m a a a LACHE HEL CHE 7 al a a a CHCEL Tja Sa M a a a T m m a a m a B E a w i a a a CELIE E a Bll Ja aj a m a a a a j a CHE 1s a a a CHCEL m a 2 a 7 CHCECIE a m Ea H a E m i 1 a a a a fia TE E E E T a m m a CEHEC CIEE a HELI CHE 3 DSR ARL CHEE Apply Parameter Description Port Indicates the switch port number Status PoE Scheduling status Enabled Enable PoE scheduling Disabled Disable PoE scheduling Hour Time of the day to provide PoE on the selected port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 102 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 10 6 Filtering Database Filtering Data Base Configuration gathers many functions including MAC Table Information Static MAC Learning etc MAC table Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for determining which ports the frames should go to based upon the DMAC address in the frame This table contai
126. cally at periodic intervals 3 Click Refresh to refresh the MVR Statistics 4 Click lt lt or gt gt to move to previous or next entry Figure 59 MVR Statistics Information MVR Statistics Atone VLAN ID Vi Reports V2Reports V3Reports V2Leaves Received Received Received Received 100 0 0 0 0 Parameter Description VLAN ID The Multicast VLAN ID V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 80 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 9 LLDP The Link Layer Discovery Protocol LLDP provides a standards based method for enabling switches to advertise to adjacent devices and to learn about adjacent LLDP devices LLDP is a vendor neutral Link Layer protocol in the Internet Protocol Suite used by network devices for advertising the identity capabilities and neighbors on an IEEE 802 local area network principally wired Ethernet The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in standards document IEEE 802 1AB 4 9 1 LLDP Configuration This page enables the user to inspect and configure the LLDP port settings To configure LLDP 1 Navigate to Con
127. cates the action that is taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP e Class Classified QoS Class if a frame matches the QCE it goes in the queue e DPL Drop Precedence Level if a frame matches the QCE then DP level will be set to value displayed in the DPL column e DSCP If a frame matches the QCE then the DSCP classification includes the value displayed in the DSCP column Modification Buttons Modify each QCE QoS Control Entry in the table using the following buttons Inserts a new QCE before the current row Edits the QCE O Moves the QCE up the list O Moves the QCE down the list 2 Deletes the QCE The lowest plus sign adds a new entry at the bottom of the QCE listings Port Members Check the checkbox button to make any port a member of the QCL entry By default all ports will be checked Key Parameters Key configurations are described as below Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 142 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Tag Value of Tag field can be Any Untag or Tag VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5
128. cating the primary function of the application s defined for this network policy advertised by an Endpoint or Network Connectivity Device The possible application types are shown below 1 Voice for use by dedicated IP Telephony handsets and other similar appliances Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 92 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications 2 Voice Signalling for use in network topologies that require a different policy for the voice signalling than for the voice media 3 Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services 4 Guest Voice Signalling for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media 5 Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops 6 Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services 7 Streaming Video for use by broadcast or multicast based video cont
129. changes and revert to previously saved values Figure 52 MLD Snooping Port Group Filtering Delete Port Filtering Groups Add new Filtering Group Apply Reset EEE Delete Port Filtering Groups re Apply Reset Parameter Description Delete Check to delete the entry It will be deleted during the next apply Port The logical port for the settings Filtering Groups The IP Multicast Group that will be filtered Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 73 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 7 4 Status This section displays the MLD Snooping Status and information To display the MLD Snooping Status in the web interface 1 Navigate to Configuration gt MLD Snooping gt Status 2 Check the Auto refresh box to refresh the page at periodic intervals 3 Click Refresh to refresh or click Clear to clear the MLD Snooping Status Information Figure 53 MLD Snooping Status VLAN Querier Host Querier Queries Queries V1 Reports V2Reports V1 Leaves ID Version Version Status Transmitted Received Received Received Received 1 v2 v2 ACTIVE 0 0 0 0 0 1 Ze 3 4 6 7 8 9A 0A 9B 0B Parameter Description VLAN ID The VLAN ID of the entry Querier Version Current working Querier Version Host Version Current working Host Version Querier Status Displays the Que
130. cify the rate unit The values are pps packets per second kbps Kbits per second Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 40 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 2 3 Access Control List The section describes how to configure Access Control List rules An Access Control List ACL is a sequential list of conditions that permit or deny that apply to IP addresses MAC addresses or other more specific criteria The switch tests ingress packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the frame is accepted Other actions can also be invoked when a matching packet is found including rate limiting copying matching packets to another port or to the system log or shutting down a port This page shows the Access Control List ACL which is made up of the ACEs defined on the switch Each row describes the defined ACE The maximum number of ACEs is 256 on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocols cannot be edited or deleted the order sequence cannot be changed and have the highest priority To configure Access Control List via the web interface 1 Navigate to Configuration gt ACL gt Access Control List 2 Click the button to add a new
131. contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Adding a new policy Click to add a new policy Specify the Application type Tag VLAN ID L2 Priority and DSCP for the new policy Port Policies Configuration Port Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration The port number to which the configuration applies Policy ID The set of policies that shall apply to a given port The set of policies is selected by check marking the checkboxes that corresponds to the policies Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 90 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 9 4 LLDP MED Neighbors This page provides a status overview of all LLDP MED neighbors The displayed table contains a row for each port detecting LLDP neighbor This function applies to VoIP devices which support LLDP MED To display LLDP MED neighbors in the web interface 1 Click Configuration gt LLDP gt LLDP MED Neighbors 2 Click Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 63 LLDP MED Neighbors LLDP MED Neighbour Information Auto reftesh C No LLDP MED neighbour informati
132. ctober 30 2013 Page 206 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 3 3 Save User This section describes how to save current configuration to backup configuration Any current configuration files will be saved in XML format To save current configuration to backup configuration via the web interface 1 Navigate to Maintenance gt Save Restore gt Save User 2 Click Save Figure 145 Save as Backup Configuration Are you sure to save the current setting as Backup Configuration 6 3 4 Restore User This section describes how to restore backup configuration to the switch Any current configuration files will be restored in XML format To restore backup configuration via the web interface 1 Navigate to Maintenance gt Save Restore gt Restore User 2 Click Save Figure 146 Restore Backup Configuration Are you sure to restore the Backup Configuration Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 207 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 4 Export Import This section describes how to export and import the Switch configuration 6 4 1 Export Config This section describes how to export the Switch Configuration for maintenance needs Any current configuration files will be exported as an XML file To export config file via the web interface 1 Navigate to Maintenance gt Export Import gt Export Co
133. cure connection User name v Password C Remember my password NOTE To optimize the display effect use Microsoft IE 6 0 or above Netscape V7 1 or above or FireFox V1 00 or above and have the resolution set to 1024x768 To configure a function or parameter access the online Help in the web GUI Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 3 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 System Configuration This chapter describes all the basic configuration tasks which include the System Information and management of the Switch e g Time Account IP Syslog and SNMP 3 1 System Information After log in the switch displays the system information This is the default page and displays the basic D 3O 66 information of the system including Model Name System Description Contact Device Name System Up Time BIOS Version Firmware Version etc 3 1 1 Information The switch system information is provided here To view the System Information from the web interface Navigate to System gt System Information gt Information Figure 2 System Information System Information Auto refresh L Model Name PowerFlex P810 8 Port 10 100 1000Base T 2 TP 100 1G SFP Combo PoE L2 Plus System Description Managed Switch Location Contact Device Name PowerFlex P810 System Date 20
134. d Logging Indicates the logging operation of the ACE Possible values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate are limited Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 42 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Shutdown Indicates the port shut down operation of the ACE Possible values Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE was hit by a frame VLAN Parameters 802 1Q Tagged Specify whether frames can hit the action according to the 802 1Q tag The values are Any Any value don t care Enabled Tagged frame only Disabled Untagged frame only The default value is Any VLAN ID Filter Specify the VLAN ID filter for this ACE Any No VLAN ID filter is specified VLAN ID filter status is don t care Specific To filter a specific VLAN ID with this ACE select this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter enter a specific VLAN ID number The range is 1 to 4094 A frame that hits this ACE matches this VLAN ID value Tag Priority Specify the tag priority
135. d the web page displays the first 20 entries from the beginning of the MLDv2 Information Table The Start from VLAN and group fields enable the user to select the starting point in the MLDv2 Information Table To display the MLDv2 IPv6 SSM Information in the web interface 1 Navigate to Configuration gt MLD Snooping gt IPv6 SSM Information 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the MLDv2 IPv6 SSM Information 4 Click lt lt or gt gt to move to previous or next entry Figure 55 IPv6 SSM Information MLDv2 Information Autosehesh C Start from VLAN 1 land Group 00 with 20 entries per page VLANID Group PortNo Mode Source Address Type No more entries Parameter Description MLDv2 Information Table Columns VLAN ID VLAN ID of the group Groups Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 Type Indicates the Type It can be either Allow or Deny Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 76 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 48 MVR The MVR feature ena
136. d MAC addresses will be removed from the port and no new address will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port e Reboot the switch e Disable and re enable Limit Control on the port Click the Reopen button Trap amp Shutdown If Limit 1 MAC addresses are seen on the port both the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not yet reached This can be shown for all actions Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap amp Shutdown Re open If a port is shutdown by this module reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action section NOTE Clicking the reopen button causes the page to be refreshed so non committed changes will be lost Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October
137. d values are in the range 6 to 40 seconds and MaxAge must be lt FwdDelay 1 2 Maximum Hop count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information to Valid values are in the range 6 to 40 hops Transmit Hold Count The number of BPDUs a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDUs per second Advanced Settings Edge Port BPDU Filtering Control whether a port explicitly configured as Edge will transmit and receive BPDUs Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 52 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Edge Port Bpdu Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot Port Error Recovery Timeout The time to pass before a port in the error disabled state can be enabled V
138. dpoint Class II also support Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 91 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide all aspects of TIA 1057 applicable to Generic Endpoints Class I and any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class Il and Generic Endpoints Class 1 LLDP MED Generic Endpoint Class 1 The LLDP MED Generic Endpoint Class definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 however do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class ll The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP media capabilities however may or may not be associated with a particular end user Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class I and are extended to include aspects relat
139. dress Delete Check to delete the entry It will be deleted during the next save Port The logical port for the entry VLAN ID The vlan ID for the entry MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Add new Entry Click to add a new entry to the Static ARP Inspection table Buttons Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 164 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 2 3 Dynamic Table This section displays the Dynamic ARP Inspection Table The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address To display Dynamic ARP Inspection Table in the web interface 1 Specify the Start from port VLAN ID MAC Address IP Address and entries per page 2 Check Auto refresh to refresh the page automatically at periodic intervals Click Refresh to refresh the page manually Figure 117 Dynamic ARP Inspection Table Dynamic ARP Inspection Table Auto reftesh O Start from Port 1 VLAN 1 MAC address 0 00 00 00 00 00 and IP address 0 0 0 0 with 20 entries per page Port VLANID MAC Address IP Address No more entries Parameter Description Port Switch Port Number for which the entries are displayed VLAN ID VLAN ID in which the ARP traffic is per
140. e 1 is forward only packets with VID matching this port s configured VID The Ingress Filtering Rule 2 is drop untagged frame Users can also select the Role of each port as Access Trunk or Hybrid To configure VLAN Port configuration via the web interface 1 Navigate to Configuration gt VLAN gt Ports 2 Specify the port parameters 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 74 VLAN Port Configuration Ethertype for Custom S ports 0x e345 VLAN Port Configuration Port Port Type Ingress Filtering Frame Type Egress Rule PVID lt gt v lt gt v lt gt Access 200 C port C port Access 300 Unaware Hybrid Hybrid Hybrid Hybrid Hybrid Hybrid Unaware Unaware Unaware Unaware an OL an wn Unaware Trunk o gt C port Trunk 5 P C port Trunk oO Oo C port 106 C port SSS ST Ne Sy ES PS z SSNS TSS SSIS SST Se SSS NSS SS Trunk Parameter Description Ethertype for Custom S This field specifies the ether type used for Custom S ports This is a global ports setting for all the Custom S ports Custom Ethertype enables the user to change the Ethertype value on a port to any value to support network devices that do not use the standard 0x8100 Ethertype field value on 802 1Q tagged or 802 1p tagged frames
141. e denying access to a multicast group is applied to a switch port the IGMP join report requesting the stream of IP multicast traffic is dropped and the port is not allowed to receive IP multicast traffic from that group If the filtering action permits access to the multicast group the port forwards the IGMP report for normal processing IGMP filtering controls only IGMP membership join reports and has no relationship to the function that directs the forwarding of IP multicast traffic To configure IGMP Snooping Port Group Filtering via the web interface Navigate to Configuration gt IGMP Snooping gt Port Group Filtering Click Add new Filtering Group Select the port to enable the Port Group Filtering for and specify the Filtering Groups PN S Click Apply or click Reset to cancel changes and revert to previously saved values Figure 46 IGMP Snooping Port Group Filtering Configuration IGMP Snooping Port Group Filtering Configuration Delete Port Filtering Groups Add new Filtering Group IGMP Snooping Port Group Filtering Configuration Delete Port Filtering Groups y Delete Check to delete the entry It will be deleted during the next Apply Port Select port for which to enable the IGMP Snooping Port Group Filtering function Filtering Groups The IP Multicast Group s that will be filtered Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 65 a I lwor x PowerFle
142. e destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled TCP UDP Port Number The TCP UDP port number can be used to calculate the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Aggregation Group Configuration Locality Indicates the aggregation group type This field is only valid for stackable switches Global The group members may reside on different units in the stack The device supports two 8 port global aggregations Local The group members reside on the same unit Each local aggregation may consist of up to 16 members Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggr
143. e has decided to hold the MAC address indefinitely a dash displays Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 197 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 8 Access Management This section enables configuring access management on the switch including HTTP HTTPS SNMP and TELNET SSH Users can manage the Switch over an Ethernet LAN or over the Internet 5 8 1 Configuration This section enables configuring access management table of the Switch Sixteen is the maximum entry number If the application s type matches any one of the access management entries it enables access to the switch To configure Access Management via the web interface Navigate to Security gt Access Management gt Configuration Select Enabled mode to enable global access management on the switch Click Add new entry and then specify the Start IP Address End IP Address Check Access Management method s HTTP HTTPS SNMP and TELNET SSH in the entry Click Apply or click Reset to cancel changes and revert to previously saved values or er ONS Figure 135 Access Management Configuration Access Management Configuration Mode Disabled v Delete Start IP Address End IP Address HTTP HTTPS SNMP TELNET SSH TA Management Configuration Mode Disabled v Delete Start IP Address End IP Address HTTP HTTPS SNMP TELNET SSH 0 0 0 0
