Linksys SRW224G4P Manual

7/31/2019 Linksys SRW224G4P Manual

1/72

USER GUIDE

BUSINESS SERIE

24-Port 10/100 + 4-PortGigabit Switch withWebView and Powerover Ethernet

Model: SRW224G4P


2/72

Table of Contents

24-Port 10/100 + 4-Port Ggabt Swtch wth WebVew and Power over Ethernet

About This Guide 1

Icon Descriptions 1

Online Resources 1

Copyright and Trademarks 1Chapter 1: Introduction 2

Chapter 2: Product Overview 3

Front Panel 3

Back Panel 4

Side Panel 4

Chapter 3: Connecting the Switch 5

Overview 5

Pre-Installation Considerations 5Fast Ethernet Considerations 5

Full-Duplex Considerations 5

1000BASE-T Cable Requirements 5

Positioning the Switch 5

Placement Options 5

Desktop Placement 6

Rack-Mount Placement 6

Hardware Installation 6

Uplinking the Switch 6

Chapter 4: Confguration Using the Console Interace 7

Overview 7

Conguring the HyperTerminal Application 7

Conguring the Switch through the Console Interace 8

Login 8

Switch Main Menu 8

System Conguration Menu 8

Port Status 12

Port Conguration 12

PoE Conguration 12

Chapter 5: Confguring the Switch 14

Setup 14

Setup > Summary 14

Setup > Network Settings 15

Setup > Time 16

Port Management 17

Port Management > Port Settings 17

Port Management > Link Aggregation 18


3/72

Table of Contents


Port Management > LACP 19

Port Management > PoE Power Settings 19

VLAN Management 20

VLAN Management > Create VLAN 20

VLAN Management > Port Settings 20

VLAN Management > Ports to VLAN 21

VLAN Management > VLAN to Ports 21

Statistics 22

Statistics > RMON Statistics 22

Statistics > RMON History 22

Statistics > RMON Alarms 23

Statistics > RMON Events 23

Statistics > Port Utilization 24

Statistics > 8021x Statistics 24

ACL 24

ACL > IP based ACL 25

ACL > MAC based ACL 25

Security 26

Security > ACL Binding 26

Security > Authentication Servers 26

Security > 8021x Settings 27

Security > Ports Security 28

Security > HTTPS Settings 29

Security > Management ACL 29Security > SSH Settings 30

Security > SSH Host-Key Settings 30

QoS 31

QoS > CoS Settings 31

QoS > Queue Settings 32

QoS > DSCP Settings 32

QoS > DiServ Settings 33

QoS > DiServ Port Binding 35

QoS > Bandwidth 35

Spanning Tree 35Spanning Tree > STP Status 36

Spanning Tree > Global STP 36

Spanning Tree > STP Port Settings 37

Spanning Tree > RSTP Port Settings 39

Spanning Tree > MSTP Properties 40

Spanning Tree > MSTP Instance Settings 40

Spanning Tree > MSTP Interace Settings 41

Multicast 42

Multicast > Global Settings 43


4/72

Table of Contents


Multicast > Static Member Ports 43

Multicast > Static Router Ports 44

Multicast > Member Ports Query 44

Multicast > Router Ports Query 44

SNMP 44

SNMP > Global Parameters 45

SNMP > Views 46

SNMP > Group Prole 46

SNMP > Group Membership 47

SNMP > Communities 47

SNMP > Notication Recipient 48

Admin 48

Admin > User Authentication 48

Admin > Forwarding Database 49

Admin > Log 50

Admin > Port Mirroring 51

Admin > Cable Test 52

Admin > Ping 52

Admin > Save Conguration 52

Admin > Jumbo Frame 53

Admin > Firmware Upgrade 53

Admin > HTTP Upgrade 53

Admin > Reboot 54

Admin > Factory Deault 54Appendix A: About Gigabit Ethernet and Fiber Optic Cabling 55

Gigabit Ethernet 55

Fiber Optic Cabling 55

Appendix B: Glossary 56

Appendix C: Specifcations 60

Appendix D: Warranty and Regulatory Inormation 62

Limited Warranty 62

FCC Statement 63

Saety Notices 63

Industry Canada (Canada) 63

IC Statement 63

Rglement dIndustry Canada 63

EC Declaration o Conormity (Europe) 63

Appendix E: Contact Inormation 68


5/72

1

About This Guide


About Ths Gude

Icon Descriptions

While reading through the User Guide you may encountervarious icons designed to call attention to a speciic itemBelow is a description o these icons:

NOTE: This checkmark indicates that there isa note o interest and is something that youshould pay special attention to while using theproduct

WARNING: This exclamation point indicatesthat there is a caution or warning and it is

something that could damage your property orproduct

WEB: This globe icon indicates a noteworthywebsite address or e-mail address

Online Resources

Most web browsers allow you to enter the web addresswithout adding the http:// in ront o the address ThisUser Guide will reer to websites without including http://in ront o the address Some older web browsers mayrequire you to add it

Resource Webste

Linksys wwwlinksyscom

Linksys International wwwlinksyscom/international

Glossary wwwlinksyscom/glossary

Network Security wwwlinksyscom/security

Copyright and Trademarks

Speciications are subject to change without noticeLinksys is a registered trademark or trademark o CiscoSystems, Inc and/or its ailiates in the US and certainother countries Copyright 2007 Cisco Systems, Inc Allrights reserved Other brands and product names aretrademarks or registered trademarks o their respectiveholders


6/72

2

Introduction


Chapter 1

Chapter 1:

Introducton

Thank you or choosing the 24-Port 10/100 + 4-PortGigabit Switch with WebView and Power over EthernetThis Switch will allow you to network better than everThe 24-Port 10/100 + 4-Port Gigabit Switch with WebViewdelivers non-blocking, wire speed switching or your 10and 100 megabit network clients, plus multiple optionsor connecting to your network backbone Twenty Four10/100 ports wire up your workstations, while the ourintegrated 10/100/1000 ports connect to other switchesand the backbone at Gigabit speeds The miniGBIC portsallow uture expansion through alternate transmissionmedia like optical iber

All o the 10/100 ports on the Switch support pre-standardand IEEE 8023a standard (8023a) Power over Ethernet(PoE) capabilities Each port can detect connectedpre-standard and 8023a-compliant network devices, suchas IP phones or wireless access points, and automaticallysupply the required DC power

The Switch can provide DC power to a wide range oconnected devices, eliminating the need or an additionalpower source and cutting down on the amount o cablesattached to each device Once conigured to supplypower, an automatic detection process is initialized by theSwitch that is authenticated by a PoE signature rom theconnected device Detection and authentication prevent

damage to non-PoE devices

The Switch eatures WebView monitoring and conigurationvia your web browser, making it easy to manage the 256VLANs and up to 8 trunking groups Or i you preer, youcan use the integrated console port to conigure theSwitch The non-blocking, wire-speed switching orwardspackets as ast as your network can deliver them

All ports have automatic MDI/MDI-X crossover detectionEach port independently and automatically negotiates thebest speed and whether to run in hal- or ull-duplex modeHead-o-line blocking prevention keeps your high-speedclients rom bogging down in lower-speed traic and aststore-and-orward switching prevents damaged packetsrom being passed on into the network

Use the instructions in this User Guide to help you connectthe Switch, set it up, and conigure it to bridge yourdierent networks These instructions should be all youneed to get the most out o the 24-Port 10/100 + 4-PortGigabit Switch with WebView and Power over Ethernet


7/72

Product Overview


Chapter 2

Chapter 2:

Product Overvew

Front PanelThe LEDs and ports are located on the ront panel o theSwitch

Front Panel

POWER (Green/Amber) Lights up green toindicate that power is being supplied to theSwitch Lights amber to indicate that the Switchspower-on-sel-test (POST) is in progress Blinksamber to indicate that the POST has ailed

LINK/ACT (1-24) (Green/Amber) Lights upgreen to indicate a unctional 10/100Mbpsnetwork link through the corresponding portwith an attached device that does not use Powerover Ethernet (PoE) Lights up amber to indicate aunctional 10/100Mbps network link through thecorresponding port with an attached PoE deviceBlinks green to indicate that the Switch is activelysending or receiving data over that port