144. e parameters and specify other values in the Basic Settings 3 Specify parameters in the Advanced settings 4 Click Apply or click Reset if to want to revert to previously saved values Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 51 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Figure 36 STP Bri idge Configuration Protocol Version MSTP Bridge Priority 32768 Forward Delay 15 Max Age 20 Maximum Hop Count 20 Transmit Hold Count 6 Advanced Settings Edge Port BPDU Filtering Edge Port BPDU Guard Port Error Recovery Port Error Recovery Timeout v v STP Bridge Configuration Parameter Description Basic Settings Protocol Version The STP protocol version setting Valid values are STP RSTP and MSTP Bridge Priority Controls the bridge priority Lower numeric values have higher priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP bridge Forward Delay The delay used by STP Bridges to transit Root and Designated Ports to Forwarding state used in STP compatible mode Valid values are in the range 4 to 30 seconds Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Vali
145. e port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN is disabled on all ports Guest VLAN ID This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 Max Reauth Count The number of times the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 173 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received on the port for the life time of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest VLAN even if an EAPOL frame has been received on the port for the life time of the port The value can only be changed if the Guest VLAN option is globa
146. e port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port have access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Authorized or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Restart Two buttons are available
147. e web interface 1 Navigate to Security gt Port Security gt Limit Control 2 Select Enabled to enable Port Security globally 3 Check Aging Enabled 4 Set Aging Period Default is 3600 seconds To configure Limit Control for each port via the web interface 1 Select Enabled to enable Port Security for desired ports 2 Specify the maximum number of MAC addresses in the Limit field 3 Set Action Trap Shutdown Trap amp Shutdown This is the action taken on the port when a security violation occurs 4 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 132 Port Security Limit Control Configuration Mode Disabled na Aging Enabled Aging Period seconds Mode imi State Re open Disabled v Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled v Disabled w a Disabled a Disabled Damea v dl Disabled w Deae w O d Disabled wa Disabled wa Disabled Disabled wa Disables a Disabled v q Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 192 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description System Configuration Mode Indicates if Limit Control is globally enabled or disabled on the switch If globally disabled other modules may still use the underlyi
148. ed Switch User s Guide 4 10 PoE Use Power over Ethernet to transmit electrical power to remote devices over standard Ethernet cable For example use it for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to an external power supply 4 10 1 Configuration This page enables the user to inspect and configure the current PoE port settings To configure Power over Ethernet via the web interface 1 Navigate to Configuration gt PoE gt Configuration 2 Enable disable PoE mode for each port using the drop down menu Specify the priority and maximum power 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 66 Power over Ethernet Configuration POE Power Delay Port Delay Mode Delay Time 0 300 sec ia lt gt v 1 Disable 0 2 Disable 0 3 Disable 0 4 Disable 0 5 Disable 0 6 Disable o 7 Disable 0 8 Disable 0 Parameter Description Power Supply Configuration Primary Power Supply W The switch can have PoE power supplies It is used as power source For being able to determine the amount of power the powered device may use the amount of power the power sources can deliver must be defined Ethernet Port Configuration Port This is the logical port number for this row PoE Mode The PoE Mode represents the PoE operating mode for the port Disabled PoE disa
149. ed to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III The LLDP MED Communication Endpoint Class III definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class and Media Endpoint Class II classes and are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support and inventory management LLDP MED Capabilities LLDP MED Capabilities describe the neighbor unit s LLDP MED capabilities The possible capabilities are 1 LLDP MED capabilities 2 Network Policy 3 Location Identification 4 Extended Power via MDI PSE 5 Extended Power via MDI PD 6 Inventory 7 Reserved Application Type Application Type indi
150. ed when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 56 allworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Priorty Controls the port priority This can be used to control priority of ports having identical port cost See above operEdge state flag Operational flag describing whether the port is connecting directly to edge devices No Bridges attached Transition to the forwarding state is faster for edge ports having operEdge true than for other ports The value of this flag is based on AdminEdge and AutoEdge fields This flag is displayed as Edge in Monitor gt Spanning Tree gt STP Detailed Bridge Status AdminEdge Controls whether the operEdge flag should start as set or cleared The initial operEdge state when a port is initialized AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge Restricted Role port This enables deriving operEdge from whether BPDUs are received on the port or not If enabled it causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If
151. ee BPDUs received and discarded on the port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 61 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 6 IGMP Snooping The function is used to enable the multicast groups to forward the multicast packets to the member ports and avoids wasting the bandwidth while IP multicast packets are running over the network This is because a switch that does not support IGMP or IGMP Snooping can not tell a multicast packet from a broadcast packet and treats both all as broadcast packets A switch that supports IGMP Snooping with the functions of query report and leave a type of packet exchanged between IP Multicast Router Switch and IP Multicast Host can update the information of the Multicast table when a member port joins or leaves an IP Multicast Destination Address With this function once a switch receives an IP multicast packet it will forward the packets only to members who have already joined the specified IP multicast group The IGMP Snooping discards the packets if the user transmits multicast packets to the multicast group not built up in advance IGMP proxy or snooping enabled on the switch enables it to connect to a router closer to the root of the tree This interface is the upstream interface The router on the upstream interface should be running IGMP 4 6 1 Basic Configuration This section describes how to set the basic
152. egation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must have the same speed in each group Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 47 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 4 LACP Ports using Link Aggregation Control Protocol according to IEEE 802 3ad specification as the trunking method can select the unique LACP GroupID to form a logical trunked port The benefit of using LACP is that a port makes an agreement with its peer port before it becomes a ready member of a trunk group also called aggregator LACP is safer than the other trunking method static trunk 4 4 1 Configuration This page enables the user to inspect and change the current LACP port configurations An LACP trunk group with more than one ready member port is a real trunked group An LACP trunk group with only one or less than one ready member port is not a real trunked group To configure the LACP parameters via the web interface Navigate to Configuration gt Aggregation gt LACP gt Configuration Check the LACP Enabled box to enable LACP on the port Set the key to Auto or Specific Auto is the default Set the role to Active or Passive Default is Active OV Ws N Click Apply or click Reset to revert
153. eives multicast traffic destined for a given multicast address it forwards that traffic only to ports on the VLAN that have MLD hosts for that address It drops that traffic for ports on the VLAN that have no MLD hosts To configure the MLD Snooping VLAN Configuration via the web interface 1 Navigate to Configuration gt MLD Snooping gt VLAN Configuration 2 Check the Snooping Enabled checkbox for VLANs to enable snooping 3 Click Refresh to refresh an entry of the MLD Snooping VLAN Configuration Information 4 Click lt lt or gt gt to move to previous or next entry Figure 51 MLD Snooping VLAN Configuration MLD Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page VLAN ID Snooping Enabled 1 v Parameter Description VLAN ID The VLAN ID of the entry Snooping Enabled Enable the per VLAN MLD Snooping Select up to 64 VLANs Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 72 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 7 3 Port Group Filtering This section describes how to set the Port Group Filtering in the MLD Snooping function To configure the MLD Snooping Port Group Filtering via the web interface Navigate to Configuration gt MLD Snooping gt Port Group Filtering Click Add new Filtering Group Specify the Filtering Groups for each port PN gt Click Apply or click Reset to cancel
154. elay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds Tx Reinit When a port is disabled LLDP is disabled or the switch is rebooted an LLDP shutdown frame is transmitted to the neighboring units signaling that the LLDP information is not valid anymore Tx Reinit controls the number of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds LLDP Port Configuration The LLDP port settings relate to the currently selected stack unit as reflected by the page header Port The switch port number of the logical LLDP port Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and drops LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors CDP Aware The CDP operation is restricted to decoding incoming CDP frames The switch does not transmit CDP frames CDP frames are only decoded if LLDP on the port is enabled Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All other TLVs are discarded Unrecognized CDP TLV
155. ent distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type 8 Video Signalling for use in network topologies that require a separate policy for the video signalling than for the video media Policy Policy indicates that an Endpoint Device wants to explicitly advertise that the policy is required by the device It can be either Defined or Unknown Unknown The network policy for the specified application type is currently unknown Defined The network policy is defined Tag TAG is indicative of whether the specified application type is using a tagged or an untagged VLAN It can be either Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Priority DSCP Priority is the Layer 2 priority to be
156. er s Guide EPS Ethernet Type FTP Fast Leave HTTP HTTPS An abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame An acronym for File Transfer Protocol It is a transfer protocol that uses the Transmission Control Protocol TCP and provides file writing and reading It also provides directory service and security features Multicast snooping Fast Leave processing permits the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously This processing applies to IGMP and MLD An acronym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example when entering a URL in the browser this actually sends an HTTP command to the Web server directing it to fetch and trans
157. er tagged or untagged UVID Displays UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side Conflicts Displays conflicts that exist or not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur e Functional Conflicts between features e Conflicts due to hardware limitation e Direct conflict between user modules Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 111 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 5 Private VLANs The private VLAN does not permit communication between ports in that private VLAN 4 11 5 1 Private VLANs Membership Section Monitor and modify the Private VLAN membership configurations for the switch add or delete Private VLANs and add or delete Port members of each Private VLAN on this page Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs To configure Private VLANs via the web interface Navigate to VLANs gt Private VLANs gt Private VLAN Membership Click
158. erate to determine what multicast address to use Note that this is a function of the application software not of MLD When MLD snooping is enabled on a VLAN the switch acts to minimize unnecessary multicast traffic If the switch receives multicast traffic destined for a given multicast address it forwards that traffic only to ports on the VLAN that have MLD hosts for that address It drops that traffic for ports on the VLAN that have no MLD hosts MLD snooping enabled Listener MLD host L switch NGL MLD host 4 7 1 Basic Configuration This section describes how to configure the MLD Snooping basic configuration and the parameters To configure the MLD Snooping Configuration via the web interface 1 Navigate to Configuration gt MLD Snooping gt Basic Configuration 2 Check the Snooping Enabled checkbox to enable MLD snooping globally on the switch Set the other global configuration parameters Check the boxes to set the port to join Router port and Fast Leave Set the Throttling mode to unlimited or 1 to 10 Click Apply or click Reset to cancel changes and revert to previously saved values Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 70 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Figure 50 MLD Snooping Basic Configuration MLD Snooping Configuration Snooping Enabled Unregistered IPMCv6 Flooding Enabled MLD SSM Range Proxy En
159. ers for DSCP Translation e Translate DSCP at Ingress side translates to any of 0 63 DSCP values e Classify Click to enable Classification at Ingress side Egress Configurable parameters for Egress side e Remap DPO Select the DSCP value from select menu to remap DSCP value ranges from 0 to 63 e Remap DP1 Select the DSCP value from select menu to remap DSCP value ranges from 0 to 63 e Remap Select the DSCP value from the menu to remap DSCP values range from 0 to 63 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 139 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 9 DSCP Classification This section describes to teach user to configure DSCP classification It enables mapping DSCP value to a QoS Class and DPL value To configure the DSCP Classification parameters via the web interface 1 Navigate to Configuration gt QoS gt DSCP Classification 2 Use the drop down menu to select the DSCP classification values 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 97 DSCP Classification Configuration DSCP Classification QoS Class DPL DSCP 0 0 BE 1 0 BE 0 0 BE 1 0 BE 0 0 BE 1 0 BE 0 0 BE 1 0 BE 0 0 BE 1 0 BE 0 0 BE 1 0 BE 0 0 BE 1 0 BE 0 0 BE 1 0 BE STFS TS MEIE IE IEI EIE IEE MEIE IEI EIIE yar OD aan amp amp WwW wh hw a OOO Q
160. ers that do not match the values in its local MIB then the local link partner infers that the remote link partners request was based on stale information Echo Rx Tw The link partner s Echo Rx Tw value Resolved Tx Tw The resolved Tx Tw for this link Note NOT the link parther The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP Resolved Rx Tw The resolved Rx Tw for this link Note NOT the link parther The resolved value that is the actual tx wakeup time used for this link based on EEE information exchanged via LLDP Auto refresh To evoke the auto refresh icon then the device will refresh the information automatically Upper right icon Refresh Click refresh the LLDP Neighbours information manually Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 95 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 9 6 Port Statistics Two types of counters display Global counters are counters that refer to the whole switch while local counters refer to per port counters To display LLDP Statistics in the web interface 1 Click Configuration gt LLDP gt Port Statistics 2 Click Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually 4 Click Clear to clear all counters Figure 65 LLDP Port
161. escription Port This is the port number Packets The number of received and transmitted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 32 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 1 4 Detailed Statistics The section provides detailed traffic statistics for a specific switch port Use the port select box to select a port To display the per port detailed statistics in the web interface 1 Navigate to Configuration gt Port gt Detailed Statistics Scroll the Port Index to select the port to display the detailed statistics 2 3 Check the Auto refresh check box for periodic page refresh 4 Click Refresh to refresh the port statistics or click Clear to clear all statistics on the ports Figure 24 Port Detail Statistics Overview Detailed Port Statistics Port 1 Receive Total Rx Packets Rx Octets Rx Unicast Rx Multicast Rx Broadcast Rx Pause Receive Size Counters Rx 64 Bytes Rx 65 127 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 512 1023 Bytes Rx 1024 1526 Bytes Rx 1527 Bytes Receive Q
162. eseseessserrsserrrrerenressrrrrnerrnntrssrtrnsetrnnnnrnnrnssrrnn reremen 166 5 4 DHCP Relay ee e a E aN A 168 5 5 NASE a ee ee ee ees 171 5 6 Pt a cae aah ns se eee 183 5 7 Port Securty esera en a a e toa naan seaman scenes 192 5 8 Access Management assis iiis s irectei inini ikeike lanes E Eda Eea ieoa TETERE 198 5 9 Ee a A E E E T AE 200 510 3 ADE cc i a er er er re es ee ere 201 5 11 Auth Method sie care ceccncatescansecaccereenatteeessganntacaussetnisudecendnenucsarsetencens 202 C MAIN ANGE e A E E 203 6 1 Restart DVI icc daca sestate arse ce ace caaaiecanoetcnentccattedgu sien otces nets ail eaeoeceecetaaincacssaed 203 6 2 EEUU MN csc eee ge cae cate ben ce ere coat ace seen cerca eee aa aia 204 6 3 Save SSO a ercaunececsacsureiedeasphpeunssanibrnminactacadencarcaiennaseat aaa anions 206 6 4 EON IMPON coe Sees tenet ee a 208 6 5 Di QNOSUCS ennie a BR ee ee Soie 210 7 Glossary of Web based Management eccccceeeseeeseeeeeceeeeeeeeeees 213 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page vi a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 1 Introduction 1 1 Overview This user s manual instructs how to install configure and monitor the PowerFlex 8 2410 48 port switch through the built in web based management The PowerFlex 8 24 48 series the next generation L2 managed switches is a portfolio of affordable managed switches that provides a relia
163. et 60 min Range 1 1440 Default 60 Daylight Savings Type By dates Recurring From YYYY MM DD HH MM To YYYY MM DD HH MM From Day Week Month Time 00 00 HH MM To Day Week Month Time 00 00 HH MM Parameter Description Clock Source Select Use local Settings or Use NTP Server for the clock source Local Time Display the current time of the system Time Zone Offset Provide the timezone offset relative to UTC GMT The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Daylight Saving Daylight saving is adopted in some countries If set it adjusts the time lag or advance in unit of hours according to the starting date and the ending date For example if setting the day light saving to be 1 hour when the time passes over the starting time the system time increases by one hour after one minute at the time since it passed over and when the time passes over the ending time the system time decreases by one hour after one minute at the time since it passed over The valid configurable day light saving time is 5 5 step one hour A zero for this parameter indicates no adjustment to the current time equivalent to in act daylight saving Users do not need to set the starting ending date as well If setting daylight saving to be non zero set the starting ending date as well otherwise the daylight saving function is not active Toll Free 1 866 ALLWORX 585 421 3850 w
164. et Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 217 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide IPMC IP Source Guard LACP LLC LLDP LLDP MED LOC M MAC Table An acronym for IP MultiCast A secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host An IEEE 802 3ad standard protocol The Link Aggregation Control Protocol permits bundling several physical ports together to form a single logical port The IEEE 802 2 Logical Link Control LLC protocol provides a link mechanism for upper layer protocols It is the upper sub layer of the Data Link Layer and provides multiplexing mechanisms that make it possible for several network protocols IP IPX to coexist within a multipoint network LLC header consists of 1 byte DSAP Destination Service Access Point 1 byte SSAP Source Service Access Point 1 or 2 bytes Control field followed by LLC information An IEEE 802 1ab standard protocol The Link Layer Disco
165. ets a z or A Z and integers 0 9 NOTE Do not use special characters or underscore _ in Group Name field Add new entry Click to add a new entry in mapping table An empty row is added to the table configure the Frame Type Value and the Group Name as needed Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 117 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 7 2 Group to VLAN This section enables mapping an already configured Group Name to a VLAN for the selected stack switch unit To configure Group Name to VLAN mapping table via the web interface 1 Navigate to Configuration gt VLAN gt Protocol based VLAN gt Group to VLAN 2 Click Add new entry and specify the Group Name and VLAN ID Select the ports 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 82 Group Name to VLAN Mapping Table Group Name to VLAN mapping Table Port Members Delete Group Name VLAN ID 1 2 3 4 5 6 7 8 9A 10A 9B 10B No Group entries Add new entry Group Name to VLAN mapping Table Auto refresh C Port Members Delete Group Name VLAN ID 1 2 3 4 5 6 7 8 9A 10A 9B 10B Delete C a Parameter Description Delete To delete a Protocol to Group Name map entry check this box The entry will be deleted on the switch during the next Apply
166. f Remote ID option not matching known Remote ID Client Statistics Transmit to Client Number of relayed packets from server to client Transmit Error Number of packets that resulted in error while being sent to servers Receive from Client Number of received packets from server Receive Agent Option Number of received packets with relay agent information option Replace Agent Option Number of packets replaced with relay agent information option Keep Agent Option Number of packets when the relay agent information was retained Drop Agent Option Number of dropped and received packets w relay agent information Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 170 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 5 NAS This section describes how to configure the NAS parameters of the switch Use the NAS server to connect users to a variety of resources including Internet access conference calls printing documents on shared printers etc 5 5 1 Configuration This section describes how to configure NAS settings of IEEE 802 1X MAC based authentication system and port settings To configure NAS settings via the web interface Navigate to Security gt NAS gt Configuration Select Enabled to enable NAS globally on the switch Check Reauthentication Enabled Set Reauthentication Period Default is 3600 seconds Set EAPOL Timeout Default
167. ferent server is counted as a Request as well as a timeout Other Info State Shows the state of the server It takes one of the following values Round trip Time Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 191 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 7 Port Security This section enables configuring the Port Security settings to restrict input to an interface by limiting and identifying MAC addresses 5 7 1 Limit Control To configure Limit Control globally via th
168. figuration STP CIST Port Configuration STP ol Enabled STP Port Enabled on On ek U N Reset CIST Aggregated Port Configuration Auto CIST Normal Port Configuration lt gt Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Path Cost v Path Cost SNS SNS SN SS SNS SNS NE Priority Admin Edge ree det BPDU Guard e 128 v Non Edge v v Forced True v Priority Admin Edge S acre BPDU Guard e 2 gt v lt gt v lt gt v 128 Non Edge v v Auto v 128 v Non Edge v v Auto v 128 v Non Edge v v Auto v 128 v Non Edge v v Oo Auto v 128 v Non Edge v v Auto v 128 v Non Edge v Auto v 128 Non Edge v O C Auto v 128 Non Edge v v Auto v 128 Non Edge v v Auto v 128 v Non Edge v Auto v 128 v Non Edge v v Auto v 128 Non Edge v Auto v Parameter Description Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is us
169. figuration gt LLDP gt LLDP Configuration 2 Modify LLDP timing parameters if required 3 Set the required mode for transmitting or receiving LLDP messages 4 Specify the information to include in the TLV field of advertised messages 5 Click Apply Figure 60 LLDP Configuration Tx Interval Tx Hold Tx Delay Tx Reinit Optional TLVs Mode CDP aware Port Descr SysName Sys Descr Sys Capa Mgmt Addr z gt BA Disabled v aE ERARA AAAA KAO EERE EEEE ERANO Kieiofeioleieioieieic iam HERERO HH HSNO OQOOOQOOOOOOOOO00O Disabled v Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 81 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description LLDP Parameters Tx Interval The switch periodically transmits LLDP frames to its neighbours for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx D
170. for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 178 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 5 2 Switch Status This section displays each port s NAS status The status includes Admin State Port State Last Source Last ID QoS Class and Port VLAN ID To display the NAS Switch Status via the web interface 1 Navigate to Security gt NAS gt Switch Status 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 123 Network Access Server Switch Status Network Access Server Switch Status Autovetesh O Port Ad
171. for point to point LANs than for shared media Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 57 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 5 5 MSTI Ports This section enables the user to inspect and change the current STP MSTI port configurations An MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured on and applicable to the port Select the MSTI instance before displaying actual MSTI port configuration options It contains MSTI port settings for physical and aggregated ports To configure the Spanning Tree MSTI Port Configuration parameters via the web interface Navigate to Configuration gt Spanning Tree gt MSTI Ports Use the drop down menu to select the MST1 or other MSTI port Click Get to set the parameters of the MSTI ports Use the drop down menus to set all parameters of the MSTI Port configuration E a E Click Apply or click Reset to cancel the changes and revert to previously saved values Figure 40 MSTI Port Configuration Select MSTI Path Cost Priority eA z E3 to E3 to i 0 3 a to to alls to a u to ela Sle ala la ess e a il i OE z i to o Auto o D EA Parameter Description Toll Free 1 866 ALLWORX 585 421 3850 www allworx co
172. for this ACE A frame that hits this ACE matches this tag priority The number range is 0 to 7 The value Any means that no tag priority is specified tag priority is don t care Modification Buttons Modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listings Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 43 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 2 4 ACL Status The section describes how to display the ACL status by different ACL users Each row describes the defined ACE It is a conflict if a specific ACE does not apply to the hardware due to hardware limitations The maximum number of ACEs is 256 on each switch To display the ACL status in the web interface 1 Navigate to Configuration gt ACL gt ACL status 2 Check the Auto refresh button to refresh the page automatically periodically 3 Click Refresh to refresh the ACL Status Figure 31 ACL Status ACL Status Combined 7 Auto refresh Refresh User Ingress Port Frame Type Action Rate Limiter Port Redirect Mirror CPU CPU Once Counter Conflict IP Management All ARP Deny Disabled Disabled Disabled Yes No 934 No IP Manageme
173. g enabled IGMP SSM Range It enables the SSM aware hosts and routers run the SSM service model for groups in the address range Proxy Enabled Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Enable fast leave on the port Throttling Enable to limit the number of multicast groups to which a switch port can belong Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 63 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 6 2 VLAN Configuration This section describes the VLAN configuration settings integrated with IGMP Snooping function For each setting the page displays up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page displays the first 20 entries from the beginning of the VLAN Table in ascending order of the VLAN IDs The Start from VLAN field enables the user to select the starting point in the VLAN Table To configure the IGMP Snooping VLAN Configuration via the web interface 1 Navigate to Configuratio
174. g the Frame type field valid value of the following text field varies depending on the new frame type selected Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu Below are the criteria for the three different Frame Types For Ethernet Values in the text field when Ethernet is selected as a Frame Type is called etype Valid values for etype ranges from 0x0600 Oxffff For LLC Valid value in this case is comprised of two different sub values a DSAP 1 byte long string 0x00 Oxff b SSAP 1 byte long string 0x00 Oxff For SNAP Valid value in this case also is comprised of two different sub values a OUI OUI Organizationally Unique Identifier is value in format of xx xx xx where each pair xx in string is a hexadecimal value ranging from Ox00 Oxff b PID If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 Oxffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to Oxffff Group Name A valid Group Name is a unique 16 character long string which consists of a combination of alphab
175. garding incoming mail An acronum for SubNetwork Access Protocol SNAP is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Service Access Point SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier An acronym for Simple Network Management Protocol part of the Transmission Control Protocol Internet Protocol TCP IP protocol for network management SNMP permits diverse network objects to participate in a network management architecture It enables network management systems to learn network problems by receiving traps or change notices from network devices implementing SNMP An acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to perform shortest path forwarding within the stack Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising the SSIDs and can Toll Free 1 866 ALLWORX 585 421 3850 www all
176. gate to System gt Time gt NTP 2 Specify the NTP server address es 3 Click Apply Figure 5 NTP Configuration NTP Configuration Server 1 Server 2 Server3 Server 4 Server5 Parameter Description Server 1 to 5 Provide the NTP IPv4 or IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once lt can also represent a legally valid IPv4 address For example 192 1 2 34 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 9 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 3 Account Only the administrator can create modify or delete the username and password Administrator can modify other guest identities password without confirming the password but it is necessary to modify the administrator equivalent identity Guest equivalent identity can modify his password only It is necessary to confirm administrator guest identity in the field of Authorization in advance before configuring the username and password There can be only one administrator account but there can be up to 4 guest accounts No one can delete the administrator account 3 3 1 Users This page pr
177. ges from a mail server The protocol that IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves email messages on the server rather than downloading the messages to the computer To remove messages from the server use the mail client to generate local folders copy messages to the local hard drive and then delete and expunge the messages from the server An acronym for Internet Protocol used for communicating data across an internet network IP is a best effort system which means there is no assurance that a packet of information sent over reaches its destination in the same condition Each device connected to a Local Area Network LAN or Wide Area Network WAN is given an Internet Protocol address and uses this IP address to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number reduces drastically by the practice of webmasters taking addresses in large blocks the bulk of which remain unused There is a rather substantial movement to adopt a new version of the Intern
178. gt Configuration 2 Specify GARP parameters for all the ports 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 85 GARP Port Configuration GARP Port Configuration Auto refresh L Port wa iman vaus 7 Application Attribute Type GARP Applicant Join Timer Leave Timer Leave All Timer 1 200 600 0000 GVRP VLAN normal participant 2 20 60 0000 GVRP VLAN normal participant 3 2 60 0000 GVRP VLAN normal participant 4 200 600 0000 GVRP VLAN normal participant 5 20 600 0000 GVRP VLAN normal participant 6 200 60 0000 GVRP VLAN normal participant 7 200 600 0000 GVRP VLAN normal participant 8 a0 60 ooo GVRP v VLAN v normal participant 9A 200 60 0000 GVRP VLAN normal participant 10A 200 600 0000 GVRP VLAN normal participant 98 20 60 0000 GVRP VLAN normal participant 108 20 60 0000 GVRP VLAN normal participant Apply Reset Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 123 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port The Port coulmn displays the list of ports on the switch There are 4 settings which can be configured on a per port basis e Timer Values e Application e Attribute Type e GARP Applicant
179. he management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static MAC table can contain upto 64 entries The maximum of 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Delete Check to delete the entry It will be deleted during the next apply VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Adding a New Static Entry Click to add a new entry to the static MAC table Specify the VLAN ID MAC address and port members for the new entry Click Apply Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 105 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Dynamic MAC Table This page displays entries in the MAC Table The MAC Table contains up to 8192 entries and sorts first by VLAN ID and then by MAC address 4 10 8 To display MAC Address Table in the web interface Navigate to Configuration gt Filtering Database gt Dynamic MAC Table Figure 72 Dynamic MAC Address Table Information MAC Address Table Start from VLAN 1 Type Static Dynamic Static Static Static Static 200 200 20
180. he Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge it is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flat The current state of the Topology Change Flag of this Bridge instance Toppology Change Last The time since last topology change occurred 4 5 7 Port Status This section displays the STP CIST port status Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 59 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide To display the STP Port status in the web interface 1 Navigate to Configuration gt Spanning Tree gt Port Status 2 Checking the Auto refresh button automatically refreshes the page at periodic intervals 3 Click Refresh to refresh the port status page Figure 42 STP Port Status CISTRole CIST State Uptime Non STP i 1 2 3 4 5 6 7 8 9 Parameter Description Port The switch port number of the logical STP port CIST Role The current STP port role of the CIST port The port role can be one of the following values AlternatePort BackupPort RootPort DesignatedPort Disabled Non STP Cist State The current STP port state of the CIST port The port state can be one of the following values Blocking Learning Forw
181. he SNMP community parameters 4 Click Apply Figure 15 SNMP Communities SNMPv1 v2 Communities to Security Configuration Delete Community UserName SourceIP Source Mask Add new community Apply SNMPv1 v2 Communities to Security Configuration Delete Community User Name Add new community Apply Parameter Description Delete Check to delete the entry It will be deleted during the next Apply SNMPv2c community string restricted to 1 32 Community The community access string to permit access to SNMPv3 agent The string length is 1 to 32 and the content is ASCII characters from 33 to 126 The community string will be treated as security name and map an SNMPv1 or User Name The User Name access string to permit acccess to SNMPv3 agent The length is Source IP The SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with source mask Source Mask Indicates the SNMP access source address mask Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 21 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 6 4 Users Use the function to configure SNMPv3 users Max Group Number 10 To configure SNMP Users via the web interface 1 Navigate to System gt SNMP gt Users 2 Specify the security parameters 3 Click Apply Figure 16 SNMP Users Configuration SNMPv3 Users Co
182. he receiver The range is 200 1500 bytes The default is 1400 bytes Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 147 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 16 2 Sampler This page displays the sFlow sampler and it is available to edit There is a random sample average of 1 out of N packets operations This type of sampling does not provide a 100 accurate results but it does provide a result with quantifiable accuracy To configure the sFlow Agent via the web interface 1 Navigate to Configuration gt sFlow Agent gt Sampler Click the symbol to edit the sFlow sampler parameters Select the Sample Type and set the other parameters Click Apply or click Reset to cancel changes and revert to previously saved values Figure 102 sFlow Sampler Configuration sFlow Sampler Configuration sFlow Port 1 sFlow Instance 1 Sampler Type None sFlow Configuration sFlow Ports sFlow instance Sampler Type Sampling Rate Max Hdr Size Counter Polling Interv 1 f Hone 0 128 0 None Sampling Rate 0 Max Hdr Size 128 Polling Interval 0 Apply Reset Cancel 104 1 None 0 128 y we 1 None 0 Parameter Description sFlow Ports List of the port numbers on which sFlow is configured sFlow Instance Configured sFlow instance for the port number Sampler Type Configured sampler type on the port It can one of the following