LINK/ACT (G1-G4) (Green/Amber) Lights up

green to indicate a unctional 10/100Mbpsnetwork link through the corresponding portwith an attached device Blinks green to indicatethat the Switch is actively sending or receivingdata over that port Lights amber to indicate aunctional 1000Mbps network link Blinks greento indicate that the Switch is actively sendingor receiving data over that port No amber lightindicated that the link is at 10/100Mbps or thereis no link

ETHERNET 1-24 These RJ-45 ports supportnetwork speeds o either 10Mbps or 100Mbps,and can operate in hal and ull-duplex modesAuto-sensing technology enables each port toautomatically detect the speed o the deviceconnected to it (10Mbps or 100Mbps), and adjustits speed and duplex accordingly

The Switchs 10/100 RJ-45 ports also support theIEEE 8023a Power-over-Ethernet (PoE) standardthat enables DC power to be supplied to attacheddevices using wires in the connecting twisted-paircable Any 8023a-compliant device attached toa port can directly draw power rom the Switchover the twisted-pair cable without requiring itsown separate power source This capability givesnetwork administrators centralized power controlor devices such as IP phones and wireless access

points, which translates into greater networkavailability

For each attached 8023a-compliant device,the Switch automatically senses the load anddynamically supplies the required power TheSwitch delivers power to a device using the twodata wire pairs in the twisted-pair cable Eachport can provide up to 154W o power at thestandard -48 VDC voltage

To connect a device to a port, you will need touse Category 5 (or better) network cable

ETHERNET G1-G4 The Switch is equipped withour Gigabit RJ-45 ports, two that are shared withtwo miniGBIC ports I a Gigabit miniGBIC port isbeing used, the associated RJ-45 port (G3 and/orG4) cannot be used

All our ports support auto-negotiation, so theoptimum transmission mode (hal or ull duplex)and data rate (10, 100, or 1000 Mbps) can beselected automatically, i this eature is alsosupported by the attached device I a deviceconnected to one o these ports does not support

auto-negotiation, the communication mode othat port can be conigured manually

Each port also supports IEEE 8023-2002auto-negotiation o low control, so the Switchcan automatically prevent port buers rombecoming saturated

These ports support automatic MDI/MDI-Xoperation, so you can use straight-through cablesor all network connections to PCs, servers, oradditional switches


8/72

4

Product Overview


Chapter 2

MnGBIC (1-2) The Switch is equipped withtwo miniGBIC ports that have shared GigabitEthernet ports (G3 and G4) which provide orthe installation o one expansion module Theseports provide links to high-speed networksegments or individual workstations at speeds oup to 1000Mbps (Gigabit Ethernet)

To establish a Gigabit Ethernet connection usinga miniGBIC port, you will need to install a MGBT1,MGBSX2, or MGBLH1 Gigabit expansion moduleand use Category 5e cabling or iber opticcabling

To establish a Fast Ethernet connection using aminiGBIC port, you will need to install a MFEFX1(100BASE-FX) or MFELX1 (100BASE-LX) 100SFPTransceiver and use iber optic cabling

Back Panel

The console and power ports are located on the backpanel o the Switch

Back Panel

POWER The Power port is where you willconnect the AC power

CONSOLE The Switch is equipped with aserial port labeled Console (located on theback o the switch) that allows you to connectto a computers serial port (or conigurationpurposes) using the provided serial cable Youcan use HyperTerminal to manage the Switchusing the console port

Side Panel

The security slot is located on a side panel o the Switch

Side Panel

SECURITY SLOT The security slot can beutilized to attach a lock to the Switch


9/72

Connecting the Switch


Chapter

Chapter :

Connectng the Swtch

OverviewThis chapter will explain how to connect network devicesto the Switch The ollowing diagram shows a typicalnetwork coniguration

InternetCable/DSL

Modem RouterWireless Access

Point

Desktop Notebook Server

Typical Network Coniguration

When you connect your network devices, make sure youdont exceed the maximum cabling distances, which arelisted in the ollowing table:

Maxmum Cablng Dstances

From To Maxmum Dstance

Switch Switch or Hub 100 meters (328 eet)

Hub Hub 5 meters (164 eet)

Switch or Hub Computer 100 meters (328 eet)

A hub reers to any type o 100Mbps hub A 10Mbps hub connectedto another 10Mbps hub can span up to 100 meters (328 eet)

Pre-Installation Considerations

Fast Ethernet Considerations

I you are using the Switch or Fast Ethernet (100Mbps)applications, you must observe the ollowing guidelines:

Full-Duplex Considerations

The Switch provides ull-duplex support or its RJ-45ports Full-duplex operation allows data to be sent andreceived simultaneously, doubling a ports potential data

throughput I you will be using the Switch in ull-duplexmode, the maximum cable length using Category 5 cableis 328 eet (100 meters)

1000BASE-T Cable Requirements

All Category 5 UTP cables that are used or 100Base-TXconnections should also work or 1000Base-T, providingthat all our wire pairs are connected However, it isrecommended that or all critical connections, or anynew cable installations, Category 5e (enhanced Category5) or Category 6 cable should be used The Category5e speciication includes test parameters that are only

recommendations or Category 5 Thereore, the irststep in preparing existing Category 5 cabling or running1000Base-T is a simple test o the cable installation to besure that it complies with the IEEE 8023ab standards

Positioning the Switch

Beore you choose a location or the Switch, observe theollowing guidelines:

Make sure that the Switch is accessible and that thecables can be connected easily

Keep cabling away rom sources o electrical noise,

power lines, and luorescent lighting ixturesPosition the Switch away rom water and moisturesources

To ensure adequate air low around the Switch, besure to provide a minimum clearance o two inches(50mm)

Do not stack ree-standing Switches more than ourunits high

Placement Options

There are two ways to physically install the Switch, either

set the Switch on its our rubber eet or desktop placementor mount the switch in a standard-sized, 19-inch high rackor rack-mount placement


10/72

Connecting the Switch


Chapter

Desktop Placement

Attach the rubber eet to the recessed areas on thebottom o the Switch

Place the Switch on a desktop near an AC powersource

Keep enough ventilation space or the switch andcheck the environmental restrictions mentioned inAppendix C: Speciications as you are placing theSwitch

Connect the Switch to network devices according tothe Hardware Installation instructions below

Attaching the Switchs Rubber Feet

Rack-Mount Placement

To rack-mount the Switch in any standard 19-inch rack,ollow the instructions described below

Place the Switch on a hard lat surace with the ront

panel aced towards your ront sideAttach a rackmount bracket to one side o the Switchwith the supplied screws and secure the brackettightly

Attaching the Brackets

Follow the same steps to attach the other bracket tothe opposite side

Ater the brackets are attached to the Switch, usesuitable screws to securely attach the brackets to anystandard 19-inch rack

1

2

3

4

Mounting in Rack

Connect the Switch to network devices according tothe Hardware Installation instructions below

Hardware InstallationTo connect network devices to the Switch, ollow theseinstructions:

Make sure all the devices you will connect to the Switchare powered o

Connect a Category 5 Ethernet network cable to oneo the numbered ports on the Switch

Connect the other end to a PC or other networkdevice

Repeat steps 2 and 3 to connect additional devicesI pre-standard or 8023a-compliant PoE devices are

connected to the Switchs 10/100 ports, the Switchautomatically supplies the required power

I you are using a miniGBIC port, then connect aminiGBIC module to the miniGBIC port For detailedinstructions, reer to the modules documentation

Connect the supplied power cord to the Switchspower port, and plug the other end into an electricaloutlet When connecting power, always use a surgeprotector

Power on the devices connected to the Switch Eachactive ports corresponding LED will light up on the

Switch

Uplinking the Switch

To uplink the Switch, connect one end o a Cat 5 (or better)Ethernet network cable into one o the 4 gigabit ports, andthen connect the other end o the cable into the peripheraldevices uplink port MDI/MDIX will automatically detectthe speed and cable type

The hardware installation is complete Proceed to Chapter4: Coniguration using the Console Interace, or directionson how to set up the Switch

5

1

2

3

4

5

6

7


11/72

Configuration Using the Console Interface


Chapter 4

Chapter 4:

Conguraton Usng the

Console InteraceOverview

The Switch eatures a menu-driven console interace orbasic switch coniguration You can easily manage yournetwork rom the screens through the console portBeore you can use the console interace, you will need toconigure the HyperTerminal application

Coniguring the HyperTerminal Application

Click the Start button

Select Programs > Accessores > Communcatons >HyperTermnal

Start > Programs > Accessories > Communications > HyperTerminal

Enter a name or this connection In the example, thename o the connection is SRW224G4P Select an iconor the application, then clickOK

HyperTerminal Connection Description Screen

1

2

3

Select a port to communicate with the switch SelectCOM1 or COM2

HyperTerminal Connect To Screen

Set the serial port settings as ollows, then clickOK

Bits per Second: 8400

Databits: 8

Parity: None

Stop bits: 1

Flow control: None

HyperTerminal Properties Screen

4

5


12/72

8



Chapter 4

Coniguring the Switch through the

Console Interace

The Console Interace consist o a series o menus Each

menu has several options, which are listed vertically Ahighlight in each menu lets you select the option youwish to choose; pressing the Enter key activates thehighlighted option

To navigate through the Console Interace, use the UpArrow or Down Arrow keys or use the Number keys toselect the respective option (or example, press the keyto highlight Help) The Enter key selects an option and theEsc key returns to the previous selection; menu optionsand any values entered or present are highlighted Notethat the bottom o the window provides help, indicatingthe appropriate keys to use

Login

When you inish coniguring the HyperTerminal, theLogin screen appears The irst time you open the ConsoleInterace, use the deault username admin and leavethe password blank and press the Enter key You canset a password later rom the User and Password Settingsscreen

Console Login Screen

Switch Main Menu

The Main Menu screen displays six menu choices: SystemConiguration Menu, Port Status, Port Coniguration, PoEConiguration, Help, and Log Out

Main Menu

System Coniguration Menu

System Coniguration Menu

System Coniguration Menu options:

System Coniguration

Management Settings

User and Password Settings

IP Coniguration

File Management

Restore System Deault Settings

Reboot System

0 Back to Main Menu

System Configuration

From the System Information screen you can check currentirmware versions and other general switch inormation

System Inormation

1

2

3

4

5

6

7


13/72



Chapter 4

Versions

The Versions screen displays the Boot Version, SotwareVersion, Loader Version and the Hardware Version

Versions

Boot Verson This ile runs when the Switch is turned onIt perorms power-on diagnostics and loads the operatingsystem or the Switch

Sotware Verson This ile contains the programmingcode that runs the Switch

Loader Verson This ile loads the sotware rom storagememory to main memory

Hardware Verson The current hardware setup o theSwitch

General Information

The General Information screen displays the SystemDescription, System Up Time, System Mac Address, System

Contact, System Name and System Location

General Inormation

Management Settings

The Management Settings screen displays the Serial PortConiguration

Management Settings

Serial Port Configuration

The Serial Port Configuration screen displays the currentsetting or the baud rate The baud rate can be changed byselecting Edt then using the spacebar to toggle throughthe dierent baud rates Use the Save action to set thenew baud rate

Serial Port Coniguration

User & Password Settings

The User & Password Settings screen displays user accountinormation on the Switch The deault account is theadmn account To add a new user, use the arrow keys toselect Edt and then press the Enter key, then enter theuser name o the new account and assign a password tothe account The password must be re-entered into the

Agan Password column to conirm the password

User & Password Settings


14/72

10



Chapter 4

You can add up to ive user accounts in addition to thedeault admin account The admin account cannot bedeleted rom the system

To save the new user account inormation, use the arrow

keys to select Save and press EnterIP Configuration

The IP Configuration screen displays our menu choices:IP Address Settings, HTTP/HTTPS, SNMP, and NetworkDiagnostics

IP Coniguration

IP Address Settings

The IP Address Settings screen allows you to set the IPinormation or the Switch

IP Address Coniguration

IP Address This sets the Switchs IP Address The deaultsetting is 19216815

Subnet Mask This combined with the IP Address deines

the Switchs network addressDeault Gateway This deines the IP Address or thedeault gateway o the network

Management VLAN Set the ID number o theManagement VLAN This is the only VLAN through whichyou can gain management access to the Switch Bydeault, all ports on the Switch are members o VLAN 1,so a management station can be connected to any port

on the Switch However, i other VLANs are coniguredand you change the Management VLAN, you may losemanagement access to the Switch In this case, you shouldreconnect the management station to a port that is amember o the Management VLAN

WARNING: Do not deine the ManagementVLAN as a VLAN that has yet to be created Ithe VLAN does not exist already, the sotwarewill automatically create the VLAN but will notassign VLAN membership I this happens, theSwitch cannot be managed via the web-based

utility until it has been reconigured via theconsole interace

IP Mode Choose to have either a user-deined IP addressor to have it assigned by DHCP or BOOTP

HTTP/HTTPS

The HTTP/HTTPS screen allows you to set the Hyper TextTranser Protocol server (web server) inormation or theSwitch

HTTP/HTTPS

HTTP Server Enable or disable the Switchs HTTP serverunction

HTTP Server port Set the TCP port that HTTP packets aresent and received rom

HTTPS Server Enable or disable the Secure HTTP serverunction o the Switch

HTTPS Server port Set the TCP port that the HTTPSpackets are sent and received rom

SNMP

The SNMP screen allows you to set the Switchs SNMPsettings


15/72

11



Chapter 4

SNMP

SNMP Server Enable or Disable the SNMP unction orthe Switch

SNMP Server Port Set the TCP port that will be used orsending and receiving SNMP packets

Network Diagnostics

The Network Configuration screen allows you to use PINGto test network connectivity Enter the IP address othe interace or device you wish to PING and select theExecute action

Ping

File Management

The File Management screen allows you to upload anddownload iles to the Switch using TFTP

File Management

Source Fle Speciy the location o the ile to transerSelect one o the ollowing:

TFTP I the ile is located on a TFTP server

Image I the ile is a sotware code ile

Startup-cong I the ile is a coniguration ile

Destnaton Fle Speciy where the ile is to be transerredSelect one o the ollowing:

TFTP I the ile is to be uploaded to a TFTP server

Image I the ile is to be downloaded as a sotwarecode ile

Startup-cong I the ile is a coniguration ile

Boot I the ile is a boot ile

Fle Name Enter the name o the ile to be uploaded ordownloaded

IP Address Enter the IP address o the TFTP server thatwill transer the ile

Restore System Default Settings

To restore the Switch back to the actory deault settings,select Restore System Deault Settng and press EnterA conirmation message appears asking Are you sure? [Y/N] Press the Y key to continue or the N key to cancel theaction

Restore Deault

Reboot System

I you want to restart the Switch, select Reboot Systemand press Enter A conirmation message appears askingReboot Now? [Y/N] Press the Y key to continue or the Nkey to cancel the action

Reboot System


16/72

12



Chapter 4

Back to Main Menu

Select Back to Man Menu i you want to return to themain menu

Port StatusThe Port Status screen allows you to view the status oa port The Port, Enable, Link Status, Spd/Dpx, and FlowControl are displayed

Port Status

Ports 1 through 24 are Ethernet RJ-45 ports and areall 10/100 ports Ports G3 and G4 are shared with theminiGBIC ports I there is a connection to one o theminiGBIC ports then the corresponding Gigabit RJ-45 portcannot be used

Port Coniguration

You can use the Port Configuration screen to enable/

disable an interace, set auto-negotiation and the interacecapabilities to advertise, or manually ix the speed, duplexmode, and low control

Port Coniguration

Enable Allows you to manually enable or disable aninterace You can disable an interace due to abnormalbehavior (or example, excessive collisions), and thenenable it again, once the problem has been resolved Youmay also disable an interace or security reasons

Auto-negotaton (Port Capabltes) This option enables or

disables auto-negotiation When auto-negotiation is enabled,

you need to specify the capabilities to be advertised When

auto-negotiation is disabled, you can force the settings for

speed, mode, and flow control The following capabilities are

supported

10hal Supports 10 Mbps hal-duplex operation

10ull Supports 10 Mbps ull-duplex operation




Deault: Auto-negotiation enabled; Advertised capabilitiesor 100Base-TX 10hal, 10ull, 100hal, 100ull; 1000Base-T 10hal, 10ull, 100hal, 100ull, 1000ull; 1000Base-SX/LX/LH (SFP) 1000ull; 100Base-FX (SFP) 100ull