183. he section displays the QoS queuing counters for a specific switch port for all the different queues To display the queuing counters in the web interface 1 Navigate to Configuration gt Port gt QoS Statistics 2 Check the Auto refresh check box for periodic page refresh 3 Click Refresh to refresh the port statistics or click Clear to clear all statistics on the ports Figure 25 Queuing Counters vu o a lo 169 IN IG 1 IS w IN ls Lak faa rm 0 eos coo co oo So o Q1 0 i i fa 0 eaooococoococec gt Q2 0 ey fe fey fe fe fe fe fe fe e 0 pp Q3 UN ERIC UDC RX U RITA RK Ta FR TK 0 pp i fp 0 fr i i pr Q4 0 I a fr 0 ph ip E Q5 0 Ssoisia a Sie So So io js 0 i i csonogaoooe Queuing Counters Overview Q6 0 ooooocooco coco oo fo Tx ooooooco coco o of Auto refesh O Q7 Rx 1x 0 10732 eocoocoocoococ ooo fs oeoocoocoooco coco oo fo Parameter Description Port Indicates the port number Qn Qn is the Queue number QO is the lowest priority queue Rx Tx The number of received and transmitted packets per queue Auto refresh To refresh the Queuing Counters automatically Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 35 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 1 6 SFP Information
184. he statistics to view 3 Check Auto refresh to refresh the page automatically at periodic intervals 4 Click Refresh to refresh the page manually Figure 131 RADIUS Authentication and Accounting Statistics RADIUS Authentication Serer 1 v Auto refresh Statistics for Server 1 0 0 0 0 1812 Receive Packets Transmit Packets Access Accepts Access Rejects Access Challenges Access Requests Access Retransmissions Pending Requests Timeouts oooo Malformed Access Responses Bad Authenticators Unknown Types Packets Dropped oooooo0oo0o Other Info State Disabled Round Trip Time 0 ms RADIUS Accounting Statistics for Server 1 0 0 0 0 1813 Receive Packets Transmit Packets Responses Malformed Responses Bad Authenticators Unknown Types Packets Dropped Requests Retransmissions Pending Requests Timeouts ooooo oooo Other Info State Disabled Round Trip Time 0 ms Parameter Description RADIUS Authentication Statistics Rx Access Accepts The number of RADIUS Access Accept packets valid or invalid received from the server Rx Access Rejects The number of RADIUS Access Reject packets valid or invalid received from the server Rx Access Challenges The number of RADIUS Access Challenge packets valid or invalid received from the server Rx Malformed Access The number of malformed RADIUS Access Response packets received from Responses the server Malformed packets include packets wi
185. hutdown State Counter 2 0 Permit Disabled Y Pot1 Disabled Disabled Disabled Y Enabled v 0 Pot2 30 Permit Disabled Y Pot1 SI Disabled Disabled Y Disabled 7 Enabled v 0 a 40 Permit w Disabled w Port 1 Disabled w Disabled w Disabled w Enabled w 0 5 0 Permit Disabled Port 1 Disabled Disabled Disabled Enabled v 0 6 0 Permit Disabled Y Port1 Disabled Disabled Disabled 7 Enabled v 0 a 2 0 Permit v Disabled Y Port1 E Disabled Disabled Disabled Enabled 0 2 0 Permit Disabled w Port1 Disabled w Disabled w Disabled w Enabled w 0 23 0 Permit Disabled Poti Disabled Disabled Disabled Enabled 7 0 Pot2 24 0 Permit Disabled Disabled Disabled Disabled Enabled v 0 Port 1 Pota E Disabled lt 25 0 Permit Disabled Port Z Port Disabled 7 Disabled 7 Disabled 7 Enabled 7 0 ort 1 ot2 v Disabled a 1 amp 2 26 0 Permit Disabled Disabled Disabled Disabled w Enabled 0 Port Port ad Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 38 a I Iw rx PowerFle
186. ice VLAN so that the switch can classify and schedule network traffic Allworx recommends that there are two VLANs on a port one for voice one for data To configure Voice VLAN via the web interface Navigate to Configuration gt Voice VLAN gt Configuration Enable the Voice VLAN mode Specify the VLAN ID Aging Time and Traffic Class Specify Port Mode Security and Discovery Protocol for each port in the Port Configuration section or BO N Click Apply or click Reset to cancel changes and revert to previously saved values Figure 83 Voice VLAN Configuration Voice VLAN Configuration Mode Enabled vi VLAN ID 200 Aging Time 56400 seconds Traffic Class 7 High v Port Configuration Port Mode Security Discovery Protocol Forced M lt gt LLDP v 1 Forced Disabled LLDP 2 Forced Disabled LLDP v 3 Forced Disabled LLDP v 4 Forced Disabled LLDP v 5 Forced Disabled LLDP v 6 Forced Disabled LLDP 7 Forced Disabled Y LLDP v 8 Forced _ Disabled LLDP Sd 9A Disabled Disabled LLDP v 104 Disabled Disabled LLDP q 9B Disabled Disabled LLDP v 10B Disabled v Disabled LLDP x Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 119 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Mode Indicates the Voice VLAN mode operatio
187. iguration gt VLAN gt MAC based VLAN gt Status 2 Specify the view Static NAS Combined Figure 80 MAC based VLAN Membership Status for User Static MAC based VLAN Membership Configuration for User Static Stic v Autovettesh O Port Members MAC Address VLAN ID 1 2 3 4 5 6 7 8 9 10 11 12 No data exists for the user Parameter Description MAC Address Indicates the MAC address VLAN ID Indicates the VLAN ID Port Members Port members of the MAC based VLAN entry Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 115 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 11 7 Protocol based VLAN The switch supports Ethernet LLC and SNAP protocols LLC The Logical Link Control LLC data communication protocol layer is the upper sub layer of the Data Link Layer which is itself layer 2 just above the Physical Layer in the seven layer OSI reference model It provides multiplexing mechanisms that make it possible for several network protocols IP IPX Decnet and Appletalk to coexist within a multipoint network and to be transported over the same network media and can also provide flow control and automatic repeat request ARQ error management mechanisms SNAP The Sub network Access Protocol SNAP is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Service Access Point SAP fields
188. in any other way There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority DP level Controls the default Drop Precedence level i e the DP level for frames not classified in any other way PCP Controls the default PCP for untagged frames DEI Controls the default DEI for untagged frames Tag Class Displays the classification mode for tagged frames on this port Disabled Use default QoS class and DP level for tagged frames Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 130 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 2 Port Policing This section provides an overview of QoS Ingress Port Policers for all switch ports The Port Policing is useful in constraining traffic flows and marking frames above specific rates Policing is primarily useful for data flows and voice or video flows because voice and video usually maintain a steady rate of traffic To configure the QoS Port Policing via the web interface 1 Navigate to Configuration gt QoS gt Port Policing 2 Check the Mode checkbox to enable policing on a port Set the rate in kbps Mbps fps or kfps 3 Click Apply or click
189. ion is only available for single client modes i e e e Port based 802 1X e e Single 802 1X RADIUS attributes used in identifying a QoS Class Refer to the written documentation for a description of the RADIUS attributes needed in order to successfully identify a QoS Class The User Priority Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access Accept packet Only the first occurrence of the attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 3 which translates into the desired QoS Class in the range 0 3 RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid the port s Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be forced into VLAN unaware mode Once assigned all traffic arriving on the port will be classified and switched on the RADIUS assigned VLAN ID Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 176 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s
190. ion service if required 3 Click Apply Figure 9 IPv6 Configuration IPv6 Configuration Configured Current Auto Configuration c0a8 0101 Address c0a8 0101 Link Local Address fe80 020a ddff fe04 0014 Prefix 96 96 Gateway Parameter Description Auto Configuration Enable IPv6 auto configuration by checking this box If it fails and the configured IPv6 address is zero the router may delay responding to a router solicitation for a few seconds The total time needed to complete auto configuration can be significantly longer Address Provide the IPv6 address for the switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It can also represent a legally valid IPv4 address For example 192 1 2 34 Prefix Provide the IPv6 prefix for the switch The range is 1 to 128 Gateway Provide the IPv6 gateway address for thie switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros
191. is the version of mechanical Series number The serial number is assigned by the Manufacturer Host IP address Subnet Mask and Gateway IP Address The IP address subnet mask and gateway IP address set on the switch Host MAC address The Ethernet MAC address of the management agent in the switch RAM size The size of the RAM switch in MB Flash size Switch flash memory size in MB Bridge FDB size Displays the bridge RDB size Transmit Queue Displays the device s transmit hardware priority queue information Maximum Frame size Display the device maximum frame size Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 5 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 1 2 Configuration Users can identify the system by configuring the contact information name and location of the switch To configure System Information in the web interface 1 Navigate to System gt System Information gt Configuration 2 Specify the System Contact System Name and System Location information 3 Click Apply Figure 3 System Configuration System Information Configuration System Contact System Name PowerFlex P810 System Location Parameter Description System Contact The contact person for this managed switch along with the contact information The string length is 0 to 255 and the content is ASCII characters
192. iscover Number of discover option 53 with value 1 packets received and transmitted Rx and Tx Offer Number of offer option 53 with value 2 packets received and transmitted Rx and Tx Request Number of request option 53 with value 3 packets received and transmitted Rx and Tx Decline Number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK Number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK Number of NAK option 53 with value 6 packets received and transmitted Rx and Tx Release Number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform Number of inform option 53 with value 8 packets received and transmitted Rx and Tx Lease Query Number of lease query option 53 with value 10 packets received and transmitted Rx and Tx Lease Number of lease unassigned option 53 with value 11 packets received and Unassigned transmitted Rx and Tx Lease Number of lease unknown option 53 with value 12 packets received and Unknown transmitted Rx and Tx Lease Active Number of lease active option 53 with value 13 packets received and transmitted Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 167 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 4 DHCP Relay This section describes how to forward DHCP requests to another specific DHCP server via DHCP relay The DH
193. l changes and revert to previously saved values Figure 100 Storm Control Configuration Storm Control Configuration Frame Type Enable Rate pps Unicast C 1 v Multicast O 1 v Broadcast d 1 v Parameter Description Frame Type The settings in a particular row apply to the frame type listed here Unicast Multicast or Broadcast Enable Enable or disable the storm control status for the given frame type Rate The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K 1024K 2048K 4096K 8192K 16384K or 32768K 1024K 2048K 4096K 8192K 16384K or 32768K 1 kpps is actually 1002 1 pps Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 146 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 16 sFlow Agent Monitor and modify the sFlow Collector configuration for the switch here The switch supports up to 1 Collector This page enables configuring sFlow collector IP type sFlow collector IP Address and Port Number 4 16 1 Collector The Current field displays the currently configured sFlow Collector The Configured field displays the new Collector settings configured by the administrator To configure the sFlow Agent via the web interface 1 Navigate to Configuration gt sFlow Agent gt Collector 2 Set the parameters for the Collector
194. le disable RADIUS server assigned QoS Class functionality When checked the individual ports ditto setting determine whether RADIUS assigned QoS Class is enabled on that port When unchecked RADIUS server assigned QoS Class is disabled on all ports RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned VLAN Enabled below for a detailed description The RADIUS Assigned VLAN Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned VLAN functionality When checked the individual ports ditto setting determine whether RADIUS assigned VLAN is enabled on that port When unchecked RADIUS server assigned VLAN is disabled on all ports Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1 X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether th
195. le port is opened for network traffic This enables other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though each is really are not authenticated To overcome this security breach use the Multi 802 1X variant Multi 802 1X is not an IEEE standard but features many of the same characteristics as port based 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In Multi 802 1X one or more supplicants can get authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames sent from the switch towards the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited usi
196. led 0 Down 6 Shutdown Enabled 0 Down 7 Shutdown Enabled 0 Down 8 Shutdown Enabled 0 Down 9A Shutdown Enabled 0 Down 104 Shutdown Enabled 0 Down 9B Shutdown Enabled 0 Down 108 Shutdown Enabled 0 Down Parameter Description Port Indicates the switch port number Action The currently configured port action Transmit The currently configured port transmit mode Loops The number of loops detected on this port Status The current status of the port Loop Whether a loop is currently detected on the port Time of last loop The time the last loop was detected on the port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 150 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 18 Single IP The Single IP feature enables management of a switch stack consisting up to 32 PowerFlex switches using a single IP Each Single IP group consists of a Master switch with all other switches in the group set as Slaves The Master Switch acts as an agent to manage all switches in the group Access the Slave switches from the Master switch 4 18 1 Configuration To configure Single IP via the web interface 1 Navigate to Configuration gt Single IP gt Configuration 2 Specify the Single IP mode and Group name 3 Click Apply or Click Reset to revert to previously saved values Figure 105 Single IP Configuration Single IP Configuration Mode Disabled Y Group Name
197. les of type Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 209 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 5 Diagnostics This section provides a set of basic system diagnosis The basic system check includes ICMP Ping ICMPv6 and VeriPHY Cable Diagnostics 6 5 1 Ping This section enables issuing ICMP PING packets to troubleshoot IPv4 connectivity issues To send an ICMP PING via the web interface 1 Navigate to Maintenance gt Diagnostics gt Ping 2 Specify the IP Address to ping 3 Specify the Ping length Count and Interval 4 Click Start Figure 149 ICMP Ping Update figure ICMP Ping IP Address 0 0 0 0 Ping Length 56 Ping Count 5 Ping Interval 1 After clicking Start 5 ICMP packets transmit and display the sequence number and roundtrip time upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING server 10 10 132 20 56 bytes of data 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 132 20 icmp_seq 3 time 0ms 64 bytes from 10 10 132 20 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 210 a I Iw rx PowerFlex 8 24 48 Port GbE PoE M
198. lies Mode Controls whether Limit Control is enabled on this port Both port mode and the Global Mode must be set to Enabled for Limit Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port Limit The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The switch is born with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be guaranteed if the remaining ports have already used all available MAC addresses Action If Limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further action Trap If Limit 1 MAC addresses are seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent everytime the limit gets exceeded Shutdown If Limit 1 MAC addresses are seen on the port shut down the port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 193 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide This implies that all secure
199. lly enabled Port Configuration Port The port parameters are as described below The port number for which the configuration applies Admin State If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and allows any client on the port network access without authentication Force Unauthorized In this mode the switch sends one EAPOL Failure frame when the port link comes up and denies network access to any client on the port Port based 802 1X In the 802 1 X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible because it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authe
200. ls 3 Click Refresh to refresh the page manually Figure 86 GARP Port Statistics GARP Port Statistics Port PeerMAC Failed Count 1 Auto refresh C Parameter Description Port The Port column displays the list of all ports for which per port GARP statistics are shown Peer MAC Peer MAC is MAC address of the neighbor Switch from which the GARP frame is received Failed Count Number of GARP Join packets received by the switch that failed to join a VLAN Attribute Type Currently only supported Attribute Type is VLAN GARP Applicant This configuration is used to configure the Applicant state machine behaviour for GARP on a perticular port locally e Normal participant In this mode the Applicant state machine will operate normally in GARP protocol exchanges e Non participant In this mode the Applicant state machine will not participate in the protocol operation The default configuration is normal participant Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 125 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 14 GVRP GVRP is an application based on Generic Attribute Registration Protocol GARP mainly used to maintain the group membership information of the VLANs automatically and dynamically GVRP provides the VLAN registration service through a GARP application It makes use of GARP Information Declaration GID to maintai
201. m Revised October 30 2013 Page 58 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Port The switch port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Priorty Controls the port priority This can be used to control priority of ports having identical port cost See above 4 5 6 Bridge Status This section provides a status overview of all STP bridge instances To display the STP Bridge status in the web interface 1 Navigate to Configuration gt Spanning Tree gt Bridge Status 2 Checking the Auto refresh button automatically refreshes the page at periodic intervals 3 Click Refresh to refresh the STP Bridge status Figure 41 STP Bridge Status STP Bridges Auto refresh L s Root Topology Topology mar Brida ID Port Cost Flag Change Last CIST 80 00 00 04 DD 04 00 14 80 00 00 0A DD 04 00 14 0 Steady Parameter Description MSTI The Bridge instance This is also a link to the STP Detailed Bridge Status Bridge ID T
202. manufacturer Date Code Display the date this SFP module was made Temperature Display the current temperature of SFP module Vcc Display the working DC voltage of SFP module Mon1 Bias mA Display the Bias current of SFP module Mon2 TX PWR Display the transmit power of SFP module Mon3 RX PWR Display the receiver power of SFP module Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 36 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 1 7 EEE This section enables the user to inspect and configure the current EEE port settings EEE is a power saving option that reduces the power usage when there is very low traffic utilization or no traffic EEE works by powering down circuits when there is no traffic All circuits power up when a port gets data to transmit The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 us for 1Gbit links and 30 us for other link speeds EEE devices must agree upon the value of the wakeup time in order to make sure that both the receiving and transmitting device has all circuits powered up when transmitting traffic The devices can exchange information about the devices wakeup time using the LLDP protocol For maximizing the power saving the circuit isn t started at once transmit data are ready for a port but is instead queued until 3000 bytes of data are read
203. may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Other Info State State Shows the state of the server It takes one of the following values Round trip Time Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Servers Rx Responses The number of RADIUS packets valid or invalid received from the server Rx Malformed Responses The number of malformed RADIUS packets received from
204. min State Port State Last Source LastID QoS Class Port VLAN ID Force Authorized Globally Disabled Force Authorized Globally Disabled Force Authorized Globally Disabled Force Authorized Globally Disabled Force Authorized Globally Disabled Force Authorized Globally Disabled G G GI G G G Force Authorized Globally Disabled Force Authorized Force Authorized Force Authorized Force Authorized Parameter Description Port The switch port number Click to navigate to detailed NAS statistics for this port I 100 N IG a 1 o S I D Force Authorized Globally Disabled D D so obally Disabled obally Disabled obally Disabled isabled is is ico n oO obal Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication QoS Class QoS Class assigned to the por
205. mit the requested Web page The other main standard that controls how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web server machine contains in addition to the Web page files it can serve an HTTP daemon a program that is designed to wait for HTTP requests and handle it when arriving The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishing a Transmission Control Protocol TCP connection to a particular port on a remote host port 80 by default An HTTP server listening on that port waits for the client to send a request message An acronym for Hypertext Transfer Protocol over Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer TCP IP SSL uses a 40 bit key size for the RC4 stream encryption algorithm which is considered an adequate degree of encryption for commercial exchange Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 216 a I Iw rx PowerFlex 8 24 48 Port GbE P
206. mitted MAC Address User MAC address of the entry IP Address User IP address of the entry Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 165 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 3 DHCP Snooping This section describes how to configure the DHCP Snooping parameters DHCP Snooping can prevent attackers from adding their own DHCP servers to the network 5 3 1 Configuration To configure DHCP Snooping via the web interface 1 2 3 4 Navigate to Security gt DHCP Snooping gt Configuration Set the Snooping Mode as Enabled Set the mode of the port to Trusted Click Apply Figure 118 DHCP Snooping Configuration DHCP Snooping Contiguration Snooping Mode Disabled v Port Mode Configuration Port Mode a lt gt v 1 Untrusted v 2 Untrusted 3 Untrusted 4 Untrusted 5 Untrusted 6 Untrusted Untrusted 6 Untrusted JA Untrusted 104 Untrusted v 9B Untrusted 106 Untrusted Anniv Raset Parameter Description Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Po
207. mitted Sys Descr Optional TLV When checked the system description is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP information transmitted Mgmt Addr Optional TLV When checked the management address is included in LLDP information transmitted Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 83 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 9 2 LLDP Neighbors This page provides a status overview for all LLDP neighbors To display LLDP neighbors in the web interface 1 Navigate to Configuration gt LLDP gt LLDP Neighbors 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to update manually the current page Figure 61 LLDP Neighbor Information LLDP Neighbour Information Apres Local Chassis Remote Port System Port System Management Port ID ID Name Description Capabilities Address No LLDP neighbour information found D NOTE If the switch has not discovered any LLDP devices the table display No LLDP neighbor information found Parameter Description Local Port The port on which the LLDP frame was received Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Remote Port ID The Remote Port ID is the identification of the neighbor port System Name System Name is
208. n We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system The range is 1 to 4095 Aging Time Indicates the Voice VLAN secure learning aging time The range is 10 to 10000000 seconds It is used when security mode or auto detect mode is enabled In other cases it will be based on hardware aging time The actual aging time will be in the age_time 2 age_time interval Traffic Class Indicates the Voice VLAN traffic class All traffic on the Voice VLAN will belong to this class Port Mode Indicates the Voice VLAN port mode When the port mode is not equal disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is a VolP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN Port Security Indicates the Voice VLAN port security mode When the function is enabled all non telephonic MAC addresses in the Voice VLAN will be blocked for 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice
209. n gt IGMP Snooping gt VLAN Configuration 2 Check uncheck the Snooping Enabled checkbox to enable or disable Snooping on that VLAN 3 Click the Refresh to update the data or click lt lt or gt gt to display previous entry or next entry 4 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 45 IGMP Snooping VLAN Configuration IGMP Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page VLANID Snooping Enabled 1 Parameter Description Snooping Enabled Enable the Global IGMP Snooping Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 64 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 6 3 Port Group Filtering This section describes how to set the IGMP Port Group Filtering In some network Application environments as like the metropolitan or multiple dwelling unit MDU installations a user might want to control the multicast groups to which a user on a switch port can belong It enables the user to control the distribution of multicast services such as IP TV based on some type of subscription or service plan With this feature users can filter multicast joins on a per port basis by configuring IP multicast profiles and associating users with individual switch ports An IGMP profile can contain one or more multicast groups and specifies whether to permit or deny access to the group If an IGMP profil
210. n alphabets or numbers VLAN name should contain atleast one alphabet Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Adding New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 Enables the VLAN on the selected stack switch unit when clicking on Apply The VLAN is thereafter present on the other stack switch units but with no port members The check box is greyed out when VLAN is displayed on other stacked switches but user can add member ports to it Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 107 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide A VLAN without any port members on any stack unit will be deleted when clicking Apply 4 11 2 Ports After adding ports to VLANs modify the port type egress rules and PVID settings in the VLAN port configuration page The function in VLAN Tag Rule Setting user can input VID number to each port The range of VID number is from 1 to 4094 User also can select ingress filtering rules to each port There are two ingress filtering rules to apply to the switch The Ingress Filtering Rul
211. n be 0 1 2 or unlimited If the port mode is enabled and the value of max dynamic client is equal to 0 it means only forward IP packets that are matched in static entries on the specific port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 160 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 1 2 2 Static Table This section describes how to configure the Static IP Source Guard Table parameters To configure Static IP Source Guard Table via the web interface Navigate to Security gt IP Source Guard gt Static Table Click Add new entry Specify the Port VLAN ID IP Address and MAC address in the entry UI has no MAC address field Click Apply PN gt Figure 113 Static IP Source Guard Table Static IP Source Guard Table Delete Port VLANID IP Address MAC address Static IP Source Guard Table Delete Port VLANID IP Address MAC address e Parameter Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The vlan ID for the entry IP Address Allowed Source IP address IP Mask Allowed Source IP mask MAC address Allowed Source MAC address Add new entry Click to add a new entry to the Static IP Source Guard table Specify the Port VLAN ID IP address and IP Mask for the new entry Click Apply Toll Free 1 866 ALLWORX 585 4
212. n the ports associated with the attribute database and GARP Information Propagation GIP to communicate among switches and end stations With GID information and GIP GVRP state machine maintains the contents of Dynamic VLAN Registration Entries for each VLAN and propagate the information to other GVRP aware devices to setup and update the knowledge database the set of VLANs associated with current active members and the ports to reach these members 4 14 1 Configuration This page enables configuring the basic GVRP settings for all switch ports The settings relate to the currently selected stack unit as reflected by the page header To configure GVRP Port settings via the web interface 1 Navigate to Configuration gt GVRP gt Configuration 2 Specify the GVRP mode and port Parameters 3 Click Apply Figure 87 GVRP Global Configuration GVRP Mode Disable v Port GVRP Mode GVRP rrole Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable v Disable v Disable Disable Disable v Disable Disable Disable Disable Disable Disable v Disable Disable Disable Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 126 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description GVRP
213. ner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Size Enter the maximum frame size for the switch port including FCS Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions default Restart Restart backoff algorithm after 16 collisions Power Control The Usage column displays the current percentage of the power consumption per port The Configured column enables changing the power savings mode parameters per port Disabled All power savings mechanisms disabled ActiPHY Link down power savings enabled PerfectReach Link up power savings enabled Enabled Both link up and link down power savings enabled Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 30 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 1 2 Port Description The section describes how to configure the ports alias or any description for the port identity To configure port description via the web interface 1 Navigate to Configuration gt
214. nfig 2 Click Save configuration 3 Save the file in the local device Figure 147 Export Configuration Save configuration File Download Do you want to open or save this file lt Name config xml Type XML Document 49 4KB From 192 168 20 22 While files from the Internet can be useful some files gn potentially harm your computer If you do not trust the source Ao save this file What s the risk C Save As Desktop amy Documents 3 My Computer My Recent Bm Network Places Documents 1000913 B 20111001 Oai Desktop when download completes Qddisc_change_v2_5 mo My Documents File name config xml i Save as type XML Document My Network Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 208 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 4 2 Import Config This section describes how to import the Switch configuration To import config file to the switch via the web interface 1 Navigate to Maintenance gt Export Import gt Import Config 2 Click Choose File to select the config file from the local device 3 Click Upload Figure 148 Import Config Update figure My Recent Documents e Desktop A My Documents My Computer My Network File name Places Fi
215. nfiguration User Security Authentication Authentication Privacy Privacy Name Level Protocol Password Protocol Password a om SNMPv3 Users Configuration Delete Delete User Security Authentication Authentication Privacy Privacy Name Level Protocol Password Protocol Password Delete Auth Priv v MD5 DES Add new user Apply Parameter Description Delete Check to delete the entry It will be deleted during the next Apply User Name A string identifying the user name The string length is 1 to 32 and the content is ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exists So ensure that the value is set correctly during initial configuration Authentication Protocol Indicates the authentication protocol that this entry should belong to Possible authentication protocols are None No authentication protocol MD5 An optional flag to indicate that this user uses MD5 authentication protocol SHA An optional flag to indicate that this user uses SHA authentication protocol Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 22 a I Iw rx PowerFlex 8 24
216. ng functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period Aging Period If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying port security for securing MAC addresses there may be other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Limit Control is enabled The end host can forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it wasn t for aging the end host would still take up resources on this switch and can forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration Port The port number to which the configuration app
217. ng representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e e Port based 802 1X e Single 802 1X e Multi 802 1X For trouble shooting VLAN assignments use the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reauth Count and no EAPOL frames have been received in the meanwhile the switch considers entering the Guest VLAN The Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 177 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if th
218. ng the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string of the following form XX XX XX XX XX XX that is a dash is used as separator between the lower case hexadecimal digits The switch only supports the MD5 Challenge Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 175 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over
219. ng values Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 187 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Auto refresh Upper right icon Refresh The page will be automatically refreshed at periodic intervals Click to manually refresh the page Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 188 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 6 3 RADIUS Details This section displays detailed statistics of the RADIUS Authentication and Accounting servers The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB To view the RADIUS Details in the web interface 1 Navigate to Security gt AAA gt RADIUS Details 2 Specify server with t
220. nism are only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including Network Connectivity Devices or other types of links Coordinates Location Latitude Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 digits It is possible to specify the direction to either North of the equator or South of the equator Longitude Longitude SHOULD be normalized to within 0 180 degrees with a maximum of 4 digits It is possible to specify the direction to either East of the prime meridian or West of the prime meridian Altitude Altitude SHOULD be normalized to within 32767 to 32767 with a maximum of 4 digits It is possible to select between two altitude types floors or meters Meters Representing meters of Altitude defined by the vertical datum specified Floors Representing altitude in a form more relevant in buildings which have different floor to floor dimensions An altitude 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum is used for the coordinates given in these options WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Toll Free 1 866 ALLWORX 585 421 3850 www
221. nosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VolP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 4 Video Conferencing 5 Streaming Video 6 Control Signalling conditionally support a separate network policy for the media types above A large network may support multiple VoIP policies across the entire organization and different policies per application type LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration
222. ns both static and dynamic entries The network administrator configures the static entries if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which displays the MAC address of the equipment sending the frame and uses the SMAC address by the switch to automatically update the MAC table with these dynamic MAC addresses The MAC table removes dynamic entries after not seeing the frame with the corresponding SMAC address after a configurable age time 4 10 7 Configuration Configure the MAC Address Table on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here To configure MAC Address Table via the web interface 1 Navigate to Configuration gt Filtering Database gt Configuration 2 Check the Disable Automatic Aging checkbox to disable the feature 3 Specify the Aging Time 4 Click Apply MAC Table Learning 1 Use the radio buttons to set the port members to Auto Disable or Secure 2 Click Apply Static MAC Table Configuration 1 Click Add new Static entry 2 Specify the VLAN ID MAC address and select the port members 3 Click Apply or click Reset to cancel changes and revert to previously saved values Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 103 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Figure 71 MAC Address