Speed/Duplex Allows manual selection o port speed andduplex mode (that is, with auto-negotiation disabled)

Flow Control Allows automatic or manual selection olow control

PoE Coniguration

The PoE Main Menu screen displays three menu choicesand a back option:

PoE Main Menu

System PoE Coniguration

Port PoE Status

Port PoE Coniguration

1

2

3


17/72

1



Chapter 4

System PoE Configuration

The Power Configuration screen allows you to set the PoEpower allocation rom the Switch to connected devices

System PoE Coniguration

The Switchs power management enables total Switchpower and individual port power to be controlled within aconigured power budget Port power can be automaticallyturned on and o or connected devices, and a per-portpower priority can be set so that the Switch never exceedsits allocated power budget When a device is connectedto a port, its power requirements are detected by theSwitch beore power is supplied I the power requiredby a device exceeds the power budget o the port or thewhole Switch, power is not supplied

Port PoE Status

The Power Port Status screen allows you to view the currentPoE settings or each port on the Switch

Power Port Status

Ports can be set to one o three power priority levels:crtcal, hgh, or low To control the power supply withinthe Switchs budget, ports set at critical or high priorityhave power enabled in preerence to those ports set atlow priority For example, when a device is connected to aport set to critical priority, the Switch supplies the requiredpower, i necessary by dropping power to ports set or alower priority I power is dropped to some low-priorityports and later the power demands on the Switch all backwithin its budget, the dropped power is automaticallyrestored

Port PoE Configuration

The Power Port Configuration screen allows you to set thePoE settings or each port Select the Edt action and usethe let-rght and up-down arrows to select the attribute

you would like to set You can set the Admin Status, thePriority, and the Power Allocation Use the Save action tosave the new settings

Power Port Coniguration

Logout

Select Logout to log out o the Console ConigurationUtility


18/72

Chapter Configuring the Switch


Chapter :

Congurng the Swtch

Open your web browser and enter http://12.18.1.24into the address ield Press the Enter key and the Passwordscreen will appear

Address Bar

NOTE: The deault IP address is 12.18.1.24I the IP address has been changed using DHCPor via the console interace, enter the assignedIP address instead o the deault

The irst time you open the web-based utility, enteradmn (the deault username) in the username ield andleave the password blank Click the OK button You canset a password later rom the Admin tabs User Accountsscreen

Login Screen

Setup

The irst screen displays the Summaryscreen on the Setuptab There are 10 tabs across the top o the screen: Setup,Port management, VLAN Management, Statstcs, ACL,Securty, QoS, Spannng Tree, Multcast, and a Moretab Click the More tab to access the SNMP, Admn andLogout tabs Each tab contains screens that will help you

conigure and manage the Switch

Setup > Summary

The Setup > Summary screen displays a summary oSwitch inormation The settings cannot be modiied romthe Setup > Summaryscreen Many o the settings can be

modiied rom the Setup > Network Settings screen

Setup > Summary

Device Information

System Name Displays the name or the Switch, i onehas been entered

IP Address The IP address assigned to the Switch isdisplayed (The deault IP address is 12.18.1.24)

Subnet Mask The Subnet Mask assigned to the Switch isdisplayed (The deault is 2.2.2.0)

DNS Servers The IP address o your ISPs server, whichtranslates the names o websites into IP addresses

Deault Gateway IP address o the gateway routerbetween this device and management stations that existon other network segments (Deault: 0.0.0.0)

Address Mode Speciies whether IP unctionality is

enabled via manual coniguration (Static), Dynamic HostConiguration Protocol (DHCP), or Boot Protocol (BOOTP)I DHCP/BOOTP is enabled, IP will not unction until areply has been received rom the server Requests will bebroadcast periodically by the Switch or an IP address(DHCP/BOOTP values can include the IP address, subnetmask, and deault gateway)

Base MAC Address The MAC address o the Switch isdisplayed


19/72



System Information

Seral Number The serial number o the Switch isdisplayed

Model Name The model name o the Switch is

displayed

Hardware verson The current hardware version isdisplayed

Boot Verson The current boot version is displayed

Frmware Verson The current sotware version isdisplayed

System Locaton Displays the location o the system i ithas been deined

System Contact The name o the administrator willappear here i it has been deined

System Uptme Length o time the management agenthas been up

Current Tme Displays the current time

PoE Information

Maxmum Avalable Power Displays the maximumpower that can be supplied to a connected PoE device

System Operaton Status Displays the operational statuso the Power over Ethernet mechanism

Manpower Consumpton Displays the current numbero watts that the Switch is providing to PoE devices

Setup > Network Settings

Setup > Network Settings

The Network Settings screen allows you to edit theollowing inormation

Identification

System Name Speciies the name o the Switch Enterthe name into the text ield provided By deault, a systemname is not deined

System Locaton This ield is used or entering adescription o where the Switch is located, such as 3rdloor

System Contact Enter the name o the administratorresponsible or the system

Object ID The system object identiier is displayed here

Base MAC Address Physical address o a device mappedto this interace

IP Configuration

To manually conigure IP settings, you need to set an IP

address and subnet mask compatible with your networkYou may also need to establish a deault gateway betweenthe Switch and management stations that exist on anothernetwork segment

An IP address may be used or management access to theSwitch over your network You may also need to establisha deault gateway between the Switch and managementstations that exist on another network segment

Management VLAN ID o the conigured VLAN (1-4094,no leading zeroes) By deault, all ports on the Switch aremembers o VLAN 1 However, the management stationcan be attached to a port belonging to any VLAN, as longas that VLAN has been assigned an IP address

IP Address Mode Speciies whether IP unctionality isenabled via manual coniguration (Static), Dynamic HostConiguration Protocol (DHCP), or Boot Protocol (BOOTP)

NOTE: I DHCP/BOOTP is enabled, IP will notunction until a reply has been received rom theserver Requests will be broadcast periodicallyby the Switch or an IP address I the mode isset to DHCP/BOOTP and a server is not available,you can reconigure the settings by connectingthe console interace directly to a computer

Select the IP Address Mode using the drop-downmenu Selecting Static will allow you to enter a static IPaddress, subnet mask and deault gateway using the textield provided Selecting BOOTP or DHCP disables thesetext boxes and auto assigns an IP address The deaultsetting is Statc

Host Name Assign a host name to the Switch


20/72



IP Address Address o the VLAN interace that is allowedmanagement access Valid IP addresses consist o ournumbers, 0 to 255, separated by periods (Deault:12.18.1.24)

Subnet Mask This mask identiies the host addressbits used or routing to speciic subnets (Deault:2.2.2.0)

Deault Gateway IP address o the gateway routerbetween this device and management stations that existon other network segments (Deault: 0.0.0.0)

DNS Server Enter the IP address o the DNS server intothe text ield A second DNS address can be speciied inthe additional text ield provided

ClickSave Settngs to save the changes

Click Restart DHCP to assign a new IP address using

DHCP

Setup > Time

Simple Network Time Protocol (SNTP) allows the Switchto set its internal clock based on periodic updates rom atime server (SNTP or NTP) Maintaining accurate time onthe Switch enables the system log to record meaninguldates and times or event entries I the clock is not set, theSwitch will only record the time rom the actory deaultset at the last bootup When the SNTP client is enabled,the Switch periodically sends a request or a time updateto a conigured time server You can conigure up to twotime server IP addresses The Switch will attempt to polleach server in the sequence

Setup > Time

Set Time

Set the system tme manually This option allows you toset the time and date manually or the Switch

Set the system tme usng Smple Network Tme

Protocol (SNTP) automatcally Sets the system clockautomatically using SNTP

Manual

Hours The hour is entered here

Mnutes The minutes is entered here

Seconds The seconds is entered here

Month The month is entered here

Day The day is entered here

Year The year is entered here

Automatic

Sets the system clock automatically using SNTP

Tme Zone Set the time zone by selecting it rom thedrop-down menu

Daylght Savngs Enable daylight saving time bychecking the checkbox Then set USA, Europe, or customdaylight saving time by clicking the appropriate option