223. nt All IPv4 UDP 68 DHCP Server Deny Disabled Disabled Disabled Yes No 0 No Reserved All EType Permit Disabled Disabled Disabled No No 0 No Reserved All EType Permit Disabled Disabled Disabled No No 0 No Static All Any Permit Disabled Disabled Disabled No No 3410 No Parameter Description User Indicates the ACL user Ingress Port Indicates the ingress port of the ACE Possible values are All The ACE will match all ingress ports Port The ACE will match a specific ingress port Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The range is 1 to 16 When disabled Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised Octo
224. nticator the switch does not need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant NOTE Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant and since the server has not yet failed because the X seconds has not expired the same server will be contacted Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 174 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide upon the next backend authentication server request from the switch This scenario loo
225. o kbps vi amna P Eoo kbps vi amna P poo kbps i Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 132 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Mode Displays the scheduling mode for this port Weight Qn Displays the weight for this queue and port Scheduler Mode Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this port Queue Shaper Rate Queue Shaper Unit Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 1000 when the Unit is Mbps Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls allowing the queue to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted Queue Scheduler Percent Displays the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to
226. oE Managed Switch User s Guide l ICMP IEEE 802 1X IGMP IGMP Querier IMAP An acronym for Internet Control Message Protocol A protocol that generated the error response diagnostic or routing purposes ICMP messages generally contain information about routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection An IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access from that port if authentication fails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network An acronym for Internet Group Management Protocol A communications protocol used to manage the membership of Internet Protocol multicast groups by IP hosts and adjacent multicast routers to establish multicast group memberships It is an integral part of the IP multicast specification like ICMP for unicast connections Online video and gaming use IGMP and enable a more efficient use of resources when supporting these uses A router sends IGMP Query messages onto a particular link This router is called the Querier An acronym for Internet Message Access Protocol A protocol for email clients to retrieve email messa
227. oS Dotted Decimal Notation DSCP EEE task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address Forwards and transfers DHCP messages between the clients and the server when not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vian_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC
228. oS Class Available QoS Class values range from 0 to 7 QoS Class 0 7 can be mapped to a DSCP value DPL Drop Precedence Level 0 1 can be configured for all available QoS Classes DSCP a vad value 0 63 from DSCP menu to map to corresponding QoS Class and value Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 140 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 10 QoS Control List Configuration This section shows the QoS Control List QCL which is made up of the QCEs Each row describes a defined QCE The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list To configure the QoS Control List parameters via the web interface 1 Navigate to Configuration gt QoS gt QoS Control List Click the sign to add a new QoS Control List Set the parameters for the QCE and apply it to a port by checking the box es for the ports s Pp N Click Apply or click Reset to cancel changes and revert to previously saved values Figure 98 QoS Control List Configuration Action QCE Port Frame Type SMAC DMAC VID class DPL DSCP Port Members 1 2 3 4 5 6 7 8 9A 10A 9B 10B Ea ajajaja M a a Tag VID PCP DEI SMAC i DMAC Type Frame Type Any Apply J Reset Cancel Parameter Description QCE Indicates the index of QCE Port Indicates the list of ports configured with the QCE
229. og entry ID ID gt 1 of the system log entry Time The time of the system log entry based on the system time Message Display a detailed log detail message Upper right icons Refresh clear etc Click to refresh or clear the system log and to go to next and previous page entries Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 17 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 5 3 Detailed Log This section provides a detailed message of each log entry To display the detailed log configuration in the web interface Navigate to System gt Syslog gt Detailed Log Figure 12 Detailed Syslog Information Level Info Time Message Switch just made a cold boot Parameter Description ID ID gt 1 of the system log entry Message Display a detailed log detail message Upper right icons Refresh Click to refresh or clear the system log and to go to next and previous page clear etc entries Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 18 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 6 SNMP Any Network Management System NMS running the Simple Network Management Protocol SNMP can manage the Managed devices equipped with SNMP agent if a correct installation of the Management Information Base MIB on the managed devices Using an S
230. oice over IP phones Wireless Access Points etc To configure Easy Port via the web interface 1 Navigate to Configuration gt Easy Port 2 Use the drop down menu to set the role for the device and set the parameters for the role 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 107 Easy Port Configuration Easy Port Configuration Port Members 1 2 3 4 5 6 7 8 9A 10A 9B 10B CHE SEL a CHEL E Role IP Phone Access VLAN 1 VLAN Mode Hybrid Voice VLAN 200 Traffic Class 7 High Port Security Enable Port Security Action Trap v Port Security Limit 1 Spanning Tree Admin Edge Enable Spanning Tree BPDU Guard Enable v Parameter Description Port Members To select which Port to enable the Easy Port function for Role Select the type of device to connect and implement the Easy Port settings for Access VLAN To set the Access VLAN ID VLAN Mode Select the VLAN mode Access Trunk or Hybrid Voice VLAN Set the Voice VLAN ID for VolP phones Traffic Class Select the traffic class for the data stream priority The value range is 0 Low to 7 High For example if voice trafic has higher priority set the Traffic Class value as 7 Port Security Enable or disable the Port Security function on the port If turning on the function then set the Port Security limit the number of devices that can access
231. olicies apply as those advertised in the Video Conferencing application policy Tag VLAN ID Tag indicating whether the specified application type is using a tagged or an untagged VLAN Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 89 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority may be one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 DSCP DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may
232. om Revised October 30 2013 Page 67 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 6 6 IPv4 SSM information Source Specific Multicast SSM is a datagram delivery model that best supports one to many applications also known as broadcast applications SSM is a core network technology of IP multicast targeted for audio and video broadcast application environments For the SSM delivery mode an IP multicast receiver host must use IGMP Version 3 IGMPv3 to subscribe to channel S G By subscribing to this channel the receiver host is indicating that it wants to receive IP multicast traffic sent by source host S to group G The network will deliver IP multicast packets from source host S to group G to all hosts in the network that have subscribed to the channel S G SSM does not require group address allocation within the network only within each source host Different applications running on the same source host must use different SSM groups Different applications running on different source hosts can arbitrarily reuse SSM group addresses without causing any excess traffic on the network SSM by INA reserves addresses in the range 232 0 0 0 8 232 0 0 0 to 232 255 255 255 In the switch configure SSM for arbitrary IP multicast addresses also To display the IGMPv3 IPv4 SSM Information in the web interface 1 Navigate to Configuration gt IGMP Snooping gt IPv4 SSM Information 2 Check Auto refresh to ref
233. on found NOTE If there are no LLDP MED devices in the network the table displays No D LLDP MED neighbor information found Parameter Description Port The port on which the LLDP frame was received Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint LLDP MED Endpoint Devices as defined in TIA 1057 are located at the IEEE 802 Device Definition LAN network edge and participate in IP communication service using the LLDP MED framework Within the LLDP MED Endpoint Device category the LLDP MED scheme is broken into further Endpoint Device Classes as defined below Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class For example will any LLDP MED Endpoint Device claiming compliance as a Media En
234. ontain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 218 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide MEP MD5 Mirroring MLD MVR NAS NetBIOS NFS An acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 An acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port An acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used in IPv4 The protocol is embedded in
235. or to store resources in a central location on the network providing authorized users continuous access which means NFS supports sharing of files printers and other resources as persistent storage over a computer network Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 219 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide NTP OAM Optional TLVs OUI PCP PD PHY PING PoE Policer POP3 An acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP datagrams as transport layer An acronym for Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier ethernet functionality MEP functionality like CC and RDI is based on this ALLDP frame contains multiple TLVs For some TLVs it is configurable if the switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in the LLDP frame An acronym for Organizationally Unique Identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE Users can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address An acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame
236. ovides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser To configure Account in the web interface 1 Navigate to System gt Account gt Users 2 Click Add new user 3 Specify the User Name and password for the user along with the Privilege Level 4 Click Apply Figure 6 User Account Configuration Users Configuration Add User User Settings User Name Privilege Level Uer NAE admin 15 Password Password again Privilege Level 1 v Parameter Description User Name The name identifying the user This is also a link to Add Edit User Password The string length is 0 to 255 and the content is the ASCII characters from 32 to 126 Password again Retype the password typed in the Password field Privilege Level The privilege level of the user The range is 1 to 15 If the privilege level value is 15 it can access all groups i e granted full control of the device User s privilege should be same or greater than the group privilege level to have access of that group By default most groups privilege level 5 has the read only access and privilege level 10 has the read write access System maintenance software upload factory defaults and etc requires user privilege level 15 In general the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a gues
237. present on a port see Aging Period below Reauthentication Period Determines the period in seconds after which a connected client must be reauthenticated This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds EAPOL Timeout Determine the time for retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 255 seconds This has no effect for MAC based ports Aging Period This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses e Single 802 1X e Multi 802 1X e MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in an 802 1 X based mode this is not so critical since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication does not cause direct communication between the switch and the client so this will not de
238. ps forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1 X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though each is really are not authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is not an IEEE standard but features many of the same characteristics as port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch If more than one supplicant is connected to a port the one that comes first when the port s link comes up will be the first one considered If that supplicant does not provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant has access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the who
239. rames Untagged Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 224 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider port with a double VLAN tag VLAN ID A 12 bit field specifying the VLAN to which the frame belongs Voice VLAN VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 225 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 226 allwor x Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Version 1 Revised October 7 2013
240. re Enabled Enable DHCP relay information mode operation When DHCP relay information mode operation is enabled the agent inserts specific information option 82 into a DHCP message when forwarding to the DHCP server and removes it from a DHCP message when transferring it to the DHCP client It only works when DHCP relay operation mode is enabled Disabled Disable DHCP relay information mode operation Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 168 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Relay Information Policy Indicates the DHCP relay information option policy When DHCP relay information mode operation is enabled if agent receives a DHCP message that already contains relay agent information it will enforce the policy It only works when the DHCP relay information operation mode is enabled Possible policies are Replace Replace the original relay information when a DHCP message that already contains it is received Keep Keep the original relay information when a DHCP message that already contains it is received Drop Drop the packet when a DHCP message that already contains relay information is received Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 169 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 4 2 Statistics This section displays the DHCP Relay S
241. resh the page at periodic intervals 3 Click Refresh to refresh an entry of the IGMPv3 IPv4 SSM Information 4 Click lt lt or gt gt to move to previous or next entry Figure 49 IPv4 SSM Information IGMP SFM Information Auto refresh C Start from VLAN 1 and Group 224 0 0 0 with 20 entries per page VLANID Group Port Mode Source Address Type No more entries Parameter Description Navigating the IGMPv3 Information Table Each page displays up to 99 entries from the IGMPv3 SSM Source Specific Multicast Information table default being 20 selected through the entries per page field When first visited the web page displays the first 20 entries from the beginning of the IGMPv3 Information Table The Start from VLAN and group fields enable the user to select the starting point in the IGMPv3 Information Table Clicking the Refresh button will update the displayed table starting from that or the closest next IGMPv3 Information Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The switch will use the last entry of the currently displayed table as a basis for the next lookup When reaching the end the text No more entries displays IGMPv3 Information Table Columns VLAN ID VLAN ID of the group Groups Group address of the group displayed Toll Free 1 866 ALLWORX 585 421
242. rieieaneiceaatea hedeRinaebeaseanne 62 4 7 BE STM Mares det tea oes atetecas tea eterna sianeat ete taeaa se erteiecteermees 70 4 8 MVR ee ee ne ee en ee ee ee ee ee eee 77 4 9 LEDP ces eet atc digers ian ee cee ee eres ee 81 4 10 POE ee Oe ee Ee ee ener ee eee er eee 98 sir MEAN acs cea Serta asec ccc ete atte aa Eaa S E ares pae E aA 107 4 12 Voice VLAN iota cen cticenaecsen datag Serseinwrencimanst saqouhecaud otan ga ueadancttestiniacaeemeasonens 119 413 O12 gee eee eee eee reer re reer ree tree ree ee ner 123 aie GVRP ae ckacigce ceases te a Gangs taeedcesateateeees 126 415 SOS ees ete a ee ee a 129 416 SPIOW AGG icrccercddesceaueattuce eeeneciunsntecs n a Rtas N E a 147 417 Loop Protecti N sereins a a a 149 418 SinglelP eisa aa s eaaa E dade eves irap REEN ENERE RES 151 4 19 Easy IP OIG a ccecieeocisw cet as gnc iana a a aai 153 coe ee eee ee eee eee ee ee ee eee ee ee ee 155 4 21 Trap Event Severity ccc societal aes tvieced Aaedemeteat dere deat sauteed 157 4 22 SMTP COmmOUratno nicest amtecceceicosuenetisnctiguiies cil aero 158 423 AUPIP sisecsoeccrernanrcaeeciseestodeica a ther a a a aaa ees 159 GSO CUNY sie erante aeaiee aeaa aaa aaea E aaa aaa Kaanaa 160 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page v a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 1 IP Source GUANO ss pre E RE 160 5 2 ARP INSPEC OM eraino aiaa a a a eno essi 163 5 3 DHOP Snooping sss ses
243. rier status ACTIVE or IDLE Queries Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V1 Leaves Received The number of Received V1 Leaves Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 74 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 7 5 Group Information This page displays the MLD Snooping Groups Information The Start from VLAN and group input fields enable the user to select the starting point in the MLD Group Table To display the MLD Snooping Group information in the web interface 1 Navigate to Configuration gt MLD Snooping gt Group Information 2 Check Auto refresh to refresh the page at periodic intervals 3 Click Refresh to refresh or click Clear to clear the MLD Snooping Group Information Figure 54 MLD Snooping Groups Information MLD Snooping Groups Information Autoseresh O Start from VLAN 1 and group address 00 j with 20 entries per page Port Members VLAN ID Groups 1 2 3 4 5 6 7 8 9110 11 12 No more entries Parameter Description Navigating the MLD Group Table Each page displays up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first visited the web page displays the first 20 entries from the