Tme Set Oset Custom daylight saving time is set byentering the time dierence in minutes into the Time SetOffsetield Set the date or this oset by entering the day

and month (DD/MM) in the From and To ieldsRecurrng To enable a recurring custom daylight savingstime, check the Recurring checkbox Set the day, week, andmonth the time dierence will be recurring (From and To)by using the drop-down menus Set the time (From andTo) o the recurrence using the ield provided (HH:MM)

SNTP Servers

Sets the IP address o up to two SNTP servers

Server 1 Set the IP address o the SNTP server

Server 2 Set the IP address o an additional SNTP server

Pollng Internal (1-184 sec) The value entered heredetermines the number o seconds between each timethe Switch contacts the SNTP server or an update


21/72



Port Management

Port unctionality can be controlled using the PortManagement settings Speeds, duplex, grouping, andPower over Ethernet settings, and more can be deined

Port Management > Port Settings

You can manually conigure the speed, duplex mode, andlow control used on speciic ports, or use to detect theconnection settings used by the attached device Use theull-duplex mode on ports whenever possible to doublethe throughput o switch connections Flow control shouldalso be enabled to control network traic during periodso congestion and prevent the loss o packets when portbuer thresholds are exceeded The Switch supports lowcontrol based on the IEEE 8023x standard

This screen displays the current connection status,including the description, administrative status, linkstatus, speed, duplex mode, MDI/MDIX, low control, type,and LAG

Port Management > Port Settings

Port Displays the port number

Descrpton Displays a description or the port, i one hasbeen deined

Admnstratve Status Displays the administrative statuso the appropriate port

Lnk Status Displays the link status o the port

Speed Displays the current speed o the port

Duplex Displays the current duplex mode o the port

MDI/MDIX Indicates i the port is being utilized as an MDIor MDIX port

Flow Control Indicates the type o low control currentlyin use (IEEE 8023x, Back-Pressure, or None)

Type Indicates the port type (100Base-TX, 1000Base-T, orSFP)

LAG Indicates whether the port is a LAG memberEach port has a Detal button that opens a screen orediting port settings Click the Detal button to open thePort Setting detail screen or the desired port

Edit Port Settings

You can use the Port Setting detail screen to enable/disablean interace, set and interace capability advertisements,or manually orce the speed, duplex mode, and lowcontrol

Port Management > Edit Port Settings

This screen allows you to edit the ollowing inormationor each port on the Switch

Port Use the port drop-down menu to select a port

Port Configuration

Descrpton Use this ield to describe the interace

(Range: 1-64 characters)

Speed Duplex Used to manually set the port speed andduplex mode when autonegotiation is disabled

Autonegotaton Enables or disables autonegotiationWhen autonegotiation is enabled, you need to speciythe capabilities to be advertised When autonegotiation isdisabled, you can orce the settings or speed, mode, andlow control Autonegotiation is enabled by deault


22/72



The ollowing capabilities are supported







Sym (Gigabit only) Check this item to transmit andreceive pause rames, or clear it to autonegotiate thesender and receiver or asymmetric pause rames

Flow Control Allows automatic or manual selection olow control

Port Broadcast Control

Status To enable broadcast control on a speciied port,mark the Enabled checkbox or that port

Threshold You can protect your network rom broadcaststorms by setting a threshold or broadcast traic or allports Any broadcast packets exceeding the speciiedthreshold will then be dropped

Ater you modiy the required port settings, clickApply

Port Management > Link Aggregation

You can create multiple links between devices that workas one virtual, aggregate link (LAG) An aggregated link

oers a dramatic increase in bandwidth or networksegments where bottlenecks exist, as well as providing aault-tolerant link between two devices You can create upto our LAGs on the Switch Each LAG can contain up toeight ports

Port Management > Link Aggregation

LAG Displays the LAG number

Descrpton Displays the description assigned to theinterace

Admnstratve Status Indicates whether the interace is

enabled or disabledType Indicates i a LAG has been manually conigured(static) or dynamically set through LACP

Lnk Status Displays the status o the link

Speed Displays the port speed

Duplex Displays the duplex mode

Flow Control Displays the low control

Create To create a new LAG, click the Create button in theCreate column, then add members to the LAG by clickingon the Select Member button The select member screen

or the Link Aggregation opens

Port Management > Link Aggregation > Select Member

The LAG number is shown in the LAG drop-down menuThe Ethernet ports are represented by check boxes Assignup to 8 ports to the LAG by checking the check boxes othe ports, then clickApply

Detal To conigure the LAG and the LAG broadcastcontrol, click the Detal button The Link Aggregationdetail screen will be displayed

Port Management > Link Aggregation > Detail


23/72


24/72


25/72



Ingress lterng Determines how to process ramestagged or VLANs or which the ingress port is not amember (Deault: Dsabled)

Ingress iltering only aects tagged rames

I ingress iltering is disabled and a port receives ramestagged or VLANs or which it is not a member, theserames will be looded to all other ports (except or thoseVLANs explicitly orbidden on this port)

I ingress iltering is enabled and a port receives ramestagged or VLANs or which it is not a member, theserames will be discarded

Ingress iltering does not aect VLAN independent BPDUrames, such as GVRP or STP However, they do aect VLANdependent BPDU rames, such as GMRP

Fill in the required settings or each interace, then click

Save Changes

VLAN Management > Ports to VLAN

Use the Ports to VLAN screen to conigure port membersor the selected VLAN index Assign ports as tagged ithey are connected to 8021Q VLAN compliant devices,or untagged they are not connected to any VLAN-awaredevices

VLAN Management > Ports to VLAN

Swtch Port Mode Indicates VLAN membership modeor an interace (Deault: Access)

Access Is the deault setting or all ports The port is amember o a single, untagged VLAN

Trunk Speciies a port as an end-point or a VLANtrunk A trunk is a direct link between two switches,so the port transmits tagged rames that identiythe source VLAN Note that rames belonging to theports deault VLAN (that is, associated with the PVID)are transmitted as untagged rames I the PVID isassociated with a VLAN ID other than 1, then therames are tagged

General Speciies a hybrid VLAN interace The portmay transmit tagged or untagged rames

Membershp Select VLAN membership or each interaceby selecting the appropriate option or a port or LAG:

Excluded The interace is orbidden rom joining theVLAN

Untagged The interace is a member o the VLAN Allpackets transmitted by the port will be untagged, thatis, not carry a tag and thereore not carry VLAN or CoSinormation Note that an interace must be assignedto at least one group as an untagged port

Tagged The interace is a member o the VLANAll packets transmitted by the port will be tagged,that is, carry a tag and thereore carry VLAN or CoSinormation

VLAN Management > VLAN to Ports

VLAN Management > VLAN to Ports

Use the VLAN to Ports screen to assign VLAN groups to theselected interace


26/72



Mode Indicates the VLAN switch port mode or theinterace

Jon VLAN Conigures the selected interace to be amember o other VLANs

VLANs VLANs or which the selected interace is amember

LAG Indicates the port is a member o the speciied LAG

Statistics

You can display standard statistics on network traic romthe Interaces Group and Ethernet-like MIBs, as well as adetailed breakdown o traic based on the RMON MIBInteraces and Ethernet-like statistics display errors on thetraic passing through each port

Statistics > RMON Statistics

Statistics > RMON Statistics

To view the interace statistics or a port, select the requiredinterace rom the drop-down menu and clickQuery

To set a reresh rate, to update the interace statistics,select a time interval rom the Reresh Rate drop-downmenu

Statistics > RMON History

The RMON History screen allows you to monitor yournetwork or common errors and overall traic rates TheHistory Control Table allows you to add, edit and delete

collection entries, or to select a speciic index entry andthen view the historical data in table orm

Statistics > RMON History

Source Interace The selected interace on the Switch

Samplng Interval The interval between taking samples(Range: 1-3600 seconds)

Samplng Requested The number o samples to record(Range:1-65535)

Owner The name o the person who created this entry inthe Control Table (Maximum 127 characters)


27/72



Statistics > RMON Alarms

The RMON Alarms screen allows you to record importantevents and critical network problems The RMON Alarmand Event Control Tables are used together to deine

speciic criteria that will generate response eventsAlarms can be set to test data over any speciied timeinterval and can monitor absolute or changing values,such as a statistical counter reaching a speciic value, or astatistic changing by a certain amount over a set intervalAlarms can be set to respond to either rising or allingthresholds

Statistics > RMON Alarms

The Alarm Control Table allows you to add, update anddelete speciic index entries

Interace The selected interace on the Switch

Statstcs The traic statistics to be sampled Select romthe drop-down list

Interval The time interval in seconds over which datais sampled and compared with the rising or allingthreshold

Sample Type The method o sampling data, eitherAbsolute or Delta For an absolute sample the variable willbe compared directly to the thresholds For a delta samplethe last sample is subtracted rom the current value andthe dierence is then compared to the thresholds

Startup Alarm How the alarm is activated when thevariable is compared to the thresholds This can be set toRising, Falling, or Rising or Falling

Rsng Threshold An alarm threshold or the sampledvariable I the current value is greater than or equal tothe threshold, and the last sample value was less than thethreshold, then an alarm will be generated (Ater a risingevent has been generated, another such event will not be

generated until the sampled value has allen below theRising Threshold and reaches the Falling Threshold)

Fallng Threshold An alarm threshold or the sampledvariable I the current value is less than or equal to thethreshold, and the last sample value was greater than thethreshold, then an alarm will be generated (Ater a allingevent has been generated, another such event will not begenerated until the sampled value has risen above theFalling Threshold and reaches the Rising Threshold)

Rsng Event Index (0-) The index o the Eventthat will be used i a rising alarm is triggered I there is nocorresponding entry in the Event Control Table, or i this

number is zero, then no event will be generated

Fallng Event Index (0-) The index o the Eventthat will be used i a alling alarm is triggered I there is nocorresponding entry in the Event Control Table, or i thisnumber is zero, then no event will be generated

Owner The name o the person who created this entry inthe Control Table

Statistics > RMON Events

An RMON Event determines the action to take when analarm is triggered The response to an alarm can include

logging the alarm or sending an SNMP trap message Ithe response corresponding to an alarm has not yet beendeined, use the RMON Event screen to conigure theEvent Setting table

Statistics > RMON Events


28/72



Event Descrpton A text comment that describes theentry in the Event Setting Table

Type The type o action that is taken or an alarm Thiscan be None, Log, Trap, or Log and Trap

Communty The SNMP community name that a trapmanager must use to receive trap messages

Owner The name o the person who created this entry inthe Event Setting Table (Maximum 127 characters)

Click on the Add button to add an Event index entry tothe table

To display each time an event was triggered by an alarm,irst highlight an entry in the Event Control Table andthen click on the Vew Log Table button The Log Tableshows the log index number, the time o an event, and thedescription o the event that activated the entry

Statistics > Port Utilization

Statistics > Port Utilization

Displays the percentage o bandwidth currently utilizedon each port o the Switch

Statistics > 802.1x Statistics

Statistics > 8021x Statistics

The Switch can display statistics or 8021X protocolexchanges or any port

To view the statistics or a port, select the required interacerom the drop-down menu and clickQuery

To set a reresh rate or updating the 8021X statistics,select a time interval rom the Reresh Rate drop-downmenu

ACLAccess Control Lists (ACL) provide packet iltering or IPrames (based on address, protocol, Layer 4 protocol portnumber or TCP control code) or any rames (based on MACaddress or Ethernet type) To ilter incoming packets, irstcreate an access list, add the required rules, speciy a maskto modiy the precedence in which the rules are checked,and then bind the list to a speciic port


29/72



ACL > IP based ACL

ACL > IP based ACL

Target Select the New ACL Name option and enteran ACL name in the text ield provided (with up to 16characters) To add rules to an existing ACL, select theACL Name option and select an ACL rom the drop-downmenu

Acton An ACL can contain any combination o permit ordeny rules

Protocol Speciies the protocol type to match as TCP,UDP or Others, where others indicates a speciic protocolnumber (0-255) (Options: TCP, UDP, Others; Deault: ANY)

TCP Flags Speciy the TCP lag bits in byte 14 o the TCPheader by selecting Set or Unset rom the drop-downmenus The ollowing TCP lags may be speciied:

Urg Urgent pointer

Rst Reset

Ack Acknowledgement

Syn Synchronize

Psh PushFn Finish

Source/Destnaton Port (0-) Source/destinationport number or the speciied protocol type (Range: 0-65535)

Use the Source/Destination IP Address option to apply theACL rule to an IP address or select the Any option to applythe rule to all IP addresses

Source/Destnaton IP Address Enter a source ordestination IP address

Wldcard Mask Enter the Wildcard Mask or the Source/Destination IP addresses

Match CoS Packet priority settings based on the ollowingcriteria:

DSCP DSCP priority level (Range: 0-63)Precedence IP precedence level (Range: 0-7)

Then click the Add to Lst Button

To remove an ACL rule, select an ACL rule rom the tableand clickRemove

When all rules are removed rom the ACL the ACL is alsoremoved

ACL > MAC based ACL

ACL > MAC based ACL

Target Select the New ACL Name option and enteran ACL name in the text ield provided (with up to 16characters) To add rules to an existing ACL, select theACL Name option and select an ACL rom the drop-downmenu

Acton An ACL can contain any combination o permit ordeny rules

Use the Source/Destination MAC Address option to applythe ACL rule to a MAC address or select the Any option toapply the rule to all MAC addresses

Source/Destnaton MAC Address Speciy a MACaddress (or example, 11-22-33-44-55-66)

Source/Destnaton Wldcard Mask Hexadecimal maskor source or destination MAC address

VLAN ID Speciy a VLAN ID (Range: 1-4094)


30/72



Ethernet Type Speciy an Ethernet Type This option canonly be used to ilter Ethernet II ormatted packets (Range:0-65535) A detailed listing o Ethernet protocol types canbe ound in RFC 1060 A ew o the more common typesinclude 0800 (IP), 0806 (ARP), 8137 (IPX)

Then click the Add to Lst button

To remove an ACL rule, select an ACL rule rom the tableand clickRemove

When all rules are removed rom the ACL the ACL is alsoremoved

Security

Security > ACL Binding

Security > ACL Binding

Ater coniguring Access Control Lists (ACL), you shouldbind them to the ports that need to ilter traic You canassign one IP or MAC access list to any port

You must conigure a mask or an ACL rule beore you canbind it to a port

This Switch only supports ACLs or ingress iltering Youcan only bind one IP or one MAC ACL to any port, oringress iltering

Mark the Enable checkbox or the port you want to bindto an ACL Select the required ACL rom the drop-downmenu

Port Fixed port or SFP module

IP (Input) Speciies the IP Access List to enable or aport

MAC (Input) Speciies the MAC Access List to enableglobally


Security > Authentication Servers

Security > Authentication Servers

RADIUS Server Setting

Remote Authorization Dial-In User Service (RADIUS)servers provide additional security or networks RADIUSservers provide a centralized authentication method orweb access

Up to 5 RADIUS servers can be conigured The Switchattempts authentication using the listed sequence oservers The process ends when a server either approvesor denies access to a user

Index Indicates the server number or global setting

Server IP Address Enter the IP address o the server

Server Port Number (1-) Enter the authenticationport The authentication port is used during RADIUS serverauthentication The authentication port deault is 1812

Secret Key Strng Enter the secret key string as deinedon the RADIUS server The secret key string is used orauthenticating and encrypting communications betweenthe device and the RADIUS server

Number o Retres (1-0) Deines the number otransmitted requests sent to the RADIUS server beore aailure occurs The possible ield values are 1 - 30 2 is thedeault value

Tmeout or Reply (1- sec) Deines the amount othe time in seconds the device waits or an answer romthe RADIUS server beore retrying the query, or switchingto the next server The possible ield values are 1 - 655355 is the deault value


31/72



TACACS Server Setting

The Switch provides Terminal Access Controller AccessControl System (TACACS+) client support TACACS+provides centralized security or validation o users

accessing the device TACACS+ provides a centralized usermanagement system, while still retaining consistency withRADIUS and other authentication processes The TACACS+protocol ensures network integrity through encryptedprotocol exchanges between the device and TACACS+server