244. roller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services A 3 bit field storing the priority level for the 802 1Q frame An acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent applications for example Web server and e mail server running on the same host The applications on networked hosts can use TCP to create connections to one another It is known as a connection oriented protocol which means that a connection is established and maintained until such time as the message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 223 a I Iw rx PowerFlex
245. rt Mode Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted source of the DHCP messages Untrusted Configures the port as untrusted source of the DHCP messages Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 166 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 3 2 Statistics This section displays the DHCP Snooping Statistics of the switch The statistics show only packet counters when enabling DHCP snooping mode and disabling relay mode and it does not count the DHCP packets for DHCP client To display the DHCP Snooping Statistics in the web interface 1 Navigate to Security gt DHCP Snooping gt Statistics 2 Specify the port to display the statistics 3 Check Auto refresh to refresh the page automatically at periodic intervals 4 Click Refresh to refresh the page manually Figure 119 DHCP Snooping Port Statistics DHCP Snooping Port Statistics Port 4 Pot 1 Autorefesh Retesh Clear Receive Packets Transmit Packets Rx Discover 0 Tx Discover 0 Rx Offer 0 Tx Offer 0 Rx Request 0 Ix Request 0 Rx Decline 0 Tx Decline 0 Rx ACK 0 TxACK 0 Rx NAK 0 Tx NAK TSAS 7 ae i Rx Lease Query 0 Tx Lease Query 0 Rx Lease Unassigned 0 Tx Lease Unassigned 0 Rx Lense Unknown 0 Ix Lease Unknown 0 Rx Lease Active 0 Tx Lease Active 0 Parameter Description Rx and Tx D
246. s and discarded CDP frames are not displayed in the LLDP statistics CDP TLVs are mapped onto LLDP neighbors table as shown below CDP TLV Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple addresses but Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 82 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide only the first address displays in the LLDP neighbors table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities display as others in the LLDP neighbors table If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch NOTE When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removed when the hold time is exceeded Port Descr Optional TLV When checked the port description is included in LLDP information transmitted Sys Name Optional TLV When checked the system name is included in LLDP information trans
247. s on the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 156 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 21 Trap Event Severity Use the function to set an Alarm trap and get the Event log Use the Trap Events Configuration function to enable the switch to send out the trap information while pre defined trap events occur To configure the Trap Event Severity via the web interface 1 Navigate to Configuration gt Trap Event Severity Configuration 2 Select the Group name and Severity Level 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 109 Trap Event Severity Configuration Trap Event Severity Configuration Group Name Severity Level ACL Info v ACL Log Debug v Access Mgmt Info v Auth Failed Warning Cold Start Warning v Config Info Info v Firmware Upgrade Info v Import Export Info v LACP Info v Link Status Warning Login Info v Logout Info v Loop Protect Info v Mgmt IP Change Info v Module Change Notice w NAS Info v Password Change Info v Poe Auto Check Warning Port Security Info v VLAN Info v Warm Start Warning Parameter Description Group Name The field for which to generate Trap Events Severity Level Select the event type The options are Emerg Alert Crit
248. s overview for all LACP instances To display the LACP System status in the web interface 1 Navigate to Configuration gt Aggregation gt LACP gt System Status 2 Check the Auto refresh checkbox for automatic page refresh periodically 3 Click Refresh to refresh the LACP System Status Figure 34 LACP System Status LACP System Status Agar ID Partner Partner Last Local gg System ID Key Changed Ports No ports enabled or no existing partners Parameter Description Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id displays as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last Changed The time since this aggregation changed Local Ports Displays which ports are a part of this aggregation for this switch stack The format is Switch ID Port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 49 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 4 3 Port Statistics This section provides a Port Statistics overview for all LACP instances To display the LACP Port status in the web interface 1 Navigate to Configuration gt Aggregation gt LACP gt Port Statistics 2 Check the Auto refresh checkbox for automatic page refresh periodically 3 Click Refresh to refresh
249. s the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 200 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 10 HTTPS This section enables configuring HTTPS to access the Switch securely HTTPS is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication via the browser To configure a HTTPS Configuration in the web interface Navigate to Security gt HTTPS Select Enabled in the mode to enable HTTPS Enable Automatic Redirect e oN Click Apply or click Reset to cancel changes and revert to previously saved values Figure 138 HTTPS Configuration HTTPS Configuration Mode Enabled Automatic Redirect Disabled v Parameter Description Mode Indicates the HTTPS mode operation Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation Automatic Redirect Indicates the HTTPS redirect mode operation Automatically redirect web browser to HTTPS when HTTPS mode is enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 201 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed S
250. s to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of networking components To configure the UPnP settings via the web interface 1 Navigate to Configuration gt UPnP 2 Specify the mode TTL and Advertising Duration 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 111 UPnP Configuration UPnP Configuration Mode Disabled TTL 4 Advertising Duration 100 Parameter Description Mode Indicates the UPnP operation mode Possible modes are Enabled Enable UPnP operation mode Disabled Disable UPnP operation mode When enabled two ACEs are automatically added to trap UPnP related packets to CPU The ACEs are automatically removed when the mode is Disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration tells the control point s how often it should receive an SSDP advertisement message from the switch Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 159 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 Security This chapter describes the security configuration tasks of the switch including IP Source Guard ARP Inspection DHCP Snooping AAA etc 5 1 IP Source
251. smitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size A count of the MAC Control frames received or transmitted on this port that Counters have an opcode indicating a PAUSE operation Receive and Transmit The number of received and transmitted packets per input and output queue Queue Counters Receive Error Counters Rx Drops The number of frames dropped due to lack of receive buffers or egress congestion Rx CRC Alignment The number of frames received with CRC or alignment errors Rx Undersize The number of short1 frames received with valid CRC Rx Oversize The number of long1 frames received with valid CRC Rx Fragments The number of short frames received with invalid CRC Rx Jabber The number of long2 frames received with invalid CRC Rx Filtered The number of received frames filtered by the forwarding process Transmit Error Counters Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions 1Short frames are frames that are smaller than 64 bytes 2Long frames are frames that are longer than the configured maximum frame length for this port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 34 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 1 5 Qos Statistics T
252. ss super priority queue allows traffic recognized as CPU traffic to be received and queued for transmission to the CPU even when all the QoS class queues are congested 4 15 1 Port Classification The section enables configuring the basic QoS Ingress Classification settings for all switch ports To configure the QoS Port Classification parameters via the web interface 1 Navigate to Configuration gt QoS gt Port Classification 2 Use the drop down menu to set the various port parameters 3 Click Apply or click Reset to cancel changes and revert to previously saved values Figure 89 QoS Configuration QoS Ingress Port Classification Port QoSclass DPlevel PCP DEI Tag Class DSCP Based w lt gt v lt gt v4 lt gt Mi lt gt v go 1 Ov ov Ov jow Disabled OD 2 Ov ov Ov dy Disabled O 3 ov ov Ov 0 Disabled Oo 4 Ov ov Ov gt 0x Disabled O 5 ov ov Ov O Disabled O 6 ow ov ov o Disabled Oo 7 ow ov Ov ox Disabled O 8 ov ov ov 0x Disabled Oo 9A Oo ov OM jov Disabled Oo 10A Oy ov Ov Oy Disabled Oo 9B ov ov Ov O Disabled O 10B Ov ov Ov O Disabled O Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 129 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port The port number for which the configuration applies QoS class Controls the default QoS class i e the QoS class for frames not classified
253. t parameter options available for individual application An acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be complex for example when prioritizing the ACEs for the various situation In networking the ACL refers to a list of service ports or network services available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs prioritized highest top to lowest bottom The default table is empty An ingress frame only gets hit on one ACE even though there are more matching ACEs The first matching ACE takes action permit deny on that frame and an associated counter increments An ACE associations include Policy 1 ingress port or any ingress port the whole switch If creating an ACE Policy then associate that Policy with a group of ports under the Ports web page There are number of parameters to configure with an ACE Read the Web page
254. t account Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 10 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 3 2 Privilege Level This page provides an overview of the privilege levels Each group can have the Privilege Levels set from 1 to 15 To configure Privilege Level in the web interface 1 Navigate to System gt Account gt Privilege Level 2 Specify the Privilege parameter 3 Click Apply Figure 7 Privilege Level Configuration oN D f a ff Md f M a a a 5 pmr o ik aS al a a Ed lt gt j Hi o k sis ala a aja a 10 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 11 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Group Name The name identifying the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few contain more than one The following description defines these privilege level groups in detail System Contact Name Location Timezone Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Di
255. t by the RADIUS server if enabled Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 179 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 5 5 3 Port Status This section provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication To view the NAS Port Status in the web interface 1 Navigate to Security gt NAS gt Port Status 2 Specify Port for which to display NAS statistics 3 Check Auto refresh to refresh the page automatically at periodic intervals 4 Check Refresh to refresh the page manually Figure 124 NAS Statistics NAS Statistics Port 1 Port State Admin State Force Authorized Port State Authorized Port Counters Pot 1 Auto tefresh L Receive EAPOL Counters Transmit EAPOL Counters Total 0 Response ID 0 Responses 0 Start 0 Logoff 0 Invalid Type 0 Invalid Length 0 Total Request ID Requests 1 0 0 Parameter Description Port State Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values Port State The curren
256. t state of the port Refer to NAS Port State for a description of the individual states QoS Class The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Port Counters EAPOL Counters These supplicant frame counters are available for the following administrative states e Force Authorized Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 180 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide e Force Unauthorized e Port based 802 1X e Single 802 1X e Multi 802 1XIf the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Backend Server Counters These backend RADIUS frame counters are available for the following administrative states e Port based 802 1X e Single 802 1X e Multi 802 1X e MAC based Auth Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states e
257. t this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded there should be another view entry existing with view type as included and it s OID subtree should overstep the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The OID length is 1 to 128 The string content is digital number or asterisk Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 25 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 9 Access The function is used to configure SNMPv3 access Max Group Number 14 To configure the SNMP Access via the web interface 1 Navigate to System gt SNMP gt Access 2 Click Add new access and specify the SNMP Access parameters 3 Click Apply Figure 19 SNMP Accesses Configuration SNMPv3 Accesses Configuration Delete Group Name Security Model Security Level Read ViewName Write View Name Add new access Apply SNMPv3 Accesses Configuration Delete Group Name Security Model Security Level Read ViewName Write View Name Delete SNMPGRP any NoAuth NoPriv None None Parameter Description Delete Check to delete the entry It will be deleted during the next sa
258. t when forwarding a packet from that device to the root device Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device The designated bridging devices assign all connected ports as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Designated Root a X Designated Roni N N Des ated Port ort x O CE Oooo X E T After establishing a stable network topology all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the Root Bridge If a bridge does not get a Hello BPDU after a predefined interval Maximum Age the bridge assumes that the link to the Root Bridge is down This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology 4 5 1 Bridge Settings The section describes how to configure the Spanning Tree Bridge and STP System settings It enables configuring STP System settings used by all STP Bridge instances in the Switch Stack To configure the Spanning Tree Bridge Settings parameters via the web interface 1 Navigate to Configuration gt Spanning Tree gt Bridge Settings 2 Use the drop down menus to select th
259. tatistics of the switch The statistics show both the Server and Client packet counters when enabling DHCP Relay mode To display the DHCP Snooping Statistics in the web interface 1 Navigate to Security gt DHCP Relay gt Statistics 2 Check Auto refresh to refresh the page automatically at periodic intervals 3 Click Refresh to refresh the page manually Figure 121 DHCP Relay Statistics DHCP Relay Statistics Autoretresh _Retosh Jf Cloar Server Statistics Transmit Transmit Receive Receive Missing Receive ns Receive Missing Receive Bad Receive Bad to Server Error from Server Agent Option Cire Remote ID Circuit A Remote 0 0 0 0 0 0 Client Statistics Transmit Transmit Receive Receive Replace to lant Error fromClient Agent omen Agent Sst Pies Option pLa Option 0 0 Parameter Description Transmit to Server Number of packets that are relayed from client to server Transmit Error Number of packets that resulted in errors while being sent to clients Receive from Server Number of packets received from server Receive Missing Agent Option Number of packets received without agent information options Receive Missing Circuit ID Number of packets received with the Circuit ID option missing Receive Missing Remote ID Number of packets received with the Remote ID option missing Receive Bad Circuit ID Number of packets of Circuit ID option not matching known Circuit ID Receive Bad Remote ID Number of packets o
260. tect whether the client is still attached or not and the only way to free any resources is to age the entry Hold Time This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses e e Single 802 1X e Multi 802 1X e MAC Based Auth If a client is denied access either because the RADIUS server denies the Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 172 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide client access or because the RADIUS server request times out according to the timeout specified on the Configuration Security AAA page the client is put on hold in the Unauthorized state The hold timer does not count during an on going authentication In MAC based Auth mode the switch will ignore new frames coming from the client during the hold time The Hold Time can be set to a number between 10 and 1000000 seconds RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned QoS Enabled below for a detailed description The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enab
261. th an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server Rx Unknown Types The number of RADIUS packets that were received with unknown types from Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 189 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide the server on the authentication port and dropped Rx Packets Dropped The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason Tx Access Requests The number of RADIUS Access Request packets sent to the server This does not include retransmissions Tx Access Retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server Tx Pending Requests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Tx Timeouts The number of authentication timeouts to the server After a timeout the client
262. the Unit is Mbps Port Shaper Unit Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 135 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 15 5 Port Tag Remarking This section provides an overview of QoS Egress Port Tag Remarking for all switch ports To configure the QoS Port Tag Remarking via the web interface 1 Navigate to Configuration gt QoS gt Port Tag Remarking 2 Click on the port number to set parameters for that port Figure 93 Port Tab Remarking QoS Egress Port Tag Remarking Classified Classified Classified Classified Classified Classified Classified Classified Classified Classified Click the Port index to set the QoS Port Tag Remarking QoS Egress Port Tag Remarking Port 1 Tag Remarking Mode Classified v Parameter Description Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers Tag Remarking Mode Scroll to select the tag remarking mode for this port Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 136 a I Iw rx PowerFlex
263. the LACP Statistics Figure 35 LACP Statistics LACP Statistics Port LACP LACP Discarded Received Transmitted Unknown Illegal 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 5 0 0 0 0 6 0 0 0 0 7 0 0 0 0 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 0 0 0 0 12 0 0 0 0 Parameter Description Port The switch port number LACP Received Indicates the number of received LACP frames at each port LACP Transmitted Indicates the number of sent LACP frames from each port Discarded Displays how many unknown or illegal LACP frames have been discarded at each port Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 50 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 5 Spanning Tree Use the Spanning Tree Protocol STP to detect and disable network loops and to provide backup links between switches bridges or routers This enables the switch to interact with other bridging devices that is an STP compliant switch bridge or router in the network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down STP STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cos
264. the port via MAC address Port Security Action To set the action when a port security violation occurs The options are Trap Shutdown Trap and Shutdown Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 153 allworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Port Security Limit To set the Port security limit the default is 1 Spanning Tree Admin Enable or disable the Spanning Tree Admin Edge function on the Easy Port Edge Spanning Tree BPDU_ Enable or disable the Spanning Tree BPDU Guard function on the Easy Port Guard Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 154 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 20 Mirroring Users can mirror traffic from any source port to a target port for real time analysis and then attach a traffic analyzer or RMON probe to the target port and study the traffic crossing the source port ina completely unobtrusive manner For example assuming that Port A and Port B are Monitoring Port and Monitored Port respectively the traffic received by Port B is copied to Port A for monitoring To configure the Mirroring via the web interface 1 Navigate to Configuration gt Mirroring 2 Set the Monitoring and Monitored ports and the modes RX only TX only or enabled both RX and TX By default the ports disable mirroring
265. this logical port has bandwidth three times as high as a single Fast Ethernet port has 4 3 1 Static Trunk Ports using Static Trunk as the trunk method can select the unique Static GroupID to form a logical trunked port The benefit of using Static Trunk method is that a port can immediately become a member of a trunk group without any handshaking with its peer port This is also a disadvantage because the peer ports of the static trunk group may not know to aggregate together to form a logical trunked port Allworx strongly recommends using Static Trunk on both ends of a link Please also note that low speed links will stay in not ready state when using static trunk to aggregate with high speed links To configure the Trunk Aggregation Hash mode and Aggregation Group via the web interface 1 Navigate to Configuration gt Aggregation gt Static Trunk 2 Check the hash code contributors to include 3 Select the ports for the Group ID that would form a static trunk 4 Click Apply or click Reset to revert to previously saved values Figure 32 Aggregation Mode Configuration Hash Code Contributors Source MAC Address Group ID Normal Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 46 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Hash Code Contributors Source MAC Address The Source MAC address can be used to calculate th
266. tive voice services 4 Guest Voice Signalling conditional for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy 5 Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance 6 Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services 7 Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type 8 Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network p
267. to the file in the local device Upload Click the Upload button The switch will start to upload the firmware software image is uploaded a page announces that the firmware is initiated After about a minute the firmware is updated and the switch will restart automatically Warning While the firmware is being updated Web access appears to be defunct The front LED flashes Green Off with a frequency of 10 Hz while the firmware update is in progress Do not restart or power off the device at this time or the switch may fail to function afterwards NOTE This page facilitates an update of the firmware controlling the switch After the Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 204 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 6 2 2 Firmware Selection This page provides information about the active and backup firmware images and enables reverting to alternate image if required To activate alternate firmware image via the web interface 1 Navigate to Maintenance gt Firmware gt Firmware Selection 2 Click Activate Alternate Image Figure 142 Firmware Selection Active Image managed PowerFlex P810 standalone v2 29 201 3 08 0771 1 39 39 08 00 Alternate Image managed bk a PowerFlex P810 standalone v2 22 201 3 06 2071 3 55 23 08 00 Activate Alternate Image Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised
268. ueue Counters Rx Q0 Rx Q1 Rx Q2 Rx Q3 Rx Q4 Rx Q5 Rx Q6 Rx Q7 Parameter Port 1 Auto refresh L Refresh Clear Transmit Total 7637 Tx Packets 10688 1518566 Tx Octets 3337459 7183 Tx Unicast 4974 29 Tx Multicast 5714 425 Tx Broadcast 0 0 Tx Pause 0 Transmit Size Counters 4761 Tx 64 Bytes 72 200 Tx 65 127 Bytes 5380 86 Tx 128 255 Bytes 2866 2588 Tx 256 511 Bytes 97 2 Tx 512 1023 Bytes 2139 0 Tx 1024 1526 Bytes 134 0 Tx 1527 Bytes 0 Transmit Queue Counters 7637 TxQ0 0 0 Tx 0 0 TxQ2 0 0 TxQ3 0 0 TxQ4 0 0 Tx Q5 0 0 Tx Q6 0 0 8 Tx Q7 1068 Description Auto refresh To refresh the Port Statistics information automatically Receive Total and Transmit Total Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The n umber of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 33 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Rx and Tx Pause A count of the MAC Control frames received or tran
269. ure the schedulers Shapers Qn ShoDisplaysws disabled or actual queue shaper rate e g 800 Mbps Shapers Port Shows disabled or actual port shaper rate e g 800 Mbps Scheduler Mode Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this port Queue Shaper Rate Queue Shaper Unit Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 1000 when the Unit is Mbps Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls allowing the queue to use excess bandwidth Queue Scheduler Weight Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted Queue Scheduler Percent Shows the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 1000 when
270. ured Size Mode Control s lt gt vv lt gt vv lt gt v 1 1Gfdx Auto v x x 9600 Discard Disabled v 2 Down Auto v x x 9600 Discard Disabled v 4 Down Auto v x x 9600 Discard Disabled v 4 Down Auto y x x 9600 Discard Disabled v 5 e Down Auto v x x 9600 Discard Disabled v 6 e Down Auto v x x 9600 Discard Disabled v 7 Down Auto v x x 9600 Discard Disabled v 8 t Down Auto v x x 9600 Discard Disabled v 9A Down Auto v x x 9600 Discard Disabled v 10A Down Auto v x x 9600 Discard Disabled v 98 down Auto 9600 108 Down Auto 3600 Reset Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 29 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port This is the port number Link The current link state is displayed Green indicates the link is up at 1 Gbps full duplex amber indicates the link is up at 100 Mbps full duplex Red indicates that the link is down Current Link Speed Displays the current link speed of the port Configured Link Speed Select any available link speed for the given switch port Auto Automatically negotiates the highest speed that is compatible with the link partner Disabled Disables the switch port operation Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link part
271. ve Group Name A string identifying the group name The string length is 1 to 32 and the content is ASCII characters from 33 to 126 Security Model Indicates the security model that this entry should belong to Possible security models are any Any security model accepted v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy Read View Name The name of the MIB view defining the MIB objects for which the current values Are requested The string length is 1 to 32 and the content is ASCII characters from 33 to 126 Write View Name Write View name The name of the MIB view defining the MIB objects for which this request may potentially set new values The string length is 1 to 32 and the content is ASCII characters from 33 to 126 Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 26 a I lwor x PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 10 Trap The function is used to configure SNMP traps Max Group Number 6 To configure SNMP Trap setting Navigate to System gt SNMP gt Trap Click on the trap number to modify Modify the parameters of the trap entry E
272. very Protocol LLDP specified in this standard permits stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP An extendsion of IEEE 802 1ab and is defined by the telecommunication industry association TIA 1057 An acronym for Loss Of Connectivity and is detected by a MEP and is indicating lost connectivity in the network EPS can use as a switch criteria Bases the switching of frames on the DMAC address contained in the frame The switch builds a table that maps MAC addresses to switch ports to know which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also c
273. w allworx com Revised October 30 2013 Page 122 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 4 13 GARP The Generic Attribute Registration Protocol GARP provides a generic framework whereby devices in a bridged LAN e g end stations and switches can register and de register attribute values such as VLAN Identifiers with each other In doing so the attributes propagate to devices in the bridged LAN and these devices form a reachability tree that is a subset of an active topology GARP defines the architecture rules of operation state machines and variables for the registration and de registration of attribute values A GARP participation in a switch or an end station consists of a GARP application component and a GARP Information Declaration GID component associated with each port on the switch The GARP Information Propagation GIP component carries out the propagation of information between GARP participants for the same application in a bridge Protocol exchanges take place between GARP participants by means of LLC Type 1 services using the group MAC address and PDU format defined for the GARP application concerned 4 13 1 Configuration This page enables configuring the basic GARP settings for all switch ports The settings relate to the currently selected stack unit as reflected by the page header To configure GARP Port Configuration via the web interface 1 Navigate to Configuration gt GARP
274. witch User s Guide 5 11 Auth Method This page enables setting the authentication method when accessing the switch via one of the management client interfaces To configure Authentication Method via the web interface 1 Navigate to Security gt Authentication Method 2 Specify the authentication method none local RADIUS TACACS for each client console Telnet SSH Web 3 Check Fallback if applicable Click Apply or click Reset to cancel changes and revert to previously saved values Figure 139 Auth Method Configuration Authentication Method Configuration Client Authentication Method Fallback console local telnet local ssh local web local Apply v v v h Parameter Description Client The management client for which the configuration applies Automatic Method Authentication Method can be set to one of the following values e none authentication is disabled and login is not possible e local use the local user database on the switch for authentication e RADIUS use a remote RADIUS server for authentication e tacacs use a remote TACACS server for authentication Fallback Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authentication This is only possible if the Authentication Method is set to a value other than none or local Toll Free 1 866 ALLW
275. work policy to permitted voice capable devices both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with insufficient knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detected in order to share LLDP MED information as fast as possible to new neighbors Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended to repeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frame With Fast start repeat count it is possible to specify the number of times the fast start transmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitted when an LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mecha
276. worx com Revised October 30 2013 Page 222 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide SSH SSM STP Switch ID SyncE T TACACS Tag Priority TCP select one to connect to based on pre configuration or by displaying a list of SSIDs in range and asking the user to select one wikipedia An acronym for Secure SHell It is a network protocol that permits exchanging data using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication An acronym for Spanning Tree Protocol STP is an OSI layer 2 protocol which ensures a loop free topology for any bridged LAN The original STP protocol is now obsolete by RSTP Switch IDs 1 16 are used to uniquely identify the switches within a stack The Switch ID of each switch shows on the display on the front of the switch and is used widely in the web pages as well as in the CLI commands An abbreviation for Synchronous Ethernet This functionality is used to make a network clock frequency synchronized Not to be confused with real time clock synchronized IEEE 1588 An acronym for Terminal Acess Cont
277. ww allworx com Revised October 30 2013 Page 7 a I lworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Time Set Offset Provide the Daylight saving time set offset The offset is given in minutes east of GMT The valid range is from 1 to 1440 minutes Default is 60 mins Daylight Saving type Select By Dates or Recurring From Configure Daylight saving start date and time The format is YYYY MM DD HH MM To Configure Daylight saving end date and time The format is YYYY MM DD HH MM Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 8 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide 3 2 2 NTP Use the Network Time Protocol to synchronize the network time based on Greenwich Mean Time GMT If using the NTP mode users can manually set up to 5 NTP servers The switch syncs the time in a short time after pressing the Apply button Though it synchronizes the time automatically NTP does not update the time periodically without user s processing Time Zone is an offset time off GMT Select the time zone first and then do a time sync via NTP The switch combines this time zone offset and updated NTP time to calculate the local time otherwise the time is incorrect The switch supports configurable time zone from 12 to 13 step 1 hour Default Time zone 8 Hrs To configure Time in the web interface 1 Navi
278. x 8 24 48 Port GbE PoE Managed Switch User s Guide 4 6 4 Status This section displays the IGMP Snooping status To display the IGMP Snooping status in the web interface 1 Navigate to Configuration gt IGMP Snooping gt Status 2 Check the Auto refresh button to refresh the page at periodic intervals 3 Click Refresh to refresh the IGMP Snooping Status or click Clear to clear the IGMP Snooping Status Figure 47 IGMP Snooping Status IGMP Snooping Status Auto refresh Statistics VLAN Querier Host Querier Queries Queries V1 Reports V2Reports V3Reports V2Leaves ID Version Version Status Transmitted Received Received Received Received Received 1 v3 v3 ACTIVE 0 0 0 0 0 0 Router Port Port Status Parameter Description VLAN ID The VLAN ID of the entry Querier Version Current working Querier Version Host Version Current working Host Version Querier Status Displays the Querier status ACTIVE or IDLE Queries Transmitted The number of Transmitted Queries Queries Received The number of Received Queries V1 Reports Received The number of Received V1 Reports V2 Reports Received The number of Received V2 Reports V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 66 a I Iw rx PowerFlex 8 24 48 Port GbE PoE Managed Switch User
279. x 8 24 48 Port GbE PoE Managed Switch User s Guide Parameter Description Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The values are 0 through 255 The default value is 0 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply on this port The values are Disabled or the values 1 through 16 The default value is Disabled Port Redirect Select which port frames are redirected on The values are Disabled or a specific port number The default value is Disabled Mirror Specify the mirror operation of this port The values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled Logging Specify the logging operation of this port The values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate are limited Shutdown Specify the port shut down operation of this port The values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled State Specify the port state of this port The values are
280. y to transmit For not introducing a large delay in case that data less then 3000 bytes transmits data always transmits after 48 us giving a maximum latency of 48 us the wakeup time If desired it is possible to minimize the latency for specific frames by mapping the frames to a specific queue done with QOS and then mark the queue as an urgent queue When an urgent queue gets data to transmit the circuits power up at once and reduces the latency to the wakeup time To configure the EEE Configuration via the web interface 1 Navigate to Configuration gt Port gt EEE 2 Enable EEE and Urgent Queues for the desired ports The queues postpone the transmission until it is ready to transmit 3000 bytes 3 Click Apply to save the setting Click Reset to cancel changes and revert to previously saved values Figure 27 EEE Configuration EEE Configuration EEE Urgent Queues Port EEE Enabled 1 2 3 4 5 6 7 8 ODN OOF WN oO 10 Reset Parameter Description Port Indicates the port number EEE Enabled Controls whether EEE is enabled for this switch port EE Urgent Queues Queues set will activate transmition of frames as soon as any data is available Otherwise the queue will postpone the transmsion until 3000 bytes are ready to be transmitted Toll Free 1 866 ALLWORX 585 421 3850 www allworx com
281. zation and Accounting parameters via the web interface 1 Select Enabled in the Authorization 2 Select Enabled in the Failback to Local Authorization 3 Select Enabled in the Account To configure RADIUS Authentication Server parameters via the web interface Check Enabled to enable the server Specify IP address or Hostname of the RADIUS server Specify Authentication Port for RADIUS server Default is 1812 Specify secret key shared with the RADIUS server PF oN To configure RADIUS Accounting Server parameters via the web interface Check Enabled to enable the server Specify IP address or Hostname of the RADIUS server Specify Accounting Port for RADIUS server Default is 1813 Specify secret key shared with the RADIUS server A o No To configure TACACS Authentication Server parameters via the web interface Check Enabled to enable the server Specify IP address or Hostname of the TACACS Server Specify Authentication Port for TACACS Server Default is 49 Specify secret key shared with the TACACS server Fon Figure 125 Common Server Configuration Authentication Server Configuration Common Server Configuration Timeout 15 seconds Dead Time 300 seconds Toll Free 1 866 ALLWORX 585 421 3850 www allworx com Revised October 30 2013 Page 183 allworx PowerFlex 8 24 48 Port GbE PoE Managed Switch User s Guide Figure 126 TACACS Accounting Configuration Disabled n Disabled v Disa
Download Pdf Manuals
Related Search