Server IP Address Enter the TACACS+ Server IP address

Server Port Number (1-) Deines the port numberthrough which the TACACS+ session occurs The deaultport is 49

Secret Key Strng Deines the authentication andencryption key or TACACS+ server The key must matchthe encryption key used on the TACACS+ server

Security > 802.1x Settings

Security > 8021x Settings

Network switches can provide open and easy accessto network resources by simply attaching a client PCAlthough this automatic coniguration and access is a

desirable eature, it also allows unauthorized personnelto easily intrude and possibly gain access to sensitivenetwork data

The IEEE 8021X (dot1X) standard deines a port-basedaccess control procedure that prevents unauthorizedaccess to a network by requiring users to irst submitcredentials or authentication Access to all switch ports ina network can be centrally controlled rom a server, whichmeans that authorized users can use the same credentialsor authentication rom any point within the network

This Switch uses the Extensible Authentication Protocolover LANs (EAPOL) to exchange authentication protocolmessages with the client, and a remote RADIUSauthentication server to veriy user identity and accessrights When a client connects to a switch port, the Switch

responds with an EAPOL identity request The clientprovides its identity (such as a user name) in an EAPOLresponse to the Switch, which it orwards to the RADIUSserver The RADIUS server veriies the client identity andsends an access challenge back to the client The EAP packetrom the RADIUS server contains not only the challenge,but the authentication method to be used The client canreject the authentication method and request another,depending on the coniguration o the client sotwareand the RADIUS server The authentication method mustbe MD5 The client responds to the appropriate methodwith its credentials, such as a password or certiicateThe RADIUS server veriies the client credentials andresponds with an accept or reject packet I authenticationis successul, the Switch allows the client to access thenetwork Otherwise, network access is denied and theport remains blocked

The operation o 8021X on the Switch requires theollowing:

The Switch must have an IP address assigned

RADIUS authentication must be enabled on the Switchand the IP address o the RADIUS server speciied

8021X must be enabled globally or the Switch

Each Switch port that will be used must be set to dot1XAuto mode

Each client that needs to be authenticated musthave dot1X client sotware installed and properlyconigured

The RADIUS server and 8021X client support EAP (TheSwitch only supports EAPOL in order to pass the EAPpackets rom the server to the client)

The RADIUS server and client also have to support thesame EAP authentication type MD5 (Some clientshave native support in Windows, otherwise the dot1xclient must support it)

To enable 8021X System Authentication Control, selectthe RADIUS option

When 8021X is enabled, you need to conigure theparameters or the authentication process that runsbetween the client and the Switch, as well as the clientidentity lookup process that runs between the Switch andauthentication server These parameters are described inthis section


32/72



Operaton Mode Allows single or multiple hosts (clients)to connect to an 8021X-authorized port (Options: Single-Host, Multi-Host; Deault: Sngle-Host)

Maxmum Count (1-1024) The maximum number o

hosts that can connect to a port when the Multi-Hostoperation mode is selected The deault value is

Mode Sets the authentication mode to one o theollowing options:

Auto Requires a dot1x-aware client to be authorizedby the authentication server Clients that are not dot1x-aware will be denied access

Force-Authorzed Forces the port to grant access toall clients, either dot1x-aware or otherwise (This is thedeault setting)

Force-Unauthorzed Forces the port to deny access

to all clients, either dot1x-aware or otherwiseAuthorzed Indicates the current status o the port:

Yes A connected client is authorized

No No connected clients are authorized

Blank Displays nothing when there is no connectionon a port

Supplcant Indicates the MAC address o a connectedclient

Modiy the parameters required using the drop-downmenus and ields provided or each port, then clickDetal

to conigure the 8021X settings or that port

Security > 8021x Port Setting Detail

The 8021x Port Settings screen allows coniguration othe ollowing parameters:

Maxmum Request Sets the maximum number o timesthe switch port will retransmit an EAP request packet tothe client beore it times out the authentication session(Range: 1-10; Deault 2)

Quet Perod Sets the time that a switch port waitsater the Max Request Count has been exceeded beoreattempting to acquire a new client (Range: 1-65535seconds; Deault: 0 seconds)

Reauthentcaton Perod Sets the time period aterwhich a connected client must be re-authenticated(Range: 1-65535 seconds; Deault: 00 seconds)

Transmt Perod Sets the time period during anauthentication session that the Switch waits beore re-transmitting an EAP packet (Range: 1-65535; Deault: 0seconds)

ClickSave Settngs to apply the changes

Security > Ports Security

Port security is a eature that allows you to conigure aswitch port with one or more device MAC addresses thatare authorized to access the network through that portWhen port security is enabled on a port, the Switch stopslearning new MAC addresses on the speciied port whenit has reached a conigured maximum number Onlyincoming traic with source addresses already stored inthe dynamic or static address table will be accepted asauthorized to access the network through that port I adevice with an unauthorized MAC address attempts touse the switch port, the intrusion will be detected and theSwitch can automatically take action by disabling the portand sending a trap message

Security > Ports Security


33/72



To use port security, speciy a maximum number oaddresses to allow on the port and then let the Switchdynamically learn the pair or rames received on the port When the port hasreached the maximum number o MAC addresses the

selected port will stop learning The MAC addressesalready in the address table will be retained and will notage out Any other device that attempts to use the portwill be prevented rom accessing the Switch

Set the action to take when an invalid address is detectedon a port, mark the checkbox in the Status column toenable security or a port, set the maximum number oMAC addresses allowed on a port ClickSave Changes tosave the changes

Security > HTTPS Settings

You can conigure the Switch to enable the SecureHypertext Transer Protocol (HTTPS) over the SecureSocket Layer (SSL), providing secure access (that is, anencrypted connection) to the Switchs web interace

Security > HTTPS Settings

To enable HTTPS, check the HTTPS Status checkbox andspeciy the port number


Security > Management ACL

Security > Management ACL

You can create a list o up to 16 IP addresses or IP addressgroups that are allowed access to the Switch through the

web interace, SNMP, or Telnet

The management interaces are open to all IP addressesby deault Once you add an entry to a ilter list, accessto that interace is restricted to the speciied addressesI anyone tries to access a management interace on theSwitch rom an invalid address, the Switch will reject theconnection, enter an event message in the system log,and send a trap message to the trap manager

IP addresses can be conigured or SNMP, web and Telnetaccess Each o these groups can include up to ivedierent sets o addresses, either individual addresses oraddress ranges When entering addresses or the same

group (ie, SNMP, web or Telnet), the Switch will not acceptoverlapping address ranges When entering addressesor dierent groups, the Switch will accept overlappingaddress ranges

You cannot delete an individual address rom a speciiedrange You must delete the entire range, and reenterthe addresses You can delete an address range just byspeciying the start address, or by speciying both thestart address and end address


34/72



Security > SSH Settings

Security > SSH Settings

The Secure Shell (SSH) includes server/client applicationsthat can provide remote management access to the Switchand act as a secure replacement or Telnet

When the client contacts the Switch through the SSHprotocol, the Switch generates a public-key that the clientuses along with a local user name and password or accessauthentication SSH also encrypts all data transers passingbetween the Switch and SSH-enabled managementstation clients, and ensures that data traveling over the

network arrives unaltered

NOTE: You need to install an SSH client on themanagement station to access the Switch ormanagement through the SSH protocol TheSwitch supports both SSH Version 15 and 20

SSH Server Status Allows you to enable/disable the SSHserver on the Switch (Deault: Dsabled)

Verson The Secure Shell version number Version 20 isdisplayed, but the Switch supports management accessvia either SSH Version 15 or 20 clients

SSH Authentcaton Tmeout (1-120) Speciies the timeinterval in seconds that the SSH server waits or a responserom a client during an authentication attempt (Deault:120 seconds)

SSH Authentcaton Retres (1-) Speciies the numbero authentication attempts that a client is allowed beoreauthentication ails and the client has to restart theauthentication process (Deault: )

SSH Server-Key Sze (12-8) Speciies the SSH serverkey size The server key is a private key that is never sharedoutside the Switch The host key is shared with the SSHclient, and is ixed at 1024 bits (Deault:8)

Security > SSH Host-Key Settings

Security > SSH Host-Key Settings

A host public/private key pair is used to provide securecommunications between an SSH client and the SwitchAter generating this key pair, you must provide the hostpublic key to SSH clients and import the clients public keyto the Switch

Publc-Key o Host-Key The public key or the host

RSA (Verson 1) The irst ield indicates the size o thehost key (eg, 1024), the second ield is the encodedpublic exponent (eg, 65537), and the last string is theencoded modulus

DSA (Verson 2) The irst ield indicates that theencryption method used by SSH is based on theDigital Signature Standard (DSS) The last string is theencoded modulus

Host-Key Type The key type used to generate thehost key pair (ie, public and private keys) (Range: RSA(Version 1), DSA (Version 2), Both: Deault: RSA) The SSHserver uses RSA or DSA or key exchange when the clientirst establishes a connection with the Switch, and thennegotiates with the client to select either DES (56-bit) or3DES (168-bit) or data encryption

Save Host-Key rom Memory to Flash Saves the host keyrom RAM (volatile memory) to lash memory Otherwise,the host key pair is stored to RAM by deault Note thatyou must select this item prior to generating the host-keypair


35/72



Generate This button is used to generate the host keypair Note that you must irst generate the host key pairbeore you can enable the SSH server

Clear This button clears the host key rom both volatile

memory (RAM) and non-volatile memory (Flash)

QoS

Network traic is usually unpredictable, and the onlybasic assurance that can be oered is best eort traicdelivery To overcome this challenge, Quality o Service(QoS) is applied throughout the network This ensures thatnetwork traic is prioritized according to speciied criteria,and that speciic traic receives preerential treatmentQoS in the network optimizes network perormance andentails two basic acilities:

Classiying incoming traic into handling classes, based

on an attribute, including:

The ingress interace

Packet content

A combination o these attributes

Providing various mechanisms or determining theallocation o network resources to dierent handlingclasses, including:

The assignment o network traic to a particularhardware queue

The assignment o internal resources

Traic shaping

The terms Class o Service (CoS) and QoS are used in theollowing context:

CoS provides varying Layer 2 traic services CoS reers toclassiication o traic to traic-classes, which are handledas an aggregate whole, with no per-low settings CoS isusually related to the 8021p service that classiies lowsaccording to their Layer 2 priority, as set in the VLANheader

QoS reers to Layer 2 traic and above QoS handles per-low settings, even within a single traic class

QoS > CoS Settings

Class o Service (CoS) allows you to speciy which datapackets have greater precedence when traic is bueredin the Switch due to congestion The Switch supports CoSwith our priority queues or each port Data packets ina ports high-priority queue will be transmitted beorethose in the lower-priority queues You can set the deaultpriority or each interace, and conigure the mapping orame priority tags to the Switchs priority queues

QoS > Cos Settings

The priority levels recommended in the IEEE 8021pstandard or various network applications are shown in theollowing table However, you can map the priority levelsto the Switchs output queues in any way that beneitsapplication traic or your own network

Prorty Level Mappngs

Prorty Level Trac Type

1 Background

2 (Spare)

0 (deault) Best Eort

3 Excellent Eort

4 Controlled Load

5 Video, less than 100 ms latency and jitter

6 Voice, less than 10 ms latency and jitter

7 Network Control

CoS to Queue

Assign priorities to the traic classes (output queues) orthe selected interace

Class o Servce CoS value (Range: 0-7, where 7 is thehighest priority queue)

Queue (0-) The output priority queue (Range: 0-3,where 3 is the highest CoS priority queue)


36/72



Port to CoS

Modiy the deault priority or any interace using the textield provided

Port Displays the port number

Deault CoS (0-) The priority that is assigned tountagged rames received on the interace (Range: 0-7,where 7 is the highest priority)

LAG Indicates i ports are members o a LAG To conigurethe deault priority or LAGs, go to the table entry or theLAG number, which is listed ater ports Gig 1 and Gig 2 atthe end o the table

Deault settings can be restored using the RestoreDeaults button


QoS > Queue Settings

QoS > Queue Settings

The Switch prioritizes each packet based on the requiredlevel o service, using our priority queues with strict orWeighted Round Robin Queuing It uses IEEE 8021p and8021Q tags to prioritize incoming traic based on inputrom the end-station application These unctions can be

used to provide independent priorities or delay-sensitivedata and best-eort data

Queue Settings

You can set the Switch to service the queues based ona strict rule that requires all traic in a higher priorityqueue to be processed beore lower priority queues are

serviced, or use Weighted Round-Robin (WRR) queuingthat speciies a relative weight o each queue WRR uses apredeined relative weight or each queue that determinesthe percentage o service time the Switch services eachqueue beore moving on to the next queue This preventsthe head-o-line blocking that can occur with strict priorityqueuing

Strct Prorty Services the egress queues in sequentialorder, transmitting all traic in the higher priorityqueues beore servicing lower priority queues

WRR Weighted Round-Robin shares bandwidth at theegress ports by using scheduling weights 1, 2, 4, 8 or

queues 0 through 3 respectivelySet the Queue Mode to Strct or WRR using the QueueMode drop-down menu then click Save Settings

Queue Scheduling

The Switch uses the Weighted Round Robin (WRR)algorithm to determine the requency at which it serviceseach priority queue A weight is assigned to each othese queues (and thereby to the corresponding traicpriorities) This weight sets the requency at which eachqueue will be polled or service, and subsequently aectsthe response time or sotware applications assigned a

speciic priority value

The queue weighting is ixed or the Switch and cannotbe conigured

QoS > DSCP Settings

QoS > DSCP Settings


37/72



The Switch supports a common method o prioritizinglayer 3/4 traic to meet application requirements Traicpriorities can be speciied in the IP header o a rameusing the priority bits in the Type o Service (ToS) octet Ipriority bits are used, the ToS octet may contain six bits or

Dierentiated Services Code Point (DSCP) service Whenthese services are enabled, the priorities are mapped toa Class o Service value by the Switch and the traic thensent to the corresponding output queue Because dierentpriority inormation may be contained in the traic, theSwitch maps priority values to the output queues in theollowing manner:

The precedence or priority mapping is DSCP Priority andthen Deault Port Priority

To enable DSCP priority mapping, check the DSCP PrortyStatus Enabled checkbox

Prorty Status Enables the DSCP priority mapping(Enabled is the deault setting)

DSCP to CoS Maps Dierentiated Services Code Pointvalues to CoS values


QoS > DiServ Settings

QoS > DiServ Settings

The commands described in this section are used toconigure Quality o Service (QoS) classiication criteriaand service policies Dierentiated Services (DiServ)provides policy-based management mechanisms used orprioritizing network resources to meet the requirements

o speciic traic types on a per hop basis Each packet isclassiied upon entry into the network based on accesslists, IP Precedence, DSCP values, or VLAN lists Usingaccess lists allows you to select traic based on Layer 2,Layer 3, or Layer 4 inormation contained in each packetBased on conigured network policies, dierent types otraic can be marked or dierent types o orwarding

All switches or routers that access the Internet rely on classinormation to provide the same orwarding treatmentto packets in the same class Class inormation can beassigned by end hosts, or switches or routers along thepath Priority can then be assigned based on a general

policy, or a detailed examination o the packet However,note that detailed examination o packets should takeplace close to the network edge so that core switchesand routers are not overloaded Switches and routersalong the path can use class inormation to prioritize theresources allocated to dierent traic classes The mannerin which an individual device handles traic in the DiServarchitecture is called per-hop behavior All devices alonga path should be conigured in a consistent manner toconstruct a consistent end-to-end QoS solution

Class Map

A class map is used or matching packets to a speciiedclass The class map uses the Access Control List ilteringengine, so you must also set an ACL to enable iltering orthe criteria speciied in the class map

The class map is used with a policy map to create aservice policy or a speciic interace that deines packetclassiication, service tagging, and bandwidth policing

NOTE: One or more class maps can be assignedto a policy map

Class Name Name o the class map (Range: 1-32characters)

Type Only one match command is permitted per classmap, so the match-any ield reers to the criteria speciiedby the lone match command

Descrpton A brie description o a class map (Range: 1-256 characters)

Add Creates a new class map using the entered classname and description

Remove Removes the

Linksys SRW224G4P Manual

Documents

Transcript of Linksys SRW224G4P Manual